blob: 2ba3605e4eb583d510eedc8e5260d1a62c8df2cb [file] [log] [blame]
.. vim: syntax=rst
Aether ROC Control API
======================
Access
------
The ROC API specification can be accessed from the running ROC cluster at the API URL.
e.g. on a local system (if the GUI has been port-forwarded on port 8183)
*http://localhost:8183/aether-roc-api/*
On the Production system it would be *https://roc.aetherproject.org/aether-roc-api/*
.. note:: Opening this in a browser will display a HTML view of the API (powered by *ReDoc*).
To access the raw YAML format use
``curl -H "Accept: application/yaml" http://localhost:8183/aether-roc-api/aether-4.0.0-openapi3.yaml``
This YAML format can be imported in to various different tools e.g. |postman_link|
Background
----------
The Aether ROC control API is available via REST or via gNMI. It is expected that most external
consumers of the API will use REST.
The REST API supports the typical GET, POST, PATCH, DELETE operations:
* GET. Retrieve an object.
* POST. Create an object.
* PUT, PATCH. Modify an existing object.
* DELETE. Delete an object.
Endpoints are named based on the type of object. Some examples:
* `GET http://roc/aether/v4.0.0/connectivity-service-v3/enterprise/`. Get a list of enterprises.
* `GET http://roc/aether/v4.0.0/connectivity-service-v3/enterprise/Starbucks`. Get the Starbucks enterprise.
* `POST http://roc/aether/v4.0.0/connectivity-service-v3/enterprise`. Create a new enterprise.
* `PATCH http://roc/aether/v4.0.0/connectivity-service-v3/site/Starbucks-NewYork`. Update the Starbucks New York site.
This document is a high-level description of the objects that can be interacted with. For a
low-level description, see the specification (:ref:`developer/roc-api:Access` section above).
Identifying and Referencing Objects
-----------------------------------
Every object contains an `id` that is used to identify the object. The `id` is only unique within
the scope of a particular type of object. For example, a site may be named `foo` and a device-group
may also be named `foo`, and the two names do not conflict because they are different object types.
In addition to the `id`, most identifiable objects also include a `display-name`. The `display-name`
may be changed at any time by the user without affecting behavior. In contrast, the `id` is immutable,
and the only way to change an `id` is to delete the object and make a new one.
Some objects contain references to other objects. For example, many objects contain references to
the `Enterprise` object, which allows them to be associated with a particular enterprise. References
are constructed using the `id` field of the referenced object. It is an error to attempt to create
a reference to an object that does not exist. Deleting an object while there are open references
to it from other objects is also an error.
Common Model Fields
-------------------
Several fields are common to all models in Aether:
* `id`. The identifier for objects of this model.
* `description`. A human-readable description, used to store additional context about the object.
* `display-name`. A human-readable name that is shown in the GUI.
As these fields are common to all models, they will be omitted from the per-model descriptions below.
Key Aether Objects
------------------
The following is a list of Aether models, generally organized in a top-down manner.
Enterprise
~~~~~~~~~~
`Enterprise` forms the root of a customer-specific Enterprise hierarchy. The `Enterprise` model is
referenced by many other objects, and allows those objects to be scoped to a particular Enterprise
for ownership and role-based access control purposes. `Enterprise` contains the following fields:
* `connectivity-service`. A list of connectivity services that realize connectivity for this
enterprise. A connectivity service is a reference to the SD-Core, and reflects either a 4G or a
5G core.
Site
~~~~
`Enterprises` are further divided into `Sites`. A site is a point of presence for an `Enterprise` and
may be either physical or logical (i.e. a single geographic location could in theory contain several
logical sites). Site contains the following fields:
* `enterprise`. A link to the `Enterprise` that owns this site.
* `imsi-definition`. A description of how IMSIs are constructed for this site. Contains the following
sub-fields:
* `mcc`. Mobile country code.
* `mnc`. Mobile network code.
* `enterprise`. A numeric enterprise id.
* `format`. A mask that allows the above three fields to be embedded into an IMSI. For example
`CCCNNNEEESSSSSS` will construct IMSIs using a 3-digit MCC, 3-digit MNC, 3-digit ENT, and a
6-digit subscriber.
* `small-cell` A list of 5G gNodeB or Access Point or Radios. Each small cell has the following:
* `small-cell-id`. Identifier for the small cell. Serves the same purpose as other `id` fields.
* `address`. Hostname of the small cell.
* `tac`. Type Allocation Code.
* `enable`. If set to `true`, the small cell is enabled. Otherwise, it is disabled.
* `monitoring` Configuration of how the monitoring framework of the site can be connected:
* `edge-cluster-prometheus-url` the URL of the site's Edge cluster Prometheus service
* `edge-monitoring-prometheus-url` the URL of the site's Edge monitoring Prometheus service
* `edge-device` a list of monitoring devices that verify end-to-end connectivity
* `edge-device-id` the identifier of the edge monitoring device. Serves the same purpose as other `id` fields.
* `display-name` the user-friendly name for the edge device. It is recommended that the short hostname
be used for the `display-name` as a convention.
* `description` an optional description
Device-Group
~~~~~~~~~~~~
`Device-Group` allows multiple devices to be logically grouped together. `Device-Group` contains
the following fields:
* `imsis`. A list of IMSI ranges. Each range has the following
fields:
* `imsi-id`. Identifier of the IMSI. Serves the same purpose as other `id` fields.
* `imsi-range-from`. First subscriber in the range.
* `imsi-range-to`. Last subscriber in the range. Can be omitted if the range only contains one
IMSI. It is recommended to not use this feature, and to represent all IMSIs as singletons. This
field will be deprecated in the future.
* `ip-domain`. Reference to an `IP-Domain` object that describes the IP and DNS settings for UEs
within this group.
