Versions Compared

Old Version 1

changes.mady.by.user FREEMAN, BRIAN D

Saved on

compared with

New Version 2

changes.mady.by.user FREEMAN, BRIAN D

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This How To will describe how to create an instnace instance of DANOS in openstack for functional testing and training. The VNF would image will be a 4 vcpu, 4096 GB memory , 8 GB disk glance image with 4 network connections that could be used to spin up a Danos VRR for testing. The vcpu/memory/disk simply matches the assumptions for the iso. The 4 network ports a sufficient for testing with 1 external port for OA&M and 3 internal networks for demonstrating flows. Following the steps additional networks can be attached.


The intent is that the vRR could be reached via ssh/netconf for configuration on the external port and the 3 other ports are for flow and feature functional testing. This configuration is not for throughput testing but rather to get familiar with the features and functions in a functioning Danos Virtual Router.

At a high level we are creating a glance image from the iso by creating a virtual server, installing the danos image , detaching the disk image and then creating a workin working vRR from the disk image using the flavor that has the netowrk/vcpevcpu/memory/disk settings that match our test assumptions.

...

Note: After the ports are created you will be coming back into the ports on these network networks to Disable “Port Security”

B. Flavor

create Create a flavor that matches the final image we want:
4096 GB Memory
4 vcpu
1 disk with size 8 GB

C. Load ISO

download Download the iso to your devstack/openstack environment
TODO: how to add cloud-init / heat utilities to iso / image

...

+--------------------------------------+----------------+--------+------+------------------------------------------+
| ID | Name | Status | Size | Attached to |
+--------------------------------------+----------------+--------+------+------------------------------------------+
| 21133635-433f-4411-8a40-9fbca1a59a07 | danosVRRVolume | in-use | 8 | Attached to danosVRRFromISO on /dev/vda |
+--------------------------------------+----------------+--------+------+------------------------------------------+

openstack volume list

+--------------------------------------+----------------+-----------+------+-------------+
| ID | Name | Status | Size | Attached to |
+--------------------------------------+----------------+-----------+------+-------------+
| 21133635-433f-4411-8a40-9fbca1a59a07 | danosVRRVolume | available | 8 | |
+--------------------------------------+----------------+-----------+------+-------------+

...

L. Use horizon to create a server from the new glance image using the flavor created in step bB.

Select the volume
Select the flavor
Add the 4 networks (public, private-01,private-02,private-03)
Deselect the Seurity Security Group
No keypair (since we will login via vyatta/vyatta without cloud-init being used to upload keys)

M. Use horizon instance console to log into the new instance

...

O. Add configruation for the 3 others ports on the private networks using ip address from horizon

config
set interfaces dataplane dp0s4 address 192.168.101.222/24
set interfaces dataplane dp0s5 address 192.168.102.216/24
set interfaces dataplane dp0s6 address 192.168.103.227/24
commit
exit
show interfaces

...

For testing create two instances of a ubuntu server (18.0.4 for example)

trafficSource with an external and private network for source (private-01)

...

ubuntu@traaficsink:~$ sudo su
sudo: unable to resolve host traficsinktraaficsink
root@traaficsink:/home/ubuntu# ip route add 192.168.101.0/24 via 192.168.102.216
root@traaficsink:/home/ubuntu# ip route add 192.168.103.0/24 via 192.168.102.216
root@traaficsink:/home/ubuntu# ip route list
default via 10.0.200.1 dev ens3
10.0.200.0/24 dev ens3 proto kernel scope link src 10.0.200.176
192.168.101.0/24 via 192.168.102.216 dev ens4
192.168.102.0/24 dev ens4 proto kernel scope link src 192.168.102.143
192.168.103.0/24 via 192.168.102.216 dev ens4

You should now be able to ping trafficSink (192.168.102.143) from the trafficSource and vice versa

root@trafficsourceroot@traafficsource:/home/ubuntu# ping 192.168.102.143
PING 192.168.102.143 (192.168.102.143) 56(84) bytes of data.
64 bytes from 192.168.102.143: icmp_seq=1 ttl=63 time=6.19 ms
64 bytes from 192.168.102.143: icmp_seq=2 ttl=63 time=2.62 ms
64 bytes from 192.168.102.143: icmp_seq=3 ttl=63 time=3.03 ms
^C
--- 192.168.102.143 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 2.620/3.947/6.192/1.596 ms

...

100 allow tcp 0 0
condition - proto tcp to 192.168.102.143 port 80

curl Curl from trafficSource should still work.

...

100 drop tcp 0 0
condition - proto tcp to 192.168.102.143 port 80

Curl should now be blocked lets see how many packets are dropped.

on danos

show firewall dp0s4

...