DANOS Post Install Configuration

Owned by FREEMAN, BRIAN D
Last updated: Apr 28, 2020
22 min read

These steps will configure the DANOS vRouter as a vFW for ONAP

Step-by-step guide

  1. Create the Netconf Mount
    1. Create a netconf mount from SDNC to the DANOS vRouter

    2. The following xml payload should be edited for your environment with the node-id , ip address and port (default is 22 ) and credentials from your enivronment

      netconf_mount.xml 
      <node xmlns="urn:TBD:params:xml:ns:yang:network-topology">
   <node-id>vofwl01fwl003f</node-id>
   <host xmlns="urn:opendaylight:netconf-node-topology">10.0.200.90</host>
   <port xmlns="urn:opendaylight:netconf-node-topology">22</port>
   <username xmlns="urn:opendaylight:netconf-node-topology">vyatta</username>
   <password xmlns="urn:opendaylight:netconf-node-topology">vyatta</password>
   <tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only>
   <!-- non-mandatory fields with default values, you can safely remove these if you do not wish to override any of these values-->
   <reconnect-on-changed-schema xmlns="urn:opendaylight:netconf-node-topology">false</reconnect-on-changed-schema>
   <connection-timeout-millis xmlns="urn:opendaylight:netconf-node-topology">20000</connection-timeout-millis>
   <max-connection-attempts xmlns="urn:opendaylight:netconf-node-topology">0</max-connection-attempts>
   <between-attempts-timeout-millis xmlns="urn:opendaylight:netconf-node-topology">2000</between-attempts-timeout-millis>
   <sleep-factor xmlns="urn:opendaylight:netconf-node-topology">1.5</sleep-factor>
   <!-- keepalive-delay set to 0 turns off keepalives-->
   <keepalive-delay xmlns="urn:opendaylight:netconf-node-topology">120</keepalive-delay>

    3. Here is the curl script to create the netconf mount. Replace  k8_host_ip with one of your host ip's and replace vofwl01fwl003f with your virtual machine name

      curl to create netconf mount

      curl -v -k --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -d @netconf_mount.danos.xml -H "Accept: application/xml" -H "Content-type: application/xml" -X PUT --trace trace.out https://<k8_host_ip>:30267/restconf/config/network-topology:network-topology/topology/topology-netconf/node/vofwl01fwl003f

      validate_mount

      curl -v -k --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -H "Accept: application/json" -H "Content-type: application/json" -X GET https://52.251.126.116:30267/restconf/config/network-topology:network-topology/topology/topology-netconf/node/vofwl01fwl003f | python -m json.tool

      validate_results 
      {
    "node": [
        {
            "netconf-node-topology:between-attempts-timeout-millis": 2000,
            "netconf-node-topology:connection-timeout-millis": 20000,
            "netconf-node-topology:host": "10.0.200.46",
            "netconf-node-topology:keepalive-delay": 120,
            "netconf-node-topology:max-connection-attempts": 0,
            "netconf-node-topology:password": "vyatta",
            "netconf-node-topology:port": 22,
            "netconf-node-topology:reconnect-on-changed-schema": false,
            "netconf-node-topology:sleep-factor": 1.5,
            "netconf-node-topology:tcp-only": false,
            "netconf-node-topology:username": "vyatta",
            "node-id": "vofwl01fwl003f"
        }
    ]
}
  2. Add the static ip addressed interfaces

    1. add_interface.dp0s4.json

      add_interface.dp0s4
      { "vyatta-interfaces-dataplane-v1:dataplane": 
     {
                "address": [
                    "192.168.10.100/24"
                ],
                "tagnode": "dp0s4"
            }
}

    2. add_interface.dp0s5.json

      add_interface.dp0s5.json
      { "vyatta-interfaces-dataplane-v1:dataplane": 
     {
                "address": [
                    "192.168.20.100/24"
                ],
                "tagnode": "dp0s5"
            }
}

    3. add the interfaces (change k8_host_ip and vofwl01fwl003f for your environment)

      add interfaces
      curl -v  -k --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -d @add_interface.dp0s4.json -H "Accept: application/json" -H "Content-type: application/json" -X PUT --trace trace.out https://<k8_host_ip>:30267/restconf/config/network-topology:network-topology/topology/topology-netconf/node/vofwl01fwl003f/yang-ext:mount/vyatta-interfaces-v1:interfaces/dataplane/dp0s4

curl -v  -k --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -d @add_interface.dp0s5.json -H "Accept: application/json" -H "Content-type: application/json" -X PUT --trace trace.out https://<k8_host_ip>:30267/restconf/config/network-topology:network-topology/topology/topology-netconf/node/vofwl01fwl003f/yang-ext:mount/vyatta-interfaces-v1:interfaces/dataplane/dp0s5

