Overview
Prerequisites
Install KVM and Required Utilities
Download Software Images
Networking
Create the VMs
Initial Configuration
The Finishing Touches
This tutorial demonstrates how to build your own NFV device using KVM and install 2 service chained network functions. We will be installing a Sinefa probe and a Brocade vRouter as shown in the diagram below.
Although we're using the Brocade vRouter, you can install any router you like, here are some links to various virtual routers.
- Brocade vRouter (60 day free trial)
- Sophos UTM Essential Firewall (free, cut-down version)
- VyOS (free, open source router)
- OpenWRT (free, open source router)
Prerequisites
- Server or PC with at least 2 CPU cores
- The CPU must support Intel VT (virtualization technology)
- At least 4GB RAM
- At least 20GB storage (HDD or SSD)
- At least 3 network interfaces
For this tutorial, we are using a small server with the following specs.
- Intel C2758 CPU
- 8GB RAM
- Transcend 32GB SSD
- 4x Intel I354 NICs
We've installed Ubuntu 16.04.1 LTS Server x86_64 (minimal installation with SSH server).
Install KVM and Required Utilities
Login to your Ubuntu server using SSH and run the following command.
$ sudo apt-get install cpu-checker curl qemu-kvm libvirt-bin virtinst bridge-utils
Once installed, verify that your CPU is VT (virtualization technology) capable.
$ sudo kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used
If you don't see the above message, it means that your CPU does not support Intel VT or it has not been enabled in your BIOS settings.
Download Software Images
Now that KVM is installed, download the virtual machine software. On a standard install, these are the default image locations.
ISO files: /var/lib/libvirt/boot/
VM disk images: /var/lib/libvirt/images/
Sinefa Image
To download the Sinefa probe image, login to your Sinefa account at https://app.sinefa.com or create an account if you don't already have one.
Go to the Settings | Probes page. Click the "Add Probe" button and scroll down to the "Deploy a Virtual or Software Probe" section. Click the link to download a virtual probe then click "Link to KVM Image File". Copy the URL and run the following commands on your server.
$ cd /var/lib/libvirt/images/
$ sudo curl -L -o Sinefa_Probe.qcow2 '<PUT YOUR DOWNLOAD URL HERE>'
Brocade vRouter ISO
You will need to request a free trial here. Once done, you can download the latest ISO image. Once downloaded, you'll need to copy it (using scp) to the /var/lib/libvirt/boot/ directory on your server.
Networking
The server used for this guide has 4 NICs. They will be configured as follows.
- enp0s20f0 - this port will be assigned a local, static IP and will be used to configure the server and connect to it later, if required
- enp0s20f1 - this port will be the LAN interface as per the diagram above
- enp0s20f2 - this port will be the WAN interface as per the diagram above
- enp0s20f3 - unused
As per the diagram above, 3 bridges are needed to service chain our 2 virtual appliances.
- brlan - this will connect a NIC on the server to the LAN side of the Sinefa probe.
- brsw1 - this will connect the WAN side of the Sinefa probe to the LAN side of the Brocade vRouter.
- brwan - this will connect the WAN side of the Brocade vRouter to a NIC on the server.
Edit the Ubuntu network interface configuration file and setup the NICs and bridges.
$ sudo vi /etc/network/interfaces
The contents of our file looks like this (you may need to change the interface names to match your system).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface (set your own static IP or use DHCP)
auto enp0s20f0
iface enp0s20f0 inet static
address 172.26.0.241
netmask 255.255.255.0
gateway 172.26.0.1
dns-nameservers 172.26.0.1
# The LAN port
auto enp0s20f1
iface enp0s20f1 inet manual
# The WAN port
auto enp0s20f2
iface enp0s20f2 inet manual
# The LAN-side switch
auto brlan
iface brlan inet manual
bridge_ports enp0s20f1
bridge_stp off
bridge_fd 0
bridge_maxwait 0
# The WAN-side switch
auto brwan
iface brwan inet manual
bridge_ports enp0s20f2
bridge_stp off
bridge_fd 0
bridge_maxwait 0
# The service chaining switch
auto brsw1
iface brsw1 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0
bridge_maxwait 0
Once configured, go ahead and restart networking to load the configuration.
$ sudo /etc/init.d/networking restart
Once restarted, you should see all 3 interfaces and 3 bridges on the system.
$ ip addr
Create the VMs
Creating the Sinefa VM can be done using the virt-install command. The command below configures a new VM called "sinefa" with 2GB RAM, 2 vCPUs and 2 NICs connected to the LAN and SW1 bridges setup in the previous step.
$ sudo virt-install \
--name sinefa \
--virt-type kvm \
--os-type linux \
--os-variant virtio26 \
--ram 2048 \
--vcpus 2 \
--hvm \
--network bridge=brlan,model=virtio \
--network bridge=brsw1,model=virtio \
--graphics none \
--import \
--autostart \
--disk path=/var/lib/libvirt/images/Sinefa_Probe.qcow2,format=qcow2,bus=virtio
At this point, the Sinefa VM should boot and after a few seconds you should see the Sinefa login prompt. For now, exit the Sinefa VM console by pressing CTRL + ] to return to the server console.
