NFV Foundations PDF

Criterion Networks
Cluster Access
SSH Access
Accessing your cluster
Several ways are available for you to access the nodes that you just created.
1. Primary Method (Recommended)
2. Secondary Method
1. Primary Method
To access the nodes in the lab, go to the Access Devices Tab and click on respective node which is shown in
the Lab Topologyimage to access the node.
Example: To access neutron-openstack-ctrl node follow the below step:
Go to the Access Device Tab and click on neutron-openstack-ctrl node which is shown in the
Lab Topology image
Note:
If you are facing any issue while accessing lab nodes, please refer Secondary method mentioned below for
accessing lab nodes.
2. Secondary Method
You can access nodes in the cluster using the following different ways based on your OS.
For Linux & Mac Users:
All the nodes in your cluster can be accessed via SSH using the public IP address, port number and using
username/password authentication.
After provisioning the lab, go to Access Device Tab click on Lab Details section and please make a of note
the IP address, port numbers, username and password of all the nodes of the Lab.
To access particular node execute following command
ssh -p (port. no.) username@ip-address
Example:
ssh -p 20001 ubuntu@35.196.150.0
Copyright © 2019 Criterion Networks Inc. All Rights Reserved.

Criterion Networks
password: criterion
For Windows Users using PuTTY:
To login into the nodes using private key, you need an ssh client like PuTTY. You will also require
PuTTYgen.
You can download both PuTTY and PuTTYgen from the below link
Download Putty
Download Puttygen
Using PuTTY create a session to login to nodes like

Criterion Networks
Provide the IP address of the node in which you want to login. Save the session. Click on Data and enter Auto-
Login Username as ubuntu

Criterion Networks
Then click Session on save the session again. Now you can login to your node with the password.
password: criterion

Criterion Networks
Horizon Access
Launch Horizon Dashboard
Horizon Access
To access the Horizon click on the launch button below.
username: admin
password: Chang3M3
Launch

Criterion Networks
VXLAN Networking
Introduction
About Lab
The focus of this lab is to create a VXLAN tunnel between 2 nodes. Here the 2 nodes will be Neutron-
Openstack-Ctrl1 and Neutron-Service-lb1. Along with that the lab will also help you understand Linux
Network Namespaces.
Creation of VXLAN tunnel require bridges which can be Linux bridges or OVS bridges. This lab will show
you step by step how a VXLAN tunnel can be created using OVS bridges. We will create 2 namespaces as
well in each node and check the final connectivity between them through the VXLAN tunnel.
The namespaces we will create will be called as Tom and Jerry. Please refer the following diagram to
understand the topology.
As shown we will create Tom and Jerry in both Neutron-Openstack-Ctrl1 and Neutron-Service-lb1. They will
be connected to the OVS bridge br-test. br-test from Neutron-Openstack-Ctrl1 to br-test in Neutron-Service-
lb1 will talk to each other through the VXLAN tunnel. We will also be creating veth pairs to connect the
namespaces to the bridge br-test.

Criterion Networks
Exercise-I
Objective:
 Use Openstack CLI to perform the exercise
 Creating an OVS bridge

 Creating veth pairs
1. SSH to the Openstack Controller Node

To access the Openstack-Controller node, go to the Access Device Tab and click on neutron-openstack-
ctrl node which is shown in the Lab Topology image.
Note: If you are facing any issue, for further clarification please refer the SSH AccessTab under the Cluster
Access for more information.
Similarly,
In another session, SSH into neutron-service-lb1 as well using same steps and keep the session active. We
will be needing it later.
2. Create an OVS Bridge

We will create an OVS bridge named br-test
ovs-vsctl add-br br-test
Check if the bridge is created using :
ovs-vsctl show
ovs-ofctl show br-test

Criterion Networks
Helpful Command: To delete the bridge use: ovs-vsctl del-br br-test
3. Create veth pair

Let's create veth pair vnet0 and vnet1
ip link add vnet0 type veth peer name vnet1
Check if they are created:
ip link list
Helpful Command: To delete the veth pair: ip link delete vnet0
4. Create veth pair {vnet2, vnet3}

