From b896260295d6eef7cd015b6110ca89673d242048 Mon Sep 17 00:00:00 2001 From: Dan Andresan Date: Wed, 22 Jan 2020 17:17:56 +0100 Subject: BookExampleUseCases: add 128T Router Added 128T VNF Setup as standalone VNF and as service chain with Fortigate. The documentation matches 2.2.1 release by: - renaming dpdkWan to inbandMgmt - renaming canonical without interfaces to dataPlane - integration - renaming canonical with interfaces to dataPlane - communication Change-Id: I1ba7c89eab5a085bd7621eeb23b2cf07f702c681 Signed-off-by: Dan Andresan --- .gitreview | 5 + .../doc/128t_vnf_router.xml | 716 +++++++++++++ .../doc/appendix_1.xml | 63 ++ .../doc/appendix_2.xml | 326 ++++++ .../doc/appendix_3.xml | 7 + .../doc/appendix_4.xml | 52 + .../doc/appendix_5.xml | 213 ++++ .../doc/book.xml | 21 + .../doc/images/trgt.png | Bin 0 -> 73441 bytes .../doc/images/trgt_servicechain.png | Bin 0 -> 52066 bytes .../doc/service_chaining_128t_fortigate.xml | 1065 ++++++++++++++++++++ 11 files changed, 2468 insertions(+) create mode 100644 .gitreview create mode 100644 doc/book-enea-nfv-access-example-usecases/doc/128t_vnf_router.xml create mode 100644 doc/book-enea-nfv-access-example-usecases/doc/appendix_1.xml create mode 100644 doc/book-enea-nfv-access-example-usecases/doc/appendix_2.xml create mode 100644 doc/book-enea-nfv-access-example-usecases/doc/appendix_3.xml create mode 100644 doc/book-enea-nfv-access-example-usecases/doc/appendix_4.xml create mode 100644 doc/book-enea-nfv-access-example-usecases/doc/appendix_5.xml create mode 100644 doc/book-enea-nfv-access-example-usecases/doc/images/trgt.png create mode 100644 doc/book-enea-nfv-access-example-usecases/doc/images/trgt_servicechain.png create mode 100644 doc/book-enea-nfv-access-example-usecases/doc/service_chaining_128t_fortigate.xml diff --git a/.gitreview b/.gitreview new file mode 100644 index 0000000..30e070b --- /dev/null +++ b/.gitreview @@ -0,0 +1,5 @@ +[gerrit] +host=gerrit.enea.se +port=29418 +project=linux/el_releases-nfv-access +defaultbranch=rocko diff --git a/doc/book-enea-nfv-access-example-usecases/doc/128t_vnf_router.xml b/doc/book-enea-nfv-access-example-usecases/doc/128t_vnf_router.xml new file mode 100644 index 0000000..9af1a89 --- /dev/null +++ b/doc/book-enea-nfv-access-example-usecases/doc/128t_vnf_router.xml @@ -0,0 +1,716 @@ + + + 128T VNF Router Example Use-case + + The 128T Networking Platform (128T) natively provides network-based + security, control, and insight across data centers, wide-area networks + (WAN), and edge locations for enterprises, service providers, and cloud + companies alike. + +
+ Prerequisites + + The following are needed for this example use case: + + + + 1 in band management port for device management. + + + + 1 in band management port for 128T VNF. + + + + 1 WAN interface for 128T. + + + + 1 LAN interface for 128T. + + +
+ +
+ 128T VNF Router + +
+ 128T VNF Router Setup Overview + + + + + + +
+ +
+ Use-case Setup + + Configuring Network Interfaces on uCPE + devices: + + Log into the uCPE Manager with both username and password + values: admin. + + + + Add the trgt uCPE device into the uCPE Manager: + Devices -> Manage -> Add. + + Fill in the required fields with the following data: + + + Device Details + + + + + + + + + + + Field + + Value + + + + + + Type + + Enea universal CPE + + + + Release + + 1.0 + + + + Name + + trgt + + + + IP/DNS Address + + Dynamic IP received by device from DHCP server + (E.g.: 172.24.12.74). + + + + Description + + Target 1 + + + + SSH Port + + 830 + + + + SSH User Name + + root + + + + Password + + null + + + + OK + + Green status indicates connection with uCPE device + was established. + + + +
+ + + + In order to add the device on the map: Right-Click on + Map -> Place Device -> trgt. + + + + Configure the virtualization infrastructure for 128T VNF by + creating three OVS bridges and a host interface. + + Select the trgt device then: Configuration -> + OpenVSwitch -> Bridges -> Add. Fill in the + required fields for each bridge with the following data from each + table: + + + ibm_br Bridge Details + + + + + + + + + + + Field + + Value + + + + + + id + + <autogenerated - do not change> + + + + Name + + ibm_br + + + + ovs-bridge-type + + inbandMgmt + + + + mgmt-address + + Provide the IP address of the uCPE Manager machine + (E.g. 172.24.3.109). + + + + mgmt-port + + 830 + + + + Create + + The system will automatically select the + physical interface that has access to the uCPE + Manager. + + + +
+ + + vnf_mgmt_br Bridge Details + + + + + + + + + + + Field + + Value + + + + + + id + + <autogenerated - do not change> + + + + Name + + vnf_mgmt_br + + + + ovs-bridge-type + + vnfMgmt + + + + vnf-mgmt-address + + 10.0.0.1 + + + + Create + + + + + +
+ + + lan_br Bridge Details + + + + + + + + + + + Field + + Value + + + + + + id + + <autogenerated - do not change> + + + + Name + + lan_br + + + + ovs-bridge-type + + dataPlane + + + + sub-type + + communication + + + + + + + Name: enp4s0f1 OK + + + + Create + + + + + +
