From 36cc695647da47557370eed0506f1818452e54b0 Mon Sep 17 00:00:00 2001 From: mrpa Date: Thu, 19 Dec 2019 19:47:44 +0100 Subject: Updated Evalkit with new content and fixed errors. Change-Id: I355640157c1d0ef4926e53dcfddfad6ac99a4152 --- .../doc/appendix_1.xml | 26 +- .../doc/book.xml | 2 +- .../doc/branch_to_branch_connection.xml | 1107 --------------- .../doc/introduction.xml | 10 +- .../doc/prerequisites.xml | 64 +- .../doc/run_example_uc_auto_fm.xml | 52 +- .../doc/sdwan_arch.xml | 1452 ++++++++++++++++++++ .../doc/setup_cleanup.xml | 23 +- .../doc/validating_setup.xml | 8 +- 9 files changed, 1560 insertions(+), 1184 deletions(-) delete mode 100644 doc/book-enea-nfv-access-evalkit-2.2.1/doc/branch_to_branch_connection.xml create mode 100644 doc/book-enea-nfv-access-evalkit-2.2.1/doc/sdwan_arch.xml diff --git a/doc/book-enea-nfv-access-evalkit-2.2.1/doc/appendix_1.xml b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/appendix_1.xml index a952493..f89372a 100644 --- a/doc/book-enea-nfv-access-evalkit-2.2.1/doc/appendix_1.xml +++ b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/appendix_1.xml @@ -7,19 +7,29 @@ - Development host with Linux shell. + Development host with a Linux shell. - The genisoimage tool installed. + The Cloud-localds tool installed. - Please unpack the - flexiwan/flexiwan-cloud-init-example.tar.gz and check - the README file for more details:tar -zxf flexiwant-cloud-init-example.tar.gz -cd flexiwan/cloud-init-example/ + Contact the flexiWAN VNF provider to get access to their controller and a valid token. - To generate the cloud-init iso image run the following script: - create_cloudinit.sh + Unpack the flexiwan/flexiwan-cloud-init-example.tar.gz and check + the README file for more details: + + tar -zxf flexiwant-cloud-init-example.tar.gz +cd flexiwan/cloud-init-example/ + + To generate the cloud-init iso image: + + + > create_flexiwan_cloudinit.sh <token> + > create_flexiwan_cloudinit.sh + > $cat token.txt + + + The flexiWAN_cloudinit.iso file can be used to instantiate the flexiWAN VNF on NFV Access. \ No newline at end of file diff --git a/doc/book-enea-nfv-access-evalkit-2.2.1/doc/book.xml b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/book.xml index cebae0c..f1826e9 100644 --- a/doc/book-enea-nfv-access-evalkit-2.2.1/doc/book.xml +++ b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/book.xml @@ -21,7 +21,7 @@ - - - Branch to Branch Connection - - The setup detailed in this chapter covers the onboarding and - instantiation of two VNFs on a uCPE device and connecting the networks - between themIs this accurate?. The FlexiWAN and pfSense - VNFs are connected through a service chain in this case. - - The FlexiWAN SD-WAN and the pfSense virtual router service chain - connection setup is shown graphically below.
- Branch to Branch Connection Overview - - - - - - -
This overview contains representations the - following: - - 1 in-band mgmt port for device management. - - - - 1 in-band mgmt port for pfSense. - - - - 1 WAN interface for FlexiWAN. - - - - 1 LAN facing interface for pfSense. - - - - 1 WAN facing interface for pfSense. - - - - 1 service chain (SFC Bridged interface) to sit between the - FlexiWAN and pfSense VNFs. - - - -
- The uCPE Manager - - To begin, a device must be added within the uCPE Manager: - - - - Log into the uCPE manager with the username and password - "admin". - - - - Add a uCPE device into uCPE Manager: Devices -> - Manage -> Add. - - Use the following values to fill the required fields: - - - - - - - - Type - - Enea universal CPE - - - - Release - - 1.0 - - - - Name - - Ucpe1 - - - - IP/DNS Address - - Dynamic IP received by the device from the DHCP server - (E.g.: 172.24.12.74). - - - - Description - - ucpe device site 1 - - - - SSH - - Port 830 - - - - SSH User Name - - root - - - - Password - - - - - - OK - - - - Green status indicates connection with target was - established. - - - - In order to add a device on the map: Right-Click - on the Map -> Place Device -> - ucpe1 - - - - - -
- - -
- -
- Onboarding the FlexiWAN VNF - - After adding a device in the uCPE Manager, a VNF must be onboarded: - VNF -> Descriptors -> On-board -> VM - Image. - - Use the following values to fill the required fields: - - - - - - VM image file - - - flexiwan.qcow2 - - - - - Image format - - QCOW2 - - - - VNF Type Name - - flexiWAN - - - - Description - - Flexiwan VNF - - - - Version - - 1.0 - - - - Memory in MB - - 4096 - More memory can be allocated if required. - - - - Num of CPUs - - 2. More CPUs can be reserved if required and - available. - - - - Interfaces to add: - - wan and lan - - - - Cloud Init -> Cloud-Init Datasource - - ISO - - - - Cloud Init -> Cloud-Init Disk Type - - cdrom - - - - Onboard - - Wait for the message: "VNF package onboarded successfully" - then close the pop-up. - - - -
-
- -
- Onboarding the pfSense VNF - - After onboarding the first VNF, follow the same steps to add the - second: VNF -> Descriptors -> On-board -> VM - Image. - - Use the following values to fill the required fields: - - - - - - VM image file - - - pfSense.qcow2 - - - - - Image format - - QCOW2 - - - - VNF Type Name - - pfSense - - - - Description - - pfSense VNF - - - - Version - - 1.0 - - - - Memory in MB - - 1024 - - - - Num of CPUs - - 1 - - - - Interfaces to add: - - wan, lan and mgmt. - - - - Cloud Init -> Cloud-Init Datasource - - ISO - - - - Cloud Init -> Cloud-Init Disk Type - - cdrom - - - - Properties to add: - - - - - Name: vnfMgmtIpAddress. Value: - 10.0.0.31 - - - - Name: internalMgmtPort. Value: - 4432 - - - - Name: externalMgmtPort. Value: - 600023 - - - - - - - Onboard - - Wait for the message: "VNF package onboarded successfully" - then close the pop-up. - - - -