Similarly, create veth pair vnet0 and vnet1
Lets bring the vnet interfaces up (as they are just created but not turned up):
ip link set vnet0 up

Criterion Networks
Lets attach ports vnet0 and vnet3 to the bridge we created br-test:
ovs-vsctl add-port br-test vnet0 -- set interface vnet0 ofport_request=1
Lets check ovs : ovs-vsctl show

Criterion Networks
Exercise-II
Objective:
 Creating Linux network namespaces

 Adding vnet to namespaces
 Assigning IP to vnet
1. Creating namespaces
Lets create 2 namespaces tom and jerry
ip netns add tom
ip netns add jerry
Helpful Commands:
 To check network namespaces : ip netns list

 To remove network namespace : ip netns delete <name>
2. Adding vnets to namespaces

We will now add vnet1 to "tom" and vnet3 to "jerry"
ip link set vnet1 netns tom
ip link set vnet3 netns jerry
3. Assigning IP
Lets assign an IP 10.1.1.1/24 to vnet1 in tom and vnet3 in jerry
ip netns exec tom ifconfig vnet1 10.1.1.1 netmask 255.255.255.0
ip netns exec jerry ifconfig vnet3 10.1.1.1 netmask 255.255.255.0

Criterion Networks
Exercise-III
Objective:
 Creating VXLAN Tunnel port

 Adding flows from file
1. Create VXLAN TUNNEL port

Let's create a VXLAN TUNNEL port on "br-test"
Note down IP address of eth0 in neutron-openstack-ctrl1 and of neutron-service-lb1 by using:
ifconfig eth0
in their respective SSH sessions.
ovs-vsctl add-port br-test vxlan1 -- set interface vxlan1 type=vxlan option:remote_ip

=<IP-ADD-neutron-service-lb1> option:local_ip=<IP-ADD-neutron-openstack-ctrl1> option
:key=flow ofport_request=10
2. Verify Port got added to Bridge

Verify the ports of bridge
ovs-vsctl show

Criterion Networks
3. Create file vxlan-flows-1.txt

To create a file
vi vxlan-flows-1.txt
Paste the following content in the file and save it.
table=0,in_port=1,actions=set_field:100->tun_id,resubmit(,1)
table=0,actions=resubmit(,1)
table=1,tun_id=100,ip,nw_dst=10.1.1.1,actions=output:1
table=1,tun_id=100,arp,nw_dst=10.1.1.1,actions=output:1

Criterion Networks
table=1,actions=drop
4. Add flows from file

Let's add flows from the file we created vxlan-flows-1.txt
ovs-ofctl add-flows br-test vxlan-flows-1.txt

Criterion Networks
Exercise-IV
Objective:
 Creating tunnel endpoint

 Verifying the configuration
Creating Endpoint of VXLAN Tunnel

Repeat earlier steps on neutron-service-lb1
a. Create a bridge
ovs-vsctl add-br br-test
b. Create VETH Pair
c. Bring vnet interfaces up
d. Attach ports vnet0 and vnet2 to "br-test"
e. Create namespaces
ip netns add tom
ip netns add jerry
d. Attach vnet1 to tom and vnet3 to jerry
ip link set vnet1 netns tom

Criterion Networks
ip link set vnet3 netns jerry
e. Assign IP address 10.1.1.2/24 to vnet1 in tom and vnet3 in jerry
ip netns exec tom ifconfig vnet1 10.1.1.2 netmask 255.255.255.0
ip netns exec jerry ifconfig vnet3 10.1.1.2 netmask 255.255.255.0
f. Create VXLAN TUNNEL port on "br-test"
ovs-vsctl add-port br-test vxlan1 -- set interface vxlan1 type=vxlan option:remote_ip

=<IP-ADD-neutron-openstack-ctrl1> option:local_ip=<IP-ADD-neutron-service-lb1> option
:key=flow ofport_request=10
g. Verify Port got added to Bridge
ovs-vsctl show
h. Create a file vxlan-flows-2.txt
Copy and paste the following flows in that file
table=0,actions=resubmit(,1)

