diff --git a/README.md b/README.md index 32fce87..eb88425 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ The details of the EVPN's operation and evpn-connector daemon workflow are descr ### Prerequisites -* **Python 3.8 +* **Python 3.8** * **System Dependencies:** * `gobgp` (for interaction via BGP within the EVPN control plane) * `openvswitch-switch` (for interaction via VXLAN within the EVPN data plane) @@ -133,5 +133,5 @@ Start the service by specifying the path to your configuration file: 2. **Run evpn-connector** ```bash source evpn/bin/activate - evpn-connector --config-file ~/evpn/config/evpn_connector.cfg --daemon-configs_dir "/var/lib/evpn_connector/client_configs/" + evpn-connector --config-file /etc/evpn_connector/evpn_connector.conf --daemon-configs_dir "/var/lib/evpn_connector/client_configs/" ``` diff --git a/docs/demo/PREPARE_BORDER.md b/docs/demo/PREPARE_BORDER.md new file mode 100644 index 0000000..9b95069 --- /dev/null +++ b/docs/demo/PREPARE_BORDER.md @@ -0,0 +1,79 @@ +Configuring border for demo env: + +Full network scheme ![here](./demo_env_network_scheme.png) + +1. Download Debian 12 nocloud image: + ```bash + wget https://cdimage.debian.org/images/cloud/bookworm/latest/debian-12-nocloud-amd64.qcow2 + ``` +2. Run virtual machine via virt-manager or qemu: + ``` + Hostname: border, ip_address: 10.10.10.3 on enp1s0 + ``` +3. Install packages: + ```bash + sudo apt update + sudo apt install screen tcpdump jq git wget + ``` + +4. Install docker on border router + ```bash + sudo apt install ca-certificates curl + sudo install -m 0755 -d /etc/apt/keyrings + sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc + sudo chmod a+r /etc/apt/keyrings/docker.asc + echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ + $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ + sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + sudo apt update + sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin + ``` +5. Download CEOS image (cEOS64-lab-4.34.3M.tar) from [Arista oficial repo](https://www.arista.com/en/support/software-download) + +6. Import image to docker + ```bash + docker import cEOS64-lab-4.34.3M.tar ceos:4.34.3M + ``` +7. Run CEOS container + ```bash + docker run --name ceos --network bridge --privileged -p 4443:443 -td --rm -e INTFTYPE=eth -e ETBA=1 -e SKIP_ZEROTOUCH_BARRIER_IN_SYSDBINIT=1 -e CEOS=1 -e EOS_PLATFORM=ceoslab -e container=docker -e MAPETH0=1 -e MGMT_INTF=enp1s0 ceos:4.34.3M /sbin/init systemd.setenv=INTFTYPE=eth systemd.setenv=ETBA=1 systemd.setenv=SKIP_ZEROTOUCH_BARRIER_IN_SYSDBINIT=1 systemd.setenv=CEOS=1 systemd.setenv=EOS_PLATFORM=ceoslab systemd.setenv=container=docker systemd.setenv=MAPETH0=1 systemd.setenv=MGMT_INTF=enp1s0 + ``` +8. Add veth pairs to CEOS container netns + ```bash + sudo ip netns attach ceos "$(docker inspect -f '{{.State.Pid}}' ceos)" + ip link add veth-11 type veth peer name eth12 + ip link set netns ceos eth12 + ip link set veth-11 up + ip netns exec ceos ip link set eth12 up + ip link add veth22 type veth peer name eth22 + ip link set veth22 up + ip link set netns ceos eth22 + ip netns exec ceos ip link set eth22 up + ``` +9. Configure routing in main netns + ```bash + ip address add 10.20.20.1/24 dev veth-11 + ip address add 10.30.30.1/24 dev veth22 + ip route add 10.40.40.0/24 via 10.20.20.2 + ip route add 172.16.0.0/24 via 10.30.30.2 + iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -o enp1s0 -j MASQUERADE + iptables -t nat -A POSTROUTING -s 10.30.30.0/24 -o enp1s0 -j MASQUERADE + echo 1 > /proc/sys/net/ipv4/ip_forward + iptables -P FORWARD ACCEPT + ``` +10. Connecting to CEOS CLI + ```bash + docker exec -it ceos Cli + ``` +11. Configuring CEOS router + ```bash + > no aaa root + > enable + # agent Fru terminate + # agent Ebra terminate + # configure + (config)# + (config)# exit + # write mem + ``` diff --git a/docs/demo/CONFIGURE.md b/docs/demo/PREPARE_COMPUTE.md similarity index 82% rename from docs/demo/CONFIGURE.md rename to docs/demo/PREPARE_COMPUTE.md index 50f7c7b..a7fc5cf 100644 --- a/docs/demo/CONFIGURE.md +++ b/docs/demo/PREPARE_COMPUTE.md @@ -6,8 +6,8 @@ Configuring demo env: ``` 2. Run virtual machines via virt-manager or qemu: ``` - Hostname: compute1, ip_address: 10.10.10.1 - Hostname: compute2, ip_address: 10.10.10.2 + Hostname: compute1, ip_address: 10.10.10.1 on enp1s0 + Hostname: compute2, ip_address: 10.10.10.2 on enp1s0 ``` 3. Install packages: ```bash @@ -59,4 +59,11 @@ Configuring demo env: ``` 11. Copy configs for all daemons from repo (for each compute host separately): ```bash - cp -r evpn_connector/docs/source/demo/compute1/* ~/ + cp -r evpn_connector/docs/demo/compute1/* ~/ + +12. (Optional) Add routing to work with the border router + ```bash + ip route add 10.20.20.0/24 via 10.10.10.3 + ip route add 10.30.30.0/24 via 10.10.10.3 + ip route add 10.40.40.0/24 via 10.10.10.3 + ``` diff --git a/docs/demo/border/ceos_config.txt b/docs/demo/border/ceos_config.txt new file mode 100644 index 0000000..8dfd681 --- /dev/null +++ b/docs/demo/border/ceos_config.txt @@ -0,0 +1,84 @@ +! Command: show running-config +! device: ceos (cEOSLab, EOS-4.34.3M-44102281.4343M (engineering build)) +! +no aaa root +! +no service interface inactive port-id allocation disabled +! +transceiver qsfp default-mode 4x10G +! +service routing protocols model multi-agent +! +agent PowerManager shutdown +agent LedPolicy shutdown +agent Thermostat shutdown +agent PowerFuse shutdown +agent StandbyCpld shutdown +agent LicenseManager shutdown +! +hostname ceos +! +spanning-tree mode mstp +! +system l1 +unsupported speed action error +unsupported error-correction action error +! +vrf instance ext +rd 1:1 +! +interface Ethernet12 +no switchport +ip address 10.20.20.2/24 +! +interface Ethernet22 +no switchport +vrf ext +ip address 10.30.30.2/24 +! +interface Ethernet510 +! +interface Loopback0 +ip address 10.40.40.1/32 +! +interface Vxlan1 +vxlan source-interface Loopback0 +vxlan udp-port 4789 +vxlan vrf ext vni 10 +! +ip routing +ip routing vrf ext +! +ip route 10.10.10.0/24 10.20.20.1 +ip route vrf ext 0.0.0.0/0 10.30.30.1 +! +router bgp 65300 +neighbor 10.10.10.1 remote-as 65100 +neighbor 10.10.10.1 ebgp-multihop 7 +neighbor 10.10.10.1 timers min-hold-time 3 +neighbor 10.10.10.1 idle-restart-timer 60 +neighbor 10.10.10.1 send-community extended +neighbor 10.10.10.2 remote-as 65200 +neighbor 10.10.10.2 ebgp-multihop 7 +neighbor 10.10.10.2 timers min-hold-time 3 +neighbor 10.10.10.2 idle-restart-timer 60 +neighbor 10.10.10.2 send-community extended +! +address-family evpn +neighbor 10.10.10.1 activate +neighbor 10.10.10.2 activate +! +vrf ext +rd 10.30.30.2:10 +route-target import 65000:10 +route-target export 65000:10 +redistribute static +! +router multicast +ipv4 +software-forwarding kernel +! +ipv6 +software-forwarding kernel +! +end diff --git a/docs/demo/compute1/evpn_connector.cfg b/docs/demo/compute1/evpn_connector.cfg index 7254424..ebeaa14 100644 --- a/docs/demo/compute1/evpn_connector.cfg +++ b/docs/demo/compute1/evpn_connector.cfg @@ -27,6 +27,7 @@ grpc_timeout_sec = 100 # Don't change this param without gobgp restart source_ip = "10.10.10.1" as_number = 1 +router_mac_type5 = "12:34:56:78:90:a1" [ovs] switch_name = "evpn" @@ -37,3 +38,6 @@ ovs_ofctl_bin_path="/usr/bin/ovs-ofctl" [anycast] anycast_status_file = /tmp/anycast_status_file + +[daemon] +configs_dir = /root/vm_conf/ diff --git a/docs/demo/compute2/evpn_connector.cfg b/docs/demo/compute2/evpn_connector.cfg index a5fbf27..8812d2e 100644 --- a/docs/demo/compute2/evpn_connector.cfg +++ b/docs/demo/compute2/evpn_connector.cfg @@ -27,6 +27,7 @@ grpc_timeout_sec = 100 # Don't change this param without gobgp restart source_ip = "10.10.10.2" as_number = 1 +router_mac_type5 = "12:34:56:78:90:a2" [ovs] switch_name = "evpn" @@ -37,3 +38,6 @@ ovs_ofctl_bin_path="/usr/bin/ovs-ofctl" [anycast] anycast_status_file = /tmp/anycast_status_file + +[daemon] +configs_dir = /root/vm_conf/ diff --git a/docs/demo/demo_env_network_scheme.png b/docs/demo/demo_env_network_scheme.png new file mode 100644 index 0000000..1d6dbdc Binary files /dev/null and b/docs/demo/demo_env_network_scheme.png differ