- - Please note the following: - - - - 1vnfMgmtIpAddress (10.0.0.3) - represents the IP address of the management interface of the Fortigate - VNF. Changing this value requires an update of the Fortigate - configuration to match with new IP address. - - - - 2HTTPS access (443) can be changed to - another type of access. Please consult the official Fortigate - documentation for more details and make sure the Fortigate VNF is - configured to accept another type of connection before changing the - port number. - - - - 3externalMgmtPort (60002) represents - the external port on which a user can access the VNF management - interface from a web browser. The user can select another port if - needed. There are no other changes required or components affected by - this change. - - -
- -
- Configuring the infrastructure for the uCPE device installed on - site1 - - - - Select the ucpe1 device: Configuration -> - OpenVSwitch -> Host Interfaces -> Add. - - Use the following values to fill the required fields: - - - - Source: - enp4s0f1. - This is just an example interface. The user must select - the interface needed for use with the LAN connection. - - - - - Type: dpdk - (standard). - - - - networking-type: - dpdk. - - - - dpdk-type: vfio-pci. - - - - Click Create, and the - enp4s0f1 interface will be ready to use in a bridge - (LAN). - - - - Select the ucpe1 device: Configuration -> - OpenVSwitch -> Bridges -> Add. - - Use the following values to fill the required fields for the - four bridges that need to be created: - - ibm_br: - - - - id: <autogenerated - - do not change>. - - - - Name: - ibm_br. - - - - ovs-bridge-type: - inbandMgmt. - - - - mgmt-address: Provide - the IPv4 address of the uCPE Manager machine (E.g. - 172.24.3.109). - - - - mgmt-port: - 830. - - - - Click Create. - - - - vnf_mgmt_br: - - - - id: <autogenerated - - do not change>. - - - - Name: - vnf_mgmt_br. - - - - ovs-bridge-type: - vnfMgmt. - - - - vnf-mgmt-address: - 10.0.0.1 - - - - Click Create. - - - - sfc_br: - - - - id: <autogenerated - - do not change>. - - - - Name: - sfc_br. - - - - ovs-bridge-type: - dataPlane. - - - - Sub-type: - integration. - - - - Click Create. - - - - lan_br: - - - - id: <autogenerated - - do not change>. - - - - Name: - lan_br. - - - - ovs-bridge-type: - dataPlane. - - - - Sub-type: - communication. Name: enp4s0f1 - - - - Click Create. - - - - - - Instantiate the FlexiWAN VNF by selecting the ucpe1 device, then - the VNF menu -> Instances -> - Add. - - Use the following values to fill the required fields: - - - - Name: - Flexiwan_ucpe1. - - - - VNF Type: - flexiWAN. - - - - VNFD Version: 1.0. - - - - Flavour: Canonical. - - - - uCPE Device: Ucpe1. - - - - Cloud Init File: - flexiWAN1_cloudinit.iso. - - - Example image provided. Please see the Appendix for - details on how to change the configuration and create a new - cloud-init iso image. - - - Click Domain Update Script. - - - - Create the wan Interface: - - ID: - wan. - - Type: - dpdk tap. - - IF Name: Bridge: - ibm_br. - - Click Create. - - - - Create the lan Interface: - - ID: - lan. - - Type: - dpdk tap. - - IF Name: Bridge: - sfc_br. - - Click Create. - - - - - - Instantiate the pfSense VNF by selecting the - me1100 device, then the VNF menu -> - Instances -> Add. - - Use the following values to fill the required fields: - - - - Name: - Pfsense_ucpe1. - - - - VNF Type: - pfSense. - - - - VNFD Version: 1.0. - - - - Flavour: Canonical. - - - - uCPE Device: Ucpe1. - - - - Cloud Init File: - pfsense_192_168_1_1.iso. - - Click Domain Update Script. - - - - Create the wan Interface: - - ID: - wan. - - Type: - dpdk tap. - - IF Name: Bridge: - sfc_br. - - Click Create. - - - - Create the lan Interface: - - ID: - lan. - - Type: - dpdk tap. - - IF Name: Bridge: - lan_br. - - Click Create. - - - - Create the mgmt Interface: - - ID: - mgmt. - - Type: - dpdk tap. - - IF Name: Bridge: - vnf_mgmt_br. - - Click Create. - - - - -
- -
- Configuring the infrastructure for the uCPE device installed on - site2 - - - - Select the ucpe2 device: Configuration -> - OpenVSwitch -> Host Interfaces -> Add. - - Use the following values to fill the required fields: - - - - Source: - enp4s0f1. - This is just an example interface. The user must select - the interface needed for use with the LAN connection. - - - - - Type: dpdk - (standard). - - - - networking-type: - dpdk. - - - - dpdk-type: vfio-pci. - - - - Click Create, and the - enp4s0f1 interface will be ready to use in a bridge - (LAN). - - - - Select the ucpe2 device: Configuration -> - OpenVSwitch -> Bridges -> Add. - - Use the following values to fill the required fields for the - four bridges that need to be created: - - ibm_br: - - - - id: <autogenerated - - do not change>. - - - - Name: - ibm_br. - - - - ovs-bridge-type: - inbandMgmt. - - - - mgmt-address: Provide - the IPv4 address of the uCPE Manager machine (E.g. - 172.24.3.109). - - - - mgmt-port: - 830. - - - - Click Create. - - - - vnf_mgmt_br: - - - - id: <autogenerated - - do not change>. - - - - Name: - vnf_mgmt_br. - - - - ovs-bridge-type: - vnfMgmt. - - - - vnf-mgmt-address: - 10.0.0.1 - - - - Click Create. - - - - sfc_br: - - - - id: <autogenerated - - do not change>. - - - - Name: - sfc_br. - - - - ovs-bridge-type: - dataPlane. - - - - Sub-type: - integration. - - - - Click Create. - - - - lan_br: - - - - id: <autogenerated - - do not change>. - - - - Name: - lan_br. - - - - ovs-bridge-type: - dataPlane. - - - - Sub-type: - communication. Name: enp4s0f1 - - - - Click Create. - - - - - - Instantiate the FlexiWAN VNF by selecting the ucpe2 device, then - the VNF menu -> Instances -> - Add. - - Use the following values to fill the required fields: - - - - Name: - Flexiwan_ucpe2. - - - - VNF Type: - flexiWAN. - - - - VNFD Version: 1.0. - - - - Flavour: Canonical. - - - - uCPE Device: Ucpe2. - - - - Cloud Init File: - flexiWAN2_cloudinit.iso. - - - Example image provided. Please see the Appendix for - details on how to change the configuration and create a new - cloud-init iso image. - - - Click Domain Update Script. - - - - Create the wan Interface: - - ID: - wan. - - Type: - dpdk tap. - - IF Name: Bridge: - ibm_br. - - Click Create. - - - - Create the lan Interface: - - ID: - lan. - - Type: - dpdk tap. - - IF Name: Bridge: - sfc_br. - - Click Create. - - - - - - Instantiate the pfSense VNF by selecting the - ucpe2 device, then the VNF menu -> - Instances -> Add. - - Use the following values to fill the required fields: - - - - Name: - Pfsense_ucpe2. - - - - VNF Type: - pfSense. - - - - VNFD Version: 1.0. - - - - Flavour: Canonical. - - - - uCPE Device: Ucpe2. - - - - Cloud Init File: - pfsense_192_168_2_1.iso. - - Click Domain Update Script. - - - - Create the wan Interface: - - ID: - wan. - - Type: - dpdk tap. - - IF Name: Bridge: - sfc_br. - - Click Create. - - - - Create the lan Interface: - - ID: - lan. - - Type: - dpdk tap. - - IF Name: Bridge: - lan_br. - - Click Create. - - - - Create the mgmt Interface: - - ID: - mgmt. - - Type: - dpdk tap. - - IF Name: Bridge: - vnf_mgmt_br. - - Click Create. - - - - - -
- Overview - - - - - - -
-
- -
- Configuring FlexiWAN - - Connect to https://app.flexiwan.com and make - sure you have an account and at least two valid device tokens. - - Proceed to the Investoryis this accurate? menu, - click on Devices, the devices should already be present - and need to be set. - - How to set a device - - - - Select each device and make sure to set the following - values: - - - - - - Target1(ucpe1) - - Target1(ucpe2) - - - - Device Name: target1 - - Device Name: target2 - - - - Description: Set IPv4 for the second interface - (ens3): 10.0.1.1/24. - - Description: Set IPv4 for the second interface - (ens3): 10.0.2.1/24. - - - - Set "Approved". - - Set "Approved". - - - - Click "Update Device". - - Click "Update Device". - - - -
- - - - Select the option for each device to be put in the "running" - state. - - - - Wait for each "vRouter" to enter the running state. - - - - Select the main top up checkbox in order to select all devices - and hit "Create Tunnels". At this moment a direct connection should be - available between those two targets. - - - - - For the pfSense VNF there is no need for manual configuration. The - configuration provided into the cloud init image is good enough to run - the setup. - -
- \ No newline at end of file diff --git a/doc/book-enea-nfv-access-evalkit-2.2.1/doc/introduction.xml b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/introduction.xml index c294a77..4702cb0 100644 --- a/doc/book-enea-nfv-access-evalkit-2.2.1/doc/introduction.xml +++ b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/introduction.xml @@ -2,6 +2,12 @@ Introduction + The NFV Access EvalKit offered by Enea contains software that can be + used to deploy an SD-WAN setup. The branch-to-branch setup uses two + opensource based VNFs: flexiWAN and pfSense. These VNFs are provided as + examples and the configuration used only works on the documented + setup. + Enea NFV Access for the universal Customer Premise Equipment (uCPE) is a virtualization and management platform, which allows end-users to introduce, instantiate, and run third-party VNFs onto their systems. @@ -25,7 +31,7 @@ The current Enea NFV Access solution provides a working and deployable configuration as an example for branch-to-branch connection setup using the - flexiWAN and pfSense VNFs service chained together on a uCPE device. + flexiWAN and pfSense VNFs service chained together on a uCPE device. This document will present all information required to replicate the use cases described therein in the user's environment. The first part of @@ -63,7 +69,7 @@ The Automation Framework consists of a set of tooling and a collection of Python based scripts that can be used to automate the process of onboarding a VNF with all of the required configuration for - day zero deployment at scale. + day zero deployment at scale. This tooling calls the auto generated REST API that's exposed on the uCPE Manager as a north bound interface. diff --git a/doc/book-enea-nfv-access-evalkit-2.2.1/doc/prerequisites.xml b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/prerequisites.xml index 1b348ee..943e1ef 100644 --- a/doc/book-enea-nfv-access-evalkit-2.2.1/doc/prerequisites.xml +++ b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/prerequisites.xml @@ -6,7 +6,7 @@ Prerequisites - Required Elements + Required Elements @@ -21,45 +21,39 @@ - uCPE device + Two uCPE whitebox devices containing: - Processor