In my previous blog, I covered the underlay network setup for Nuage in KVM. In this blog, I am going to cover the Nuage VSD installation lab guide and on the next part of the blog, we would go through the installation of the nuage components one by one.
What is Nuage VSD (Virtual Service Directory)
Nuage VSD or Nokia VSD is the management plane in the Nuage Software-defined networking. It acts as a policy engine as well as a statistics engine. The statistics engine shows the flow of information from the NSG and the VRS in a granular way in VSD. Also, VSD acts as Key server and Certificate authority.
Once the installation finished, you would be login into the VSD Architect via the webpage on port 8443, and you can manage the entire SD-WAN network with it, be it network overlay or underlay configuration for SD-WAN.
Follow the steps below to install the VSD in your KVM environment.
- Prerequisite for the lab
- Installation of VSD Step by step
- VSD Network configuration
- Nuage VSD internal configuration.
- Install VSD services.
1. Prerequisite for the lab.
There are some prerequisites for this lab to continue.
- You need to know a little more about KVM virtualization. If you are not familiar with it, you can still continue as I am following step by step. However, if you wanted to learn more about KVM virtualization, I highly recommend reading this book.
- As per the Nuage SD-WAN network topology, all the management components and prerequisite services are connected to the management network 10.1.5.0/24. And we had already created the management network on part 2, let’s look at other prerequisite services.
a. NTP configuration
You would have to set up an NTP server in your network so that the VSD and other Nuage components can communicate and sync its time with the NTP server.
It doesn’t matter if you are using public or private NTP server as long as the device can communicate and get its time synced.
You may check the NTP guide I covered here to get more help on the same.
b. DNS Configuration
You would have to set up a private DNS server and create below records in it.
In case if you are planning to use cisco router as the DNS server I have covered that here as well.
Host A records
vsd A 10.1.5.5
xmpp A 10.1.5.5
proxy A 10.1.5.50
You can notice that the VSD and the XMPP host A records IP address are the same.
SRV record for XMPP
We really no need to create XMPP SRV record as we are going to install a single VSD. But it is required for multiple VSD deployments and the SRV record looks like below.
_xmpp-client._tcp.xmpp.getlabsdone.com. SRV 10 0 5222 vsd.getlabsdone.com
2. Installation of VSD Step by step
Move the VSD.qcow2 image to your KVM host Libvert image directory
Note: You can install the VSD either via GUI or via CLI.
First, we can do the GUI way so that you can understand each step then later I can show you how you can install it via the CLI as it’s an easy way, one command and complete the VSD VM installation. However, you would have to attach the network interface later.
a. Installation via Virt Manager GUI
Step1. Open terminal and type
virt-manager The KVM virtualization manager would open.
a. Click on Create a new Virtual machine and select import existing disk image option and click on Forward.
b. Browse for the VSD.qcow2 image and leave OS type and Version as Generic and click on Forward.
c. Set the Memory as 16 GB and 6 CPU’s and click forward.
d. Change the name from generic to VSD, and attach the management bridge interface that we had created earlier to the VM and click on FINISH, the VM installation would begin now.
e. After the VSD VM installation completed, it would ask for its username and password.
b. Installation via CLI
The VSD CLI installation is very straight forward, all you got to do is make changes to the below configuration file and run the command, that’s it.
a. Run the VSD installation command.
virt-install --connect qemu:///system -n vsd -r 16384 --os-type=linux --os- variant=rhel7 --disk path=/var/lib/libvirt/images/vsd/VSD- 5.2.3_131.qcow2,device=disk,bus=virtio,format=qcow2 --vcpus=6 --graphics vnc,listen=0.0.0.0 --noautoconsole --import Starting install... Domain creation completed.
The field you may need to change are below
-n name the VSD
-r the amount of RAM you are going to assign.
--vcpus amount of CPU you wanted to assign.
path, filename, and location.
b. Once the installation is complete, then you have to select the interface that you wanted to use with the VSD, this case, its Management Bridge interface.
