These steps will configure the DANOS vRouter as a vFW for ONAP
Step-by-step guide
- Create the Netconf Mount
- Create a netconf mount from SDNC to the DANOS vRouter
The following xml payload should be edited for your environment with the node-id , ip address and port (default is 22 ) and credentials from your enivronment
netconf_mount.xml<node xmlns="urn:TBD:params:xml:ns:yang:network-topology"> <node-id>vofwl01fwl003f</node-id> <host xmlns="urn:opendaylight:netconf-node-topology">10.0.200.90</host> <port xmlns="urn:opendaylight:netconf-node-topology">22</port> <username xmlns="urn:opendaylight:netconf-node-topology">vyatta</username> <password xmlns="urn:opendaylight:netconf-node-topology">vyatta</password> <tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only> <!-- non-mandatory fields with default values, you can safely remove these if you do not wish to override any of these values--> <reconnect-on-changed-schema xmlns="urn:opendaylight:netconf-node-topology">false</reconnect-on-changed-schema> <connection-timeout-millis xmlns="urn:opendaylight:netconf-node-topology">20000</connection-timeout-millis> <max-connection-attempts xmlns="urn:opendaylight:netconf-node-topology">0</max-connection-attempts> <between-attempts-timeout-millis xmlns="urn:opendaylight:netconf-node-topology">2000</between-attempts-timeout-millis> <sleep-factor xmlns="urn:opendaylight:netconf-node-topology">1.5</sleep-factor> <!-- keepalive-delay set to 0 turns off keepalives--> <keepalive-delay xmlns="urn:opendaylight:netconf-node-topology">120</keepalive-delay>Here is the curl script to create the netconf mount. Replace k8_host_ip with one of your host ip's and replace vofwl01fwl003f with your virtual machine name
curl to create netconf mount
curl -v -k --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -d @netconf_mount.danos.xml -H "Accept: application/xml" -H "Content-type: application/xml" -X PUT --trace trace.out https://<k8_host_ip>:30267/restconf/config/network-topology:network-topology/topology/topology-netconf/node/vofwl01fwl003f
validate_mount
curl -v -k --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -H "Accept: application/json" -H "Content-type: application/json" -X GET https://52.251.126.116:30267/restconf/config/network-topology:network-topology/topology/topology-netconf/node/vofwl01fwl003f | python -m json.tool
validate_results{ "node": [ { "netconf-node-topology:between-attempts-timeout-millis": 2000, "netconf-node-topology:connection-timeout-millis": 20000, "netconf-node-topology:host": "10.0.200.46", "netconf-node-topology:keepalive-delay": 120, "netconf-node-topology:max-connection-attempts": 0, "netconf-node-topology:password": "vyatta", "netconf-node-topology:port": 22, "netconf-node-topology:reconnect-on-changed-schema": false, "netconf-node-topology:sleep-factor": 1.5, "netconf-node-topology:tcp-only": false, "netconf-node-topology:username": "vyatta", "node-id": "vofwl01fwl003f" } ] }- Add the static ip addressed interfaces
add_interface.dp0s4.json
add_interface.dp0s4{ "vyatta-interfaces-dataplane-v1:dataplane": { "address": [ "192.168.10.100/24" ], "tagnode": "dp0s4" } }add_interface.dp0s5.json
add_interface.dp0s5.json{ "vyatta-interfaces-dataplane-v1:dataplane": { "address": [ "192.168.20.100/24" ], "tagnode": "dp0s5" } }add the interfaces (change k8_host_ip and vofwl01fwl003f for your environment)
