Blog
Search…
OpenStack tacker and service function chaining sfc with kolla
In this blog post I will show how to deploy OpenStack Tacker with | Service Function Chaining (SFC) with OpenStack kolla project and make a few | verifications and tests to ensure fully NFV and SFC functionality.
Tacker and SFC is only supported in kolla during Pike release or later.

Tacker, NFV and SFC concepts

Tacker is an OpenStack service for NFV Orchestration with a general purpose VNF Manager to deploy and operate Virtual Network Functions (VNFs) and Network Services on an NFV Platform. It is based on ETSI MANO Architectural | Framework. Tacker documentation
Network functions virtualization (NFV) is a network architecture concept that uses the technologies of IT virtualization to virtualize entire classes of network node functions into building blocks that may connect, or chain together, to create communication services. ETSI NFV specs
Service Function Chaining is a mechanism for overriding the basic destination based forwarding that is typical of IP networks. It is conceptually related to Policy Based Routing in physical networks but it is typically thought of as a Software Defined Networking technology. It is often used in conjunction with security functions although it may be used for a broader range of features. ETSI SFC spec

Kolla

Kolla is a highly opinionated deployment tool out of the box. This permits Kolla to be deployable with the simple configuration of three key/value pairs. As an operator's experience with OpenStack grows and the desire to customize OpenStack services increases, Kolla offers full capability to override every OpenStack service configuration option in the deployment. kolla documentation

Requirements

Kolla depends on the following requirements to be met for a fully operational multinode OpenStack cluster with Tacker and SFC features:
  • Core compute stack (nova, neutron, glance, etc)
  • Heat
  • Mistral and Redis
  • Barbican
  • Networking-sfc

Deployment

Install base kolla and dependencies following kolla\'s quickstart guide
Configure globals.yml and enable services in requirements, optionally other services can be enabled altogether. Refer to kolla documentation for other option/values information.
1
$ vi /etc/kolla/globals.yml
2
3
---
4
kolla_base_distro: "centos"
5
kolla_install_type: "source"
6
kolla_internal_vip_address: "192.168.100.10"
7
docker_registry: "192.168.100.1:4000"
8
docker_namespace: "lokolla"
9
network_interface: "ens9"
10
neutron_external_interface: "ens10"
11
12
# Tacker configuration
13
enable_tacker: "yes"
14
enable_neutron_sfc: "yes"
15
enable_mistral: "yes"
16
enable_redis: "yes"
17
enable_barbican: "yes"
18
#enable_heat: "yes" # Ensure it is not disabled
Copied!
Configure inventory file.
1
$ vi <inventory_file>
2
3
[control]
4
192.168.100.244
5
192.168.100.186
6
192.168.100.159
7
8
[network]
9
192.168.100.244
10
192.168.100.186
11
192.168.100.159
12
13
[compute]
14
192.168.100.130
15
192.168.100.131
16
192.168.100.132
17
18
[monitoring]
19
192.168.100.244
20
192.168.100.186
21
192.168.100.159
22
23
[storage]
24
192.168.100.244
25
192.168.100.186
26
192.168.100.159
Copied!
Generate passwords
1
$ kolla-genpwd
Copied!
Deploy OpenStack.
1
$ kolla-ansible -i ~/multinode deploy
Copied!
Once deployment finish, generate credential file and create base networks and a cirros image.
1
$ kolla-ansible -i ~/multinode post-deploy
2
$ source /etc/kolla/admin-openrc.sh
3
$ sh init-runonce
Copied!

Tacker and SFC demo

In kolla-ansible repository a tacker demo is present. Tacker demo
1
$ cd <kolla-ansible repo>/contrib/demos/tacker/
2
$ ls -l
3
total 16
4
-rw-r--r-- 1 root root 615 Aug 24 20:21 cleanup-tacker
5
-rw-r--r-- 1 root root 1937 Aug 24 20:21 deploy-tacker-demo
6
-rw-r--r-- 1 root root 2649 Aug 24 20:21 deploy-tacker-demo-sfc
7
-rw-r--r-- 1 root root 396 Aug 18 13:53 README.rst
Copied!
Before starting the demo, install tacker and networking-sfc clients.
1
$ pip install python-tackerclient networking-sfc
Copied!

Demo description

Tacker demo for SFC will create the following resources:
  • Tacker default VIM
  • Tacker VNFD
  • Tacker VNF
  • kolla_sfc_client instance with a floating IP
  • kolla_sfc_server instance with a floating IP
  • Tacker VNFFGD
  • Tacker VNFFG
After demo is deployed will be able to:
  • Create sample web server in kolla_sfc_server instance.
  • Request web service from kolla_sfc_client
Traffic flows:
  • Request from kolla_sfc_client instance
  • Tacker VNF instance will receive the traffic and redirect to
    kolla_sfc_server
  • kolla_sfc_server instance receive request and reply with \"W00t
    from Kolla HTTP server!\" message.