    4. validate the interfaces

      validate_interfaces
      curl -v  -k --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -H "Accept: application/json" -H "Content-type: application/json" -X GET  https://<k8s_host_ip>:30267/restconf/config/network-topology:network-topology/topology/topology-netconf/node/vofwl01fwl003f/yang-ext:mount/vyatta-interfaces-v1:interfaces  | python -m json.tool
      config output 
      {
    "interfaces": {
        "vyatta-interfaces-dataplane-v1:dataplane": [
            {
                "address": [
                    "192.168.20.100/24"
                ],
                "tagnode": "dp0s5"
            },
            {
                "address": [
                    "192.168.10.100/24"
                ],
                "tagnode": "dp0s4"
            },
            {
                "address": [
                    "dhcp"
                ],
                "tagnode": "dp0s3"
            }
        ],
        "vyatta-interfaces-loopback-v1:loopback": [
            {
                "tagnode": "lo"
            }
        ]
    }
}
      operational interfaces
      curl -v  -k --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -H "Accept: application/json" -H "Content-type: application/json" -X GET  https://<k8_host_ip>:30267/restconf/operational/network-topology:network-topology/topology/topology-netconf/node/vofwl01fwl003f/yang-ext:mount/vyatta-interfaces-v1:interfaces  | python -m json.tool
      operational output 
      {
    "interfaces": {
        "statistics": {
            "interface": [
                {
                    "addresses": [
                        {
                            "address": "10.0.200.46/24"
                        }
                    ],
                    "admin-status": "up",
                    "duplex": "full",
                    "name": "dp0s3",
                    "oper-status": "up",
                    "receive-statistics": {
                        "bytes": 26900,
                        "dropped": 16,
                        "errors": 0,
                        "multicast": 223,
                        "oversized-packets": 0,
                        "packets": 223
                    },
                    "speed": 10000,
                    "transmit-statistics": {
                        "bytes": 273693,
                        "carrier-errors": 0,
                        "collisions": 0,
                        "dropped": 0,
                        "errors": 0,
                        "packets": 305
                    },
                    "type": "dataplane"
                },
                {
                    "admin-status": "down",
                    "name": "dp0s6",
                    "oper-status": "down",
                    "receive-statistics": {
                        "bytes": 0,
                        "dropped": 0,
                        "errors": 0,
                        "multicast": 0,
                        "oversized-packets": 0,
                        "packets": 0
                    },
                    "transmit-statistics": {
                        "bytes": 0,
                        "carrier-errors": 0,
                        "collisions": 0,
                        "dropped": 0,
                        "errors": 0,
                        "packets": 0
                    },
                    "type": "dataplane"
                },
                {
                    "addresses": [
                        {
                            "address": "192.168.10.100/24"
                        }
                    ],
                    "admin-status": "up",
                    "duplex": "full",
                    "name": "dp0s4",
                    "oper-status": "up",
                    "receive-statistics": {
                        "bytes": 106618,
                        "dropped": 9,
                        "errors": 0,
                        "multicast": 2484,
                        "oversized-packets": 0,
                        "packets": 2484
                    },
                    "speed": 10000,
                    "transmit-statistics": {
                        "bytes": 42234,
                        "carrier-errors": 0,
                        "collisions": 0,
                        "dropped": 0,
                        "errors": 0,
                        "packets": 995
                    },
                    "type": "dataplane"
                },
                {
                    "addresses": [
                        {
                            "address": "192.168.20.100/24"
                        }
                    ],
                    "admin-status": "up",
                    "duplex": "full",
                    "name": "dp0s5",
                    "oper-status": "up",
                    "receive-statistics": {
                        "bytes": 18706,
                        "dropped": 8,
                        "errors": 0,
                        "multicast": 422,
                        "oversized-packets": 0,
                        "packets": 422
                    },
                    "speed": 10000,
                    "transmit-statistics": {
                        "bytes": 61108,
                        "carrier-errors": 0,
                        "collisions": 0,
                        "dropped": 0,
                        "errors": 0,
                        "packets": 1411
                    },
                    "type": "dataplane"
                },
                {
                    "admin-status": "up",
                    "name": "lo",
                    "oper-status": "up",
                    "receive-statistics": {
                        "bytes": 1328,
                        "dropped": 0,
                        "errors": 0,
                        "multicast": 0,
                        "oversized-packets": 0,
                        "packets": 15
                    },
                    "transmit-statistics": {
                        "bytes": 1328,
                        "carrier-errors": 0,
                        "collisions": 0,
                        "dropped": 0,
                        "errors": 0,
                        "packets": 15
                    },
                    "type": "loopback"
                }
            ]
        },
        "vyatta-interfaces-dataplane-v1:dataplane": [
            {
                "address": [
                    "192.168.20.100/24"
                ],
                "admin-status": "up",
                "duplex": "auto",
                "ip": {
                    "gratuitous-arp-count": 1,
                    "rpf-check": "disable"
                },
                "ipv6": {
                    "vyatta-ipv6-rtradv-v1:dup-addr-detect-transmits": 1
                },
                "mtu": 1500,
                "oper-status": "up",
                "speed": "auto",
                "tagnode": "dp0s5",
                "vlan-protocol": "0x8100",
                "vyatta-vrrp-v1:vrrp": {
                    "start-delay": 0
                }
            },
            {
                "address": [
                    "192.168.10.100/24"
                ],
                "admin-status": "up",
                "duplex": "auto",
                "ip": {
                    "gratuitous-arp-count": 1,
                    "rpf-check": "disable"
                },
                "ipv6": {
                    "vyatta-ipv6-rtradv-v1:dup-addr-detect-transmits": 1
                },
                "mtu": 1500,
                "oper-status": "up",
                "speed": "auto",
                "tagnode": "dp0s4",
                "vlan-protocol": "0x8100",
                "vyatta-vrrp-v1:vrrp": {
                    "start-delay": 0
                }
            },
            {
                "admin-status": "down",
                "oper-status": "down",
                "tagnode": "dp0s6"
            },
            {
                "address": [
                    "dhcp"
                ],
                "admin-status": "up",
                "duplex": "auto",
                "ip": {
                    "gratuitous-arp-count": 1,
                    "rpf-check": "disable"
                },
                "ipv6": {
                    "vyatta-ipv6-rtradv-v1:dup-addr-detect-transmits": 1
                },
                "mtu": 1500,
                "oper-status": "up",
                "speed": "auto",
                "tagnode": "dp0s3",
                "vlan-protocol": "0x8100",
                "vyatta-vrrp-v1:vrrp": {
                    "start-delay": 0
                }
            }
        ],
        "vyatta-interfaces-loopback-v1:loopback": [
            {
                "tagnode": "lo"
            }
        ]
    }
}
  3. Set the hostname to match the one assigned by ONAP
    1. e.g.: "hostname vofwl01fwlb7a9"
  4. Update the DCAE collector data
    1. ssh into the virtual router
    2. sudo su