add interfacescurl -v -k --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -d @add_interface.dp0s4.json -H "Accept: application/json" -H "Content-type: application/json" -X PUT --trace trace.out https://<k8_host_ip>:30267/restconf/config/network-topology:network-topology/topology/topology-netconf/node/vofwl01fwl003f/yang-ext:mount/vyatta-interfaces-v1:interfaces/dataplane/dp0s4 curl -v -k --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -d @add_interface.dp0s5.json -H "Accept: application/json" -H "Content-type: application/json" -X PUT --trace trace.out https://<k8_host_ip>:30267/restconf/config/network-topology:network-topology/topology/topology-netconf/node/vofwl01fwl003f/yang-ext:mount/vyatta-interfaces-v1:interfaces/dataplane/dp0s5validate the interfaces
validate_interfacescurl -v -k --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -H "Accept: application/json" -H "Content-type: application/json" -X GET https://<k8s_host_ip>:30267/restconf/config/network-topology:network-topology/topology/topology-netconf/node/vofwl01fwl003f/yang-ext:mount/vyatta-interfaces-v1:interfaces | python -m json.toolconfig output{ "interfaces": { "vyatta-interfaces-dataplane-v1:dataplane": [ { "address": [ "192.168.20.100/24" ], "tagnode": "dp0s5" }, { "address": [ "192.168.10.100/24" ], "tagnode": "dp0s4" }, { "address": [ "dhcp" ], "tagnode": "dp0s3" } ], "vyatta-interfaces-loopback-v1:loopback": [ { "tagnode": "lo" } ] } }operational interfacescurl -v -k --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -H "Accept: application/json" -H "Content-type: application/json" -X GET https://<k8_host_ip>:30267/restconf/operational/network-topology:network-topology/topology/topology-netconf/node/vofwl01fwl003f/yang-ext:mount/vyatta-interfaces-v1:interfaces | python -m json.tooloperational output{ "interfaces": { "statistics": { "interface": [ { "addresses": [ { "address": "10.0.200.46/24" } ], "admin-status": "up", "duplex": "full", "name": "dp0s3", "oper-status": "up", "receive-statistics": { "bytes": 26900, "dropped": 16, "errors": 0, "multicast": 223, "oversized-packets": 0, "packets": 223 }, "speed": 10000, "transmit-statistics": { "bytes": 273693, "carrier-errors": 0, "collisions": 0, "dropped": 0, "errors": 0, "packets": 305 }, "type": "dataplane" }, { "admin-status": "down", "name": "dp0s6", "oper-status": "down", "receive-statistics": { "bytes": 0, "dropped": 0, "errors": 0, "multicast": 0, "oversized-packets": 0, "packets": 0 }, "transmit-statistics": { "bytes": 0, "carrier-errors": 0, "collisions": 0, "dropped": 0, "errors": 0, "packets": 0 }, "type": "dataplane" }, { "addresses": [ { "address": "192.168.10.100/24" } ], "admin-status": "up", "duplex": "full", "name": "dp0s4", "oper-status": "up", "receive-statistics": { "bytes": 106618, "dropped": 9, "errors": 0, "multicast": 2484, "oversized-packets": 0, "packets": 2484 }, "speed": 10000, "transmit-statistics": { "bytes": 42234, "carrier-errors": 0, "collisions": 0, "dropped": 0, "errors": 0, "packets": 995 }, "type": "dataplane" }, { "addresses": [ { "address": "192.168.20.100/24" } ], "admin-status": "up", "duplex": "full", "name": "dp0s5", "oper-status": "up", "receive-statistics": { "bytes": 18706, "dropped": 8, "errors": 0, "multicast": 422, "oversized-packets": 0, "packets": 422 }, "speed": 10000, "transmit-statistics": { "bytes": 61108, "carrier-errors": 0, "collisions": 0, "dropped": 0, "errors": 0, "packets": 1411 }, "type": "dataplane" }, { "admin-status": "up", "name": "lo", "oper-status": "up", "receive-statistics": { "bytes": 1328, "dropped": 0, "errors": 0, "multicast": 0, "oversized-packets": 0, "packets": 15 }, "transmit-statistics": { "bytes": 1328, "carrier-errors": 0, "collisions": 0, "dropped": 0, "errors": 0, "packets": 15 }, "type": "loopback" } ] }, "vyatta-interfaces-dataplane-v1:dataplane": [ { "address": [ "192.168.20.100/24" ], "admin-status": "up", "duplex": "auto", "ip": { "gratuitous-arp-count": 1, "rpf-check": "disable" }, "ipv6": { "vyatta-ipv6-rtradv-v1:dup-addr-detect-transmits": 1 }, "mtu": 1500, "oper-status": "up", "speed": "auto", "tagnode": "dp0s5", "vlan-protocol": "0x8100", "vyatta-vrrp-v1:vrrp": { "start-delay": 0 } }, { "address": [ "192.168.10.100/24" ], "admin-status": "up", "duplex": "auto", "ip": { "gratuitous-arp-count": 1, "rpf-check": "disable" }, "ipv6": { "vyatta-ipv6-rtradv-v1:dup-addr-detect-transmits": 1 }, "mtu": 1500, "oper-status": "up", "speed": "auto", "tagnode": "dp0s4", "vlan-protocol": "0x8100", "vyatta-vrrp-v1:vrrp": { "start-delay": 0 } }, { "admin-status": "down", "oper-status": "down", "tagnode": "dp0s6" }, { "address": [ "dhcp" ], "admin-status": "up", "duplex": "auto", "ip": { "gratuitous-arp-count": 1, "rpf-check": "disable" }, "ipv6": { "vyatta-ipv6-rtradv-v1:dup-addr-detect-transmits": 1 }, "mtu": 1500, "oper-status": "up", "speed": "auto", "tagnode": "dp0s3", "vlan-protocol": "0x8100", "vyatta-vrrp-v1:vrrp": { "start-delay": 0 } } ], "vyatta-interfaces-loopback-v1:loopback": [ { "tagnode": "lo" } ] } }- Update the DCAE collector data
- ssh into the virtual router
- sudo su
create directory under /run/live and file /run/live/VES/dcae_collector.env
dcae_collector.env# either onap k8 dns name or k8 host external IP DCAE_COLLECTOR_IP=<k8s_host_ip> # DCAE_COLLECTOR_PORT 8443 or 30417 for externa nodeport DCAE_COLLECTOR_PORT=30417 # dp0s4 for standard configuration for unprotected network from png to fw PORT_TO_REPORT=dp0s4- Start the vpp_measurement_reporter client
- systemctl start vpp-measurement-reporter-danos
You can also run the program manually to see the HTTP 200 OK
manually run reportervyatta@vyatta:/opt/VES/bin$ ./vpp-measurement-reporter-danos 52.251.126.116 30417 dp0s4 Vector Packet Processing (VPP) measurement collection * Trying 169.254.169.254... * TCP_NODELAY set * Connected to 169.254.169.254 (169.254.169.254) port 80 (#0) > GET /openstack/latest/meta_data.json HTTP/1.1 Host: 169.254.169.254 User-Agent: libcurl-agent/1.0 Accept: */* < HTTP/1.1 404 Not Found < Content-Type: text/html < Server: Microsoft-IIS/10.0 < Date: Tue, 28 Apr 2020 15:45:05 GMT < Content-Length: 1245 < * Curl_http_done: called premature == 0 * Connection #0 to host 169.254.169.254 left intact Initialization completed {"name":"dp0s4","vyatta-interfaces-v1:addresses":[{"address":"192.168.10.100/24"}],"vyatta-interfaces-v1:admin-status":"up","vyatta-interfaces-v1:duplex":"full","vyatta-interfaces-v1:oper-status":"up","vyatta-interfaces-v1:receive-statistics":{"bytes":"4337044","dropped":"9","errors":"0","multicast":"100866","oversized-packets":"0","packets":"100866"},"vyatta-interfaces-v1:speed":10000,"vyatta-interfaces-v1:transmit-statistics":{"bytes":"42234","carrier-errors":"0","collisions":"0","dropped":"0","errors":"0","packets":"995"},"vyatta-interfaces-v1:type":"dataplane"} Starting to convert json_integer_values receive_bytes 94318527365680 