Execute tacker demo

In tacker demo directory initialize execution.
1
$ sh deploy-tacker-demo-sfc
2
3
Generating sample config
4
Registering sample VIM
5
Created a new vim:
6
+----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
7
| Field | Value |
8
+----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
9
| auth_cred | {"username": "admin", "password": "***", "project_name": "admin", "user_domain_name": "Default", "key_type": "barbican_key", "secret_uuid": "***", "auth_url": "http://192.168.100.10:35357/v3", "project_id": null, "project_domain_name": "Default"} |
10
| auth_url | http://192.168.100.10:35357/v3 |
11
| created_at | 2017-08-28 08:49:01.385013 |
12
| description | kolla sample vim |
13
| id | 0cb20dff-b6d2-44ab-9124-cdeb018269a2 |
14
| is_default | True |
15
| name | kolla-sample-vim |
16
| placement_attr | {"regions": ["RegionOne"]} |
17
| status | PENDING |
18
| tenant_id | 9fb078d4c7e54a92b3068eb5c0f83ec5 |
19
| type | openstack |
20
| updated_at | |
21
| vim_project | {"name": "admin", "project_domain_name": "Default"} |
22
+----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
23
Creating sample VNFD
24
Created a new vnfd:
25
+-----------------+--------------------------------------+
26
| Field | Value |
27
+-----------------+--------------------------------------+
28
| created_at | 2017-08-28 08:49:03.915848 |
29
| description | Demo example |
30
| id | d9633774-f9a4-492c-8055-ff3b2bc08581 |
31
| name | kolla-sample-vnfd |
32
| service_types | vnfd |
33
| template_source | onboarded |
34
| tenant_id | 9fb078d4c7e54a92b3068eb5c0f83ec5 |
35
| updated_at | |
36
+-----------------+--------------------------------------+
37
Creating sample VNF
38
Created a new vnf:
39
+----------------+--------------------------------------+
40
| Field | Value |
41
+----------------+--------------------------------------+
42
| created_at | 2017-08-28 08:49:08.921243 |
43
| description | Demo example |
44
| error_reason | |
45
| id | a3f73d1b-6d6b-44c9-a6ef-a808f12bc633 |
46
| instance_id | 57246b92-fdf2-416f-921a-6760e05c74b4 |
47
| mgmt_url | |
48
| name | kolla-sample-vnf |
49
| placement_attr | {"vim_name": "kolla-sample-vim"} |
50
| status | PENDING_CREATE |
51
| tenant_id | 9fb078d4c7e54a92b3068eb5c0f83ec5 |
52
| updated_at | |
53
| vim_id | 0cb20dff-b6d2-44ab-9124-cdeb018269a2 |
54
| vnfd_id | d9633774-f9a4-492c-8055-ff3b2bc08581 |
55
+----------------+--------------------------------------+
56
Creating SFC demo instances
57
58
+-------------------------------------+----------------------------------------------------------+
59
| Field | Value |
60
+-------------------------------------+----------------------------------------------------------+
61
| OS-DCF:diskConfig | MANUAL |
62
| OS-EXT-AZ:availability_zone | nova |
63
| OS-EXT-SRV-ATTR:host | controller |
64
| OS-EXT-SRV-ATTR:hypervisor_hostname | controller |
65
| OS-EXT-SRV-ATTR:instance_name | instance-0000000c |
66
| OS-EXT-STS:power_state | Running |
67
| OS-EXT-STS:task_state | None |
68
| OS-EXT-STS:vm_state | active |
69
| OS-SRV-USG:launched_at | 2017-08-28T08:50:00.000000 |
70
| OS-SRV-USG:terminated_at | None |
71
| accessIPv4 | |
72
| accessIPv6 | |
73
| addresses | demo-net=10.0.0.3 |
74
| adminPass | HGW57Pe5r8pC |
75
| config_drive | |
76
| created | 2017-08-28T08:49:41Z |
77
| flavor | m1.tiny (1) |
78
| hostId | bec7629dd00bde2fd03ac3c939eea34fa1a2f7e4a6f8337b0e08bca4 |
79
| id | 90304f68-6b38-4753-b0c2-a62835abebde |
80
| image | cirros (f0a80381-2bd0-4c53-8300-377a7e4bf065) |
81
| key_name | None |
82
| name | kolla_sfc_server |
83
| progress | 0 |
84
| project_id | 9fb078d4c7e54a92b3068eb5c0f83ec5 |
85
| properties | |
86
| security_groups | name='default' |
87
| status | ACTIVE |
88
| updated | 2017-08-28T08:50:00Z |
89
| user_id | 2d948bf4056c4e0d878a0f3f4765d3f9 |
90
| volumes_attached | |
91
+-------------------------------------+----------------------------------------------------------+
92
93
+-------------------------------------+----------------------------------------------------------+
94
| Field | Value |
95
+-------------------------------------+----------------------------------------------------------+