Creating the Brocade VM can also be done using the virt-install command but is a little more complex as it involves an installation step. The command below configures a new VM called "brocade" with 2GB RAM, 2 vCPUs and 2 NICs connected to the SW1 and WAN bridges setup in the previous step.
sudo virt-install \
--name brocade \
--virt-type kvm \
--os-type linux \
--os-variant virtio26 \
--ram 2048 \
--vcpus 2 \
--hvm \
--network bridge=brsw1,model=virtio \
--network bridge=brwan,model=virtio \
--graphics none \
--autostart \
--cdrom /var/lib/libvirt/boot/livecd-VR5600_5.0R2_B_amd64.iso \
--disk path=/var/lib/libvirt/images/Brocade_vRouter.qcow2,format=qcow2,bus=virtio,size=16
At this point, the Brocade VM should boot from the Live CD. After a minute or two you should see a login prompt. The default username is vyatta and the default password is vyatta. Go ahead and login and start the installation.
vyatta@vyatta:~$ install image
Follow the prompts to install the Brocade vRouter image. You can select the defaults for all questions. Once done, reboot to boot into the installed version (instead of the Live CD version).
vyatta@vyatta:~$ reboot
The Brocade VM will now boot into the installed image on the virtual disk. You should see a login prompt after it completes the boot process. You can exit the Brocade VM console by pressing CTRL + ] to return to the server console.
At this point the 2 VMs are up and running and service chained as per the diagram above. They will automatically shut-down when the server shuts down and they will automatically start-up when the server starts up.
Now it's time to configure the Brocade and Sinefa virtual appliances as you normally would.
Initial Configuration
To access the Sinefa VM console, use this command.
$ sudo virsh console sinefa
To access the Brocade VM console, use this command.
$ sudo virsh console brocade
To exit either console and return to the server console, press CTRL + ].
Some initial configuration is required to get basic networking and routing working. For this tutorial, we're going to setup the network as follows.
- Router WAN IP: Obtain from DHCP
- Router LAN IP: 192.168.100.1 / 255.255.255.0
- Sinefa IP: 192.168.100.2 / 255.255.255.0
- Sinefa Gateway: 192.168.100.1
Sinefa
Firstly, we need to configure the Sinefa VM to bridge it's LAN and WAN interfaces (since it's an in-path virtual deployment), monitor traffic on this bridge and set the static IP address. Go ahead and access the Sinefa VM console. The default username is admin and there is no password.
At the main menu select Networking, Configure Bridges, Add Bridge. Select both interfaces to add to the bridge and call the bridge br0 when prompted.
Next, select Configure IP Address and select br0. Select Static IP and enter 192.168.100.2 as the Address and 24 as the Prefix, then press Enter to save.
Next, select Configure Gateway and enter 192.168.100.1 as the IPv4 Gateway, then press Enter to save.
Next, select Configure DNS and enter 8.8.8.8 as the Primary Name Server, then press Enter to save.
Finally, select Configure Monitoring and select br0. Select Enable then press Enter to save. The network configuration should look like this.
Press CTRL + ] to return to the server console.
Brocade
Go ahead and access the Brocade VM console. Login using the username and password you configured during installation.
Enter the following commands to configure default network settings and NAT.
$ configure
# set interfaces dataplane dp0s2 description INSIDE
# set interfaces dataplane dp0s2 address 192.168.100.1/24
# set interfaces dataplane dp0s3 description OUTSIDE
# set interfaces dataplane dp0s3 address dhcp
# set service ssh
# set service https
# commit
# set service nat source rule 10 source address '192.168.100.0/24'
# set service nat source rule 10 outbound-interface 'dp0s2'
# set service nat source rule 10 translation address 'masquerade'
# commit
# save
# exit
Your vRouter configuration should look something like this.
interfaces {
dataplane dp0s2 {
address 192.168.100.1/24
description INSIDE
}
dataplane dp0s3 {
address dhcp
description OUTSIDE
}
loopback lo
}
service {
https
nat {
source {
rule 10 {
outbound-interface dp0s3
source {
address 192.168.100.0/24
}
translation {
address masquerade
}
}
}
}
ssh
}
Press CTRL + ] to return to the server console.
The Finishing Touches
On your PC, change your network settings so that you have a static IP in the 192.168.100.X range, e.g. 192.168.100.10/24, set your gateway to 192.168.0.1 and DNS to 8.8.8.8.
Now plug a network cable from your PC into the LAN port and from the WAN port into your regular network. You should now be able to access the Internet using your PC via the Sinefa and Brocade virtual appliances.
All that remains is to register the Sinefa probe. Login to your Sinefa account at app.sinefa.com and navigate to Settings, Probes, Add Probe. There you will find your probe registration key. You should be able to SSH to the Sinefa probe using its IP address.
$ ssh admin@192.168.100.2
From the main menu select Registration and enter your probe registration key.
That's it! You now having a working Sinefa probe and a Brocade vRouter service chained using KVM.
Further Reading
virsh man page: https://linux.die.net/man/1/virsh
virt-install man page: https://linux.die.net/man/1/virt-install
Comments
0 comments
Article is closed for comments.