3. VSD Network configuration
Post-installation of the VSD, you would have to do some configurations. Once the configuration completed on the VSD, you can go ahead and install the VSD services on the VM.
a. Login to the VM with VSD default credentials.
Username: root Password: Alcateldc
b. VSD Network Configuration
We have now successfully logged into the VSD. By default, the network configured with DHCP, we have to change it to static. In case if you are using DHCP, you may continue to use the same.
- To configure the network as static goto the network-scripts
cd /etc/sysconfig/network-scriptsdirectory in the VSD.
lsto list the Linux interfaces and the network scripts in the folder.
- Locate the interface
ifcfg-eth0and get into editor mode by typing
- Add and changes to reflect below.
- Once you configured the IP as static restart the network services using the command
service network restart
[[email protected] ~]# service network restart Restarting network (via systemctl): [ OK ]
Great!, we didn’t get any error message when we restarted the network service, which indicates that everything looks good.
a. Network verification
The VSD network is up now, let’s verify the connectivity on the network using the ping utility, and you should be able to ping the VSD default gateway at the moment.
[[email protected] ~]# ping -c 4 10.1.5.1 PING 10.1.5.1 (10.1.5.1) 56(84) bytes of data. 64 bytes from 10.1.5.1: icmp_seq=1 ttl=255 time=0.929 ms 64 bytes from 10.1.5.1: icmp_seq=2 ttl=255 time=7.15 ms 64 bytes from 10.1.5.1: icmp_seq=3 ttl=255 time=0.787 ms 64 bytes from 10.1.5.1: icmp_seq=4 ttl=255 time=0.986 ms --- 10.1.5.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3003ms
That also looks good
4. VSD internal configuration.
We brought the VSD to the network and confirmed that the network is up and running, the final part is to install the VSD services, but before we even get there, there are specific VSD internal configurations you would have to change
a. First, we are going to change the hostname of the VSD, to do that edit
/etc/hostname by entering the command
vi /etc/hostname. add the VSD name with FQDNS that you had defined in the DNS server, in my case its
b. Edit the hosts file under
/etc/hosts and add the entry for the VSD with its IP addresses and FQDNS like below.
c. Reboot the server by typing
reboot to make the changes to effect.
d. Verification, once you are back on the VSD login screen, you can see the hostname localhost changed to VSD. You may enter the below command to see the hostname has resolved as well.
a. VSD NTP configuration.
NTP is a prerequisite for the VSD to function, so before you continue the VSD services installation procedure, make sure that the NTP client synced to a valid NTP server. Otherwise, the installation would fail.
a. To configure VSD as NTP client goto
/etc/ntp.conf and make changes to the NTP server information
b. You could see there are multiple NTP servers in the configuration. Since we have a private NTP server, we are not going to use any one of them. Let’s either delete them or comment them out. And point the NTP server from rhel.pool.ntp.org to our internal NTP server, which is 10.1.5.123, and we have only one server running.
Server 10.100.8.1 iburst
I have given only one NTP server for this lab. If you have a multiple NTP server, you could assign them like primary and secondary.
c. Configure the ntpdate service to start on system startup for NTP to start at the system boot for quicker NTP sync
chkconfig ntpdate on
d. Restart the NTP service, you would see the clock being synchronized by typing the
[[email protected] etc]# ntpstat unsynchronised time server re-starting polling server every 8 s [[email protected] etc]# service ntpd restart Redirecting to /bin/systemctl restart ntpd.service [[email protected] etc]# ntpstat synchronised to NTP server (192.168.1.20) at stratum 2 time correct to within 982 polling server every 64 [[email protected] etc]#
Note: Before continuing with the installation make sure that NTP service is properly synchronized to the server, which is very important, sometimes it takes a bit of time to synchronize
e. Disable Cloud.init in VSD
systemctl disable cloud-init systemctl disable cloud-init-local systemctl disable cloud-config systemctl disable cloud-final
Note: Failing to do so results in cloud-init running on each boot. For example, for every boot, this changes the /etc/hostname file to ‘localhost.localdomain’, which can cause major issues on the VSD.
