...
Once the stack is created, the vBNG configuration file is deployed to the instance to '$HOME/vbng.conf' and latest vBNG code is directly pulled from specified upstream git repository (default is the Swisscom repository) by cloud-init user-data script. The stack output shows initial vBNG configuration, the floating IP and how to connect to the instance by SSH. To create a stack in OpenStack heat you first require the Heat template from here: https://git.swisscom.com/projects/ZTXGSPON/repos/opnfv/browse/heat/vbng.yaml (Drop a note to michail salichos, David Perez Caparros or Daniel Balsiger in case you do not have access)
Option A) Upload template in Horizon
...
Key | Default Value | Description | Notes |
---|---|---|---|
OpenStack Settings | |||
key | vbng | Name of the SSH keypair for logging in into the instance | constraint: nova.keypair |
image | "CentOS 7 x86_64 GenericCloud 1901" | Name of the glance image Supported are upstream cloud images for: Ubuntu 16.04 / Ubuntu 18.04 / CentOS 7 | constraint: glance.image |
flavor | a1.tiny | Flavor to use for the instance Can be a small one (1vCPU/4GB RAM/10GB disk) | constraint: nova.flavor |
extnet | external | Name of external network | This is the existing OpenStack external network containing the floating IPs |
int_cidr | 192.168.1.0/24 | Internal Network IPv4 Addressing in CIDR notation | Can be anything in the private IP space if your OpenStack supports overlapping IP tenant ranges. |
dns1 | 8.8.8.8 | DNS server 1 for internal network | E.g. DNS server 1 Openstack VMs will use |
dns2 | 8.8.4.4 | DNS server 2 for internal network | E.g. DNS server 2 Openstack VMs will use |
vBNG Git Repository Settings | |||
git_repo | ssh://git@git.swisscom.com:7999/ztxgspon/vbng.git | Virtual BNG Git Repository URL (ssh://) | This repository holds the vbng code and is cloned by cloud-init |
git_branch | master | Git branch to check out. | |
git_sshkey | NOT SHOWN HERE | SSH Private Key for Git Repository (Read-Only Access) | For cloud-init read-only access |
git_hostkey | NOT SHOWN HERE | SSH Host Key for Git Host (git.swisscom.com) | |
vBNG Settings | |||
cust_cidr | 10.66.0.0/16 | Customer IPv4 Network in CIDR notation | The network for your subscribers |
cust_gw | 10.66.0.1 | Customer IPv4 Network Gateway | The IPv4 gateway your subscribers will use |
cust_dns | 8.8.8.8 | Customer DNS Server | The DNS severs your subscribers will use |
cust_start | 10.66.1.1 | Customer IPv4 Range Start Address | Subscriber IP range for DHCP |
cust_end | 10.66.1.254 | Customer IPv4 Range End Address | Subscriber IP range for DHCP |
dhcp_cidrl2 | false | Global Layer 2 DHCP switch | Enable Layer 2 DHCP on datapath |
dhcp_cidr | 172172.24.24.0/24 | DHCP Server / Relay Network in CIDR notation | The network between The DHCP server and the DHCP L3 Relay on the OLT. |
dhcp_ip | 172.24.24.1 | DHCP Server IPv4 Address | The DHCP Server is binding/listening to that address |
in_tun_port | 4789 | UDP Port for incoming VxLAN Tunnels | For incoming VxLAN UDP packets. Used to configure OpenStack Security Groups |
onap_dcae_ves_collector_url | http://172.30.0.126:30235/eventListener/v7 | ONAP DCAE VES Collector URL | The URL the VES agent is streaming VES to |
...
vbng/00-installdeps.sh
Update the system, install dependent packages, install and setup docker.
vbng/01-setupdatapath.sh
Set up the datapath part, including shaping, routing and NAT.
vbng/02-setupcontainers.sh
Create docker images and start all containers: Database, Message Queue, Restconf Server, VES Agent and DHCP Server.
OLT
...
Configuration
OLT onboarding configuration is not done by cloud-init, since OLT parameters are normally not known at stack creation time. For OLT onboarding the 2 tunnels for datapath and DHCP transport and the DHCP L3 relay on the OLT have to be configured. Therefore another script should be used, once the vbng instance is provisioned initially:
vbng/03-setupolt.sh
...
With the newest version there is a REST interface for configuring OLTs. See REST API documentation below: 'POST CreateOLT', 'GET GetOLT', 'POST DeleteOLT'. To assist with working with the REST API, you can utilize Postman, and import the current API Collection.
ONT/Subscriber Configuration
Subscribers are usually configured by calls to bbs-edge-restconf-server directly from ONAP. In case you would like to test this functionality you can of course trigger this directly with the REST API calls defined below.
