-
Notifications
You must be signed in to change notification settings - Fork 8
/
tacker_sfc_walkthrough.txt
94 lines (93 loc) · 5.72 KB
/
tacker_sfc_walkthrough.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
1. Bring up a devstack capable environment. The one used by this demo is a Centos 7 box (12 GB of RAM),
which already has nshv8 OVS built/installed. To use this box:
a. git clone https://github.com/trozet/sfc-random.git (you may have already done this)
b. create a directory with enough space for at least 40Gig: mkdir ~/mytackerVM
c. cp sfc-random/Vagrantfile ~/mytackerVM/
d. vagrant box update --box trozet/tacker_centos (if vagrant box list shows version < 1.1 for tacker_centos)
e. cd ~/mytackerVM; vagrant up
f. you will be prompted for a network adapter to bridge to. Choose your interface with internet
connectivity
g. you also may be asked for a password, just enter "vagrant"
2. If using the Vagrant method:
a. vagrant ssh
b. sudo systemctl stop NetworkManager ; \
sudo systemctl disable NetworkManager ; \
sudo systemctl restart network
c. verify your IP config on your enp8s0 interface (may need to ifconfig enp8s0 up; and assign IP)
d. verify default route to public network (ip route)
e. modify your /etc/hosts and hostname to something other than localhost. Example:
sudo hostnamectl set-hostname tacker.tackerdomain.com
add to /etc/hosts:
<vm_ip_of_public_interface> tacker tacker.tackerdomain.com
source ~/.bashrc
f. modify your /etc/resolv.conf with the following:
search <your new domain name from step 2e>
nameserver 8.8.8.8
g. install git (sudo yum install -y git)
h. sudo systemctl stop firewalld ; \
sudo yum -y remove firewalld
3. git clone -b stable/liberty https://github.com/trozet/devstack
4. git clone https://github.com/trozet/sfc-random.git
5. cp -f sfc-random/local.conf devstack/; cd devstack
6. Modify the public IPs in local.conf -> sed -i 's/10.6.65.37/<your IP>/g' local.conf
7. Sym-Link NSH OVS:
a. sudo ln -s /usr/local/bin/* /bin/
8. ./stack.sh
9. Create the "net_mgmt" network:
a. cp accrc/admin/admin accrc/admin/heat; and modify the OS_USERNAME="heat", OS_PROJECT_NAME="service", and add
export OS_TENANT_NAME="service"
b. source accrc/admin/heat
c. neutron net-create net_mgmt --provider:network_type=vxlan --provider:segmentation_id 1005
d. neutron subnet-create net_mgmt 11.0.0.0/24
10. Setup VXLAN workaround:
a. sudo ifconfig br-int up
b. sudo ip route add 11.0.0.0/24 dev br-int
11. Create Glance SFC Image and custom Flavor
a. wget https://www.dropbox.com/s/focu44sh52li7fz/sfc_cloud.qcow2
b. openstack image create sfc --public --file ./sfc_cloud.qcow2
c. openstack flavor create custom --ram 1000 --disk 5 --public
12. Import VNFD for test-VNF:
a. tacker vnfd-create --vnfd-file ../sfc-random/test-vnfd.yaml
13. Deploy VNFs:
a. tacker vnf-create --name testVNF1 --vnfd-name test-vnfd (note it may take 5-10 min to boot)
b. Tacker will kick off creating the VNFs via Heat. For some reason it does this as the service tenant. So you
can check heat by using the "heat" user and doing "heat stack-list".
c. Wait a few minutes and then check VNF status is ACTIVE: tacker vnf-list
d. Login to horizon by entering the VM IP into your web browser as "heat" password "devstack"
e. Go to Compute->Instances. Click on the tacker VNF instance.
f. Click Console and login to the VNF with user "root", password "octopus"
g. in the console: "service iptables stop"
g. type "python ~/vxlan_tool/vxlan_tool.py -i eth0 -d forward -v on"
14. Create HTTP Client and Server:
a. Using either Horizon or CLI create a cirros instance named http_client, with default flavor (m1.tiny)
b. For creating HTTP server you can create another instance using the sfc image (custom flavor), 1000MB
RAM and 5GB disk. The image also supports cloud-init, so you can insert your SSH key as well.
c. Login to the http_server, and disable iptables: "service iptables stop"
d. Start simple python http server: "python -m SimpleHTTPServer 80"
15. Create SFC via python client(will render the chain into ODL):
a. tacker sfc-create --name mychain --chain testVNF1
b. This will create a chain in ODL, with 1 Rendered Service Path
c. tacker sfc-show mychain (check to make sure your SFC is now "Active")
d. You can now see NSH flows added to OVS br-int by doing the following:
sudo ovs-ofctl -O OpenFlow13 dump-flows br-int
16. Create SFC Classifier with netvirt
a. tacker sfc-classifier-create --name myclass --chain mychain --match dest_port=80,protocol=6
b. This will create a classifier for matching HTTP traffic to go onto your chain
c. Check OVS to see if you have hte classifier flow:
sudo ovs-ofctl dump-flows br-int -O openflow13 | grep tp_dst=80
tcp,reg0=0x1,tp_dst=80 actions=move:NXM_NX_TUN_ID[0..31]->NXM_NX_NSH_C2[],set_nshc1:0,set_nsp:0x2d,set_nsi:255,load:0xc0a80104->NXM_NX_TUN_IPV4_DST[],load:0x2d->NXM_NX_TUN_ID[0..31],output:6
17. Test SFC!
a. Go to horizon, click Compute->Instances, note the IP of the http server/http client
b. Now click the VNF and go to its console
c. On the VM terminal "ip netns list" to find the ID of the qdhcp namespace
d. ip netns exec <qdhcp ns ID> ssh cirros@<http client ip>; password is cubswin:)
e. Now in cirros, curl <http server ip>
f. Verify you see packets being redirected through the SFC (hitting the VNF in the horizon console)
g. Verify you receive 200 OK response from the http server
To re-stack:
1. ./unstack.sh
2. manually kill OVS process, proceed to step 3, then restart OVS process
3. sudo rm /etc/openvswitch/conf.db
4. sudo ./clean.sh (only if you want to remove mariadb)
5. edit local.conf -> RECLONE=FALSE (if you don't want to reclone all the git repos)
6. ./stack.sh