96
| OS-DCF:diskConfig | MANUAL |
97
| OS-EXT-AZ:availability_zone | nova |
98
| OS-EXT-SRV-ATTR:host | compute1 |
99
| OS-EXT-SRV-ATTR:hypervisor_hostname | compute1 |
100
| OS-EXT-SRV-ATTR:instance_name | instance-0000000e |
101
| OS-EXT-STS:power_state | Running |
102
| OS-EXT-STS:task_state | None |
103
| OS-EXT-STS:vm_state | active |
104
| OS-SRV-USG:launched_at | 2017-08-28T08:50:31.000000 |
105
| OS-SRV-USG:terminated_at | None |
106
| accessIPv4 | |
107
| accessIPv6 | |
108
| addresses | demo-net=10.0.0.7 |
109
| adminPass | ZhQQG2vsetkV |
110
| config_drive | |
111
| created | 2017-08-28T08:50:12Z |
112
| flavor | m1.tiny (1) |
113
| hostId | 95d62e067390ab4fbaaebf971f9cc70c98c371532b6f9bfa08389fee |
114
| id | e126fd2f-bdca-4e78-abc0-f0a2d4739a30 |
115
| image | cirros (f0a80381-2bd0-4c53-8300-377a7e4bf065) |
116
| key_name | None |
117
| name | kolla_sfc_client |
118
| progress | 0 |
119
| project_id | 9fb078d4c7e54a92b3068eb5c0f83ec5 |
120
| properties | |
121
| security_groups | name='default' |
122
| status | ACTIVE |
123
| updated | 2017-08-28T08:50:31Z |
124
| user_id | 2d948bf4056c4e0d878a0f3f4765d3f9 |
125
| volumes_attached | |
126
+-------------------------------------+----------------------------------------------------------+
127
Tacker SFC config files
128
Creating VNFFGD
129
Created a new vnffgd:
130
+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
131
| Field | Value |
132
+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
133
| description | |
134
| id | 97d9f9e9-f9c3-45b6-9050-000226d37ec9 |
135
| name | kolla-sample-vnffgd |
136
| template | {"vnffgd": {"imports": ["/var/lib/kolla/venv/lib/python2.7/site-packages/tacker/tosca/lib/tacker_defs.yaml", "/var/lib/kolla/venv/lib/python2.7/site-packages/tacker/tosca/lib/tacker_nfv_defs.yaml"], "description": "Sample VNFFG template", "topology_template": {"node_templates": {"Forwarding_path1": {"type": "tosca.nodes.nfv.FP.Tacker", "description": "creates path (CP12->CP12)", "properties": {"policy": {"type": "ACL", "criteria": [{"network_src_port_id": "2779e692-f979-467c-81ae-34a176e12ed4"}, {"network_id": "9ab78f83-40b7-4435-be5c-eb40de435793"}, {"ip_proto": 6}, {"destination_port_range": "80-80"}]}, "path": [{"capability": "CP11", "forwarder": "kolla-sample-vnfd"}], "id": 51}}}, "description": "Sample VNFFG template", "groups": {"VNFFG1": {"type": "tosca.groups.nfv.VNFFG", "description": "HTTP to Corporate Net", "members": ["Forwarding_path1"], "properties": {"vendor": "tacker", "connection_point": ["CP11"], "version": 1.0, "constituent_vnfs": ["kolla-sample-vnfd"], "number_of_endpoints": 1, "dependent_virtual_link": ["VL1"]}}}}, "tosca_definitions_version": "tosca_simple_profile_for_nfv_1_0_0"}} |
137
| template_source | onboarded |
138
| tenant_id | 9fb078d4c7e54a92b3068eb5c0f83ec5 |
139
+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
140
Creating VNFFG
141
Created a new vnffg:
142
+------------------+---------------------------------------------------------------+
143
| Field | Value |
144
+------------------+---------------------------------------------------------------+
145
| description | |
146
| forwarding_paths | cff3d46e-9544-4775-82c3-0ac3c1f3864c |
147
| id | a1e2a010-0c64-40ad-a54a-96d7e9d8e6a5 |
148
| name | kolla-sample-vnffg |
149
| status | PENDING_CREATE |
150
| tenant_id | 9fb078d4c7e54a92b3068eb5c0f83ec5 |
151
| vnf_mapping | {"kolla-sample-vnfd": "a3f73d1b-6d6b-44c9-a6ef-a808f12bc633"} |
152
| vnffgd_id | 97d9f9e9-f9c3-45b6-9050-000226d37ec9 |
153
+------------------+---------------------------------------------------------------+
154
Tacker sfc client floating ip address: 192.168.150.102
155
Tacker sfc server floating ip address: 192.168.150.110
156
157
Done.
158
159
To create simple HTTP server in tacker_sfc_server instance run:
160
161
ssh [email protected] 'while true; \
162
do echo -e "HTTP/1.0 200 OK\r\n\r\nW00t from Kolla HTTP server!" | sudo nc -l -p 80 ; done &'
Copied!
Once finished, script will show server and client floating IP addresses, also a sample command to start a basic HTTP server in tacker_sfc_server instance.