Important parameters are: "remote_id":"AC9.000.990.001","s_vlan":10,"c_vlan":333 .Of course the values configured must match what the OLT/ONT in the Lab sends.
Currently only 4 subscribers profiles are supported (1/2/3/4), 2 * 100Mbit/s symmetrical and 2 * 20Mit/s symmetrical, respectively. This should be enough to run all test-cases for the BBS use-case.
REST API
To assist with working with the REST API, you can utilize Postman, and import the current API Collection. The information below documents each REST call that is available.
POST CreateInternetProfileInstance
Description: Creates a subscriber instance in the vBNG. This call will be used directly by ONAP. Note, the "service_id" MUST be unique, as this is used to identify the profile for updates and deletion.
Code Block | ||
---|---|---|
| ||
{
"remote_id":"AC9.000.990.002",
"ont_sn":"serial",
"service_type":"Internet",
"mac":"00:00:00:00:00:00",
"service_id":"2",
"up_speed":"100",
"down_speed":"100",
"s_vlan":10,
"c_vlan":334
} |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
curl --location --request POST "{{host}}:{{port}}/CreateInternetProfileInstance" \
--header "Content-Type: application/json" \
--data "{
\"remote_id\":\"AC9.000.990.001\",
\"ont_sn\":\"serial\",
\"service_type\":\"Internet\",
\"mac\":\"00:00:00:00:00:00\",
\"service_id\":\"1\",
\"up_speed\":\"100\",
\"down_speed\":\"100\",
\"s_vlan\":10,
\"c_vlan\":333
}" |
GET GetInternetProfileInstance
Description: Returns list of all configured subscribers in the vBNG.
...
vxlan_data_ip: The IP Address of the VxLAN remote tunnel endpoint for OLT datapath
...
vxlan_data_port: The UDP Port of the VxLAN remote tunnel endpoint for OLT datapath
...
vxlan_data_vni: The VNI of the VxLAN remote tunnel endpoint for OLT datapath
...
vxlan_dhcp_ip: The IP Address of the VxLAN remote tunnel endpoint for DHCP server / relay traffic
...
vxlan_dhcp_port: The UDP Port of the VxLAN remote tunnel endpoint for DHCP server / relay traffic
...
vxlan_dhcp_vni: The VNI of the VxLAN remote tunnel endpoint for DHCP server / relay traffic
...
relay_north_ip: The Northbound IP of the L3 DHCP relay on the OLT. (Where the DHCP server routes its replies to)
relay_south_ip: The Southbound IP of the L3 DHCP relay on the OLT. (Where the DHCP replies are injected into datapath)
Code Block | ||||
---|---|---|---|---|
| ||||
[centos@vbng ~]$ vbng/03-setupolt.sh
Usage: vbng/03-setupolt.sh [vxlan_data_ip] [vxlan_data_port] [vxlan_data_vni] \
[vxlan_dhcp_ip] [vxlan_dhcp_port] [vxlan_dhcp_vni] \
[relay_north_ip] [relay_south_ip]
[centos@vbng ~]$ vbng/03-setupolt.sh 172.30.0.252 4789 88888 172.30.0.253 4789 100 172.24.24.2 10.66.0.2
Setting up VxLAN tunnel interface olt0 (172.30.0.252:4789 VNI=88888)
Setting up VxLAN tunnel interface dhcp0 (172.30.0.253:4789 VNI=100)
Adding port dhcp0 to bride dhcp...
Adding relay route to 10.66.0.2 over 172.24.24.2 inside bbs-edge-dhcp-server container...
[centos@vbng ~]$
|
ONT/Subscriber Configuration
Subscribers are usually configured by calls to bbs-edge-restconf-server directly from ONAP. In case you would like to test this functionality you can of course trigger this directly with curl to the floating IP, TCP port 5000 of the vbng instance:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
curl --Hlocation "Content--request GET "{{host}}:{{port}}/GetInternetProfileInstance" |
POST ChangeInternetProfileInstance
Description: Updates an existing subscriber instance in the vBNG. The "service_id" parameter is used as the key to identify the specific profile to be updated.
Code Block | ||
---|---|---|
| ||
{ "remote_id":"AC9.000.990.001", "ont_sn":"serial", "service_type":"Internet", "mac":"00:00:00:00:00:00", "service_id":"1", "up_speed":"100", Type: application/json" -X POST -d '{"remote_id":"AC9.000.990.001","ont_sn":"serial","service_type":"Internet","mac":"00:00:00:00:00:00","service_id":"1","up_speed":"100","down_speed":"100", "s_vlan":10, "c_vlan":333}' 172.30.0.134:5000/CreateInternetProfileInstance |
...