Criterion Networks
table=1,actions=drop
i. Add flows from file: vxlan-flows-2.txt
ovs-ofctl add-flows br-test vxlan-flows-2.txt
Now, lets check the ping across HOSTS from neutron-openstack-ctrl1 node
Go back to neutron-openstack-ctrl1 node and execute following commands:
ip netns exec tom ping 10.1.1.2
ip netns exec jerry ping 10.1.1.2
All pings should be successful

Criterion Networks
Troubleshoot
Following commands will help you to understand the configurations that were done
To see all ovs bridges and their bridges use:
ovs-vsctl show
To see configurations of br-test use:
To see flows in br-test:
ovs-ofctl dump-flows br-test
To list all namespaces:
ip netns list
To check configuration of namespace Tom's ifconfig:
ip netns exec tom ifconfig -a

Criterion Networks
VIM-Openstack
Introduction
About Lab
The focus of this lab is to create a basic familiarity with OpenStack. Exercises will include uploading an
image, creation of network, creation of VM and how to reach the VM.
Openstack can be interacted with in 2 ways: CLI and HORIZON.
In this lab we will interact with OpenStack using CLI and the next lab will help you interact with OpenStack
using HORIZON.
In OpenStack VMs can be instantiated by using Images available in GLANCE image store. Exercise I will
help you to download and upload CIRROS image in GLANCE. You can upload any image using the same
steps.
To create different isolated networks, OpenStack uses NEUTRON service. Access to the private network is
provided by a Router by adding public network interface as well. In Exercise II we will create a new Private
Network and attach it to one of the interfaces of the Router which as well we will create.
Apart from IP reachability, NEUTRON provides a firewall to allow protocols/IPs/Ports which needs to be
added to reach the VM as default security group blocks everything. We can also create ssh-keypair that can be
used to SSH into the VM when it is instantiated. Exercise III will take you to handling these aspects of
OpenStack and as well launch a VM. We will also check where the router is and test reachability from router
to VM.
OpenStack provides FloatingIPs to the VM so that they can be reached directly from the public network, which
we will find out in Exercise IV.
Finally Exercise V will help you to trace a packet's path from VM to router and also reuse parts from earlier
Exercises.
Do not skip any step, as the next lab is dependent on the same.

Criterion Networks
Exercise-I
Objective:
 Uploading an image to Glance Image Store

Please use previously launched Openstack Controller's SSH session.
If it is not available then go to Access Devices tab click on the neutron-openstack-ctrl1 node present
under Topology tab
Note: If new SSH session of openstack controller is launched then before performing exercises please make
sure to source openrc_admin
2. Download cirros image
wget http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
3. Export relevant user credentials

We will need to source required credentials to perform glance operations
source openrc_admin
4. Uploading Image
Following command will upload the image cirros-0.3.1-x86_64-disk.img to glance
glance image-create --name Cirros --container-format bare --disk-format qcow2 --file

cirros-0.3.1-x86_64-disk.img
image-create => creating an image in glance
--name => image to be named as in glance
--container-format => format of the container which specifies the addition metadata required for the virtual
machine bare it means no container.
--file => local location of image to be uploaded

Criterion Networks
5. Verifying image store

To check the list of available images in glance image store use the following command:
glance image-list

Criterion Networks
Exercise-II
Objective:
 Accessing Horizon Dashboard

 Creating a new Private Tenant Network and attaching subnet to it
 Creating a router and attaching interfaces
1. Launch the Horizon Dashboard

Click on launch button to open Horizon Dashboard.
Launch
Use the below credentials to sign-in Horizon dashboard
Username: admin
Password: Chang3M3
Change project from services to admin.

Criterion Networks
2. Create a Tenant Network

Tenant Network is created to be used by VMs to create their own network which is isolated from other
networks
Go to Project > Network>Networks
click on +Create Networks to create new tenant network
To create tenant name net0 add the details shown in following image and submit.

