Introduction
FIBRE is a federation of local testbeds (islands), thus, for the connection to the FIBREnet (learn more here) some islands may need to use a VPN service.
Step 1 - Basic Requirements
The island must attend the following requirements:
- Offer a public IP.
- Open the ports that were informed by the FIBRE's NOC.
The island operator must do:
- Contact noc@fibre.org.br to learn which ports and protocols are going to be used for the connection via VPN.
Step 2 - Backstage
The next step is executed by FIBRE's NOC team, which include the tasks:
- Update the template in case of a new Island join the project.
- Offer ports accordingly to the availability and necessity of the Island.
- Align with the island operator which protocol is going to be used for the VPN connection.
Step 3 - Installation and Configuration of the Virtual Machine
For this installation, use this template available at this address: ftp://repo.fibre.org.br/
Download it where Xen creates its VMs.
 | Where does the hypervisor creates its VMs? To verify where the hypervisor is creating its VMs, verify this file: /etc/xen-tools/xen-tools.conf. The value of the variable dir is the destiny where the VMs are being created. |
And extract it´s contents:
And access the directory.
| Changing directory name It might be interesting to change the directory name for this pattern: vpn.institution.fibre.org.br Example: vpn. cpqd .fibre.org.br |
3.1. CFG File - Disk Configuration
After that it's necessary to edit this file: vpn.template.fibre.org.br.cfg
Change the bootloader line, it should look like this:
The variable disk refers where the VM's disk is located. Below is an example of configuration:
3.2. CFG File - Network Configuration
Typically a FIBRE's island have 03 (three) different networks.
- Control Network - A mandatory network which relates to the OpenFlow's Control Plane, meaning, this is where the controllers send their commands to the OpenFlow's switches. Also, this is where the users access Islands' Portals and their experimentation VMs.
- Experimentation Network - Another mandatory network which is equivalent to the OpenFlow's Data Plane. In this network flows the experimentation data.
- CMC Network - An optional network, which is only objective is to control the Icarus nodes (equipment focused for wireless SDN experimentation).
When configuring this step is important to have in mind what kind of services the island is going to offer. For example: if it's going to offer experimentation with Icarus Nodes, then it's needed the CMC Network.
For configuring the network, the vif variable is responsible for this task:
| It's a good practice to use this pattern for mac address generation: Control Network - 00:16: 3e : XX :00:0b Experimentation Network - 00: 16 : 3e : XX :00:0c CMC Network - 00: 16 : 3e : XX :00:0d Where XX stands for the Island's ID and YY stands for the service IP, both in hexadecimal form. |
If the Island is not going to the need the CMC network, then the vif line should be like this:
If the Island is going to need the CMC network, then the vif line should be like this:
 | Depending on how is the Island Network, you may need or not the interface for the Internet. |
 | Existing bridges Pay attention to the bridges! If the bridge doesn't exist, the VM won't boot up. |
3.3. CFG File - Name of the Virtual Machine
The next step of editing the file it's to change the name of the VM.
Edit this line:
This edition consists in just replace template to the name of the institution.
Example:
3.4. CFG File - End of the configuration
After editing, move it to /etc/xen:
And create a symbolic link at the directory called auto:
3.5. Accessing the VM and Credentials
The next step is to access the console of the VM:
Example:
To start using the VM use the following credentials:
| VM credentials Login: root Password: vpn |
Step 4 - Automatic Installation
| DO NOT INTERRUPT THIS SCRIPT. |
4.1. Root password change
After the login the VM will ask to change the root password.
 |
|---|
| Screen asking a new password for the root user. |
4.2. Institution
After that, a prompt will appear and an institution must be choosen (example: UFPE).
 |
|---|
| Screen asking to choose an institution. |
4.3. Internet Access
After this step, it will be asked for an external address (IP, mask and gateway).
 |
|---|
| Screen requesting the external address. |
 |
| Netmask. |
 |
| Gateway. |
 |
| Confirmation screen. |
4.4. CMC Network
After filling this data, it will be asked if there is gonna need for the CMC network.
| Attention! This step must be in accordance with the CFG File - Network Configuration. |
 |
|---|
| If you are going to need the CMC network, choose 1, if not, choose 2. |
4.5. VPN Configuration
After choosing for your need (or not) of the CMC network, the next step is to configure the VPN service for the Island.
 |
|---|
| Choose if you're going to use the TCP or the UDP protocol. |
| Keep in mind the firewall constraints of your university. Also, align this matter with the FIBRE's NOC and FIBRE's Network Operator. |
After choosing the procotol, it's time to fill the ports information that were sent by the FIBRE's NOC and FIBRE's Network Operator.
 |
|---|
| Inform the control's network port. |
 |
| The data's network port. |
 |
| And if you have choose to have the CMC network, inform its port. |
After filling these data, it will be resquested to reboot the VM.
 |
|---|
| Reboot your VM. |
In case of changing anything, contact the FIBRE's NOC (noc@fibre.org.br).
Etiquetas