} |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
curl --location --request POST "{{host}}:{{port}}/ChangeInternetProfileInstance" \ --header "Content-Type: application/json" \ --data "{ \"remote_id\":\"AC9.000.990.001\", \" |
...
ont_ |
...
sn\": |
...
- vbng/04-setupcustomer.sh
- Enable a particular customer
- Usage: vbng/04-setupcustomer.sh [olt_id] [s-vlan] [c-vlan] [customer_ip] [traffic_profile_id]
- vbng/05-removecustomer.sh
- Remove a particular customer
- Usage: vbng/05-removecustomer.sh [customer_ip]
Currently only 4 subscribers profiles are supported (1/2/3/4), 2 * 100Mbit/s symmetrical and 2 * 20Mit/s symmetrical, respectively. This should be enough to run all test-cases for the BBS use-case.
ONAP Configuration
The installation and initial configuration of Edge SDN M&C + vBNG is done by an Heat stack template, see above. The parameters which must be modified in ONAP are the following:
...
\"serial\",
\"service_type\":\"Internet\",
\"mac\":\"00:00:00:00:00:00\",
\"service_id\":\"1\",
\"up_speed\":\"100\",
\"down_speed\":\"100\",
\"s_vlan\":10,
\"c_vlan\":333
}" |
POST DeleteInternetProfileInstance
Description: Deletes an existing subscruber instance in the vBNG
Code Block | ||
---|---|---|
| ||
{
"service_id":"1"
} |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
curl --location --request POST "{{host}}:{{port}}/DeleteInternetProfileInstance" \
--header "Content-Type: application/json" \
--data "{
\"service_id\":\"1\"
}" |
POST CreateOLT
Description: Creates and onboards an OLT into the vBNG.
Code Block | ||
---|---|---|
| ||
{
"data_dest_ip":"192.168.201.10",
"data_dest_port":"4790",
"data_vni":"12022",
"dhcp_dest_ip":"192.168.201.10",
"dhcp_dest_port":"4790",
"dhcp_vni":"12023",
"relay_north_ip":"172.24.24.2",
"relay_south_ip":"10.66.0.2",
"dhcp_l2_only":true,
"s_vlan":300
} |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
curl --location --request POST "{{host}}:{{port}}/CreateOLT" \
--header "Content-Type: application/json" \
--data "{
\"data_dest_ip\":\"192.168.201.10\",
\"data_dest_port\":\"4790\",
\"data_vni\":\"12022\",
\"dhcp_dest_ip\":\"192.168.201.10\",
\"dhcp_dest_port\":\"4790\",
\"dhcp_vni\":\"12023\",
\"relay_north_ip\":\"172.24.24.2\",
\"relay_south_ip\":\"10.66.0.2\",
\"dhcp_l2_only\":true,
\"s_vlan\":300
}" |
GET GetOLT
Description: Returns list of all the OLTs currently configured in the vBNG.
Code Block | ||
---|---|---|
| ||
curl --location --request GET "{{host}}:{{port}}/GetOLT" \
--header "Content-Type: application/json" |
POST DeleteOLT
Description: Deletes an OLT instance from the vBNG. Note, "olt_id" parameter is auto-generated by CreateOLT API call and can be retrieved via the GetOLT API call.
Code Block |
---|
{
"olt_id":1
} |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
curl --location --request POST "{{host}}:{{port}}/DeleteOLT" \
--header "Content-Type: application/json" \
--data "{
\"olt_id\":1
}" |
ONAP Configuration
The installation and initial configuration of Edge SDN M&C + vBNG is done by an Heat stack template, see above. The parameters which must be modified in ONAP are the following:
- The IP of Edge SDN M&C in order to be accessed from SDN-C is currently hardcoded in the DG -> GENERIC-RESOURCE-API_bbs-internet-profile-network-topology-operation-common-huawei.json (<parameter name='prop.sdncRestApi.thirdpartySdnc.url' value='http://172.30.0.121:5000' />). The Edge SDN M&C external controller is not registered in ESR for this release. Note: The IP above is provided by Heat stack output, it is the Floating IP of the vBNG instance in Swisscoms Lab.
- To update the IP of Edge SDN M&C in the corresponding DG, one must export the relevant DG mentioned earlier, update the IP, import back and finally enable the DG.