+ + Add the Host Interface by selecting the trgt device, then + Configuration -> OpenVSwitch -> Host Interfaces + -> Add. + + + + Fill in the required fields with the following data: + + + Host Interface Details + + + + + + + + + + + Field + + Value + + + + + + Source + + enp4s0f1. The only interface + available for LAN connection. + + + + type + + dpdk + + + + networking-type + + dpdk + + + + dpdk-type + + vfio-pci + + + + Create + + <interface enp4s0f1 ready to be used in a LAN + bridge.> + + + +
+ + + + Onboarding the VNFs: + + Onboard the VM Image through VNF -> Descriptors -> + On-board -> VM Image, and fill in the required fields with + the following values: + + + VM Image Details + + + + + + + + + + + Field + + Value + + + + + + VM image file + + centos_128t_with_ci.qcow2 + + + + Image format + + QCOW2 + + + + VNF Type Name + + 128T + + + + Description + + 128T Router + + + + Version + + 1.0 + + + + Memory in MB + + 8192. More memory can be allocated if required + (<28672). + + + + Num. of CPUs + + 2. More CPUs can be reserved if required + (<15). + + + + Interfaces -> + + + Name: mgmt + + + + Interfaces -> + + + Name: wan + + + + Interfaces -> + + + Name: lan + + + + Cloud Init -> Cloud-Init Datasource + + ISO + + + + Cloud Init -> Cloud-Init Disk Type + + cdrom + + + + Properties -> + + + Name: vnfMgmtIpAddress. Value: 10.0.0.2 + + + + Properties -> + + + Name: internalMgmtPort. Value: 443 + + + + Properties -> + + + Name: externalMgmtPort. Value: 60001 + + + + Onboard + + <Wait for message: VNF package onboarded + successfully> + + + + Close + + + + + +
+ + + + + HTTPS access (443) can be changed with another type of + access. Please consult official 128T documentation and make sure + the 128T VNF is configured to accept another type of connection + before changing the port number. + + + + externalMgmtPort (60001) represents the + external port on which the user can access the VNF management + interface via HTTPS. Another port can be selected if needed. There + are no other changes required or components affected by this + change. + + + + vnfMgmtIpAddress (10.0.0.2) represents + the IP address of the management interface of the 128T VNF. + Changing this value requires an update to the 128T configuration + to match the new IP address. + + + + + Instantiating the VNFs: + + Instantiate the 128T VNF by selecting the trgt device, then + VNF -> Instances -> Add. + + Fill in the required fields with the following values: + + + 128T VNF Instantiation + + + + + + + + + + + Field + + Value + + + + + + Name + + 128T_trgt_1 + + + + VNF Type + + 128T + + + + VNFD Version + + 1.0 + + + + Flavour + + Canonical + + + + uCPE Device + + trgt + + + + Cloud Init File + + centos_128t_internet_ci.iso + + + + Domain Update Script + + + + + + Interfaces + + + + + + ID + + IF Name + + + + mgmt (dpdk) + + Bridge: vnf_mgmt_br + + + + wan (dpdk) + + Bridge: ibm_br + + + + lan (dpdk) + + Bridge: lan_br + + + + Create + + + + + +
+
+ +
+ Testing the Use-case + + In order to access the web interface of the 128T VNF, open a + browser from a machine connected on the same network with the WAN port + of the trgt uCPE device and browse to: + https://<public_trgt_WAN_IP>:60001. Log in + using the following credentials: + + + + Username: admin + + + + Password: 128Tadmin + + + + In order to validate the data path, connect a test machine to the + LAN physical port, assign the static IP and a route:> ifconfig eth3 192.168.64.2 netmask 255.255.255.0 +> ip route add default via 192.168.64.1 dev eth3 +> ping 8.8.8.8For data path validation, it may be required + to generate a new cloud-init image to match your network configuration. + Please check Appendix A: How to create 128T cloud-init iso image (day-0 + configuration), for more details. +
+ +
+ Use-case Clean-up + + In order to remove the setup created previously all components + need to be deleted in reverse order: + + + + Select the trgt uCPE device -> VNF -> Instances -> + 128T -> Delete. + + + + Select the trgt uCPE device -> Configuration -> + OpenVSwitch -> Bridges. Select all bridges -> Delete. + + + + Select the trgt uCPE device -> Configuration -> + OpenVSwitch -> Host Interfaces. Select all interfaces -> + Delete. + + + + VNF -> Descriptors, select all bundles -> + Offboard. + + +
+
+ diff --git a/doc/book-enea-nfv-access-example-usecases/doc/appendix_1.xml b/doc/book-enea-nfv-access-example-usecases/doc/appendix_1.xml new file mode 100644 index 0000000..df262af --- /dev/null +++ b/doc/book-enea-nfv-access-example-usecases/doc/appendix_1.xml @@ -0,0 +1,63 @@ + + + How to create a 128T cloud-init iso image (day-0 + configuration) + + Prerequisites: + + Development host with Linux shell. + + + + genisoimage tool installed. + + + + Unpack the 128T/128t-cloud-init-example.tar.gz + archive and check the README file for more details: + + >tar -zxf 128t-cloud-init-example.tar.gz +>cd 128T/cloud-init-example/ +>ls ./ +README +user-data +meta-data +t128-running.xml + + To generate the cloud-init iso image: + + >genisoimage -output centos_128t_ci.iso -volid cidata -joliet \ +-rock user-data meta-data t128-running.xml + + Notes: + + user-data and meta-data + files must be kept unchanged. + + + + To update the 128T configuration change the + t128-runing.xml file. + + + + XML is the same file downloaded from 128T web access: + configuration -> Import and Export Configuration -> + Export Configuration -> Download Configuration. The + configuration can be updated from