Validate resources

Verify tacker resources are created.
1
$ tacker vim-list
2
3
+--------------------------------------+----------------------------------+------------------+-----------+------------+------------------------------+-----------+
4
| id | tenant_id | name | type | is_default | placement_attr | status |
5
+--------------------------------------+----------------------------------+------------------+-----------+------------+------------------------------+-----------+
6
| 0cb20dff-b6d2-44ab-9124-cdeb018269a2 | 9fb078d4c7e54a92b3068eb5c0f83ec5 | kolla-sample-vim | openstack | True | {u'regions': [u'RegionOne']} | REACHABLE |
7
+--------------------------------------+----------------------------------+------------------+-----------+------------+------------------------------+-----------+
8
9
$ tacker vnf-list
10
+--------------------------------------+------------------+-----------------------+--------+--------------------------------------+--------------------------------------+
11
| id | name | mgmt_url | status | vim_id | vnfd_id |
12
+--------------------------------------+------------------+-----------------------+--------+--------------------------------------+--------------------------------------+
13
| a3f73d1b-6d6b-44c9-a6ef-a808f12bc633 | kolla-sample-vnf | {"VDU1": "10.0.0.12"} | ACTIVE | 0cb20dff-b6d2-44ab-9124-cdeb018269a2 | d9633774-f9a4-492c-8055-ff3b2bc08581 |
14
+--------------------------------------+------------------+-----------------------+--------+--------------------------------------+--------------------------------------+
15
16
$ tacker vnfd-list
17
+--------------------------------------+-------------------+-----------------+--------------+
18
| id | name | template_source | description |
19
+--------------------------------------+-------------------+-----------------+--------------+
20
| d9633774-f9a4-492c-8055-ff3b2bc08581 | kolla-sample-vnfd | onboarded | Demo example |
21
+--------------------------------------+-------------------+-----------------+--------------+
Copied!
Verify nova and heat resources are created.
1
$ openstack server list
2
3
+--------------------------------------+-------------------------------------------------------+--------+------------------------------------+--------+-----------------------------------------------------------------------------------------------------------------------+
4
| ID | Name | Status | Networks | Image | Flavor |
5
+--------------------------------------+-------------------------------------------------------+--------+------------------------------------+--------+-----------------------------------------------------------------------------------------------------------------------+
6
| e126fd2f-bdca-4e78-abc0-f0a2d4739a30 | kolla_sfc_client | ACTIVE | demo-net=10.0.0.7, 192.168.150.102 | cirros | m1.tiny |
7
| 90304f68-6b38-4753-b0c2-a62835abebde | kolla_sfc_server | ACTIVE | demo-net=10.0.0.3, 192.168.150.110 | cirros | m1.tiny |
8
| 61e2ec3a-444f-4048-bc8d-a599e29e14bd | ta-3d1b-6d6b-44c9-a6ef-a808f12bc633-VDU1-hvpraqctwpm7 | ACTIVE | demo-net=10.0.0.12 | cirros | tacker.vnfm.infra_drivers.openstack.openstack_OpenStack-a3f73d1b-6d6b-44c9-a6ef-a808f12bc633-VDU1_flavor-4vsmp3jlvilk |
9
+--------------------------------------+-------------------------------------------------------+--------+------------------------------------+--------+-----------------------------------------------------------------------------------------------------------------------+
10
11
$ openstack stack list
12
+--------------------------------------+----------------------------------------------------------------------------------------------+----------------------------------+-----------------+----------------------+--------------+
13
| ID | Stack Name | Project | Stack Status | Creation Time | Updated Time |
14
+--------------------------------------+----------------------------------------------------------------------------------------------+----------------------------------+-----------------+----------------------+--------------+
15
| 57246b92-fdf2-416f-921a-6760e05c74b4 | tacker.vnfm.infra_drivers.openstack.openstack_OpenStack-a3f73d1b-6d6b-44c9-a6ef-a808f12bc633 | 9fb078d4c7e54a92b3068eb5c0f83ec5 | CREATE_COMPLETE | 2017-08-28T08:49:11Z | None |
16
+--------------------------------------+----------------------------------------------------------------------------------------------+----------------------------------+-----------------+----------------------+--------------+
Copied!
Verify networking-sfc resources.
1
$ openstack sfc port chain list
2
3
+--------------------------------------+-------------------------------+-------------------------------------------+-------------------------------------------+------------------------------------------------+
4
| ID | Name | Port Pair Groups | Flow Classifiers | Chain Parameters |