5. Install VSD services.
We have now successfully installed prerequisite components of VSD. Since this lab is not cluster-based and it’s a standalone installation, let’s proceed further with VSD standalone installation.
a. You can use the
/opt/vsd/vsd-install.sh scripts to start the VSD services installation.
[[email protected] ~]# /opt/vsd/vsd-install.sh ------------------------------------------------------------- V I R T U A L I Z E D S E R V I C E S D I R E C T O R Y version 5.2.3_131 (c) 2017 Nuage Networks ------------------------------------------------------------- VSD supports these configurations: 1) HA, consisting of 3 redundant installs of VSD. 2) Standalone, where all services are installed on a single machine. 3) VCIN only. Is this a redundant (r), standalone (s), or vcin (v) installation? (default=s):
b. Hit enter as we are continuing with standalone installation and the default is standalone.
Deploy VSD on single host vsd.getlabsdone.com ...
VSD node: vsd.getlabsdone.com
Continue (with VSD generated root ca) [y|n]? (default=y):
c. In this VSD installation lab we are going to go ahead with VSD generated certificate, hit enter to continue.
Starting VSD deployment . This may take as long as 20 minutes in some situations ... VSD package deployment and configuration DONE. Please initialize VSD. Starting VSD initialization . This may take as long as 20 minutes in some situations ...
You may go ahead and grab a cup of coffee, as this process would take some time to complete. once you are back, you would be able to see the notification below 🙂
A self-signed certificate has been generated to get you started using VSD. VSD installed and the services have started.
Note: If any NTP clients want to source time from the VSD as the NTP server, then the UDP port 123 must be enabled for NTP traffic as follows, I would be using proxy as well as VSC as clients requesting NTP services from VSD.
iptables -A INPUT -p udp --sport 123 -j ACCEPT
d. By default, when VSD is installed, the XMPP server (Ejabberd) is running in “clear” mode. Thus, post-installation it must be configured to accept TLS connections. This is done by changing the mode on any VSD data node running in “clear” mode to “allow” mode
[[email protected] ~]# /opt/vsd/bin/ejmode status [Mon Sep 26 07:02:39 UTC 2011]: Ejabberd TLS Mode: clear text [[email protected] ~]#
- Change to allow mode
[[email protected] ~]# /opt/vsd/bin/ejmode status [Mon Sep 26 06:53:07 UTC 2011]: Ejabberd TLS Mode: clear text [[email protected] ~]# /opt/vsd/bin/ejmode allow [Mon Sep 26 06:54:23 UTC 2011]: Set Ejabberd Encryption mode *********************************************************** * This command configures ejabberd to allow encryption mode. * It requires restart vsd. Please confirm to continue. *********************************************************** Continue (yes/no)?yes Please type yes again to continue Continue (yes/no)?yes Continue to switch on allow mode... [Mon Sep 26 06:54:27 UTC 2011]: Enabling Ejabberd ... ************************************************************** * Successfully changed ejabbrerd to allow tls config * Please wait for the prompt when vsd is fully restarted. ************************************************************** waiting for ejabberd (3585) to go away... waiting for ejabberd (3585) to go away... Starting ejabberd... done.
e. You have now successfully installed the VSD and you must be able to login to the VSD architect using the below credentials.
To access the VSD architect page use the below URL on your browser.
Username : csproot Password : csproot Organisation : csp
You can see the default page as below once you are in.
VSD is up and running with Management network
f. That’s it, VSD installation completed, however, you will get below license error when you log in.
To add the license, you could go to VSD architect and platform configuration–> settings-> license.
Once you added the license you are all set, you can go ahead and deploy the VSC’s now.