Criterion Networks
Adding Subnet details to the Tenant Network
We will attach subnet as 10.0.0.0/24 to the Tenant Network net0 that we are creating
Add following details in subnet section and click next
Subnet Name:
subnet0
Network Address:
10.0.0.0/24
IP version: IPv4
Gateway IP:
10.0.0.1

Criterion Networks
Add IP pool from 10.0.0.20 to 10.0.0.250 and DNS-name sever(optional) 8.8.8.8 and make sure enable DHCP
is checked.
Verify,

Criterion Networks
3. Create a Router
To make the Tenant Network reachable we will create a router and add Tenant Network and Public Network to
it.
Go to Project > Network > Routers and click on +Create Router.
Add following details:
Router Name: Extrouter0 Admin State: UP External Network: public

Criterion Networks
Check if the router is created:
4. Add interface to router

We will need to add 2 interfaces to the route, one from public and one for private
Adding tenant network net0 interface to Extrouter0

Criterion Networks
Select subnet0
To verify, click on Extrouter0 > Interfaces
Similarly,
Go to Project > Network > Networks and click on net0

Criterion Networks

Criterion Networks
Exercise-III
Objective:
 Creating a new Instance in OpenStack

 Checking its reachability from Router
Note:
If you already added security rules while performing exercise2 of nova. Please ignore step3( Add the Security
Group rules).

Please use previously launched Openstack Controllers SSH session.
If it's not available Go to Access Devices tab click on the Topology. Click on the neutron-openstack-
ctr1 present in the topology image to access the node.
Note: If new SSH session of openstack controller being launched, before performing any exercises please
make sure you source openrc_admin file.
2. Generate a key pair

We will generate a key pair to be used for ssh in the VM we create
nova keypair-add key1 > /home/ubuntu/key1.pem
chmod 600 /home/ubuntu/key1.pem
Verify if the key-pair is added
nova keypair-list

Criterion Networks
3. Add the Security Group rules
Note:
If you already added security rules while performing exercise2 of nova. Please ignore
step3( Add the Security Group rules).
To allow required traffic to the VM, add the following security group rules to nova
Note:
Please use previously launched Horizon Dashboard, If it is not available please newly launch Horizon
Dashboard as we done in last exercise and make necessary changes.
Go to Project > Compute > Access & Security
secgroup-add-rule => add a rule
default => default security group
tcp/icmp => protocol
22 22 => from port 22 to port 22
0.0.0.0/0 =>for all networks
Go to Manage Rule
Click on +Add Rule
Add rule for TCP SSH traffic in default group.

Criterion Networks
Similarly,
Add rule for TCP HTTPS traffic in default group.

Criterion Networks
Add rule for any ICMP traffic in default group.

Criterion Networks
4. Launching a VM
To launch new VM go to Project > Compute
Launch Instance Test1:
click on Launch Instance.
Instance Name: Test1

Criterion Networks
Source select cirros

Criterion Networks
Flavor select flavor m1.tiny

Criterion Networks
Network select net0

Criterion Networks
Verify Security Groups
Add Key Pair key1

Criterion Networks
Now, click on Launch instance

Criterion Networks
We can see following image Test1 status as Active and It got IP address as 10.0.0.11
5. Reachability of VM from Router

We will check the reacability From Router Namespace from neutron-ctrl1 by pinging newly created VM
instance
Check for the namespace using:
ip netns list
ip netns exec qdhcp-<ID> route -n
ip netns exec qrouter-<ID> route -n
ip netns exec qrouter-<ID> ping c 3 <VM-IP>
Helpful Commands:

Criterion Networks
- To remove Tenant Network :
neutron net-delete (subnetname)
 Check neutron subnets :
neutron subnet-list (subnetname)
 For multiple pools adding :
neutron subnet-update subnet1 --allocation-pools start=20.0.0.101,end=20.0.0.200 --allocation-pools

start=10.10.12.220,end=10.10.12.230
 Check Router :
neutron router-show Extrouter
 To remove router:
neutron router-delete Extrouter
 To check router gateway :
neutron router-gateway
 To remove router gateway :
neutron router-gateway-clear "Router