a web interface, downloaded onto the + development host and used in generating a new cloud-init iso + image. + + + + By default, t128-running.xml is configured to pass + all traffic from the LAN to the WAN interface. There is only one change + required for the 128T VNF to work on the user's network: + + <rt:next-hop>172.24.15.254</rt:next-hop> + + Please change <172.24.15.254> with the IP address of your + Gateway in the t128-running.xml file and generate a new + iso image as described above. For more details about configuring the 128T + VNF please contact 128 Technologies. + \ No newline at end of file diff --git a/doc/book-enea-nfv-access-example-usecases/doc/appendix_2.xml b/doc/book-enea-nfv-access-example-usecases/doc/appendix_2.xml new file mode 100644 index 0000000..b0a90b2 --- /dev/null +++ b/doc/book-enea-nfv-access-example-usecases/doc/appendix_2.xml @@ -0,0 +1,326 @@ + + + How to create the 128T image for NFV Access + + The following steps were used by Enea to generate the 128T qcow2 image + used as the VNF image on NFV Access. + + + Follow the 128tISO-Install.pdf document and + keep in mind a Virtual Machine was used instead of a physical host. + + + Prerequisites: + + 128T-3.2.7-1.el7.centos.x86_64.iso provided + by 128 Technologies. + + + + A Linux development host with internet access. + + + + A least one of the TAP interfaces connected to a bridge with + Internet access. + + How to create the 128T image for NFV + Access: + + >qemu-img create -f qcow2 128t.qcow2 128G +>qemu-system-x86_64 -enable-kvm -m 8G -cpu host -smp cores=3,sockets=1 \ +-M q35 -nographic bios /usr/share/qemu/bios.bin -boot order=d,menu=on \ +cdrom 128T-3.2.7-1.el7.centos.x86_64.iso \ +hdb 128t.qcow2 \ +device e1000,netdev=net1,mac=52:52:01:02:03:01 \ +netdev tap,id=net1,ifname=tap1,script=no,downscript=no + + + + Press the <ENTER> key to begin the installation + process. + + + + Wait for the distribution and the 128T to install: + + ------------------------------ +128T Packages Installed + +Please Remove Install Media, + +then enter <Yes> to reboot and +continue install process + + <Yes> <No> +------------------------------ + + Press Yes. + + + + Wait to reboot and press CTR+ a+c to enter + the qemu monitor: + + (qemu) quit + + + + Start qemu only with the qcow2 image attached, no installer + image required: + + >qemu-system-x86_64 -enable-kvm -m 8G -cpu host -smp cores=3,sockets=1 \ +-M q35 -nographic bios /usr/share/qemu/bios.bin \ +-boot order=c,menu=on \ +-hda 128t.qcow2 \ +-device e1000,netdev=net1,mac=52:52:01:02:03:01 \ +-netdev tap,id=net1,ifname=tap1,script=no,downscript=no + +------------------------------------------------------------------------------ +Booting from Hard Disk... +. + + * CentOS Linux (3.10.0-514.2.2.el7.x86_64) 7 (Core) + CentOS Linux (0-rescue-4e73a369e89e466a888c9c77655a1d65) 7 (Core) + + + Use the ^ and v keys to change the selection. + Press 'e' to edit the selected item, or 'c' for a command prompt. +------------------------------------------------------------------------------ + + Select the first option. + + + + |-------------------128T Installer-------------------| +| | +| Configure Linux Networking | +| | +| Before 128T SetUp? | +| | +| | +| < Yes > < No > | +|----------------------------------------------------| + + Select NO. + + + + |----------------------------------------------------| +| Please select a role for this node: | +| |----------------------------------------------| | +| | (*) Router | | +| | ( ) Conductor | | +| |----------------------------------------------| | +| | +|----------------------------------------------------| +| < OK > < Back > | +|----------------------------------------------------|Select + Router and OK. + + + + |-------------------Conductor Info-------------------| +| | +| |----------------------------------------------| | +| |1st Conductor Address | | +| |Conductor Address | | +| |----------------------------------------------| | +| | +|----------------------------------------------------| +| < OK > < Skip > < Back > < Help > | +|----------------------------------------------------| + + Select SKIP. + + + + |----------------------HA Setup----------------------| +| What kind of Router node is this? | +| |----------------------------------------------| | +| |(*) Standalone No HA peer | | +| |( ) 1st HA Node HA peer is not set up | | +| |( ) 2nd HA Node HA peer is already set up | | +| |----------------------------------------------| | +| | +| | +|----------------------------------------------------| +| < OK > < Back > | +|----------------------------------------------------|Select + Standalone and OK. + + + + |---------------------Node Info----------------------| +| |----------------------------------------------| | +| | Node Role Router | | +| | Node Name 128tNode | | +| | Router Name 128tRouter | | +| |----------------------------------------------| | +| | +|----------------------------------------------------| +| < OK > < Advanced > < Back > < Help > | +|----------------------------------------------------| + + Enter a name for the router and node, press OK. + + + + |-------------------Password Setup-------------------| +| Enter the new password for the 128T 'admin' | +| user: | +| |----------------------------------------------| | +| | 128Tadmin | | +| |----------------------------------------------| | +| | | +|----------------------------------------------------| +| < OK > < Back > | +|----------------------------------------------------| + + Enter the password for web access: 128Tadmin + and confirm the password. + + + + |--------------------------Anonymous Data Collection--------------------------| +| The 128T Networking Platform comes packaged with a software process | +|("Roadrunner") that is used to proactively monitor the health and liveliness | +|of the 128T Router and associated components. This watchdog process collects | +|anonymous information from the router and sends it to 128 Technology for | +|storage and analysis. This information helps inform 128 Technology about | +|software usage, to aid in the support and improvement of the 128 Technology | +|Networking Platform. | +| | +|Disabling this feature will prevent the sending of anonymous usage data to | +|128 Technology. | +| | +| | +| < Accept > < Back > < Disable > | +|-----------------------------------------------------------------------------| + + Select Accept. + + + + |-----128T Statistics Table Creator-----| +| Created table for metric 760/827 | +| Created table for metric 770/827 | +| Created table for metric 780/827 | +| Created table for metric 790/827 | +| Created table for metric 800/827 | +| Created table for metric 810/827 | +| Created table for metric 820/827 | +| Finished pre-creating stats tables | +| Creating tables for audit events | +| Finished creating audit event tables | +| Completed in 27.001386642456055 s | +| Shutting down local Cassandra node | +|---------------------------------------| +| < OK > | +|---------------------------------------| + + Select OK. + + + + |--------128T Installer Status----------| +| | +| Install SUCCESS | +| | +| Start 128T Router | +| before proceeding to | +| login prompt? | +|---------------------------------------| +| < Yes > < No > | +|---------------------------------------| + + Select: Yes + + + + localhost login: root +Password: + + The following user accounts and passwords are created during the + ISO installation process: + + + Accounts Created + + + + + + + User + + Password + + + + + + root + + 128tRoutes + + + + t128 + + 128tRoutes + + + +
+ + + + GUI login via HTTPS is enabled by default on port 443 + + [root@localhost ~]# dhclient enp0s2 +[root@localhost ~]# echo "nameserver 8.8.8.8" >>/etc/resolv.conf +[root@localhost ~]# yum -y install cloud-init +[root@localhost ~]# reboot + + + + Wait to reboot and press CTR+ a+c to enter in qemu + monitor. + + (qemu) quit +> qemu-img info 128t.qcow2 +image: 128t.qcow2 +file format: qcow2 +virtual size: 128G (137438953472 bytes) +disk size: 5.4G +cluster_size: 65536 +Format specific information: + compat: 1.1 + lazy refcounts: false + refcount bits: 16 + corrupt: false + + + + Compress the generated 128t.qcow2 image to + decrease the size of VNF image: + + qemu-img convert -O qcow2 -c 128t.qcow2 centos_128t_compressed.qcow2 + +> qemu-img info centos_128t_compressed.qcow2 +image: centos_128t_compressed.qcow2 +file format: qcow2 +virtual size: 128G (137438953472 bytes) +disk size: 1.2G +cluster_size: 65536 +Format specific information: + compat: 1.1 + lazy refcounts: false + refcount bits: 16 + corrupt: false + +centos_128t_compressed.qcow2 - Resulted image can be used in NFV Access. + + + \ No newline at end of file diff --git a/doc/book-enea-nfv-access-example-usecases/doc/appendix_3.xml b/doc/book-enea-nfv-access-example-usecases/doc/appendix_3.xml new file mode 100644 index 0000000..e8bd5ce --- /dev/null +++ b/doc/book-enea-nfv-access-example-usecases/doc/appendix_3.xml @@ -0,0 +1,7 @@ + + + How to configure Fortigate VNF (day-0 configuration) + + Please check the README file from Fortigate folder for more + details. + \ No newline at end of file diff --git a/doc/book-enea-nfv-access-example-usecases/doc/appendix_4.xml b/doc/book-enea-nfv-access-example-usecases/doc/appendix_4.xml new file mode 100644 index 0000000..42e6a5e --- /dev/null +++ b/doc/book-enea-nfv-access-example-usecases/doc/appendix_4.xml @@ -0,0 +1,52 @@ + + + Running Enea Automation Framework tests + + The most relevant information from the Automation Framework and Test + Harness structure: + + |---automation_framework +| |---unittestSuite +| | |---128tCleanup.json - Use case 1 - clean up - test. +| | |---128tDeploy.json - Use case 1 - test. +| | |---128t_FG_SFCCleanup.json - Use case 2 - clean up - test. +| | |---128t_FG_SFCDeploy.json - Use case 2 - test. +| | |---config +| | | |---cust + - Folder containing the configuration files used by tests. +| | |---unittestLoader.py +| | |---unittestSuite.py +|---lab_config +| |---trgt-1 +| | |---enp4s0f0_0000_04_00_0.json +| | |---enp4s0f1_0000_04_00_1.json +| | |---ibm_br.json - In-band management definition. +| | |---lan_br_enp4s0f1.json - Lan bridge definition. +| | |---trgt-1.json + - Target definition - make sure to update the "address". +| | |---sfc_br.json - Service chain bridge definition. +| | |---vnf_mgmt_br.json - VNF management bridge definition. +|---vnf_config +| |---128t +| | |---128tInstance.json - 128T instantiation - used in use case 1. +| | |---128t.json - 128T onboarding. +| | |---128tSFCInstance.json - 128T instantiation - used in use case 2. +| | |---centos_128t_internet_ci.iso - 128T cloud init (day-0) iso image. +| |---fortigate +| | |---fg_basic_fw.conf - Fortigate day-0 configuration. +| | |---fortigateInstance.json - Fortigate instantiantion. +| | |---fortigate.json - Fortigate onboarding. +| | |---fortigateLicense.lic + - Fortigate license - replace it with a valid License file. +|---vnf_image +| |---centos_128t_with_ci.qcow2 - 128T qcow2 image. +| |---fortios.qcow2 - Fortigate qcow2 image. + + Make sure to update the relevant configuration file for your setup. + The essential files to consider are the target configuration + (trgt-1.json), the license for the Fortigate VNF, and + the 128T cloud-init iso image matching your network. + + To run a test:> cd automation_and_systemtest/automation_framework/unittestSuite +> python unittestSuite.py -u admin -p admin -H 172.24.3.109 -n trgt-1 -s + \ No newline at end of file diff --git a/doc/book-enea-nfv-access-example-usecases/doc/appendix_5.xml b/doc/book-enea-nfv-access-example-usecases/doc/appendix_5.xml new file mode 100644 index 0000000..6e30d4e --- /dev/null +++ b/doc/book-enea-nfv-access-example-usecases/doc/appendix_5.xml @@ -0,0 +1,213 @@ + + + Example Tests Results using the Automation Framework + + Test Host: +Use Case1 - 128T +> cd automation_and_systemtest/automation_framework/unittestSuite +> python unittestSuite.py -u admin -p admin -H 172.24.3.109 -n trgt-1 \ +-s 128tDeploy.json -d "128T Deployment" + +Running 128T Deployment... + +test 001: Add VCPE Agent from trgt-1 device (__main__.UnittestSuite) ... +2019-08-13 12:49:58,091 - INFO: Add uCPE device +2019-08-13 12:49:58,342 - INFO: Done +ok +test 002: Wait VCPE Agent device be up (__main__.UnittestSuite) ... +2019-08-13 12:49:58,358 - INFO: Wait uCPE device +2019-08-13 12:50:03,470 - INFO: Done +ok +test 003: Bind NIC to DPDK for LAN connection (__main__.UnittestSuite) ... +2019-08-13 12:50:03,486 - INFO: Bind NIC +2019-08-13 12:50:03,901 - INFO: Done +ok +test 004: Creating ibm bridge (__main__.UnittestSuite) ... +2019-08-13 12:50:03,920 - INFO: New OVS network bridge +2019-08-13 12:50:17,465 - INFO: Done +ok +test 005: Creating VNF Management bridge (__main__.UnittestSuite) ... +2019-08-13 12:50:17,481 - INFO: New OVS network bridge +2019-08-13 12:50:17,626 - INFO: Done +ok +test 006: Creating LAN bridge and attaching enp4s0f1 interface to the bridge \ + (__main__.UnittestSuite) ... +2019-08-13 12:50:17,643 - INFO: New OVS network bridge +2019-08-13 12:50:18,313 - INFO: Done +ok +test 007: Onboarding 128T VNF (wizard API) (__main__.UnittestSuite) ... +2019-08-13 12:50:18,332 - INFO: Onboard wizard +2019-08-13 12:52:52,909 - INFO: Done +ok +test 008: Instantiate 128T VNF (__main__.UnittestSuite) ... +2019-08-13 12:52:52,924 - INFO: Instantiate VNF +2019-08-13 12:54:06,219 - INFO: Done +ok + +---------------------------------------------------------------------- +Ran 8 tests in 248.144s + +OK + + +Clean-up use-case1 +> python unittestSuite.py -u admin -p admin -H 172.24.3.109 -n trgt-1 \ +-s 128tCleanup.json -d "128T Clean-up" + +Running 128T Clean-up... + +test 001: Destroying 128T VNF (__main__.UnittestSuite) ... +2019-08-13 13:03:02,704 - INFO: Destroy VNF +2019-08-13 13:03:03,619 - INFO: Done +ok +test 002: Deleting network bridge LAN (__main__.UnittestSuite) ... +2019-08-13 13:03:03,635 - INFO: Delete OVS network bridge +2019-08-13 13:03:13,857 - INFO: Done +ok +test 003: Deleting VNF management bridge (__main__.UnittestSuite) ... +2019-08-13 13:03:13,877 - INFO: Delete OVS network bridge +2019-08-13 13:03:24,027 - INFO: Done +ok +test 004: Deleting ibm(In Band Management) bridge (__main__.UnittestSuite) ... +2019-08-13 13:03:24,049 - INFO: Delete OVS network bridge +2019-08-13 13:03:48,815 - INFO: Done +ok +test 005: Unbind LAN NIC from DPDK target (__main__.UnittestSuite) ... +2019-08-13 13:03:48,835 - INFO: Unbind NIC +2019-08-13 13:03:50,274 - INFO: Done +ok +test 006: Offboarding 128t VNF (__main__.UnittestSuite) ... +2019-08-13 13:03:50,294 - INFO: Offboard VNF +2019-08-13 13:03:50,844 - INFO: Done +ok +test 007: Remove VCPE Agent trgt-1 device (__main__.UnittestSuite) ... +2019-08-13 13:03:50,858 - INFO: Remove uCPE device +2019-08-13 13:03:50,998 - INFO: Done +ok + +---------------------------------------------------------------------- +Ran 7 tests in 48.308s + +OK + + +Use-case2 +> python unittestSuite.py -u admin -p admin -H 172.24.3.109 -n trgt-1 \ +-s 128t_FG_SFCDeploy.json -d "128T - Fortigate SFC Deployment" +Running 128T - Fortigate SFC Deployment... + +test 001: Add VCPE Agent from trgt-1 device (__main__.UnittestSuite) ... +2019-08-13 13:09:16,146 - INFO: Add uCPE device +2019-08-13 13:09:16,272 - INFO: Done +ok +test 002: Wait VCPE Agent device be up (__main__.UnittestSuite) ... +2019-08-13 13:09:16,287 - INFO: Wait uCPE device +2019-08-13 13:09:23,421 - INFO: Done +ok +test 003: Bind NIC to DPDK for LAN connection (__main__.UnittestSuite) ... +2019-08-13 13:09:23,445 - INFO: Bind NIC +2019-08-13 13:09:24,226 - INFO: Done +ok +test 004: Creating ibm bridge (__main__.UnittestSuite) ... +2019-08-13 13:09:24,245 - INFO: New OVS network bridge +2019-08-13 