Xeon-D/atom-C3000 + Processor: Intel xeon-D/atom-C3000 with min. 4 + CPUs. - 2 x network interfaces + Min. 2 network interfaces. - SSD storage + Min. 10 GB SATA storage. - 8GB RAM + Min 8 GB RAM. - This is an example hardware configuration available in - the Enea Lab. + One network interface connected to WAN. - One of the SFP ports is connected to a network with - DHCP server access (receiving a dynamic IP based on - MAC). + One network interface to be used for LAN. - The device has network access to the uCPE - Manager. - - - - NFV Access is installed on the device. Please see the - Enea NFV Access Getting Started Manual, - chapter "Enea NFV Access Installer" for more details. + NFV Access installed on both uCPE devices. Please see + Enea NFV Access Getting Started Manual, chapter "Enea NFV + Access Installer"make this into an olink + for more details. @@ -72,19 +66,20 @@ The uCPE Manager is installed on this host or virtual machine. Pease see the Enea NFV Access Getting Started Manual, chapter "Getting Started with - Enea uCPE Manager" for more details. + Enea uCPE Manager" for more details make this into + an olink. - The uCPE Manager must have access to the me1100 - target. + The uCPE Manager must have access to the uCPE + device. A web browser will access the management interface of the VNFs. Management interfaces of the VNF can be accessed - from any machine connected on the same network with the - me1100 target. + from any machine connected on the same network with the uCPE + device. @@ -96,8 +91,23 @@
Release structure - - - + |----enea-nfv-access-atom-c3000-20191210210825.hddimg +|----ea-nfv-access-xeon-d-20191210210913.hddimg +|----nfvaccess2.2.1_af-th.zip +|----ucpeManager_1.0.1_b3-CentOS.tar.gz +|----doc +|----VNFs + |----EneaVNF + |----enea-nfv-access-vnf-qemux86-64.wic.qcow2 + |----flexiWAN + |----flexiWAN_cloudinit.iso + |----flexiWAN.qcow2 + |----flexiwant-cloud-init-example.tar.gz + |----pfSense + |----pfsense_192_168_1_1.iso + |----pfsense_192_168_2_1.iso + |----pfsense_config_192_168_1_1.xml + |----pfsense_config_192_168_2_1.xml + |----pfSense.qcow2
\ No newline at end of file diff --git a/doc/book-enea-nfv-access-evalkit-2.2.1/doc/run_example_uc_auto_fm.xml b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/run_example_uc_auto_fm.xml index 455ac1f..02a29df 100644 --- a/doc/book-enea-nfv-access-evalkit-2.2.1/doc/run_example_uc_auto_fm.xml +++ b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/run_example_uc_auto_fm.xml @@ -2,40 +2,36 @@ Running Example Use-cases from the Automation Framework -
- Setup on ucpe1 + In order to run example use-cases from the Automation Framework, + offline configurations need to be added for both uCPE devices and for the + VNFs to be onboarded. - How to Deploy fexiwan and pfsense VNFs on - ucpe1 + > python unittestSuite.py -u admin -p admin -H 172.24.3.109 \ +-o ucpem -s test_EvalKit_addOfflineConfig_and_onBoardVNFs.json -d \ +"Set - offline config for uCPE1 and uCPE2" - > cd automation_and_systemtest/automation_framework/unittestSuite -> python unittestSuite.py -u admin -p admin -H <uCPE_Manager_IP> \ --n ucpe1 -s flexiwan_pfsense_ucpe1.json -d "ucpe1 Deployment" +#add device1 +> python unittestSuite.py -u admin -p admin -H 172.24.3.109 -n fwa_1012vc-1 \ +-s test_EvalKit_Deploy1.json -d "Add taget1 and instantiate VNFs" - Clean-up: +#add device2 +> python unittestSuite.py -u admin -p admin -H 172.24.3.109 -n intelc3850-1 \ +-s test_EvalKit_Deploy2.json -d "Add taget2 and instantiate VNFs" - > python unittestSuite.py -u admin -p admin -H <uCPE_Manager_IP> \ --n ucpe1 -s ucpe1Cleanup.json -d "ucpe1 Clean-up" -
+ Once done, the device configurations need to be cleaned up: -
- Setup on ucpe2 + > python unittestSuite.py -u admin -p admin -H 172.24.3.109 -n fwa_1012vc-1 \ +-s test_EvalKit_Cleanup1.json -d "Cleanup config on taget1" - How Deploy fexiwan and pfsense VNFs on - ucpe2 +> python unittestSuite.py -u admin -p admin -H 172.24.3.109 -n intelc3850-1 \ +-s test_EvalKit_Cleanup2.json -d "Cleanup config on taget2" - > cd automation_and_systemtest/automation_framework/unittestSuite -> python unittestSuite.py -u admin -p admin -H <uCPE_Manager_IP> \ --n ucpe2 -s flexiwan_pfsense_ucpe2.json -d "ucpe2 Deployment" +> python unittestSuite.py -u admin -p admin -H 172.24.3.109 -o ucpem -s \ +test_EvalKit_CleanupZTP_and_offboardVNFs.json -d \ +"Cleanup offline configuration and OffBoard VNFs" - Clean-up: - - > python unittestSuite.py -u admin -p admin -H <uCPE_Manager_IP> \ --n ucpe1 -s ucpe1Cleanup.json -d "ucpe1 Clean-up" - - - Please replace <uCPE_Manager_IP> with IP address of uCPE - Manager machine. - -