Setup Transport Middle Box for VxLAN Tunneling
We built our middle-boxes on top of CentOS 7. Ubuntu and other distributions will work in a similar way. The commands shown here refer to CentOS 7. The middle box can be any x86 server with two 10Gbit/s NICs. One NIC will be facing the OLT on L2, the other NIC will be in the external network to communicate with the vBNG. To set up such a middle box use these commands to configure on top of a minimal CentOS 7 installation:
Copy the team members SSH public keys and disable SSH password auth:
Code Block language bash theme RDark cat > authorized_keys << __EOF ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjD/+BIg4c28lHlHw464vbfUYjfDJ1sSKgrEYcMkL+qO6LagkDAWkWdelmAmpcUJlOPYjxDwmKj8Bu6/fd+WfVzk6y33YVmAFN4jAmv/87dYCNuAMr4gDWc3cU5lsNdpsPzQqGUCFfJCvldyUZeu21YZ2rkYB1+Q9VObUSaa5Z74sKNYQJi0AgnZh63cYOyqVDCwIloWd2FzC+4o04cVL3P1R+COGRq1EUUmy5LSI9rsCO59mLCt8Wm4h5OiY84nEbQVZUH3QyYw/ihmGm2qtklkbNMPOPZ7+8ZN5+of4u/7bpEiZk3FcMh7lYwi6dMyUzwv47Il633JP6GDgOxuCH Daniel Balsiger SSH ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH8lM+qleGIvXI3wgqIp73pKZwwxKfr9BDCdoVP3/zWRQ/7zpw98nvx7gqfVLlt+P2TjxHbSJqGrSECSmKFCHsYzuA+khmg/aca/IQa2FYFpUR1sT4czWQC14PiGGIoSbMukeUZvddZwZlalNZmOKjzY1Flz3w7+W+XHyFuwy6qfaIt1hIBKkqTUxECYq0O6OkdK6gzouKuAY/4AM+VvcIkdHMm9x3LCXWBAH24QzCG/IzydqXfi4FkVtmGJv2AgEMyR0seSoU3drCXvpY91WjXT8i6m7EMB739hw0V32UaqslY3qHtuNTGake5JFWJn9zYF6lZwGXpU94Bw7YjQL1 Michail Salichos SSH ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCRxCsboa1ERMgiJCP2iA8Zcm2LuAOALQHIZIQEvbcwMifdeXMTawC0tDnU6qy35q+cr5W3+4HJDyBLSAKmDosZepm1a/27cRlgXK/vtkxM5UlDk+lZsF/YGXBzZvWepM4XhozzCMNfvWWxkz5SnEl/ZYfdN2H5psXReNTgBX33ax2cI+aOBZxsX2Y0FYBuqlJFT7htgblGjHLq43nL/cF9w9cXkMv+mPUQJN4wNf1HU5JBjX6sKl6Y3IIPxEVGFohu8c9tDHa8JoWxIzKZz3z9Zd8KkfTTsRtXh3MH7mMRZkVTgHHVU3NA4/psEVMJHFtXI6R/laOv8Lpytdky7tkv taapeda0@UM01183 __EOF mkdir .ssh chmod 0700 .ssh cp authorized_keys .ssh # copy not move (selinux) chmod 0600 .ssh/authorized_keys rm -f authorized_keys sed -e 's|^PasswordAuthentication yes|PasswordAuthentication no|' -i /etc/ssh/sshd_config systemctl restart sshd
Disable NetworkManager, Firewalld and Postfix services, enable legacy networking:
Code Block language bash theme RDark systemctl disable NetworkManager systemctl stop NetworkManager systemctl disable firewalld systemctl stop firewalld systemctl disable postfix systemctl stop postfix systemctl enable network systemctl start network
Create Network Interface Configuration Files in /etc/sysconfig/network-scripts/ :
ifcfg-bridge:
Code Block language bash theme RDark DEVICE=bride TYPE=Bridge MTU=1400 ONBOOT=yes BOOTPROTO=none IPV6INIT=no IPV6_AUTOCONF=no
ifcfg-nic1 (facing OLT):
Code Block language bash theme RDark DEVICE=nic1 TYPE=Ethernet MTU=1400 ONBOOT=yes BOOTPROTO=none IPV6INIT=no IPV6_AUTOCONF=no BRIDGE=bridge
ifcfg-nic2 (in external network, facing vBNG):
Code Block language bash theme RDark DEVICE=nic2 TYPE=Ethernet MTU=1450 ONBOOT=yes BOOTPROTO=none IPV6INIT=no IPV6_AUTOCONF=no IPADDR=172.30.0.252 PREFIX=24 DEFROUTE=yes GATEWAY=172.30.0.1 DNS1=8.8.8.8 DNS2=8.8.4.4
Create VxLAN Tunnel Interface on bridge creation:
Code Block language bash theme RDark cat > /sbin/ifup-local << __EOF #!/bin/sh if [[ "\$1" == "bridge" ]] then ip link add vxlan0 type vxlan id 88888 local 172.30.0.252 remote 172.30.0.121 dstport 4789 dev nic2 ip li set up dev vxlan0 ip link set master bridge dev vxlan0 fi __EOF chmod 755 /sbin/ifup-local restorecon -Fv /sbin/ifup-local
Once those files are in place the configuration is reboot persistent. To have a sane state, please reboot the box once, after having created those files.