Criterion Networks
Exercise-IV
Objective:
 Associate a Floating IP to the VM instance

 Verify we can SSH into VM instance with Private Key and Floating IP
1. Creating floating IP
Execute following exercise on neutron-openstack-ctrl1
Floating IPs are essential so that the VMs created in the Tenant Network are reachable from Openstack.
We will create a floating IP for reaching Test1
Go to Project > Compute > Floating IP
Click on Allocate IP to Project
Add Pool as public and click on Allocate IP

Criterion Networks
2. Associate floating IP
To associate previously created floating IP to instance Test1.
Go to Project > Compute > Instances
Click on Associate Floating IP for Test1 as shown in following image
Select previously created floating IP and Test1's port to be get associated.
Verify floating IP is being associated.

Criterion Networks

Please use previously launched Openstack Controllers SSH session.
If it's not available Go to Access Devices tab click on the Topology. Click on the neutron-openstack-
ctr1 present in the topology image to access the node.
Note: In case new SSH session of openstack controller is being launched, before performing any exercises
please make sure you source openrc_admin file.
4. SSH into the instance

To SSH into the instance use key key1.pem which we have created earlier and assigned to Test1 while
bringing it up
ssh -i key1.pem cirros@<floating_ip_of_Instance_Test1>

Criterion Networks
Exercise-V
Objective
 Use Openstack CLI to perform the exercise

 Helpful commands
1. Dump-Flows on br-tun to see the flows installed.
br-tun is a bridge on neutron-ctrl1 and neutron-compute. Execute following on neutron-ctrl1
ovs-ofctl dump-flows br-tun
2. How many tables are present in br-tun ?
ovs-ofctl dump-flows br-tun
3. Trace the packet from Router NS to exit of eth0 on neutron-ctrl1.
To check the flows in br-tun in a specific table use:
ovs-ofctl dump-flows br-tun table=<table-number>
To dump packets on interface eth1, login to neutron-ctrl1 and use:
tcpdump -i eth0
As shown in the following picture, change in n_packets, will help you identify which flow gets hit. Please Log
in to VM Test1 we created earlier in the exercise and ping only 4 packets from VM to router using
ping -c 4 10.0.0.1

Criterion Networks
Yellow boxes show number of packets before sending a ping and green boxes show number of packets after
pings were sent.
Methodology you can follow is:
 Dump flows in table 0

 Ping from VM
 Dump flows in table 0 and check which flow's number of packets change
 In the screenshot action is to resubmit to table 2 and 4
 Dump flows in table 2 first
 Ping from VM
 Dump flows in table 2 again and check which flow's number of packets change
 In table 2 action is to resubmit to table 20
 Dump flows in table 20
 Ping from VM
 Dump flows in table 20 again and check which flow's number of packets change
 Here action is output to port 2
 When you check in flows in table 0 in_port is 1 and in_port is 2
 Follow same process for table 4
4. Trace the packet from eth1 of Compute Node to VM.
Follow same procedure as 3.
5. Create a Private Network 30.0.0.0/24 with name net2.
On neutron-openstack-ctrl1 execute the following:

Criterion Networks
neutron net-create net2
neutron subnet-create net2 30.0.0.0/24 --name net2 --allocation-pool start=30.0.0.101

,end=30.0.0.200 --dns-nameserver 8.8.8.8
6. Create a Private Network 40.0.0.0/24 with name net3.
neutron net-create net3
neutron subnet-create net3 40.0.0.0/24 --name net3 --allocation-pool start=40.0.0.101

,end=40.0.0.200 --dns-nameserver 8.8.8.8
7. Create RouterA and RouterB for Tenant Networks and Attach private and public interfaces on the
respective routers.
neutron router-create RouterA
neutron router-create RouterB
neutron router-interface-add RouterA net2
neutron router-interface-add RouterB net3
neutron router-gateway-set RouterA public
neutron router-gateway-set RouterB public
8. Launch 1 instance in each network.