13:09:34,720 - INFO: Done +ok +test 005: Creating VNF Management bridge (__main__.UnittestSuite) ... +2019-08-13 13:09:34,741 - INFO: New OVS network bridge +2019-08-13 13:09:34,885 - INFO: Done +ok +test 006: Creating LAN bridge and attaching enp4s0f1 interface to the bridge \ +(__main__.UnittestSuite) ... +2019-08-13 13:09:34,903 - INFO: New OVS network bridge +2019-08-13 13:09:35,566 - INFO: Done +ok +test 007: Creating SFC(service function chaining) bridge (__main__.UnittestSuite) ... +2019-08-13 13:09:35,587 - INFO: New OVS network bridge +2019-08-13 13:09:35,667 - INFO: Done +ok +test 008: Onboarding 128T VNF (wizard API) (__main__.UnittestSuite) ... +2019-08-13 13:09:35,684 - INFO: Onboard wizard +2019-08-13 13:12:11,845 - INFO: Done +ok +test 009: Onboarding Fortigate VNF (wizard API) (__main__.UnittestSuite) ... +2019-08-13 13:12:11,861 - INFO: Onboard wizard +2019-08-13 13:12:16,157 - INFO: Done +ok +test 010: Instantiate 128T VNF (__main__.UnittestSuite) ... +2019-08-13 13:12:16,175 - INFO: Instantiate VNF +2019-08-13 13:13:31,681 - INFO: Done +ok +test 011: Instantiate Fortigate VNF (__main__.UnittestSuite) ... +2019-08-13 13:13:31,738 - INFO: Instantiate VNF +2019-08-13 13:13:35,985 - INFO: Done +ok + +---------------------------------------------------------------------- +Ran 11 tests in 259.854s + +OK + +# Access 128T management interface +https://172.24.12.154:60001 +user: admin +password: 128Tadmin + +# Access Fortigate management interface +https://172.24.12.154:60002 +user: admin +password: + + + +Use case2 clean-up +> python unittestSuite.py -u admin -p admin -H 172.24.3.109 -n trgt-1 \ +-s 128t_FG_SFCCleanup.json -d "128T - Fortigate SFC CleanUp" + +Running 128T - Fortigate SFC CleanUp... + +test 001: Destroying Fortigate VNF (__main__.UnittestSuite) ... +2019-08-13 13:51:30,204 - INFO: Destroy VNF +2019-08-13 13:51:31,781 - INFO: Done +ok +test 002: Destroying 128T VNF (__main__.UnittestSuite) ... +2019-08-13 13:51:31,822 - INFO: Destroy VNF +2019-08-13 13:51:32,729 - INFO: Done +ok +test 003: Deleting network bridge SFC (__main__.UnittestSuite) ... +2019-08-13 13:51:32,756 - INFO: Delete OVS network bridge +2019-08-13 13:51:42,863 - INFO: Done +ok +test 004: Deleting network bridge LAN (__main__.UnittestSuite) ... +2019-08-13 13:51:42,878 - INFO: Delete OVS network bridge +2019-08-13 13:51:53,087 - INFO: Done +ok +test 005: Deleting VNF management bridge (__main__.UnittestSuite) ... +2019-08-13 13:51:53,103 - INFO: Delete OVS network bridge +2019-08-13 13:52:03,251 - INFO: Done +ok +test 006: Deleting ibm(In Band Management) bridge (__main__.UnittestSuite) ... +2019-08-13 13:52:03,269 - INFO: Delete OVS network bridge +2019-08-13 13:52:29,868 - INFO: Done +ok +test 007: Unbind LAN NIC from DPDK target (__main__.UnittestSuite) ... +2019-08-13 13:52:29,885 - INFO: Unbind NIC +2019-08-13 13:52:31,415 - INFO: Done +ok +test 008: Offboarding 128t VNF (__main__.UnittestSuite) ... +2019-08-13 13:52:31,435 - INFO: Offboard VNF +2019-08-13 13:52:32,009 - INFO: Done +ok +test 009: Offboarding Fortigate VNF (__main__.UnittestSuite) ... +2019-08-13 13:52:32,023 - INFO: Offboard VNF +2019-08-13 13:52:32,157 - INFO: Done +ok +test 010: Remove VCPE Agent trgt-1 device (__main__.UnittestSuite) ... +2019-08-13 13:52:32,170 - INFO: Remove uCPE device +2019-08-13 13:52:32,294 - INFO: Done +ok + +---------------------------------------------------------------------- +Ran 10 tests in 62.104s + +OK + \ No newline at end of file diff --git a/doc/book-enea-nfv-access-example-usecases/doc/book.xml b/doc/book-enea-nfv-access-example-usecases/doc/book.xml index fb9db8d..e3e6adc 100644 --- a/doc/book-enea-nfv-access-example-usecases/doc/book.xml +++ b/doc/book-enea-nfv-access-example-usecases/doc/book.xml @@ -27,6 +27,27 @@ + + + + + + + + + + + + + + diff --git a/doc/book-enea-nfv-access-example-usecases/doc/images/trgt.png b/doc/book-enea-nfv-access-example-usecases/doc/images/trgt.png new file mode 100644 index 0000000..2c1c908 Binary files /dev/null and b/doc/book-enea-nfv-access-example-usecases/doc/images/trgt.png differ diff --git a/doc/book-enea-nfv-access-example-usecases/doc/images/trgt_servicechain.png b/doc/book-enea-nfv-access-example-usecases/doc/images/trgt_servicechain.png new file mode 100644 index 0000000..3956c9d Binary files /dev/null and b/doc/book-enea-nfv-access-example-usecases/doc/images/trgt_servicechain.png differ diff --git a/doc/book-enea-nfv-access-example-usecases/doc/service_chaining_128t_fortigate.xml b/doc/book-enea-nfv-access-example-usecases/doc/service_chaining_128t_fortigate.xml new file mode 100644 index 0000000..15329e7 --- /dev/null +++ b/doc/book-enea-nfv-access-example-usecases/doc/service_chaining_128t_fortigate.xml @@ -0,0 +1,1065 @@ + + + Service Chaining 128T - Fortigate Example Use-case + + The term service chaining or service function chaining (SFC) is used + to describe the definition and instantiation of an ordered list of instances + of such service functions and the subsequent "steering" of traffic flows + through those service functions. The set of enabled service function chains + reflects operator service offerings and is designed in conjunction with + application delivery and service and network policy. + +