+ + Replace the <uCPE_Manager_IP> with the IP address of uCPE + Manager machine. + \ No newline at end of file diff --git a/doc/book-enea-nfv-access-evalkit-2.2.1/doc/sdwan_arch.xml b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/sdwan_arch.xml new file mode 100644 index 0000000..c5da1bc --- /dev/null +++ b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/sdwan_arch.xml @@ -0,0 +1,1452 @@ + + + SD-WAN architecture + + Software-Defined Wide Area Networking (SD-WAN), provides the benefits + of software-defined networking (SDN) technology to traditionally + hardware-based networking. It is an overlay architecture providing a + networking foundation that is much easier to manage than legacy WANs, + essentially moving the control layer to the cloud and in the process, + centralizing and simplifying network management. This overlay design + abstracts software from hardware, enabling network virtualization and making + the network more elastic. + + The setup detailed in this chapter looks to cover all the steps + required to create a connection between two branch offices. On each site a + uCPE device is installed and connected to a WAN network. NFV Access should + already be installed on each uCPE device, and with it the flexiWAN and + pfSense VNFs will be instantiated on each site. + + The flexiWAN VNF will create the tunnel between the two branches while + the pfSense VNF (connected in the service chain), will cover the + communication with LAN on each branch. The setup will be configured from the + uCPE Manager GUI, accessible from any web browser if connected to the IP + address of uCPE Manager machine. + + The default login credentials for both username and password are + admin/admin. + +
+ Branch to Branch Connection Overview + + + + + + +
+ + The figure above represents the uCPE configuration of one of the + branches. The second uCPE device (site2) will be configured in a similar + way, described in the following sections. + + Since there is only one physical network interface connected to WAN, + the configuration allows for multiple types of traffic to pass over this + interface. The ibm_br bridge is the main bridge that + connects the physical network interface to the virtual + infrastructure. + + The Data-Path represents the traffic that passes over the physical + interface between the in-band management bridge (ibm_br), + the flexiWAN VNF, the service chain bridge (sfc_br), the + pfSense VNF, and the lan_br bridge to finally reach the + LAN. + + The VNF management interface for the pfSense VNF can be accessed from + WAN using a web browser. VNF management for flexiWAN is done from a + centralized management location where the user needs an account in order to + have access. Please contact the flexiWAN VNF provider before beginning to + set up the configuration. + + For infrastructure configuration of each uCPE device Zero Touch + Provisioning (ZTP) will be used. This is a feature that allows the user to + create an offline configuration before starting and connecting a uCPE device + to the uCPE Manager. NFV Access allows a user to preconfigure interfaces and + bridges using ZTP so that, all that is left to do in order to have a full + setup running correctly after adding uCPE devices, is simply instantiation + of the VNFs on the designated devices. + +
+ Preliminary Setup + + + + Connect each uCPE device to the network/Internet using one + physical interface as the designated WAN access interface. + + + The uCPE device must have Internet access beforehand. + + + + + Install NFV Access on the uCPE devices. See the make + this into an olink Enea NFV Access Getting Started manual, + chapter Installing Enea NFV Access, for more details. + + + + Install the uCPE Manager on the CentOS host or VM. See the + make this into an olink Enea NFV Access Getting + Started manual, chapter Getting Started with Enea uCPE Manager, for + more details. + + + The uCPE Manager host machine must be connected to the network + so all uCPE devices can access the internet. + + + + + Connect to the uCPE Manager: https://<uCPE Manager + IP> + + +
+ +
+ The uCPE Manager + + Log into the uCPE manager with the username and password + "admin". + + In this setup Zero Touch Provisioning (ZTP) will be used to + preconfigure the infrastructure in the uCPE Manager for each device. The + interface and bridge configurations are pushed onto each uCPE device when + connected. + + Onboarding is the process of registering VNFs into the uCPE Manager + after devices are configured for the VNF(s) they will host and added into + the Manager. The flexiWAN and pfSense VNFs are used along with example + configuration data. + +
+ Onboarding the FlexiWAN VNF + + Add a VNF by accessing the VNF menu from the + top toolbar then Descriptors -> + On-board -> VM Image. + + Use the following values to fill the required fields: + +
+ + + + VM image file + + + flexiWAN.qcow2 + + + + + Image format + + QCOW2 + + + + VNF Type Name + + flexiWAN + + + + Description + + Flexiwan VNF + + + + Version + + 1.0 + + + + Memory in MB + + 4096. More memory can be allocated if required. + + + + Num of CPUs + + 2. More CPUs can be reserved if required and + available. + + + + Interfaces to add: + + wan and lan + + + + Cloud Init -> Cloud-Init Datasource + + ISO + + + + Cloud Init -> Cloud-Init Disk Type + + cdrom + + + + Onboard + + Wait for the message: "VNF package onboarded + successfully" then close the pop-up. + + + +
+ + +
+ Onboarding the pfSense VNF + + Add the other VNF by accessing the VNF menu + from the top toolbar once again, then Descriptors + -> On-board -> VM + Image. + + Use the following values to fill the required fields: + + + + + + VM image file + + + pfSense.qcow2 + + + + + Image format + + QCOW2 + + + + VNF Type Name + + pfSense + + + + Description + + pfSense VNF + + + + Version + + 1.0 + + + + Memory in MB + + 1024 + + + + Num of CPUs + + 1 + + + + Interfaces to add: + + wan, lan and mgmt. + + + + Cloud Init -> Cloud-Init Datasource + + ISO + + + + Cloud Init -> Cloud-Init Disk Type + + cdrom + + + + Properties to add: + + + + + Name: vnfMgmtIpAddress. Value: + 10.0.0.31 + + + + Name: internalMgmtPort. Value: + 4432 + + + + Name: externalMgmtPort. Value: + 600023 + + + + + + + Onboard + + Wait for the message: "VNF package onboarded + successfully" then close the pop-up. + + + +