...
Setup Transport Middle Box for VxLAN Tunneling
We built our middle-boxes on top of CentOS 7. Ubuntu and other distributions will work in a similar way. The commands shown here refer to CentOS 7. The middle box can be any x86 server with two 10Gbit/s NICs. One NIC will be facing the OLT on L2, the other NIC will be in the external network to communicate with the vBNG. To set up such a middle box use these commands to configure on top of a minimal CentOS 7 installation:
Copy the team members SSH public keys and disable SSH password auth:
Code Block | ||||
---|---|---|---|---|
| ||||
cat > authorized_keys << __EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjD/+BIg4c28lHlHw464vbfUYjfDJ1sSKgrEYcMkL+qO6LagkDAWkWdelmAmpcUJlOPYjxDwmKj8Bu6/fd+WfVzk6y33YVmAFN4jAmv/87dYCNuAMr4gDWc3cU5lsNdpsPzQqGUCFfJCvldyUZeu21YZ2rkYB1+Q9VObUSaa5Z74sKNYQJi0AgnZh63cYOyqVDCwIloWd2FzC+4o04cVL3P1R+COGRq1EUUmy5LSI9rsCO59mLCt8Wm4h5OiY84nEbQVZUH3QyYw/ihmGm2qtklkbNMPOPZ7+8ZN5+of4u/7bpEiZk3FcMh7lYwi6dMyUzwv47Il633JP6GDgOxuCH Daniel Balsiger SSH
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH8lM+qleGIvXI3wgqIp73pKZwwxKfr9BDCdoVP3/zWRQ/7zpw98nvx7gqfVLlt+P2TjxHbSJqGrSECSmKFCHsYzuA+khmg/aca/IQa2FYFpUR1sT4czWQC14PiGGIoSbMukeUZvddZwZlalNZmOKjzY1Flz3w7+W+XHyFuwy6qfaIt1hIBKkqTUxECYq0O6OkdK6gzouKuAY/4AM+VvcIkdHMm9x3LCXWBAH24QzCG/IzydqXfi4FkVtmGJv2AgEMyR0seSoU3drCXvpY91WjXT8i6m7EMB739hw0V32UaqslY3qHtuNTGake5JFWJn9zYF6lZwGXpU94Bw7YjQL1 Michail Salichos SSH
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCRxCsboa1ERMgiJCP2iA8Zcm2LuAOALQHIZIQEvbcwMifdeXMTawC0tDnU6qy35q+cr5W3+4HJDyBLSAKmDosZepm1a/27cRlgXK/vtkxM5UlDk+lZsF/YGXBzZvWepM4XhozzCMNfvWWxkz5SnEl/ZYfdN2H5psXReNTgBX33ax2cI+aOBZxsX2Y0FYBuqlJFT7htgblGjHLq43nL/cF9w9cXkMv+mPUQJN4wNf1HU5JBjX6sKl6Y3IIPxEVGFohu8c9tDHa8JoWxIzKZz3z9Zd8KkfTTsRtXh3MH7mMRZkVTgHHVU3NA4/psEVMJHFtXI6R/laOv8Lpytdky7tkv taapeda0@UM01183
__EOF
mkdir .ssh
chmod 0700 .ssh
cp authorized_keys .ssh # copy not move (selinux)
chmod 0600 .ssh/authorized_keys
rm -f authorized_keys
sed -e 's|^PasswordAuthentication yes|PasswordAuthentication no|' -i /etc/ssh/sshd_config
systemctl restart sshd |
Disable NetworkManager, Firewalld and Postfix services, enable legacy networking:
Code Block | ||||
---|---|---|---|---|
| ||||
systemctl disable NetworkManager
systemctl stop NetworkManager
systemctl disable firewalld
systemctl stop firewalld
systemctl disable postfix
systemctl stop postfix
systemctl enable network
systemctl start network |
Create Network Interface Configuration Files: ifcfg-bridge, ifcfg-nic1 (facing OLT), ifcfg-nic2 (facing vBNG)
...
language | bash |
---|---|
theme | RDark |
...