5
+--------------------------------------+-------------------------------+-------------------------------------------+-------------------------------------------+------------------------------------------------+
6
| ec35dfac-dc9d-40b8-8103-b510761753ae | kolla-sample-vnffg-port-chain | [u'9b73262f-f25d-400b-8aff-062d66a3bd76'] | [u'063231fc-f697-4bd9-bfb6-b89f89ff6117'] | {u'symmetric': False, u'correlation': u'mpls'} |
7
+--------------------------------------+-------------------------------+-------------------------------------------+-------------------------------------------+------------------------------------------------+
8
9
$ openstack sfc port chain show kolla-sample-vnffg-port-chain
10
+------------------+------------------------------------------------+
11
| Field | Value |
12
+------------------+------------------------------------------------+
13
| chain_id | 1 |
14
| chain_parameters | {u'symmetric': False, u'correlation': u'mpls'} |
15
| description | port-chain for Tacker VNFFG |
16
| flow_classifiers | [u'063231fc-f697-4bd9-bfb6-b89f89ff6117'] |
17
| id | ec35dfac-dc9d-40b8-8103-b510761753ae |
18
| name | kolla-sample-vnffg-port-chain |
19
| port_pair_groups | [u'9b73262f-f25d-400b-8aff-062d66a3bd76'] |
20
| project_id | 9fb078d4c7e54a92b3068eb5c0f83ec5 |
21
+------------------+------------------------------------------------+
22
23
$ openstack sfc port pair group list
24
+--------------------------------------+----------------------------------+-------------------------------------------+---------------------------------------------------------------------------------------------+
25
| ID | Name | Port Pair | Port Pair Group Parameters |
26
+--------------------------------------+----------------------------------+-------------------------------------------+---------------------------------------------------------------------------------------------+
27
| 9b73262f-f25d-400b-8aff-062d66a3bd76 | kolla-sample-vnf-port-pair-group | [u'bb944348-2610-4068-8c87-9288904edf11'] | {u'lb_fields': [], u'ppg_n_tuple_mapping': {u'ingress_n_tuple': {}, u'egress_n_tuple': {}}} |
28
+--------------------------------------+----------------------------------+-------------------------------------------+---------------------------------------------------------------------------------------------+
29
$ openstack sfc port pair group show kolla-sample-vnf-port-pair-group
30
+----------------------------+---------------------------------------------------------------------------------------------+
31
| Field | Value |
32
+----------------------------+---------------------------------------------------------------------------------------------+
33
| description | port pair group for kolla-sample-vnf |
34
| group_id | 1 |
35
| id | 9b73262f-f25d-400b-8aff-062d66a3bd76 |
36
| name | kolla-sample-vnf-port-pair-group |
37
| port_pair_group_parameters | {u'lb_fields': [], u'ppg_n_tuple_mapping': {u'ingress_n_tuple': {}, u'egress_n_tuple': {}}} |
38
| port_pairs | [u'bb944348-2610-4068-8c87-9288904edf11'] |
39
| project_id | 9fb078d4c7e54a92b3068eb5c0f83ec5 |
40
+----------------------------+---------------------------------------------------------------------------------------------+
41
42
$ openstack sfc flow classifier list
43
+--------------------------------------+------+----------+-----------+----------------+--------------------------------------+--------------------------+
44
| ID | Name | Protocol | Source-IP | Destination-IP | Logical-Source-Port | Logical-Destination-Port |
45
+--------------------------------------+------+----------+-----------+----------------+--------------------------------------+--------------------------+
46
| 063231fc-f697-4bd9-bfb6-b89f89ff6117 | | tcp | None | None | 2779e692-f979-467c-81ae-34a176e12ed4 | None |
47
+--------------------------------------+------+----------+-----------+----------------+--------------------------------------+--------------------------+
48
49
$ openstack sfc flow classifier show 063231fc-f697-4bd9-bfb6-b89f89ff6117
50
+----------------------------+--------------------------------------+
51
| Field | Value |
52
+----------------------------+--------------------------------------+
53
| description | |
54
| destination_ip_prefix | None |
55
| destination_port_range_max | 80 |
56
| destination_port_range_min | 80 |
57
| ethertype | IPv4 |
58
| id | 063231fc-f697-4bd9-bfb6-b89f89ff6117 |
59
| l7_parameters | {} |
60
| logical_destination_port | None |
61
| logical_source_port | 2779e692-f979-467c-81ae-34a176e12ed4 |
62
| name | |
63
| project_id | 9fb078d4c7e54a92b3068eb5c0f83ec5 |
64
| protocol | tcp |
65
| source_ip_prefix | None |
66
| source_port_range_max | None |
67
| source_port_range_min | None |
68
+----------------------------+--------------------------------------+
Copied!