+ Prerequisites + + The 128T router and the Fortinet firewall in a service chain require + the following prequisites for this example use case: + + + + 1 in band management port for device management. + + + + 1 in band management port for the 128T router. + + + + 1 in band management port for Fortinet. + + + + 1 WAN interface for Fortinet. + + + + 1 LAN facing interface for Fortinet. + + + + 1 WAN facing interface for the 128T router. + + + + 1 service chain (SFC Bridged interface) to sit between the + Firewall and vRouter. + + +
+ +
+ Service Chaining 128T - Fortigate + +
+ Service Chaining 128T - Fortigate Setup Overview + + + + + + +
+ +
+ Use-case Setup + + Configuring Network Interfaces on uCPE + devices: + + Log into the uCPE Manager with both username and password + values: admin. + + + + Add the trgt uCPE device into the uCPE Manager: + Devices -> Manage -> Add. + + Fill in the required fields with the following data: + + + Device Details + + + + + + + + + + + Field + + Value + + + + + + Type + + Enea universal CPE + + + + Release + + 1.0 + + + + Name + + trgt + + + + IP/DNS Address + + Dynamic IP received by device from DHCP server + (E.g.: 172.24.12.74). + + + + Description + + Target 1 + + + + SSH Port + + 830 + + + + SSH User Name + + root + + + + Password + + null + + + + OK + + Green status indicates connection with uCPE device + was established. + + + +
+ + + + In order to add the device on the map: Right-Click on + Map -> Place Device -> trgt. + + + + Configure the infrastructure for the 128T and Fortigate VNFs + in the service chain by creating four OVS bridges and a host + interface. + + Add the Host Interface by selecting the trgt device, then + Configuration -> OpenVSwitch -> Host Interfaces + -> Add. + + Fill in the required fields with the following data: + + + Host Interface Details + + + + + + + + + + + Field + + Value + + + + + + Source + + enp4s0f1. The only interface + available for LAN connection. + + + + type + + dpdk + + + + networking-type + + dpdk + + + + dpdk-type + + vfio-pci + + + + Create + + <interface enp4s0f1 ready to be used in a LAN + bridge.> + + + +
+ + Add the OVS bridges by selecting the trgt device then: + Configuration -> OpenVSwitch -> Bridges -> + Add. + + Fill in the required fields for each bridge with the + following data from each table: + + + ibm_br Bridge Details + + + + + + + + + + + Field + + Value + + + + + + id + + <autogenerated - do not change> + + + + Name + + ibm_br + + + + ovs-bridge-type + + inbandMgmt + + + + mgmt-address + + Provide the IP address of the uCPE Manager machine + (E.g. 172.24.3.109). + + + + mgmt-port + + 830 + + + + Create + + + + + +
+ + + vnf_mgmt_br Bridge Details + + + + + + + + + + + Field + + Value + + + + + + id + + <autogenerated - do not change> + + + + Name + + vnf_mgmt_br + + + + ovs-bridge-type + + vnfMgmt + + + + vnf-mgmt-address + + 10.0.0.1 + + + + Create + + + + + +
+ + + lan_br Bridge Details + + + + + + + + + + + Field + + Value + + + + + + id + + <autogenerated - do not change> + + + + Name + + lan_br + + + + ovs-bridge-type + + dataPlane + + + + sub-type + + communication + + + + + + + Name: enp4s0f1 OK + + + + Create + + + + + +
+ + + sfc_br Bridge Details + + + + + + + + + + + Field + + Value + + + + + + id + + <autogenerated - do not change> + + + + Name + + sfc_br + + + + ovs-bridge-type + + dataPlane + + + + sub-type + + integration + + + + Create + + + + + +
+ + + + Onboarding the VNFs: + + Onboard the 128T VNF VM Image through VNF -> + Descriptors -> On-board -> VM Image, and fill in the + required fields with the following values: + + + 128T VM Image Details + + + + + + + + + + + Field + + Value + + + + + + VM image file + + centos_128t_with_ci.qcow2 + + + + Image format + + QCOW2 + + + + VNF Type Name + + 128T + + + + Description + + 128T Router + + + + Version + + 1.0 + + + + Memory in MB + + 8192. More memory can be allocated if required + (<28672). + + + + Num. of CPUs + + 2. More CPUs can be reserved if required + (<15). + + + + Interfaces -> + + + Name: mgmt + + + + Interfaces -> + + + Name: wan + + + + Interfaces -> + + + Name: lan + + + + Cloud Init -> Cloud-Init Datasource + + ISO + + + + Cloud Init -> Cloud-Init Disk Type + + cdrom + + + + Properties -> + + + Name: vnfMgmtIpAddress. Value: 10.0.0.2 + + + + Properties -> + + + Name: internalMgmtPort. Value: 443 + + + + Properties -> + + + Name: externalMgmtPort. Value: 60001 + + + + Onboard + + <Wait for message: VNF package onboarded + successfully> + + + + Close + + + + + +