+ + Please note the following: + + + + 1vnfMgmtIpAddress (10.0.0.3) + represents the IP address of the management interface of the pfSense + VNF. Changing this value requires an update of the pfSense + configuration to match the new IP address. + + + + 2HTTPS access (443) can be changed + to another type of access. Please consult the official pfSense + documentation for more details and make sure the pfSense VNF is + configured to accept another type of connection before changing the + port number. + + + + 3externalMgmtPort (60002) + represents the external port on which a user can access the VNF + management interface from a web browser. The user can select another + port if needed. There are no other changes required or components + affected by this change. + + +
+ +
+ Offline Configuration for uCPE device1 + + A Zero Touch Provisioning configuration for a device is done in + two steps from the uCPE Manager's GUI. The first step is to create a + data store and then to add the offline configuration for the device + infrastructure into that data store. + + + + Create the "device1" data + store: Applications -> + Offline Config -> + Add. + + Use the following values to fill the required fields: + + + + + + + + Name + + + Device1 + + + + + Device Type + + Enea universal CPE + + + + Device Version + + 2.2.1 + + + + Config Set + + uCPE Config + + + + + deviceId + + + The ID extracted from device1 after running + list_deviceID.sh. + + + +
+ + Press the Create button. + + + + Prepare the infrastructure configuration for device1 in the + data store: Applications -> Offline + Config -> <select "device1" data store> -> + Config App.... This window layout is very similar + to the Configuration window of a device. + + + + Disable the DPDK: DPDK -> + Advanced Settings -> uncheck Enable + DPDK to disable the DPDK and click "Create". + + + + Configure the host + interface(s): select the device -> + Configuration -> + OpenVSwitch -> Host + Interfaces -> Add. + + Use the following values to fill the required fields: + + + + Source: + enp7s0f1. + This is just an example interface. The user must + select the interface needed for use with the LAN + connection. + + + + + Type: N/A. + + + + networking-type: + standard. + + + + dpdk-type: N/A. + + + + Click Create, and the + enp7s0f1 interface will be ready to use in a + bridge (LAN). + + + + Configure the bridges: select + the device -> Configuration -> + OpenVSwitch -> Bridges + -> Add. + + Use the following values to fill the required fields for the + four bridges that need to be created: + + ibm_br: + + + + Name: + ibm_br. + + + + ovs-bridge-type: + inbandMgmt. + + + + mgmt-address: + Provide the IPv4 address of the uCPE Manager machine (E.g. + 172.24.3.109). + + + + mgmt-port: + 830. + + + + Click Create. + + + + vnf_mgmt_br: + + + + Name: + vnf_mgmt_br. + + + + ovs-bridge-type: + vnfMgmt. + + + + vnf-mgmt-address: + 10.0.0.1 + + + + Click Create. + + + + sfc_br: + + + + Name: + sfc_br. + + + + ovs-bridge-type: + dataPlane. + + + + Sub-type: + integration. + + + + Click Create. + + + + lan_br: + + + + Name: + lan_br. + + + + ovs-bridge-type: + dataPlane. + + + + Sub-type: + communication. Name: enp7s0f1 + + + + Click Create. + + + + +
+ +
+ Offline Configuration for uCPE device2 + + A Zero Touch Provisioning configuration for a device is done in + two steps from the uCPE Manager's GUI. The first step is to create a + data store and then to add the offline configuration for the device + infrastructure into that data store. + + + + Create the "device2" data + store: Applications -> + Offline Config -> + Add. + + Use the following values to fill the required fields: + + + + + + + + Name + + + Device2 + + + + + Device Type + + Enea universal CPE + + + + Device Version + + 2.2.1 + + + + Config Set + + uCPE Config + + + + + deviceId + + + The ID extracted from device2 after running + list_deviceID.sh. + + + +
+ + Press the Create button. + + + + Prepare the infrastructure configuration for device2 in the + data store: Applications -> Offline + Config -> <select "device2" data store> -> + Config App.... This window layout is very similar + to the Configuration window of a device. + + + + Disable the DPDK: DPDK -> + Advanced Settings -> uncheck Enable + DPDK to disable the DPDK and click "Create". + + + + Configure the host + interface(s): select the device -> + Configuration -> + OpenVSwitch -> Host + Interfaces -> Add. + + Use the following values to fill the required fields: + + + + Source: + eno4. + This is just an example interface. The user must + select the interface needed for use with the LAN + connection. + + + + + Type: standard. + + + + networking-type: + standard. + + + + dpdk-type: N/A. + + + + Click Create, and the + eno4 interface will be ready to use in a bridge + (LAN). + + + + Configure the bridges: select + the device -> Configuration -> + OpenVSwitch -> Bridges + -> Add. + + Use the following values to fill the required fields for the + four bridges that need to be created: + + + + ibm_br: + + + + Name: + ibm_br. + + + + ovs-bridge-type: + inbandMgmt. + + + + mgmt-address: Provide + the IPv4 address of the uCPE Manager machine (E.g. + 172.24.3.109). + + + + mgmt-port: + 830. + + + + Click Create. + + + + vnf_mgmt_br: + + + + Name: + vnf_mgmt_br. + + + + ovs-bridge-type: + vnfMgmt. + + + + vnf-mgmt-address: + 10.0.0.1 + + + + Click Create. + + + + sfc_br: + + + + Name: + sfc_br. + + + + ovs-bridge-type: + dataPlane. + + + + Sub-type: + integration. + + + + Click Create. + + + + lan_br: + + + + Name: + lan_br. + + + + ovs-bridge-type: + dataPlane. + + + + Sub-type: + communication. Name: eno4 + + + + Click Create. + + + + +
