Roll your own NFV solution with KVM and Sinefa

Overview
Prerequisites
Install KVM and Required Utilities
Download Software Images
Networking
Create the VMs
Initial Configuration
The Finishing Touches

This tutorial demonstrates how to build your own NFV device using KVM and install 2 service chained network functions. We will be installing a Sinefa probe and a Brocade vRouter as shown in the diagram below.

Although we're using the Brocade vRouter, you can install any router you like, here are some links to various virtual routers.

Prerequisites

Server or PC with at least 2 CPU cores
The CPU must support Intel VT (virtualization technology)
At least 4GB RAM
At least 20GB storage (HDD or SSD)
At least 3 network interfaces

For this tutorial, we are using a small server with the following specs.

Intel C2758 CPU
8GB RAM
Transcend 32GB SSD
4x Intel I354 NICs

We've installed Ubuntu 16.04.1 LTS Server x86_64 (minimal installation with SSH server).

Install KVM and Required Utilities

$ sudo apt-get install cpu-checker curl qemu-kvm libvirt-bin virtinst bridge-utils

Once installed, verify that your CPU is VT (virtualization technology) capable.

$ sudo kvm-ok INFO: /dev/kvm exists KVM acceleration can be used

If you don't see the above message, it means that your CPU does not support Intel VT or it has not been enabled in your BIOS settings.

Download Software Images

Now that KVM is installed, download the virtual machine software. On a standard install, these are the default image locations.

ISO files: /var/lib/libvirt/boot/
VM disk images: /var/lib/libvirt/images/

Sinefa Image

To download the Sinefa probe image, login to your Sinefa account at https://app.sinefa.com or create an account if you don't already have one.

Go to the Settings | Probes page. Click the "Add Probe" button and scroll down to the "Deploy a Virtual or Software Probe" section. Click the link to download a virtual probe then click "Link to KVM Image File". Copy the URL and run the following commands on your server.

$ cd /var/lib/libvirt/images/ $ sudo curl -L -o Sinefa_Probe.qcow2 '<PUT YOUR DOWNLOAD URL HERE>'

Brocade vRouter ISO

You will need to request a free trial here. Once done, you can download the latest ISO image. Once downloaded, you'll need to copy it (using scp) to the /var/lib/libvirt/boot/ directory on your server.

Networking

The server used for this guide has 4 NICs. They will be configured as follows.

enp0s20f0 - this port will be assigned a local, static IP and will be used to configure the server and connect to it later, if required
enp0s20f1 - this port will be the LAN interface as per the diagram above
enp0s20f2 - this port will be the WAN interface as per the diagram above
enp0s20f3 - unused

As per the diagram above, 3 bridges are needed to service chain our 2 virtual appliances.

brlan - this will connect a NIC on the server to the LAN side of the Sinefa probe.
brsw1 - this will connect the WAN side of the Sinefa probe to the LAN side of the Brocade vRouter.
brwan - this will connect the WAN side of the Brocade vRouter to a NIC on the server.

Edit the Ubuntu network interface configuration file and setup the NICs and bridges.

$ sudo vi /etc/network/interfaces

The contents of our file looks like this (you may need to change the interface names to match your system).

# The loopback network interface auto lo iface lo inet loopback # The primary network interface (set your own static IP or use DHCP) auto enp0s20f0 iface enp0s20f0 inet static address 172.26.0.241 netmask 255.255.255.0 gateway 172.26.0.1 dns-nameservers 172.26.0.1

# The LAN port auto enp0s20f1 iface enp0s20f1 inet manual

# The WAN port auto enp0s20f2 iface enp0s20f2 inet manual

# The LAN-side switch auto brlan iface brlan inet manual bridge_ports enp0s20f1 bridge_stp off bridge_fd 0 bridge_maxwait 0

# The WAN-side switch auto brwan iface brwan inet manual bridge_ports enp0s20f2 bridge_stp off bridge_fd 0 bridge_maxwait 0

# The service chaining switch auto brsw1 iface brsw1 inet manual bridge_ports none bridge_stp off bridge_fd 0 bridge_maxwait 0

Once configured, go ahead and restart networking to load the configuration.

$ sudo /etc/init.d/networking restart

Once restarted, you should see all 3 interfaces and 3 bridges on the system.

$ ip addr

Create the VMs

Creating the Sinefa VM can be done using the virt-install command. The command below configures a new VM called "sinefa" with 2GB RAM, 2 vCPUs and 2 NICs connected to the LAN and SW1 bridges setup in the previous step.

$ sudo virt-install \ --name sinefa \ --virt-type kvm \ --os-type linux \ --os-variant virtio26 \ --ram 2048 \ --vcpus 2 \ --hvm \ --network bridge=brlan,model=virtio \ --network bridge=brsw1,model=virtio \ --graphics none \ --import \ --autostart \ --disk path=/var/lib/libvirt/images/Sinefa_Probe.qcow2,format=qcow2,bus=virtio

At this point, the Sinefa VM should boot and after a few seconds you should see the Sinefa login prompt. For now, exit the Sinefa VM console by pressing CTRL + ] to return to the server console.