    3. create directory under /run/live and file  /run/live/VES/dcae_collector.env

      dcae_collector.env
      # either onap k8 dns name or k8 host external IP
DCAE_COLLECTOR_IP=<k8s_host_ip>
#  DCAE_COLLECTOR_PORT 8443 or 30417 for externa nodeport
DCAE_COLLECTOR_PORT=30417
#  dp0s4 for standard configuration for unprotected network from png to fw
PORT_TO_REPORT=dp0s4
  5. Start the vpp_measurement_reporter client
    1. systemctl start vpp-measurement-reporter-danos

    2. You can also run the program manually to see the HTTP 200 OK

      manually run reporter 
      vyatta@vyatta:/opt/VES/bin$ ./vpp-measurement-reporter-danos 52.251.126.116 30417  dp0s4 

Vector Packet Processing (VPP) measurement collection
*   Trying 169.254.169.254...
* TCP_NODELAY set
* Connected to 169.254.169.254 (169.254.169.254) port 80 (#0)
> GET /openstack/latest/meta_data.json HTTP/1.1
Host: 169.254.169.254
User-Agent: libcurl-agent/1.0
Accept: */*

< HTTP/1.1 404 Not Found
< Content-Type: text/html
< Server: Microsoft-IIS/10.0
< Date: Tue, 28 Apr 2020 15:45:05 GMT
< Content-Length: 1245
< 
* Curl_http_done: called premature == 0
* Connection #0 to host 169.254.169.254 left intact

