Install FreeRadius on Ubuntu VM

Before starting

Install Free Radius

  • Update Ubuntu VM
silvia@ubuntu :~$ sudo apt-get update
  • Install freeradius. I will install also freeradius-mysql to play with mysql later.
silvia@ubuntu :~$ sudo apt-get install freeradius freeradius-mysql
  • Get into root mode
silvia@ubuntu:~$ sudo -i
root@ubuntu:~#
  • I like vim
root@ubuntu:~# vim /etc/freeradius/users 
The program 'vim' can be found in the following packages:
* vim
* vim-gnome
* vim-tiny
* vim-athena
* vim-gtk
* vim-nox
Try: apt-get install <selected package>
root@ubuntu:~# apt-get install vim

[...]

root@ubuntu:~#

Test PAP subscriber

The first step to getting any authentication working in FreeRADIUS is to configure PAP, or clear-text passwords. Even though many deployments will end up using additional authentication protocols, PAP is the simplest and easiest to configure. And as we will see later, once PAP is configured, many other authentication protocols become simple, too.

In this example, we will configure PAP using the users file. The users file is a flat-text file that allows many common policies to be implemented. It is simple to use, easy to edit, and does not require any additional effort to configure databases like LDAP or SQL. It is therefore the ideal configuration file to use when starting to deploy a new server.

To configure PAP authentication, we must tell the server about a particular user, in this case bob. We must also tell the server what the users “known good” password is, in this case hello. This “known good” password will be used to validate the password entered by the user, and sent to FreeRADIUS by the NAS or AP. If the passwords match, then FreeRADIUS will return an Access-Accept packet. If the passwords do not match, then FreeRADIUS will return an Access-Reject packet.

  • Add a test user
root@ubuntu:~# vim /etc/freeradius/users 
silvia Cleartext-Password := "password"

#
# Please read the documentation file ../doc/processing_users_file,
# or 'man 5 users' (after installing the server) for more information.
#
# This file contains authentication security and configuration
# information for each user. Accounting requests are NOT processed
# through this file. Instead, see 'acct_users', in this directory.
#
# The first field is the user's name and can be up to
# 253 characters in length. This is followed (on the same line) with
# the list of authentication requirements for that user. This can
# include password, comm server name, comm server port number, protocol
# type (perhaps set by the "hints" file), and huntgroup name (set by
# the "huntgroups" file).
#
# If you are not sure why a particular reply is being sent by the
# server, then run the server in debugging mode (radiusd -X), and
# you will see which entries in this file are matched.
#
[...]
  • Enter debug mode
root@ubuntu:~# freeradius -X
FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Jul 26 2017 at 15:30:42
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE.

[...]

radiusd: #### Opening IP addresses and Ports ####
listen {
 type = "auth"
 ipaddr = *
 port = 0
Failed binding to authentication address * port 1812: Address already in use 
/etc/freeradius/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812

Obs: Get normal error as the service is already running

root@ubuntu:~# netstat -unpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:7682 0.0.0.0:* 929/dhclient 
udp 0 0 127.0.0.1:18120 0.0.0.0:* 50902/freeradius
udp 0 0 0.0.0.0:1812 0.0.0.0:* 50902/freeradius
udp 0 0 0.0.0.0:1813 0.0.0.0:* 50902/freeradius
udp 0 0 0.0.0.0:1814 0.0.0.0:* 50902/freeradius
udp 0 0 0.0.0.0:68 0.0.0.0:* 929/dhclient 
udp 0 0 0.0.0.0:47222 0.0.0.0:* 50902/freeradius
udp6 0 0 :::23210 :::* 929/dhclient
  • Test the created user
root@ubuntu:~# radtest silvia password localhost 0 testing123
Sending Access-Request of id 231 to 127.0.0.1 port 1812
 User-Name = "silvia"
 User-Password = "password"
 NAS-IP-Address = 127.0.1.1
 NAS-Port = 0
 Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=231, length=20
  ^---- This text means that authentication succeeded.

 OBS: With the default configuration in Version 2.x, and the above users file entry, the following authentication types will just work:

  • PAP
  • CHAP
  • MS-CHAP
  • EAP-MD5
  • EAP-MSCHAPv2
  • Cisco LEAP

Install Ubuntu Server on Fusion PRO

Software

  • VMWare Fusion PRO 10.0.1
  • Ubuntu package: ubuntu-14.04.1-server-amd64.iso

How to install a fresh Ubuntu Server

  • Open VMware Fusion > New > Install from disc or image > [ Continue ]
  • Drag and Drop the Ubuntu Image ubuntu-14.04.1-server-amd64.iso already stored into your computer > [ Continue ]
  • Use Easy Install (checked), Display Name: your_name, Account Name: ubuntu_user, Password: ubuntu_password, Confirm Password: ubuntu_password > [ Continue ]
  • [ Customize Settings ] > Save As: custom_name > [ Save ]
  • [ Finish ]
  • From menu chose Virtual Mashine > Setings…
  • Processors & Memory: 1 vCPU, 4G RAM, Advanced Options and check Enable hypervisor applications in this virtual machine
  • Existing NIC used for internet connectivity will be mapped to eth0: Network Adapter > Share with my Mac
  • New NIC used for other purposes will be mapped to eth1: [ Add Device ] >  Network Adapter > vmnet3
  • Delete Camera
  • Delete Printer
  • Power ON the VM and wait for the easy installation. Chose eth0 as the Primary network interface.