* `site`. Reference to the site where this `Device-Group` may be used. Indirectly identifies the
`Enterprise` as `Site` contains a reference to `Enterprise`.
* `device`. Per-device related QoS settings:
* `mbr`. The maximum bitrate in bits per second that the application will be limited to:
* `uplink` the `mbr` from device to slice
* `downlink` the `mbr` from slice to device
* `traffic-class`. The traffic class to be used for devices in this group.
Virtual Cellular Service
~~~~~~~~~~~~~~~~~~~~~~~~
`Virtual Cellular Service (VCS)` connects a `Device-Group` to an `Application`. `VCS` has the
following fields:
* `device-group`. A list of `Device-Group` objects that can participate in this `VCS`. Each
entry in the list contains both the reference to the `Device-Group` as well as an `enable`
field which may be used to temporarily remove access to the group.
* `default-behavior`. May be set to either `ALLOW-ALL`, `DENY-ALL`, or `ALLOW-PUBLIC`. This is
the rule to use if no other rule in the filter matches. `ALLOW-PUBLIC` is a special alias
that denies all private networks and then allows everything else.
* `filter`. A list of `Application` objects that are either allowed or denied for this
`VCS`. Each entry in the list contains both a reference to the `Application` as well as an
`allow` field which can be set to `true` to allow the application or `false` to deny it. It
also has a `priority` field which can be used to order the applications when considering the
enforcing of their `allow` or `deny` conditions.
* `upf`. Reference to the User Plane Function (`UPF`) that should be used to process packets
for this `VCS`. It's permitted for multiple `VCS` to share a single `UPF`.
* `enterprise`. Reference to the `Enterprise` that owns this `VCS`.
* `site`. Reference to the `Site` where this `VCS` is deployed. Aether maintains the restriction
that the `Site` of the `UPF` and `Device-Group` must match the `Site` of the `VCS`.
* `SST`, `SD`. Slice identifiers. These are assigned by Aether Operations.
* `slice.mbr.uplink`, `slice.mbr.downlink`. Slice-total Uplink and downlink maximum bit rates in bps.
* `slice.mbr.uplink-burst-size`, `slice.mbr.downlink-burst-size`. Maximum burst sizes in bytes for
the maximum bit rates.
Application
~~~~~~~~~~~
`Application` specifies an application and the endpoints for the application. Applications are
the termination point for traffic from the UPF. Contains the following fields:
* `address`. The DNS name or IP address of the endpoint.
* `endpoint`. A list of endpoints. Each has the following fields:
* `name`. Name of the endpoint. Used as a key.
* `port-start`. Starting port number.
* `port-end`. Ending port number.
* `protocol`. `TCP|UDP`, specifies the protocol for the endpoint.
* `mbr`. The maximum bitrate in bits per second that UEs sending traffic to the application endpoint
will be limited to:
* `uplink` the `mbr` from device to application
* `downlink` the `mbr` from application to device
* `traffic-class`. Traffic class to be used when UEs send traffic to this Application endpoint.
* `enterprise`. Link to an `Enterprise` object that owns this application. May be left empty
to indicate a global application that may be used by multiple enterprises.
Supporting Aether Objects
-------------------------
Connectivity-Service
~~~~~~~~~~~~~~~~~~~~
`Connectivity-Service` specifies the URL of an SD-Core control plane.
* `core-5g-endpoint`. Endpoint of a `config4g` or `config5g` core.
* `acc-prometheus-url`. Prometheus endpoint where metrics may be queried regarding this connectivity service.
IP-Domain
~~~~~~~~~
`IP-Domain` specifies IP and DNS settings and has the following fields:
* `dnn`. Data network name for 5G, or APN for 4G.
* `dns-primary`, `dns-secondary`. IP addresses for DNS servers.
* `subnet`. Subnet to allocate to UEs.
* `admin-status`. Tells whether these ip-domain settings should be used, or whether they
should be drained from UEs.
* `mtu`. Ethernet maximum transmission unit.
* `enterprise`. `Enterprise that owns this `IP-Domain`.
Template
~~~~~~~~
`Template` contains connectivity settings that are pre-configured by Aether Operations.
Templates are used to initialize `VCS` objects. `Template` has the following fields:
* `default-behavior`. May be set to either `ALLOW-ALL`, `DENY-ALL`, or `ALLOW-PUBLIC`. This is
the rule to use if no other rule in the VCS's application filter matches. `ALLOW-PUBLIC` is
a special alias that denies all private networks and then allows everything else.
* `sst`, `sd`. Slice identifiers.
* `uplink`, `downlink`. Guaranteed uplink and downlink bandwidth.
* `traffic-class`. Link to a `Traffic-Class` object that describes the type of traffic.
* `slice.mbr.uplink`, `slice.mbr.downlink`. Slice-total Uplink and downlink maximum bit rates in bps.
* `slice.mbr.uplink-burst-size`, `slice.mbr.downlink-burst-size`. Maximum burst sizes in bytes for
the maximum bit rates.
Traffic-Class
~~~~~~~~~~~~~
Specifies the class of traffic. Contains the following:
* `arp`. Allocation and Retention Priority.
* `qci`. QoS class identifier.
* `pelr`. Packet error loss rate.
* `pdb`. Packet delay budget.
UPF
~~~
Specifies the UPF that should forward packets. A UPF can only be used by one VCS at a time.
Has the following fields:
* `address`. Hostname or IP address of UPF.
* `port`. Port number of UPF.
* `enterprise`. Enterprise that owns this UPF.
* `site`. The Site that this UPF is located at.
* `config-endpoint` URL for configuring the UPF
.. |postman_link| raw:: html
<a href="http://postman.com" target="_blank">Postman</a>