Initialization completed
{"name":"dp0s4","vyatta-interfaces-v1:addresses":[{"address":"192.168.10.100/24"}],"vyatta-interfaces-v1:admin-status":"up","vyatta-interfaces-v1:duplex":"full","vyatta-interfaces-v1:oper-status":"up","vyatta-interfaces-v1:receive-statistics":{"bytes":"4337044","dropped":"9","errors":"0","multicast":"100866","oversized-packets":"0","packets":"100866"},"vyatta-interfaces-v1:speed":10000,"vyatta-interfaces-v1:transmit-statistics":{"bytes":"42234","carrier-errors":"0","collisions":"0","dropped":"0","errors":"0","packets":"995"},"vyatta-interfaces-v1:type":"dataplane"}
Starting to convert json_integer_values
receive_bytes 94318527365680
receive_bytes_string 4337044 
receive_packets_string 100866 
transmit_bytes_string 42234 
transmit_packets_string 995 
{"name":"dp0s4","vyatta-interfaces-v1:addresses":[{"address":"192.168.10.100/24"}],"vyatta-interfaces-v1:admin-status":"up","vyatta-interfaces-v1:duplex":"full","vyatta-interfaces-v1:oper-status":"up","vyatta-interfaces-v1:receive-statistics":{"bytes":"4341344","dropped":"9","errors":"0","multicast":"100966","oversized-packets":"0","packets":"100966"},"vyatta-interfaces-v1:speed":10000,"vyatta-interfaces-v1:transmit-statistics":{"bytes":"42234","carrier-errors":"0","collisions":"0","dropped":"0","errors":"0","packets":"995"},"vyatta-interfaces-v1:type":"dataplane"}
Starting to convert json_integer_values
receive_bytes 94318527355520
receive_bytes_string 4341344 
receive_packets_string 100966 
transmit_bytes_string 42234 
transmit_packets_string 995 
New measurement report created...
Measurement report correctly sent to the collector!
*   Trying 52.251.126.116...
* TCP_NODELAY set
* Connected to 52.251.126.116 (52.251.126.116) port 30417 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /opt/VES/config/onap-ca.crt
  CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=dcae; emailAddress=; OU=dcae@dcae.onap.org:DEV; OU=OSAAF; O=ONAP; C=US
*  start date: Apr 15 22:02:50 2020 GMT
*  expire date: Apr 15 22:02:50 2021 GMT
*  issuer: C=US; O=ONAP; OU=OSAAF; CN=intermediateCA_9
*  SSL certificate verify ok.
* Server auth using Basic with user 'sample1'
> POST /eventListener/v5/eventBatch HTTP/1.1
Host: 52.251.126.116:30417
Authorization: Basic c2FtcGxlMTpzYW1wbGUx
User-Agent: libcurl-agent/1.0
Accept: */*
Content-type: application/json
Content-Length: 719

* We are completely uploaded and fine
< HTTP/1.1 202 
< Content-Type: application/json
< Content-Length: 8
< Date: Tue, 28 Apr 2020 15:45:17 GMT
< 
* Curl_http_done: called premature == 0
* Connection #0 to host 52.251.126.116 left intact
^C
vyatta@vyatta:/opt/VES/bin$

  6. Here is the exmaple VES Collector Output

    VES collector output
    [
    "{\"event\":{\"commonEventHeader\":{\"startEpochMicrosec\":1588088953863343,\"eventId\":\"mvfs00000001\",\"sequence\":0,\"domain\":\"measurementsForVfScaling\",\"lastEpochMicrosec\":1588088963863343,\"eventName\":\"vFirewallBroadcastPackets\",\"reportingEntityId\":\"No UUID available\",\"internalHeaderFields\":{\"collectorTimeStamp\":\"Tue, 04 28 2020 03:49:25 UTC\"},\"sourceName\":\"vyatta\",\"priority\":\"Normal\",\"version\":3,\"reportingEntityName\":\"vyatta\"},\"measurementsForVfScalingFields\":{\"measurementInterval\":10,\"measurementsForVfScalingVersion\":2,\"vNicPerformanceArray\":[{\"transmittedOctetsDelta\":0,\"receivedTotalPacketsDelta\":1001,\"vNicIdentifier\":\"dp0s4\",\"valuesAreSuspect\":\"true\",\"transmittedTotalPacketsDelta\":0,\"receivedOctetsDelta\":43043}]}}}"
]

  7. Here is the example DCAE Event  Output

    DCAE Event Output
        "{\"closedLoopEventClient\":\"DCAE_INSTANCE_ID.dcae-tca\",\"policyVersion\":\"v0.0.1\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyScope\":\"DCAE\",\"target_type\":\"VM\",\"AAI\":{\"vserver.vserver-name\":\"vyatta\"},\"closedLoopAlarmStart\":1588089092309746,\"closedLoopEventStatus\":\"ONSET\",\"closedLoopControlName\":\"ControlLoop-vFirewall-48ee224b-3da4-40e0-afec-bfea68d36cfb\",\"version\":\"1.0.2\",\"target\":\"vserver.vserver-name\",\"requestID\":\"2bfbd9e1-0b2a-4843-a110-bb84f84514d8\",\"from\":\"DCAE\"}"