+ +
+ Uploading the offline Configuration + + In this context and example setup, which uses ZTP, the offline + configuration can be uploaded and applied on a uCPE device only once. If + the setup needs to be rerun on a device where ZTP was already used, + please do the following: + + + + Add the device manually from the uCPE manager GUI. + + + + Clean the entire configuration on the device. + + + + Reset the ZTP: device -> Configure -> + Host -> initial-config-complete: false -> Apply. + + + + Delete the device from the uCPE Manager. + + +
+ + +
+ Adding the uCPE device1 into the uCPE Manager + + Access the Devices menu, then + Manage -> Add. + + Use the following values to fill the required fields: + + + + + + + + Type + + Enea universal CPE + + + + Release + + 1.0 + + + + Name + + Ucpe1 + + + + IP/DNS Address + + Dynamic IP received by the device from the DHCP server + (E.g. 172.24.12.74). + + + + Description + + ucpe device site 1 + + + + SSH Port + + 830 + + + + SSH User Name + + root + + + + Password + + + + + + Device ID + + Extract the device ID from device1, by running + list_deviceID.sh. + + + + OK + + + + + Green status indicates connection with the device was + established. + + + To add the device on the map: Right-Click on + the Map -> Place Device -> ucpe1. + + + + + +
+
+ +
+ Adding the uCPE device2 into the uCPE Manager + + Access the Devices menu, then + Manage -> Add. + + Use the following values to fill the required fields: + + + + + + + + Type + + Enea universal CPE + + + + Release + + 1.0 + + + + Name + + Ucpe2 + + + + IP/DNS Address + + Dynamic IP received by the device from the DHCP server + (E.g. 172.24.12.74). + + + + Description + + ucpe device site 2 + + + + SSH Port + + 830 + + + + SSH User Name + + root + + + + Password + + + + + + Device ID + + Extract the device ID from device2, by running + list_deviceID.sh. + + + + OK + + + + + Green status indicates connection with the device was + established. + + + To add the device on the map: Right-Click on + the Map -> Place Device -> ucpe2. + + + + + +
+ + After the two devices are added into the uCPE Manager all offline + configuration data prepared for them is pushed automatically onto the + devices. To check if a device is configured, add the device onto the map + and select <ucpe1> -> Configuration -> + OpenVSwitch -> Bridges. +
+ +
+ FlexiWAN VNF Instantiation on device1 + + Instantiate the FlexiWAN VNF by selecting the ucpe1 device, then the + VNF menu -> Instances -> + Add. + + Use the following values to fill the required fields: + + + + Name: + Flexiwan_ucpe1. + + + + VNF Type: + flexiWAN. + + + + VNFD Version: 1.0. + + + + Flavour: Canonical. + + + + uCPE Device: Ucpe1. + + + + Cloud Init File: + flexiWAN_cloudinit.iso. + + + Example image provided. Please see the Appendix for details on + how to change the configuration and create a new cloud-init iso + image. + + + Click Domain Update Script. + + + + Create the wan Interface: + + ID: + wan. + + Type: + tap. + + IF Name: Bridge: + ibm_br. + + Click Create. + + + + Create the lan Interface: + + ID: + lan. + + Type: dpdk + tap. + + IF Name: Bridge: + sfc_br. + + Click Create. + + +
+ +
+ pfSense VNF Instantiation on device1 + + Instantiate the pfSense VNF by selecting the ucpe1 device, then the + VNF menu -> Instances -> + Add. + + Use the following values to fill the required fields: + + + + Name: + Pfsense_ucpe1. + + + + VNF Type: + pfSense. + + + + VNFD Version: 1.0. + + + + Flavour: Canonical. + + + + uCPE Device: Ucpe1. + + + + Cloud Init File: + pfsense_192_168_1_1.iso. + + Click Domain Update Script. + + + + Create the wan Interface: + + ID: + wan. + + Type: + tap. + + IF Name: Bridge: + sfc_br. + + Click Create. + + + + Create the lan Interface: + + ID: + lan. + + Type: + tap. + + IF Name: Bridge: + lan_br. + + Click Create. + + + + Create the mgmt Interface: + + ID: + mgmt. + + Type: + tap. + + IF Name: Bridge: + vnf_mgmt_br. + + Click Create. + + +
+ +
+ FlexiWAN VNF Instantiation on device2 + + Instantiate the FlexiWAN VNF by selecting the ucpe2 device, then the + VNF menu -> Instances -> + Add. + + Use the following values to fill the required fields: + + + + Name: + Flexiwan_ucpe2. + + + + VNF Type: + flexiWAN. + + + + VNFD Version: 1.0. + + + + Flavour: Canonical. + + + + uCPE Device: Ucpe2. + + + + Cloud Init File: + flexiWAN_cloudinit.iso. + + + Example image provided. Please see the Appendix for details on + how to change the configuration and create a new cloud-init iso + image. + + + Click Domain Update Script. + + + + Create the wan Interface: + + ID: + wan. + + Type: + tap. + + IF Name: Bridge: + ibm_br. + + Click Create. + + + + Create the lan Interface: + + ID: + lan. + + Type: + tap. + + IF Name: Bridge: + sfc_br. + + Click Create. + + +
+ +