Verify traffic flows

Execute the command to create a sample web server in tacker_sfc_server.
1
$ ssh [email protected] 'while true; \
2
> do echo -e "HTTP/1.0 200 OK\r\n\r\nW00t from Kolla HTTP server!" | sudo nc -l -p 80 ; done &'
3
4
The authenticity of host '192.168.150.110 (192.168.150.110)' can't be established.
5
RSA key fingerprint is c6:14:b1:d9:84:b5:83:54:47:8e:20:eb:81:a2:f7:62.
6
Are you sure you want to continue connecting (yes/no)? yes
7
Warning: Permanently added '192.168.150.110' (RSA) to the list of known hosts.
8
[email protected]'s password:
Copied!
Connect to tacker_sfc_client through the floating IP address
2
3
The authenticity of host '192.168.150.102 (192.168.150.102)' can't be established.
4
RSA key fingerprint is 5e:51:88:93:70:90:0e:24:55:81:47:b4:d6:28:4b:f9.
5
Are you sure you want to continue connecting (yes/no)? yes
6
Warning: Permanently added '192.168.150.102' (RSA) to the list of known hosts.
7
[email protected]'s password:
Copied!
Curl to tacker_sfc_server internal/fixed IP address.
Should receive \"W00t from Kolla HTTP server!\" message
1
$ curl http://10.0.0.3
2
W00t from Kolla HTTP server!
Copied!
Find hypervisor where tacker VNF instance is running.
1
$ openstack server list -c Name -c Host -c Networks -c Status --long
2
3
+-------------------------------------------------------+--------+------------------------------------+------------+
4
| Name | Status | Networks | Host |
5
+-------------------------------------------------------+--------+------------------------------------+------------+
6
| kolla_sfc_client | ACTIVE | demo-net=10.0.0.7, 192.168.150.102 | compute1 |
7
| kolla_sfc_server | ACTIVE | demo-net=10.0.0.3, 192.168.150.110 | controller |
8
| ta-3d1b-6d6b-44c9-a6ef-a808f12bc633-VDU1-hvpraqctwpm7 | ACTIVE | demo-net=10.0.0.12 | compute1 |
9
+-------------------------------------------------------+--------+------------------------------------+------------+
Copied!
Find tacker VNF instance port ID
1
$ openstack port list --server ta-3d1b-6d6b-44c9-a6ef-a808f12bc633-VDU1-hvpraqctwpm7 -c ID
2
+--------------------------------------+
3
| ID |
4
+--------------------------------------+
5
| e5da60a7-a348-4bee-a52a-96ae33b53a26 |
6
+--------------------------------------+
Copied!
In the host where the instance is running, locate the tap interface.
Tap interface is tap<first 11 ID digits>.
Start tcpdump in port 80 in the tap interface.
1
$ tcpdump port 80 -eni tape5da60a7-a3
2
3
tcpdump: WARNING: tape5da60a7-a3: no IPv4 address assigned
4
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
5
listening on tape5da60a7-a3, link-type EN10MB (Ethernet), capture size 65535 bytes
Copied!
Now curl again from tacker_sfc_client instance.
1
$ curl http://10.0.0.3
2
W00t from Kolla HTTP server!
Copied!
In the tcpdump should see traffic flowing to tacker_sfc_server from tacker_sfc_client
1
10:18:39.207908 fa:16:3e:6d:65:14 > fa:16:3e:2f:3e:90, ethertype IPv4 (0x0800), length 74: 10.0.0.7.40475 > 10.0.0.3.http: Flags [S], seq 3060324847, win 14100, options [mss 1410,sackOK,TS val 346030 ecr 0,nop,wscale 3], length 0
2
10:18:39.209263 fa:16:3e:2f:3e:90 > fa:16:3e:d7:6f:3b, ethertype IPv4 (0x0800), length 74: 10.0.0.7.40475 > 10.0.0.3.http: Flags [S], seq 3060324847, win 14100, options [mss 1410,sackOK,TS val 346030 ecr 0,nop,wscale 3], length 0
3
10:18:39.214001 fa:16:3e:6d:65:14 > fa:16:3e:2f:3e:90, ethertype IPv4 (0x0800), length 66: 10.0.0.7.40475 > 10.0.0.3.http: Flags [.], ack 2793310193, win 1763, options [nop,nop,TS val 346032 ecr 352982], length 0
4
10:18:39.214924 fa:16:3e:2f:3e:90 > fa:16:3e:d7:6f:3b, ethertype IPv4 (0x0800), length 66: 10.0.0.7.40475 > 10.0.0.3.http: Flags [.], ack 1, win 1763, options [nop,nop,TS val 346032 ecr 352982], length 0
5
10:18:39.222308 fa:16:3e:6d:65:14 > fa:16:3e:2f:3e:90, ethertype IPv4 (0x0800), length 201: 10.0.0.7.40475 > 10.0.0.3.http: Flags [P.], seq 0:135, ack 1, win 1763, options [nop,nop,TS val 346034 ecr 352982], length 135
6
10:18:39.222333 fa:16:3e:6d:65:14 > fa:16:3e:2f:3e:90, ethertype IPv4 (0x0800), length 66: 10.0.0.7.40475 > 10.0.0.3.http: Flags [.], ack 49, win 1763, options [nop,nop,TS val 346034 ecr 352983], length 0
7