Criterion Networks
nova boot --flavor m1.tiny --image cirros --nic net-id=<Net2-ID> --security-groups de

fault --key-name key1 Test2
nova boot --flavor m1.tiny --image cirros --nic net-id=<Net3-ID> --security-groups de

fault --key-name key1 Test3
9. Verify Newly created Router and DHCP Name Spaces.
On neutron-ctrl1 execute the following:
ip netns list
10. Ping 2 VMs from Router name spaces and verify they are reachable.
11. Dump the flows to see how many Vxlan tunnels are present in the system.
Verify on neutron-ctrl1, neutron-openstack-ctrl1, neutron-service-lb1.

Criterion Networks
NFVO VNFM Tacker

Introduction
About Lab
This lab will focus on giving a hands on with Tacker using OpenStack HORIZON. We will validate basic
Tacker's functionality as VNFM and NFVO.
Tacker can be split into 2 a Generic Virtual Network Functions Manager and Network Functions Orchestrator.
By NFVO what we mean is it is responsible for an End-To-End Service Orchestration, which involves all the
interactions with VIM such as resource allocation, network creation, etc. while VNFM looks at the lifecycle of
the VNF such as Health Monitoring, Fault Recovery, etc.
We are Using br-mgmt as a flat network. A flat network is a network that does not provide any segmentation
options. A traditional L2 ethernet network is a flat network. Any instances attached to this network are able to
see the same broadcast traffic and can contact each other without requiring a router. br-mgmt network is
configured as part of the lab bring up and it has to be Flat Network Type compared to Net2 and Net3 which
we created as Vxlan type. NFVO and VNFM communicates with cloud controller and VNF's respectively.
Which is why VNFM requires direct access to VNF which can be provided by flat network.
Before moving on with Tacker, we will have a look at HORIZON
Click on launch button to open Horizon Dashboard.

Criterion Networks
Launch
Use the below credentials to sign-in Horizon dashboard
Username: admin
Password: Chang3M3
Change project from services to admin.
After logging, click on Admin. Click on Instances under System which will have Test1

Criterion Networks
Click on images, which will have "Cirros" image.
Click on tick box for Cirros (2nd image) and click on Delete Images to delete this image.
Networks will have all networks in OpenStack alongwith the ones that we created.

Criterion Networks
HORIZON can also show Network Topology. Click on Project -> Network -> Network Topology.
Tacker requires a Virtual Infrastructure Manager (VIM) to instantiate VNFs. We will register OpenStack as
our VIM in Exercise I.
Exercise II will demonstrate Orchestrating a VNF using a TOSCA Template and in Exercise III will check
VNFM's Fault Recovery.

Criterion Networks
Exercise-I
Objective:
 Registering VIM
1. Checking Tacker Service

As tacker uses port 9890 check if port 9890 is running in Neutron-Openstack-Ctrl1 by using netstat
netstat -plnt | grep 9890
2. Checking VIMs
Verify if any VIMs is registered in NFV -> NFV Orchestration -> VIM Management
It should be empty
3. Registering VIM
Click on Register VIM and fill in the configurations as shown:

Criterion Networks
Password: Chang3M3
Once you click on Register, you should see

Criterion Networks
Exercise-II
Objective:
 Launching VNFs using TOSCA Template
1. Onboard VNF
In HORIZON, goto NFV -> VNF Management -> VNF Catalog and click on onboard VNF.
Configure as shown:
Tacker uses Topology and Orchestration Specification for Cloud Applications (TOSCA) template in YAML
format to orchestrate and manage a VNF
For TOSCA YAML we will create 3 VDUs in VNF and verify 3 NICs for each VM in a
TOSCA Template
Copy the following content and paste it in TOSCA YAML.