+ pfSense VNF Instantiation on device2 + + Instantiate the pfSense VNF by selecting the ucpe2 device, then the + VNF menu -> Instances -> + Add. + + Use the following values to fill the required fields: + + + + Name: + Pfsense_ucpe2. + + + + VNF Type: + pfSense. + + + + VNFD Version: 1.0. + + + + Flavour: Canonical. + + + + uCPE Device: Ucpe2. + + + + Cloud Init File: + pfsense_192_168_2_1.iso. + + Click Domain Update Script. + + + + Create the wan Interface: + + ID: + wan. + + Type: + tap. + + IF Name: Bridge: + sfc_br. + + Click Create. + + + + Create the lan Interface: + + ID: + lan. + + Type: + tap. + + IF Name: Bridge: + lan_br. + + Click Create. + + + + Create the mgmt Interface: + + ID: + mgmt. + + Type: + tap. + + IF Name: Bridge: + vnf_mgmt_br. + + Click Create. + + + + Once all VNFs are up and running, the setup is ready for final VNF + configuration and testing. + +
+ SD-WAN branch-to-branch connection setup Overview + + + + + + +
+ + In order to have the full setup working properly, a tunnel between + two SD-WAN devices needs to be created. The FlexiWAN VNF provides the + functionality to create the VPN tunnel. +
+ +
+ FlexiWAN configuration + + Connect to https://app.flexiwan.com and make + sure you have an account and at least two valid device tokens. For more + information please contact the flexiWAN VNF provider. + + Proceed to the Inventory menu, click on Devices, + the devices should already be present and need to be configured. + + How to configure a device + + + + Select each device and make sure to set the following + values: + + + + + + Device1(ucpe1) + + Device2(ucpe2) + + + + Device Name: Device1 + + Device Name: Device2 + + + + Description: Set IPv4 for the second interface + (ens3): 10.0.1.1/24. + + Description: Set IPv4 for the second interface + (ens3): 10.0.2.1/24. + + + + Set "Approved". + + Set "Approved". + + + + Click "Update Device". + + Click "Update Device". + + + +
+ + + uCPE devices can installed under the same local network, i.e. + having the same public IP, or on different networks (different + public IPs). If both devices are installed under same local network + (same public IP), delete the public IP address from the device + configuration before creating a tunnel: https://app.flexiwan.com + -> Inventory -> Devices + -> <device> -> Public IP. + + + + + Select the ">" option for each device to be put in the + "running" state. + + + + Wait for each "vRouter" device to also enter the "running" + state. + + + + Select the main top up checkbox in order to select all devices + and hit "Create Tunnels". At this moment a direct connection should be + available between those two devices. You can check if the tunnel was + created by selecting Inventory -> Tunnels. + + +
+ +
+ pfSense configuration + + For the pfSense VNF there is no need for manual configuration. The + configuration provided into the cloud init image is good enough to run the + setup. + + The management interface can be accessed from a web browser at: + https://<deviceIP>:60002 +
+ \ No newline at end of file diff --git a/doc/book-enea-nfv-access-evalkit-2.2.1/doc/setup_cleanup.xml b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/setup_cleanup.xml index 0261844..78bf5ed 100644 --- a/doc/book-enea-nfv-access-evalkit-2.2.1/doc/setup_cleanup.xml +++ b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/setup_cleanup.xml @@ -5,42 +5,42 @@ In order to remove the setup created in the previous chapter all components need to be deleted in reverse order: - + - Select the ucpe1 target, access the VNF menu + Select the ucpe1 device, access the VNF menu then Instances FlexiWAN and pfSense and press Delete. - Select the ucpe1 target, access the + Select the ucpe1 device, access the Configuration menu, then OpenVSwitch -> Bridges. Select all bridges and press Delete. - Select the ucpe1 target, access the + Select the ucpe1 device, access the Configuration menu, then OpenVSwitch -> Host Interfaces. Select all interfaces and press Delete. - Select the ucpe2 target, access the VNF menu + Select the ucpe2 device, access the VNF menu then Instances FlexiWAN and pfSense and press Delete. - Select the ucpe2 target, access the + Select the ucpe2 device, access the Configuration menu, then OpenVSwitch -> Bridges. Select all bridges and press Delete. - Select the ucpe2 target, access the + Select the ucpe2 device, access the Configuration menu, then OpenVSwitch -> Host Interfaces. Select all interfaces and press Delete. @@ -48,7 +48,14 @@ Access the VNF menu, select - Descriptors. Select all bundles press Delete. + Descriptors. Select each descriptor and off-board + them. + + + + Access the Applications menu, select + Offline Config. Select both device configurations and + delete them. \ No newline at end of file diff --git a/doc/book-enea-nfv-access-evalkit-2.2.1/doc/validating_setup.xml b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/validating_setup.xml index fa3b07e..85ea1f4 100644 --- a/doc/book-enea-nfv-access-evalkit-2.2.1/doc/validating_setup.xml +++ b/doc/book-enea-nfv-access-evalkit-2.2.1/doc/validating_setup.xml @@ -13,7 +13,8 @@ Connect to: https://<publicIP>:60002 with - the username: admin and the password: pfsense. + the username: admin and the password: pfsense. + Please make sure the WAN interface of each device has access to the internet. @@ -29,8 +30,9 @@ - Check for a dynamic IP. The pfSense LAN interface is configured - with a DHCP server:> dhclient eth1 + Check for a dynamic IP. The pfSense LAN interface is configured with a DHCP server and should provide an IP 192.168.1/2.XXX: + + > dhclient eth1 > ping 192.168.2.1 -- cgit v1.2.3-54-g00ecf