10:18:39.224660 fa:16:3e:2f:3e:90 > fa:16:3e:d7:6f:3b, ethertype IPv4 (0x0800), length 201: 10.0.0.7.40475 > 10.0.0.3.http: Flags [P.], seq 0:135, ack 1, win 1763, options [nop,nop,TS val 346034 ecr 352982], length 135
8
10:18:39.224773 fa:16:3e:2f:3e:90 > fa:16:3e:d7:6f:3b, ethertype IPv4 (0x0800), length 66: 10.0.0.7.40475 > 10.0.0.3.http: Flags [.], ack 49, win 1763, options [nop,nop,TS val 346034 ecr 352983], length 0
9
10:18:39.250113 fa:16:3e:6d:65:14 > fa:16:3e:2f:3e:90, ethertype IPv4 (0x0800), length 66: 10.0.0.7.40475 > 10.0.0.3.http: Flags [F.], seq 135, ack 50, win 1763, options [nop,nop,TS val 346041 ecr 352990], length 0
10
10:18:39.252871 fa:16:3e:2f:3e:90 > fa:16:3e:d7:6f:3b, ethertype IPv4 (0x0800), length 66: 10.0.0.7.40475 > 10.0.0.3.http: Flags [F.], seq 135, ack 50, win 1763, options [nop,nop,TS val 346041 ecr 352990], length 0
Copied!
Check br-int ovs flows.
1
$ docker exec openvswitch_db ovs-ofctl dump-flows br-int
2
3
NXST_FLOW reply (xid=0x4):
4
cookie=0x4d21ac58ca610153, duration=1952.266s, table=0, n_packets=20, n_bytes=1892, idle_age=300, priority=30,tcp,in_port=4,nw_src=10.0.0.7,tp_dst=80 actions=NORMAL
5
cookie=0x4d21ac58ca610153, duration=1951.781s, table=0, n_packets=20, n_bytes=1892, idle_age=300, priority=30,tcp,in_port=5,nw_src=10.0.0.7,tp_dst=80 actions=group:1
6
cookie=0x4d21ac58ca610153, duration=3824.910s, table=0, n_packets=0, n_bytes=0, idle_age=3824, priority=20,mpls actions=resubmit(,10)
7
cookie=0x5efe7af1c4c4da43, duration=1986.768s, table=0, n_packets=0, n_bytes=0, idle_age=1986, priority=10,icmp6,in_port=5,icmp_type=136 actions=resubmit(,24)
8
cookie=0x5efe7af1c4c4da43, duration=1986.765s, table=0, n_packets=9, n_bytes=378, idle_age=296, priority=10,arp,in_port=5 actions=resubmit(,24)
9
cookie=0x5efe7af1c4c4da43, duration=1986.771s, table=0, n_packets=151, n_bytes=16475, idle_age=300, priority=9,in_port=5 actions=resubmit(,25)
10
cookie=0x5efe7af1c4c4da43, duration=3828.290s, table=0, n_packets=575, n_bytes=63516, idle_age=296, priority=0 actions=resubmit(,60)
11
cookie=0x4d21ac58ca610153, duration=1952.498s, table=5, n_packets=20, n_bytes=1892, idle_age=300, priority=0,ip,dl_dst=fa:16:3e:2f:3e:90 actions=push_mpls:0x8847,load:0x1ff->OXM_OF_MPLS_LABEL[],set_mpls_ttl(255),mod_vlan_vid:2,resubmit(,10)
12
cookie=0x4d21ac58ca610153, duration=1951.976s, table=10, n_packets=20, n_bytes=1892, idle_age=300, priority=1,mpls,dl_vlan=2,dl_dst=fa:16:3e:2f:3e:90,mpls_label=511 actions=strip_vlan,pop_mpls:0x0800,output:4
13
cookie=0x4d21ac58ca610153, duration=3824.909s, table=10, n_packets=0, n_bytes=0, idle_age=3824, priority=0 actions=drop
14
cookie=0x5efe7af1c4c4da43, duration=3828.292s, table=23, n_packets=0, n_bytes=0, idle_age=3828, priority=0 actions=drop
15
cookie=0x5efe7af1c4c4da43, duration=1986.769s, table=24, n_packets=0, n_bytes=0, idle_age=1986, priority=2,icmp6,in_port=5,icmp_type=136,nd_target=fe80::f816:3eff:fe6d:6514 actions=resubmit(,60)
16
cookie=0x5efe7af1c4c4da43, duration=1986.766s, table=24, n_packets=9, n_bytes=378, idle_age=296, priority=2,arp,in_port=5,arp_spa=10.0.0.7 actions=resubmit(,25)
17
cookie=0x5efe7af1c4c4da43, duration=3828.286s, table=24, n_packets=0, n_bytes=0, idle_age=3828, priority=0 actions=drop
18
cookie=0x5efe7af1c4c4da43, duration=1986.774s, table=25, n_packets=159, n_bytes=16783, idle_age=296, priority=2,in_port=5,dl_src=fa:16:3e:6d:65:14 actions=resubmit(,60)
19
cookie=0x5efe7af1c4c4da43, duration=3828.287s, table=60, n_packets=836, n_bytes=90430, idle_age=296, priority=3 actions=NORMAL
Copied!
Check br-tun ovs flows.
1
$ docker exec openvswitch_db ovs-ofctl dump-flows br-tun
2
3
NXST_FLOW reply (xid=0x4):
4
cookie=0xf206a4cf831522bb, duration=3829.004s, table=0, n_packets=514, n_bytes=51389, idle_age=299, priority=1,in_port=1 actions=resubmit(,2)
5
cookie=0xf206a4cf831522bb, duration=2049.122s, table=0, n_packets=111, n_bytes=13035, idle_age=299, priority=1,in_port=4 actions=resubmit(,4)
6
cookie=0xf206a4cf831522bb, duration=2049.077s, table=0, n_packets=99, n_bytes=12561, idle_age=1976, priority=1,in_port=5 actions=resubmit(,4)
7
cookie=0xf206a4cf831522bb, duration=3829.003s, table=0, n_packets=0, n_bytes=0, idle_age=3829, priority=0 actions=drop
8
cookie=0xf206a4cf831522bb, duration=3829.001s, table=2, n_packets=14, n_bytes=588, idle_age=303, priority=1,arp,dl_dst=ff:ff:ff:ff:ff:ff actions=resubmit(,21)
9