Creating the Brocade VM can also be done using the virt-install command but is a little more complex as it involves an installation step. The command below configures a new VM called "brocade" with 2GB RAM, 2 vCPUs and 2 NICs connected to the SW1 and WAN bridges setup in the previous step.

sudo virt-install \ --name brocade \ --virt-type kvm \ --os-type linux \ --os-variant virtio26 \ --ram 2048 \ --vcpus 2 \ --hvm \ --network bridge=brsw1,model=virtio \ --network bridge=brwan,model=virtio \ --graphics none \ --autostart \ --cdrom /var/lib/libvirt/boot/livecd-VR5600_5.0R2_B_amd64.iso \ --disk path=/var/lib/libvirt/images/Brocade_vRouter.qcow2,format=qcow2,bus=virtio,size=16

At this point, the Brocade VM should boot from the Live CD. After a minute or two you should see a login prompt. The default username is vyatta and the default password is vyatta. Go ahead and login and start the installation.

vyatta@vyatta:~$ install image

Follow the prompts to install the Brocade vRouter image. You can select the defaults for all questions. Once done, reboot to boot into the installed version (instead of the Live CD version).

vyatta@vyatta:~$ reboot

The Brocade VM will now boot into the installed image on the virtual disk. You should see a login prompt after it completes the boot process. You can exit the Brocade VM console by pressing CTRL + ] to return to the server console.

At this point the 2 VMs are up and running and service chained as per the diagram above. They will automatically shut-down when the server shuts down and they will automatically start-up when the server starts up.

Now it's time to configure the Brocade and Sinefa virtual appliances as you normally would.

Initial Configuration

To access the Sinefa VM console, use this command.

$ sudo virsh console sinefa

To access the Brocade VM console, use this command.

$ sudo virsh console brocade

To exit either console and return to the server console, press CTRL + ].

Some initial configuration is required to get basic networking and routing working. For this tutorial, we're going to setup the network as follows.

Router WAN IP: Obtain from DHCP
Router LAN IP: 192.168.100.1 / 255.255.255.0
Sinefa IP: 192.168.100.2 / 255.255.255.0
Sinefa Gateway: 192.168.100.1

Sinefa

Firstly, we need to configure the Sinefa VM to bridge it's LAN and WAN interfaces (since it's an in-path virtual deployment), monitor traffic on this bridge and set the static IP address. Go ahead and access the Sinefa VM console. The default username is admin and there is no password.

At the main menu select Networking, Configure Bridges, Add Bridge. Select both interfaces to add to the bridge and call the bridge br0 when prompted.

Next, select Configure IP Address and select br0. Select Static IP and enter 192.168.100.2 as the Address and 24 as the Prefix, then press Enter to save.

Next, select Configure Gateway and enter 192.168.100.1 as the IPv4 Gateway, then press Enter to save.

Next, select Configure DNS and enter 8.8.8.8 as the Primary Name Server, then press Enter to save.

Finally, select Configure Monitoring and select br0. Select Enable then press Enter to save. The network configuration should look like this.

Press CTRL + ] to return to the server console.

Brocade

Go ahead and access the Brocade VM console. Login using the username and password you configured during installation.

Enter the following commands to configure default network settings and NAT.

$ configure # set interfaces dataplane dp0s2 description INSIDE # set interfaces dataplane dp0s2 address 192.168.100.1/24 # set interfaces dataplane dp0s3 description OUTSIDE # set interfaces dataplane dp0s3 address dhcp # set service ssh # set service https # commit # set service nat source rule 10 source address '192.168.100.0/24' # set service nat source rule 10 outbound-interface 'dp0s2' # set service nat source rule 10 translation address 'masquerade' # commit # save # exit

Your vRouter configuration should look something like this.

interfaces { dataplane dp0s2 { address 192.168.100.1/24 description INSIDE } dataplane dp0s3 { address dhcp description OUTSIDE } loopback lo } service { https nat { source { rule 10 { outbound-interface dp0s3 source { address 192.168.100.0/24 } translation { address masquerade } } } } ssh }

Press CTRL + ] to return to the server console.

The Finishing Touches

On your PC, change your network settings so that you have a static IP in the 192.168.100.X range, e.g. 192.168.100.10/24, set your gateway to 192.168.0.1 and DNS to 8.8.8.8.

Now plug a network cable from your PC into the LAN port and from the WAN port into your regular network. You should now be able to access the Internet using your PC via the Sinefa and Brocade virtual appliances.

All that remains is to register the Sinefa probe. Login to your Sinefa account at app.sinefa.com and navigate to Settings, Probes, Add Probe. There you will find your probe registration key. You should be able to SSH to the Sinefa probe using its IP address.

$ ssh admin@192.168.100.2

From the main menu select Registration and enter your probe registration key.

That's it! You now having a working Sinefa probe and a Brocade vRouter service chained using KVM.

Articles in this section

Comments

Articles in this section

Related articles