-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathsimple_sfc_vms.sh
executable file
·104 lines (89 loc) · 4.19 KB
/
simple_sfc_vms.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#!/bin/bash -e
# Creates some instances for networking-sfc demo/development:
# a web server, another instance to use as client
# three "service VMs" with two interface that will just route the packets to/from each interface
. $(dirname "${BASH_SOURCE}")/custom.sh
. $(dirname "${BASH_SOURCE}")/tools.sh
# Disable port security (else packets would be rejected when exiting the service VMs)
openstack network set --disable-port-security "${PRIV_NETWORK}"
# Create network ports for all VMs
for port in p1in p1out p2in p2out p3in p3out source_vm_port dest_vm_port
do
openstack port create --network "${PRIV_NETWORK}" "${port}"
done
# SFC VMs
openstack server create --image "${IMAGE}" --flavor "${FLAVOR}" \
--nic port-id="$(openstack port show -f value -c id p1in)" \
--nic port-id="$(openstack port show -f value -c id p1out)" \
--key-name "${SSH_KEYNAME}" vm1
openstack server create --image "${IMAGE}" --flavor "${FLAVOR}" \
--nic port-id="$(openstack port show -f value -c id p2in)" \
--nic port-id="$(openstack port show -f value -c id p2out)" \
--key-name "${SSH_KEYNAME}" vm2
openstack server create --image "${IMAGE}" --flavor "${FLAVOR}" \
--nic port-id="$(openstack port show -f value -c id p3in)" \
--nic port-id="$(openstack port show -f value -c id p3out)" \
--key-name "${SSH_KEYNAME}" vm3
# Demo VMs
openstack server create --image "${IMAGE}" --flavor "${FLAVOR}" \
--nic port-id="$(openstack port show -f value -c id source_vm_port)" \
--key-name "${SSH_KEYNAME}" source_vm
openstack server create --image "${IMAGE}" --flavor "${FLAVOR}" \
--nic port-id="$(openstack port show -f value -c id dest_vm_port)" \
--key-name "${SSH_KEYNAME}" dest_vm
# Floating IPs
SOURCE_FLOATING=$(openstack floating ip create "${PUB_NETWORK}" -f value -c floating_ip_address)
openstack server add floating ip source_vm ${SOURCE_FLOATING}
DEST_FLOATING=$(openstack floating ip create "${PUB_NETWORK}" -f value -c floating_ip_address)
openstack server add floating ip dest_vm ${DEST_FLOATING}
for i in 1 2 3; do
floating_ip=$(openstack floating ip create "${PUB_NETWORK}" -f value -c floating_ip_address)
declare VM${i}_FLOATING=${floating_ip}
openstack server add floating ip vm${i} ${floating_ip}
done
# HTTP Flow classifier (catch the web traffic from source_vm to dest_vm)
SOURCE_IP=$(openstack port show source_vm_port -f value -c fixed_ips | grep "ip_address='[0-9]*\." | cut -d"'" -f2)
DEST_IP=$(openstack port show dest_vm_port -f value -c fixed_ips | grep "ip_address='[0-9]*\." | cut -d"'" -f2)
openstack sfc flow classifier create \
--ethertype IPv4 \
--source-ip-prefix ${SOURCE_IP}/32 \
--destination-ip-prefix ${DEST_IP}/32 \
--protocol tcp \
--destination-port 80:80 \
--logical-source-port source_vm_port \
FC_http
# UDP flow classifier (catch all UDP traffic from source_vm to dest_vm, like traceroute)
openstack sfc flow classifier create \
--ethertype IPv4 \
--source-ip-prefix ${SOURCE_IP}/32 \
--destination-ip-prefix ${DEST_IP}/32 \
--protocol udp \
--logical-source-port source_vm_port \
FC_udp
# Get easy access to the VMs (single node)
route_to_subnetpool
# Create the port pairs for all 3 VMs
openstack sfc port pair create --ingress=p1in --egress=p1out PP1
openstack sfc port pair create --ingress=p2in --egress=p2out PP2
openstack sfc port pair create --ingress=p3in --egress=p3out PP3
# And the port pair groups
openstack sfc port pair group create --port-pair PP1 --port-pair PP2 PG1
openstack sfc port pair group create --port-pair PP3 PG2
# The complete chain
openstack sfc port chain create --port-pair-group PG1 --port-pair-group PG2 --flow-classifier FC_udp --flow-classifier FC_http PC1
# Start a basic demo web server
basic_web_server cirros@${DEST_FLOATING}
# On service VMs, enable eth1 interface and add static routing
ssh_command
for i in 1 2 3
do
ip_name=VM${i}_FLOATING
${SSH_COMMAND} -T cirros@${!ip_name} <<EOF
sudo sh -c 'echo "auto eth1" >> /etc/network/interfaces'
sudo sh -c 'echo "iface eth1 inet dhcp" >> /etc/network/interfaces'
sudo /etc/init.d/S40network restart
sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
sudo ip route add ${SOURCE_IP} dev eth0
sudo ip route add ${DEST_IP} dev eth1
EOF
done