cookie=0xf206a4cf831522bb, duration=3828.999s, table=2, n_packets=444, n_bytes=44273, idle_age=299, priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20)
10
cookie=0xf206a4cf831522bb, duration=3828.998s, table=2, n_packets=56, n_bytes=6528, idle_age=1971, priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,22)
11
cookie=0xf206a4cf831522bb, duration=3828.997s, table=3, n_packets=0, n_bytes=0, idle_age=3828, priority=0 actions=drop
12
cookie=0xf206a4cf831522bb, duration=2051.673s, table=4, n_packets=210, n_bytes=25596, idle_age=299, priority=1,tun_id=0x35 actions=mod_vlan_vid:2,resubmit(,10)
13
cookie=0xf206a4cf831522bb, duration=3828.996s, table=4, n_packets=0, n_bytes=0, idle_age=3828, priority=0 actions=drop
14
cookie=0xf206a4cf831522bb, duration=3828.995s, table=6, n_packets=0, n_bytes=0, idle_age=3828, priority=0 actions=drop
15
cookie=0xf206a4cf831522bb, duration=3828.994s, table=10, n_packets=322, n_bytes=39749, idle_age=299, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,cookie=0xf206a4cf831522bb,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:OXM_OF_IN_PORT[]),output:1
16
cookie=0xf206a4cf831522bb, duration=2045.177s, table=20, n_packets=60, n_bytes=7135, idle_age=299, priority=2,dl_vlan=2,dl_dst=fa:16:3e:dd:b9:4d actions=strip_vlan,load:0x35->NXM_NX_TUN_ID[],output:4
17
cookie=0xf206a4cf831522bb, duration=2045.168s, table=20, n_packets=180, n_bytes=17440, idle_age=1976, priority=2,dl_vlan=2,dl_dst=fa:16:3e:71:84:df actions=strip_vlan,load:0x35->NXM_NX_TUN_ID[],output:5
18
cookie=0xf206a4cf831522bb, duration=2019.366s, table=20, n_packets=20, n_bytes=1892, idle_age=303, priority=2,dl_vlan=2,dl_dst=fa:16:3e:d7:6f:3b actions=strip_vlan,load:0x35->NXM_NX_TUN_ID[],output:4
19
cookie=0xf206a4cf831522bb, duration=304.629s, table=20, n_packets=0, n_bytes=0, hard_timeout=300, idle_age=304, hard_age=299, priority=1,vlan_tci=0x0002/0x0fff,dl_dst=fa:16:3e:dd:b9:4d actions=load:0->NXM_OF_VLAN_TCI[],load:0x35->NXM_NX_TUN_ID[],output:4
20
cookie=0xf206a4cf831522bb, duration=3828.992s, table=20, n_packets=0, n_bytes=0, idle_age=3828, priority=0 actions=resubmit(,22)
21
cookie=0xf206a4cf831522bb, duration=2045.180s, table=21, n_packets=2, n_bytes=84, idle_age=1974, priority=1,arp,dl_vlan=2,arp_tpa=10.0.0.1 actions=load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0xfa163eddb94d->NXM_NX_ARP_SHA[],load:0xa000001->NXM_OF_ARP_SPA[],move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:fa:16:3e:dd:b9:4d,IN_PORT
22
cookie=0xf206a4cf831522bb, duration=2045.170s, table=21, n_packets=2, n_bytes=84, idle_age=1979, priority=1,arp,dl_vlan=2,arp_tpa=10.0.0.2 actions=load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0xfa163e7184df->NXM_NX_ARP_SHA[],load:0xa000002->NXM_OF_ARP_SPA[],move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:fa:16:3e:71:84:df,IN_PORT
23
cookie=0xf206a4cf831522bb, duration=2019.369s, table=21, n_packets=4, n_bytes=168, idle_age=303, priority=1,arp,dl_vlan=2,arp_tpa=10.0.0.3 actions=load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0xfa163ed76f3b->NXM_NX_ARP_SHA[],load:0xa000003->NXM_OF_ARP_SPA[],move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:fa:16:3e:d7:6f:3b,IN_PORT
24
cookie=0xf206a4cf831522bb, duration=3828.991s, table=21, n_packets=2, n_bytes=84, idle_age=303, priority=0 actions=resubmit(,22)
25
cookie=0xf206a4cf831522bb, duration=2045.174s, table=22, n_packets=20, n_bytes=2512, idle_age=303, priority=1,dl_vlan=2 actions=strip_vlan,load:0x35->NXM_NX_TUN_ID[],output:4,output:5
26
cookie=0xf206a4cf831522bb, duration=3828.990s, table=22, n_packets=20, n_bytes=1672, idle_age=1994, priority=0 actions=drop
Copied!
Once Tacker and SFC is verified, all resources can be deleted.
1
$ sh cleanup-tacker
2
3
Deleting VNFFG
4
All specified vnffg(s) deleted successfully
5
Deleting VNFFGD
6
All specified vnffgd(s) deleted successfully
7
Deleting sample sfc instances
8
Deleting sample VNF
9
All specified vnf(s) delete initiated successfully
10
Deleting sample VNFD
11
All specified vnfd(s) deleted successfully
12
Deleting sample VIM
13
All specified vim(s) deleted successfully
14
Removing sample config
Copied!
In following posts will show how to tacker templates works and an in deep sfc traffic flows analysis.
Regards, Eduardo Gonzalez
Last modified 1yr ago