Criterion Networks
tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0
description: Demo example
metadata:
template_name: sample-tosca-vnfd
topology_template:
node_templates:
VDU1:
type: tosca.nodes.nfv.VDU.Tacker
properties:
image: cirros
flavor: m1.tiny
availability_zone: nova
mgmt_driver: noop
config: |
param0: key1
param1: key2
CP11:
type: tosca.nodes.nfv.CP.Tacker
properties:

Criterion Networks
management: true
anti_spoofing_protection: false
requirements:
- virtualLink:
node: VL1
- virtualBinding:
node: VDU1
CP12:
properties:
requirements:
- virtualLink:
node: VL2
- virtualBinding:
node: VDU1
CP13:
properties:
requirements:
- virtualLink:

Criterion Networks
node: VL3
- virtualBinding:
node: VDU1
VDU2:
properties:
image: cirros
flavor: m1.tiny
mgmt_driver: noop
config: |
param0: key1
param1: key2
CP21:
properties:
management: true
requirements:
- virtualLink:
node: VL1
- virtualBinding:
node: VDU2

Criterion Networks
CP22:
requirements:
- virtualLink:
node: VL2
- virtualBinding:
node: VDU2
CP23:
requirements:
- virtualLink:
node: VL3
- virtualBinding:
node: VDU2
VDU3:
properties:
image: cirros
flavor: m1.tiny
mgmt_driver: noop

Criterion Networks
config: |
param0: key1
param1: key2
CP31:
properties:
management: true
requirements:
- virtualLink:
node: VL1
- virtualBinding:
node: VDU3
CP32:
requirements:
- virtualLink:
node: VL2
- virtualBinding:
node: VDU3
CP33:

Criterion Networks
requirements:
- virtualLink:
node: VL3
- virtualBinding:
node: VDU3
VL1:
type: tosca.nodes.nfv.VL
properties:
network_name: br_mgmt
vendor: Tacker
VL2:
properties:
network_name: net2
vendor: Tacker
VL3:
properties:
network_name: net3
vendor: Tacker
Here net2 and net3 are the networks created in Exercise V of VIM-OpenStack Lab (30.0.0.0/0 and 40.0.0.0/0).

Criterion Networks
Note: Take care of the indentations while copying
Click on OnBoardVNF to Onboard the VNFD.
2. Launching VNF
Before launching 1st VNF we will associate role of admin to heat_stack_owner. Go to SSH session
of neutron-openstack-ctrl1 and run following command:
openstack role add --project admin --user admin heat_stack_owner
Goto NFV -> VNF Management -> VNF Manager and click on Deploy VNF.
Configure as shown:

Criterion Networks
Click on Deploy VNF.
Refresh the page in sometime. The status of VNF1 will change to ACTIVE

Criterion Networks
Check instances under Admin in Horizon for the VNF that came up with 3 VMs

Criterion Networks
Exercise-III
Objective:
Making VNFM monitor the VNF and check if VNFM recovers the VNF from a fault
Monitoring VNF
Lets Create a VNF which is Monitored using PING and Re-Launch in case of ping failure
Follow the same process as we did in Exercise II.
Goto NFV -> VNF Management -> VNF Catalog and click on Onboard VNF. Give name as VNFD2 and for
TOSCA YAML, use following confiugration.
tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0
description: Demo example
metadata:
template_name: sample-tosca-vnfd
topology_template:
node_templates:
VDU1:
properties:
image: cirros
flavor: m1.tiny

Criterion Networks
mgmt_driver: noop
config: |
param0: key1
param1: key2
monitoring_policy:
name: ping
parameters:
monitoring_delay: 120
count: 3
interval: 1
timeout: 2
actions:
failure: respawn
CP1:
properties:
management: true
requirements:
- virtualLink:
node: VL1
- virtualBinding:
node: VDU1

Criterion Networks
CP2:
properties:
requirements:
- virtualLink:
node: VL2
- virtualBinding:
node: VDU1
CP3:
properties:
requirements:
- virtualLink:
node: VL3
- virtualBinding:
node: VDU1
VL1:
properties:

