Enable Virtual Customer Premises Equipment (vCPE) with OpenStack* Part 2: Prepare the Virtual Network Functions

Published: 06/28/2016, Last Updated: 06/28/2016

This post shows how to create images to emulate two types of virtual network functions (VNFs) you may come across. These images may be useful, for example, if you are trying to set up virtual Customer Premises Equipment (vCPE), as described in Blog 1 of this series, Enabling vCPE with OpenStack* - Get Started.

 

 

The images being created in this case are:

  • The bump-in-the-wire operation, such as frame-forwarding (L2 VNF)
  • Software routing (L3 VNF)

 

Bump! What was that?

In this case, we will set up bridging on the "bump" (L2 VNF), and allow traffic to pass through. We will clear any IP addresses on the virtual machine (VM) and add both the interfaces to the bridge. The bridge will be configured to forward frames and not participate in the network otherwise. This VM will essentially be invisible to any other network user. In a production environment, this would carry out operations such as traffic inspection or WAN optimization.

Make sure bridge-utils is installed on the VM, and configure the bridge by adding the following to /etc/network/interfaces:

auto eth0
  iface eth0 inet manual
      up ifconfig eth0 0.0.0.0 
      up ifconfig ip link set eth0 promisc on

  auto eth1
  iface eth1 inet manual
      up ifconfig eth1 0.0.0.0
      up ifconfig ip link set eth1 promisc on

  auto br100
  iface br100 inet manual
      bridge_ports eth0 eth1
      bridge_stp on
      bridge_waitport 0

The eth0 and eth1 ip addresses are cleared and the interfaces are set to promiscuous mode, so that they accept all packets.

The bridge is then created, with the ports eth0 and eth1 added to it. All traffic entering the VM on eth0 will exit on eth1, and vice versa.

A software router

In order to configure a VM to act as a router it must be configured to allow IP forwarding and proxy ARP. This can be done through the /etc/sysctl.conf file:

net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.proxy_arp = 1
net.ipv4.conf.eth1.proxy_arp = 1

The IP addresses for the ports on the "router" should be the default routes for the LAN and WAN networks, which is done when the networks and ports are being created, as described in Blog 3 of this series, Enabling vCPE with OpenStack* - Create the Networks.

Add the images

Once you have saved these images in a safe place, add them to Glance so they can be used for booting VMs:

$ glance image-create --name bump_image --disk-format qcow2 --container-format bare --file ~/ubuntu-bump-in-the-wire.qcow2
$ glance image-create --name router_image --disk-format qcow2 --container-format bare --file ~/ubuntu-router.qcow2

Congratulations, you now have two images available in Glance, which can be used for booting VMs!

Continue Reading

You've just finished the second in a series of three blogs on the topic of enabling vCPE with OpenStack. Read the other blogs by clicking on the links below:

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804