SDNC Release Notes

Abstract

This document provides the release notes for the Frankfurt release of the Software Defined Network Controller (SDNC)

Summary

The Frankfurt release of SDNC introduces new functionality to support PNFs (Physical Network Functions), extends support for Netconf/TLS to support CMPv2, and adds support for the Multi Domain Optical Network Service use case.

Release Data

Project SDNC
Docker images See Docker Containers section below
Release designation Frankfurt
Release date 06/04/2020

New features

The SDNC Frankfurt release includes the following features:

  • ORAN-compliant A1 adaptor (Jira SDNC-965)
  • Multi-Domain Optical Service (Jira SDNC-928)
  • Python 2 -> Python 3 migration (Jira SDNC-967)
  • Upgrade to new Policy lifecycle API (Jira SDNC-968)

For the complete list of SDNC Frankfurt release epics and SDNC Frankfurt release user stories , please see the ONAP Jira.

Bug fixes

The full list of bugs fixed in the SDNC Frankfurt release is maintained on the ONAP Jira.

Known Issues

The full list of known issues in SDNC is maintained on the ONAP Jira.

Deprecated Features

** SDNC portal **

The SDNC portal is considered deprecated in the Frankfurt release, due to resource contraints. This functionality is delivered dormant in Frankfurt (i.e. it is disabled in the Frankfurt helm charts) and we plan to remove the code entirely in the Guilin release.

** VNF-API **

The functionality provided by the VNF-API is now provided as part of the GENERIC-RESOURCE-API. Therefore, the VNF-API is deprecated in Frankfurt and will be removed in Guilin.

Deliverables

Software Deliverables

Docker Containers

The following table lists the docker containers comprising the SDNC Frankfurt release along with the current stable Frankfurt version/tag. Each of these is available on the ONAP nexus3 site (https://nexus3.onap.org) and can be downloaded with the following command:

docker pull nexus3.onap.org:10001/{image-name}:{version}

Note: users that want to use the latest in-development Frankfurt version may use the tag 0.7-STAGING-latest to pull the latest daily Frankfurt build

Image name Description Version
onap/sdnc-aaf-image SDNC controller image, integrated with AAF for RBAC 1.8.3
onap/sdnc-ansible-server-image Ansible server 1.8.3
onap/sdnc-dmaap-listener-image DMaaP listener 1.8.3
onap/sdnc-image SDNC controller image, without AAF integration 1.8.3
onap/sdnc-ueb-listener-image SDC listener 1.8.3
onap/sdnc-web-image Web tier (currently only used by SDN-R persona) 1.8.3

Documentation Deliverables

Known Limitations, Issues and Workarounds

System Limitations

No system limitations noted.

Known Vulnerabilities

Any known vulnerabilities for ONAP are tracked in the ONAP Jira in the OJSI project. Any outstanding OJSI issues that pertain to SDNC are listed in the Known Security Issues section below.

Workarounds

Not applicable.

Security Notes

Fixed Security Issues

The following security issues have been addressed in the Frankfurt SDNC release:

  • OSJI-34 : Multiple SQL Injection issues in SDNC
  • OSJI-40 : SDNC service allows for arbitrary code execution
  • OSJI-41 : SDNC service allows for arbitrary code execution in sla/dgUpload form (CVE-2019-12132)
  • OSJI-42 : SDNC service allows for arbitrary code execution in sla/printAsXml form (CVE-2019-12123)
  • OSJI-43 : SDNC service allows for arbitrary code execution in sla/printAsGv form (CVE-2019-12113)
  • OSJI-199 : SDNC service allows for arbitrary code execution in sla/upload form (CVE-2019-12112)
  • SDNC-1145 : Pods still run as root
  • SDNC-970 : Password removal from OOM Helm charts

Known Security Issues

There is currently one known SDNC security issue, related to the SDNC portal

  • OJSI-91 : SDNC exposes unprotected API for user creation

The current implementation of the SDNC portal - which was intended purely as a test tool - has a self-subscription model - so anyone can create an account by going to the setup link. This is not appropriate for production deployment and we strongly recommend that the SDNC portal NOT be used in production.

The SDNC portal is disabled in the Frankfurt helm charts and will be removed entirely in the Guilin release.

Test Results

Not applicable

References

For more information on the ONAP Frankfurt release, please see:

  1. ONAP Home Page
  2. ONAP Documentation
  3. ONAP Release Downloads
  4. ONAP Wiki Page