+ + + + + HTTPS access (443) can be changed to another type of access. + Please consult official 128T documentation and make sure the 128T + VNF is configured to accept another type of connection before + changing the port number. + + + + externalMgmtPort(60001) represents the + external port on which the user can access the VNF management + interface from the web browser via HTTPS. The user can select + another port if needed. There are no other changes required or + components affected by this change. + + + + vnfMgmtIpAddress (10.0.0.2) represents + the IP address of the management interface of the 128T VNF. + Changing this value requires an update to the 128T configuration + to match the new IP address. + + + + + Onboard the Fortigate VNF VM Image through VNF -> + Descriptors -> On-board -> VM Image, and fill in the + required fields with the following values: + + + Fortigate VM Image Details + + + + + + + + + + + Field + + Value + + + + + + VM image file + + fortios.qcow2. Please make sure to + contact Fortigate for an official Fortigate KVM image. + + + + Image format + + QCOW2 + + + + VNF Type Name + + Fortigate + + + + Description + + Fortigate VNF + + + + Version + + 1.0 + + + + Memory in MB + + 1024. More memory can be allocated if required + (<28672). + + + + Num. of CPUs + + 1. More CPUs can be reserved if required + (<15). + + + + Interfaces -> + + + Name: mgmt + + + + Interfaces -> + + + Name: wan + + + + Interfaces -> + + + Name: lan + + + + Cloud Init -> Cloud-Init Datasource + + ConfigDrive + + + + Cloud Init -> Cloud-Init Disk Type + + cdrom + + + + Cloud Init -> + + + Path: license + + + + Properties -> + + + Name: vnfMgmtIpAddress. Value: 10.0.0.3 + + + + Properties -> + + + Name: internalMgmtPort. Value: 443 + + + + Properties -> + + + Name: externalMgmtPort. Value: 60002 + + + + Onboard + + <Wait for message: VNF package onboarded + successfully> + + + + Close + + + + + +
+ + + + + HTTPS access (443) can be changed to another type of access. + Please consult official Fortigate documentation and make sure the + Fortigate VNF is configured to accept another type of connection + before changing the port number. + + + + externalMgmtPort (60002) represents the + external port on which the user can access the VNF management + interface from the web browser via HTTPS. The user can select + another port if needed. There are no other changes required or + components affected by this change. + + + + vnfMgmtIpAddress (10.0.0.3) represents + the IP address of the management interface of the Fortigate VNF. + Changing this value requires an update to the Fortigate + configuration to match with new IP address. + + + + + Instantiating the VNFs: + + Instantiate the 128T VNF by selecting the trgt device, then + VNF -> Instances -> Add. + + Fill in the required fields with the following values: + + + 128T VNF Instantiation + + + + + + + + + + + Field + + Value + + + + + + Name + + 128T_trgt_1 + + + + VNF Type + + 128T + + + + VNFD Version + + 1.0 + + + + Flavour + + Canonical + + + + uCPE Device + + trgt + + + + Cloud Init File + + centos_128t_internet_ci.iso. Example + image provided. Please see Appendix A for details on how to + change the configuration and create a new cloud-init iso + image. + + + + Domain Update Script + + + + + + Interfaces + + + + + + ID + + IF Name + + + + mgmt (dpdk) + + Bridge: vnf_mgmt_br + + + + wan (dpdk) + + Bridge: ibm_br + + + + lan (dpdk) + + Bridge: sfc_br + + + + Create + + + + + +
+ + Instantiate the Fortigate VNF by selecting the trgt device, then + VNF -> Instances -> Add. + + Fill in the required fields with the following values: + + + Fortigate VNF Instantiation + + + + + + + + + + + Field + + Value + + + + + + Name + + fg_trgt_1 + + + + VNF Type + + Fortigate + + + + VNFD Version + + 1.0 + + + + Flavour + + Canonical + + + + uCPE Device + + trgt + + + + Cloud Init File + + fg_cust_basic_fw.conf + + + + License File + + FGVM08TM00001.lic. Please make sure to + use a valid license file (.lic) received from Fortinet. + + + + Domain Update Script + + + + + + Interfaces + + + + + + ID + + IF Name + + + + mgmt (dpdk) + + Bridge: vnf_mgmt_br + + + + wan (dpdk) + + Bridge: sfc_br + + + + lan (dpdk) + + Bridge: lan_br + + + + Create + + + + + +
+
+ +
+ Testing the Use-case + + In order to access the web interfaces of the 128T VNF, open a + browser on a machine connected on the same network with the WAN port of + the target and connect to: + https://<publicIP>:60001 using the username: + admin and the password: 128Tadmin. + + In order to access the web interfaces of the Fortigate VNF, open a + browser on a machine connected on the same network with the WAN port of + the target and connect to: + https://<publicIP>:60002 using the username: + admin, and leaving the password blank. + + + Make sure the WAN interface of the trgt device has access to + the internet. The Fortigate VNF requires internet access to validate + the license. + + + In order to validate the data path connect a test machine to the + LAN physical port and check for a dynamic IP (the Fortigate LAN + interface is configured with a DHCP server):> dhclient eth1 +> ping 8.8.8.8For data path validation, a new cloud-init + image may need to be generated for the 128T VNF to match your network + configuration. Please check Appendix A "How to create 128T cloud-init + iso image (day-0 configuration)" for details. +
+ +
+ Use-case Clean-up + + In order to remove the setup created in previously, all components + need to be deleted in reverse order: + + + + Select the trgt uCPE device -> VNF -> Instances. + Select the 128T and Fortigate VNFs -> Delete. + + + + Select the trgt uCPE device -> Configuration -> + OpenVSwitch -> Bridges. Select all bridges -> Delete. + + + + Select the trgt uCPE device -> Configuration -> + OpenVSwitch -> Host Interfaces. Select all interfaces -> + Delete. + + + + VNF -> Descriptors. Select all bundles -> + Offboard. + + +
+
+ -- cgit v1.2.3-54-g00ecf