How to operate OpenNaaS vCPE application

How to operate OpenNaaS vCPE application

Following the tutorial of how to deploy the vCPE application, this one covers how to use the application for deploying vCPEs on top of your physical infrastructure.

This post assumes following statements. Indications on how to achieve them can be found in how to deploy the vCPE application post.

Assumptions:

  • There is an OpenNaaS platform already deployed and running in a server which has access to the physical infrastructure to manage.
  • There is a vCPE instance already deployed and running in an application server.
  • vCPE instance has access to the OpenNaaS platform.

And it covers three major steps:

  1. Load physical infrastructure in OpenNaaS
  2. Configure OpenNaaS vCPE extension (in platform)
  3. Create a vCPE (using the GUI)

 Step 1: Load physical infrastructure in OpenNaaS

In order to manage physical infrastructure devices should be loaded into OpenNaaS. Please, follow this guide to understand the basics on how to load resources in OpenNaaS.

In testing environments, it is recommended to craft a karaf script to automate the loading of your organisation’s physical infrastructure. More information about karaf and it’s features can be foundhere.

Step2: Configure OpenNaaS vcpe extension (in platform)

2.1: Configure OpenNaaS vCPE extension with the physical infrastructure to use.

This configuration is currently made by template specifying the correct mappings, although this may change in the future.

2.2: Configure OpenNaaS vCPE extension with mappings for the single provider vCPE template

Templates define a virtual topology and routing configuration.In order to apply a template on top of an existing physical infrastructure, some mapping should be calculated.

This mapping is nowadays driven by some configuration files. More specifically, properties files. These files are in following locations:

  • /org.opennaas.extensions.vcpe/src/main/resources/templates/template.properties
  • /org.opennaas.extensions.vcpe/src/main/resources/templates/bgpModel1.properties

Mapping between template values and physical infrastructure components is defined intemplate.properties, in “Physical Topology” section. This mapping defines which physical elements would OpenNaaS interact with when applying the template, and it is a requirement for the application to work properly. A graphical representation of this mapping, is available in the GUI at step 3.3 of this guide. This representation is shown below. However, the user is not allowed, by now, to change this mapping using the GUI.

Figure1: Physical infrastructure mapping in SP-VCPE template

Logical topology section defines logical elements that would be configured by OpenNaaS when applying the template. This section defines default values. A graphical representation of this mapping, is available in the GUI at step 3.4 of this guide, where the user may change given values.

bgpModel1.properties is used in BGP configuration for vCPE logical routers.  Together with physical topology section in template.properties, its content is expected to change between different organisations. Specifically, each organisation should specify its prefix lists named “isp-v4-infrastructure”, and “isp-snmp-clients” which values are not exposed to the GUI user. Some other values in bgpModel1.properties can be modified, those referring to AS numbers and IP addresses, but the rest of the document defines the structure of required BGP configuration, and should not be modified. Please notice that AS numbers and ip addresses will be taken from user input at step 3.4 of this guide, so modifying them has no benefit.

Step 3: Create a vCPE (using the GUI)

This step includes gathering vCPE required data and performing the instantiation of the vCPE in existing physical infrastructure.This step can be reproduced while there are required resources available.

3.1 Log into vCPE application

Launch your browser and point it to the vCPE web application running in your tomcat installation: http://<your_tomcat_installation_url:port>/opennaas-vcpe/Let’s assume<your_tomcat_installation_url:port> is localhost:8080, which is the default.

You’ll be redirected to the login page http://localhost:8080/opennaas-vcpe/auth/login

Just enter credentials for a user with role ROLE_NOC to access your welcome page.

3.2: Choose a template

After the login page, you’ll be redirected to the home page where a template can be selected. Although more templates are to come, currently, there is one single vCPE template supported. It is the single provider vCPE (SP-VCPE), corresponding to the HEAnet use case in Mantychore project.You may see other templates in the GUI. They are there for testing purposes and do not create an usable vCPE. So makes little sense to use them.

SP-VCPE template creates two logical routers linked between each other. They communicate with a single core router of the ISP for WAN access. Each of these logical routers has a connection through a Bandwidth on Demand (BoD) domain to a port where a client can connect. The link between logical routers is also made through the BoD domain. The template creates the logical routers, requests BoD circuits, assign desired vlans and ip addresses, and configures BGP and VRRP providing desired connectivity.

The minimum set of physical infrastructure required for SP-VCPE template is composed of a core router, a physical router supporting logical routers (fabric), and a BoD domain. Core router must have a link to fabric ones. Fabric links must have links to interfaces administrated by the BoD domain. And finally, the client must have an interface in the BoD domain.

3.3: Check physical infrastructure to use in selected template

In this step,  physical infrastructure to be used for the creation of the vCPE is displayed. Assigned valued depend on mappings configured in section 2.2 of this guide.

Physical infrastructure components may be reused in the same template. Meaning that several virtual components may be mapped to a single physical one. (Figure 1 illustrates this by reusing interface ge-1/0/7 in cpe1-gsn, in three backup router interfaces)

3.4: Enter logical infrastructure desired values for selected template

This is the most important step in the creation of the vCPE.OpenNaaS suggests values for most of template required fields, based on defaults given in step 2.2, and internal calculations. (Please notice that IP addresses are not yet suggested dynamically, but taken from defaults. Thus, the user is required to change them manually for each vCPE)

The user is free to change most of this values at will. OpenNaaS will check availability of selected values (e.g. for unit numbers, vlans, and ip addresses) and complain if a selected value is already in use or not available.

Figure2: Logical infrastructure mapping in SP-VCPE template, with check in interface unit.

When the user is happy with assigned values, the instantiation of the vCPE may begin.

3.5: Create the vCPE

With all required data in place, creation of the vCPE starts by pushing the create button.This will cause the GUI to send all gathered data to OpenNaaS, which will generate appropriated configurations and apply required actions to instantiate desired vCPE in existing physical infrastructure.

Step 4: Modify an existing vCPE (using the GUI)
Once a vCPE is created, a NOC user can edit it.
In the edit view, the user can switch between master and backup routers, to make client traffic pass through the backup router, and its down link, instead of using the down link in master router.
In this view, the user can also change vlans, units and IP addresses, but not the physical infrastructure in use.

Users with client role can also log into the application to see already created vCPEs.
Clients are allowed to change some parameters of the vCPE regarding the client parts of it.
Mostly, what clients are allowed to do is changing IP addresses, including the gateway IP address. Once vCPE supports OSPF and other IGPs, the user would also be able to select desired one and activate it. At some point, it is expected that users will be able to configure firewalling policies, too.