Criterion Networks
network_name: br_mgmt
vendor: Tacker
VL2:
properties:
network_name: net2
vendor: Tacker
VL3:
properties:
network_name: net3
vendor: Tacker
Goto VNF Manager and click on Deploy VNF. Give VNF Name as VNF2, select VNF Catalog as VNFD2,
VIM name as VIM0 and click on Deploy VNF.
After Sometime, VNF2 will be active as shown:
To get details of an active VNF use:

Criterion Networks
tacker vnf-show <vnf-name>
Let's check status of VNF2. Go to neutron-openstack-ctrl1
tacker vnf-show vnf2
2. Creating FAULT in VNF

Bring down the Management NIC on VNF
Password : cubswin:)
VNF is Re-spawned

Criterion Networks

Criterion Networks

NFV Foundations PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

NFV Foundations PDF

Hochgeladen von

Copyright:

Verfügbare Formate

Criterion Networks

Example: To access neutron-openstack-ctrl node follow the below step:

For Linux & Mac Users:

To access particular node execute following command

ssh -p (port. no.) username@ip-address

ssh -p 20001 ubuntu@35.196.150.0

Copyright © 2019 Criterion Networks Inc. All Rights Reserved.

For Windows Users using PuTTY:

Using PuTTY create a session to login to nodes like

Copyright © 2019 Criterion Networks Inc. All Rights Reserved.

Copyright © 2019 Criterion Networks Inc. All Rights Reserved.

Copyright © 2019 Criterion Networks Inc. All Rights Reserved.

Launch Horizon Dashboard

To access the Horizon click on the launch button below.

Copyright © 2019 Criterion Networks Inc. All Rights Reserved.

Copyright © 2019 Criterion Networks Inc. All Rights Reserved.

 Use Openstack CLI to perform the exercise

 Creating an OVS bridge

1. SSH to the Openstack Controller Node

2. Create an OVS Bridge

ovs-vsctl add-br br-test

Check if the bridge is created using :

ovs-ofctl show br-test

Copyright © 2019 Criterion Networks Inc. All Rights Reserved.

Helpful Command: To delete the bridge use: ovs-vsctl del-br br-test

3. Create veth pair

ip link add vnet0 type veth peer name vnet1

Check if they are created:

Helpful Command: To delete the veth pair: ip link delete vnet0

4. Create veth pair {vnet2, vnet3}

ip link add vnet2 type veth peer name vnet3

ip link set vnet0 up

ip link set vnet1 up

ip link set vnet2 up

ip link set vnet3 up

Copyright © 2019 Criterion Networks Inc. All Rights Reserved.

ovs-vsctl add-port br-test vnet0 -- set interface vnet0 ofport_request=1

ovs-vsctl add-port br-test vnet2 -- set interface vnet2 ofport_request=2

Lets check ovs : ovs-vsctl show

Copyright © 2019 Criterion Networks Inc. All Rights Reserved.

 Creating Linux network namespaces

ip netns add tom

ip netns add jerry

 To check network namespaces : ip netns list

2. Adding vnets to namespaces

ip link set vnet1 netns tom

ip link set vnet3 netns jerry

ip netns exec tom ifconfig vnet1 10.1.1.1 netmask 255.255.255.0

ip netns exec jerry ifconfig vnet3 10.1.1.1 netmask 255.255.255.0

Copyright © 2019 Criterion Networks Inc. All Rights Reserved.

 Creating VXLAN Tunnel port

1. Create VXLAN TUNNEL port

Note down IP address of eth0 in neutron-openstack-ctrl1 and of neutron-service-lb1 by using:

in their respective SSH sessions.

ovs-vsctl add-port br-test vxlan1 -- set interface vxlan1 type=vxlan option:remote_ip

2. Verify Port got added to Bridge

ovs-ofctl show br-test

Copyright © 2019 Criterion Networks Inc. All Rights Reserved.

3. Create file vxlan-flows-1.txt

Paste the following content in the file and save it.

Copyright © 2019 Criterion Networks Inc. All Rights Reserved.

4. Add flows from file

ovs-ofctl add-flows br-test vxlan-flows-1.txt