FIBRE
Page tree
Skip to end of metadata
Go to start of metadata

Introduction

FIBRE is a federation of local testbeds (islands), thus, for the connection to the FIBREnet (learn more here) some islands may need to use a VPN service.

Step 1 - Basic Requirements

The island must attend the following requirements:

  • Offer a public IP.
  • Open the ports that were informed by the FIBRE's NOC.

The island operator must do:

  • Contact noc@fibre.org.br to learn which ports and protocols are going to be used for the connection via VPN.

Step 2 - Backstage

The next step is executed by FIBRE's NOC team, which include the tasks:

  • Update the template in case of a new Island join the project.
  • Offer ports accordingly to the availability and necessity of the Island.
  • Align with the island operator which protocol is going to be used for the VPN connection.

Step 3 - Installation and Configuration of the Virtual Machine

For this installation, use this template available at this address: ftp://repo.fibre.org.br/

Download it where Xen creates its VMs.

Where does the hypervisor creates its VMs?

To verify where the hypervisor is creating its VMs, verify this file: /etc/xen-tools/xen-tools.conf.

The value of the variable  dir is the destiny where the VMs are being created.

cd (directory)/domains

wget ftp://repo.fibre.org.br/ServiceTemplates/vpn-template0317.tar.gz

And extract it´s contents:

tar zxf vpn-template0317.tar.gz

And access the directory.

cd vpn.template.fibre.org.br

Changing directory name

It might be interesting to change the directory name for this pattern: vpn.institution.fibre.org.br

Example: vpn. cpqd .fibre.org.br 

 

3.1. CFG File - Disk Configuration

After that it's necessary to edit this file:  vpn.template.fibre.org.br.cfg

vim vpn.template.fibre.org.br.cfg

Change the bootloader line, it should look like this:

bootloader = '/usr/lib/xen-4.9/bin/pygrub'

The variable disk refers where the VM's disk is located. Below is an example of configuration:

disk = [
'file:/data/domains/vpn.rnp.fibre.org.br/disk.img,xvda2,w',
'file:/data/domains/vpn.rnp.fibre.org.br/swap.img,xvda1,w',
]

 

3.2. CFG File - Network Configuration

Typically a FIBRE's island have 03 (three) different networks.

    • Control Network - A mandatory network which relates to the OpenFlow's Control Plane, meaning, this is where the controllers send their commands to the OpenFlow's switches. Also, this is where the users access Islands' Portals and their experimentation VMs.
    • Experimentation Network - Another mandatory network which is equivalent to the OpenFlow's Data Plane. In this network flows the experimentation data.
    • CMC Network - An optional network, which is only objective is to control the Icarus nodes (equipment focused for wireless SDN experimentation).

When configuring this step is important to have in mind what kind of services the island is going to offer. For example: if it's going to offer experimentation with Icarus Nodes, then it's needed the CMC Network.

For configuring the network, the vif variable is responsible for this task:
vif = [ "mac=00:16:3e:01:00:0a,bridge=br_internet","mac=00:16:3e:01:00:0b,bridge=br_control","mac=00:16:3e:01:00:0c,bridge=br_exp","mac=00:16:3e:01:00:0d,bridge=br_cmc" ]

It's a good practice to use this pattern for mac address generation:

Control Network - 00:16: 3e : XX :00:0b

Experimentation Network - 00: 16 : 3e : XX :00:0c

CMC Network - 00: 16 : 3e : XX :00:0d

Where  XX stands for the Island's ID and  YY  stands for the service IP, both in hexadecimal form.

If the Island is not going to the need the CMC network, then the vif line should be like this:

vif = [ "mac=00:16:3e:01:00:0a,bridge=br_internet","mac=00:16:3e:01:00:0b,bridge=br_control","mac=00:16:3e:01:00:0c,bridge=br_exp"]

If the Island is going to need the CMC network, then the vif line should be like this: 

vif = [ "mac=00:16:3e:01:00:0a,bridge=br_internet","mac=00:16:3e:01:00:0b,bridge=br_control","mac=00:16:3e:01:00:0c,bridge=br_exp","mac=00:16:3e:01:00:0d,bridge=br_cmc" ]

Depending on how is the Island Network, you may need or not the interface for the Internet.

Existing bridges

Pay attention to the bridges! If the bridge doesn't exist, the VM won't boot up.

 

3.3. CFG File - Name of the Virtual Machine

The next step of editing the file it's to change the name of the VM.

Edit this line:

    #
    #  Hostname
    #

    name = 'vpn.template'

This edition consists in just replace template to the name of the institution.

Example:

      #
      #  Hostname
      #

      name = 'vpn.ufscar.fibre.org.br'

 

3.4. CFG File - End of the configuration

After editing, move it to /etc/xen:

mv vpn.template.fibre.org.br.cfg /etc/xen/

And create a symbolic link at the directory called auto:

cd /etc/xen/auto
 
ln -s ../vpn.template.fibre.org.br.cfg

 

3.5. Accessing the VM and Credentials

The next step is to access the console of the VM:

xm create -c (location of the cfg file)

Example:

xm create -c /etc/xen/vpn.template.fibre.org.br.cfg

To start using the VM use the following credentials:

VM credentials

Login: root

Password: vpn

 

Step 4 - Automatic Installation

DO NOT INTERRUPT THIS SCRIPT.

 

4.1. Root password change

After the login the VM will ask to change the root password.

Screen asking a new password for the root user.

4.2. Institution

After that, a prompt will appear and an institution must be choosen (example: UFPE).

Screen asking to choose an institution.

4.3. Internet Access

After this step, it will be asked for an external address (IP, mask and gateway).

Screen requesting the external address.
Netmask.
Gateway.
Confirmation screen.

4.4. CMC Network

After filling this data, it will be asked if there is gonna need for the CMC network.

Attention!

This step must be in accordance with the  CFG File - Network Configuration.

If you are going to need the CMC network, choose 1, if not, choose 2.

4.5. VPN Configuration

After choosing for your need (or not) of the CMC network, the next step is to configure the VPN service for the Island.

Choose if you're going to use the TCP or the UDP protocol.

Keep in mind the firewall constraints of your university. Also, align this matter with the FIBRE's NOC and FIBRE's Network Operator.

After choosing the procotol, it's time to fill the ports information that were sent by the FIBRE's NOC and FIBRE's Network Operator.

Inform the control's network port.
The data's network port.
And if you have choose to have the CMC network, inform its port.

After filling these data, it will be resquested to reboot the VM.

Reboot your VM.

In case of changing anything, contact the FIBRE's NOC (noc@fibre.org.br).

 

 

  • No labels

FIBRE: Future Internet Brazilian Environment for Experimentation
fibre.org.br