receive_bytes_string 4337044 receive_packets_string 100866 transmit_bytes_string 42234 transmit_packets_string 995 {"name":"dp0s4","vyatta-interfaces-v1:addresses":[{"address":"192.168.10.100/24"}],"vyatta-interfaces-v1:admin-status":"up","vyatta-interfaces-v1:duplex":"full","vyatta-interfaces-v1:oper-status":"up","vyatta-interfaces-v1:receive-statistics":{"bytes":"4341344","dropped":"9","errors":"0","multicast":"100966","oversized-packets":"0","packets":"100966"},"vyatta-interfaces-v1:speed":10000,"vyatta-interfaces-v1:transmit-statistics":{"bytes":"42234","carrier-errors":"0","collisions":"0","dropped":"0","errors":"0","packets":"995"},"vyatta-interfaces-v1:type":"dataplane"} Starting to convert json_integer_values receive_bytes 94318527355520 receive_bytes_string 4341344 receive_packets_string 100966 transmit_bytes_string 42234 transmit_packets_string 995 New measurement report created... Measurement report correctly sent to the collector! * Trying 52.251.126.116... * TCP_NODELAY set * Connected to 52.251.126.116 (52.251.126.116) port 30417 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /opt/VES/config/onap-ca.crt CApath: /etc/ssl/certs * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=dcae; emailAddress=; OU=dcae@dcae.onap.org:DEV; OU=OSAAF; O=ONAP; C=US * start date: Apr 15 22:02:50 2020 GMT * expire date: Apr 15 22:02:50 2021 GMT * issuer: C=US; O=ONAP; OU=OSAAF; CN=intermediateCA_9 * SSL certificate verify ok. * Server auth using Basic with user 'sample1' > POST /eventListener/v5/eventBatch HTTP/1.1 Host: 52.251.126.116:30417 Authorization: Basic c2FtcGxlMTpzYW1wbGUx User-Agent: libcurl-agent/1.0 Accept: */* Content-type: application/json Content-Length: 719 * We are completely uploaded and fine < HTTP/1.1 202 < Content-Type: application/json < Content-Length: 8 < Date: Tue, 28 Apr 2020 15:45:17 GMT < * Curl_http_done: called premature == 0 * Connection #0 to host 52.251.126.116 left intact ^C vyatta@vyatta:/opt/VES/bin$Here is the exmaple VES Collector Output
VES collector output[ "{\"event\":{\"commonEventHeader\":{\"startEpochMicrosec\":1588088953863343,\"eventId\":\"mvfs00000001\",\"sequence\":0,\"domain\":\"measurementsForVfScaling\",\"lastEpochMicrosec\":1588088963863343,\"eventName\":\"vFirewallBroadcastPackets\",\"reportingEntityId\":\"No UUID available\",\"internalHeaderFields\":{\"collectorTimeStamp\":\"Tue, 04 28 2020 03:49:25 UTC\"},\"sourceName\":\"vyatta\",\"priority\":\"Normal\",\"version\":3,\"reportingEntityName\":\"vyatta\"},\"measurementsForVfScalingFields\":{\"measurementInterval\":10,\"measurementsForVfScalingVersion\":2,\"vNicPerformanceArray\":[{\"transmittedOctetsDelta\":0,\"receivedTotalPacketsDelta\":1001,\"vNicIdentifier\":\"dp0s4\",\"valuesAreSuspect\":\"true\",\"transmittedTotalPacketsDelta\":0,\"receivedOctetsDelta\":43043}]}}}" ]Here is the example DCAE Event Output
DCAE Event Output"{\"closedLoopEventClient\":\"DCAE_INSTANCE_ID.dcae-tca\",\"policyVersion\":\"v0.0.1\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyScope\":\"DCAE\",\"target_type\":\"VM\",\"AAI\":{\"vserver.vserver-name\":\"vyatta\"},\"closedLoopAlarmStart\":1588089092309746,\"closedLoopEventStatus\":\"ONSET\",\"closedLoopControlName\":\"ControlLoop-vFirewall-48ee224b-3da4-40e0-afec-bfea68d36cfb\",\"version\":\"1.0.2\",\"target\":\"vserver.vserver-name\",\"requestID\":\"2bfbd9e1-0b2a-4843-a110-bb84f84514d8\",\"from\":\"DCAE\"}"
Related articles