Connect using SSH >> ERROR

Check ifconfig

silvia@ubuntu :~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:29:5f:59:4b 
 inet addr:172.16.226.135 Bcast:172.16.226.255 Mask:255.255.255.0
               ^-- got this IP address form Fusion DHCP
 inet6 addr: fe80::20c:29ff:fe5f:594b/64 Scope:Link
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:86448 errors:0 dropped:0 overruns:0 frame:0
 TX packets:11662 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000 
 RX bytes:118763956 (118.7 MB) TX bytes:1141495 (1.1 MB)

lo Link encap:Local Loopback 
 inet addr:127.0.0.1 Mask:255.0.0.0
 inet6 addr: ::1/128 Scope:Host
 UP LOOPBACK RUNNING MTU:65536 Metric:1
 RX packets:34 errors:0 dropped:0 overruns:0 frame:0
 TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0 
 RX bytes:2632 (2.6 KB) TX bytes:2632 (2.6 KB)

When trying to connect using ssh you will get an error. This is normal as ssh server is not installed.

Murgescus-MacBook-Pro:~ silvia$ ssh silvia@172.16.226.135

ssh: connect to host 172.16.226.135 port 22: Connection refused

Murgescus-MacBook-Pro:~ silvia$

Install a ssh-server

  • Update repositories
silvia@ubuntu :~$ sudo apt-get update
  • And again
silvia@ubuntu :~$ sudo apt-get upgrade
  • Install ssh-server
silvia@ubuntu :~$ apt-get install openssh-server

Connect using SSH >> SUCCESS

Murgescus-MacBook-Pro:~ silvia$ ssh silvia@172.16.226.135
The authenticity of host '172.16.226.135 (172.16.226.135)' can't be established.
ECDSA key fingerprint is SHA256:YCEkSF7rhHph60SRWGbfhHm2lRau5wUpPgjH2VqzMhA.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.226.135' (ECDSA) to the list of known hosts.
silvia@172.16.226.135's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-32-generic x86_64)

* Documentation: https://help.ubuntu.com/
Last login: Wed Dec 13 06:07:12 2017
silvia@ubuntu:~$

Do you need to configure the network adapters? Find here the solution.

Junos Space and Security Director

Sources:

> https://dataplumber.wordpress.com/2016/08/09/setting-up-vsrx-and-space-in-vmware-fusion/

> https://www.juniper.net/documentation/en_US/junos-space17.1/information-products/pathway-pages/security-director-installation-and-upgrade-guide.pdf

> http://rtodto.net/how-to-install-junos-space-and-security-director/

> http://rtodto.net/how-to-add-an-srx-cluster-to-security-director/

> https://kb.juniper.net/InfoCenter/index?page=content&id=KB27572&actp=METADATA

> https://marketplace.vmware.com/vsx/solutions/junos-space-security-director

> http://networkwiki.blogspot.ro/2015/09/junos-space-security-director-part-i.html

> http://networkwiki.blogspot.ro/2015/09/junos-space-security-director-part-ii.html

> http://networkwiki.blogspot.ro/2015/09/junos-space-security-director-part-iii.html

S6: Hardware Limitation and Planning

LAB Diagram and Devices BOM

My intention is to build and test the labs presented in MPLS in SDN Era Book:

As shown in the network diagram the BOM consist of:

  • 10 x Junos Logical Systems Devices: 2xH, 2xCE, 2xPE, 2xBR, 1xRR, 1xP
  • 4 x IOS XRv Virtual Routers Devices: 2xPE, 1xRR, 1xP

Note: H/CE/BR devices can be built also using simple instance-type virtual routers as no additional inside virtualization is needed.

  • 6 x Junos Routing Instances instance-type virtual routers: 2xH, 2xCE, 2xBR
  • 4 x Junos Logical Systems Devices: 2xPE, 1xRR, 1xP
  • 4 x IOS XRv Virtual Routers Devices: 2xPE, 1xRR, 1xP

Continue reading

Full Clone XRv VM with Fusion PRO

For different labs we might need to duplicate VMs: more IOS XR virtual routers, more vSRX Firewalls, etc.

Here is the procedure needed to multiply IOS XRv VMs. The same procedure can be used for any VM we need to safe or multiply.

1. Full Clone XRv VM

1. Open VMWare Fusion UI > Right Click on existing IOS XRv VM > Create Full Clone

2. Rename the new created VM

3. Edit .vmx configuration file and modify the console port

serial0.fileName = "telnet://127.0.0.1:9002

Note: each cloned VM will have different generated MAC addresses.

4. Turn ON the cloned VM.

2. Problem

If I try to power ON too many VMs, I get the “Not Enough Memmory” error.

It is very important the order of the VM I turn ON and the hardware planification.

Cisco SDR and VDC Features

For the SkyLifter project I wish to implement some additional virtualization features. What are Cisco Virtualization options?

  • VRF Lite
  • SDR – Secure Domain Router
  • VDC – Virtual Device Context

VRF Lite

By default a router uses a single global routing table that contains all the directly connected networks and prefixes that it learned through static or dynamic routing protocols.

VRFs are like VLANs for routers, instead of using a single global routing table we can use multiple virtual routing tables. Each interface of the router is assigned to a different VRF.

VRFs are commonly used for MPLS deployments, when we use VRFs without MPLS then we call it VRF lite.

Secure Domain Router (SDR)

Cisco IOS XR Software includes support for an HVR technology known as Secure Domain Routers (SDRs).

The HVR technology dedicates both control plane and data plane resources on a per-module boundary to individual virtual entities, so there is no sharing of either control plane or data plane resources. It is sometimes said that the only resource HVRs share is sheet metal. A lightweight shim layer provides low-level communication between HVRs, who otherwise believe they are independent router entities. Because of dedicated control plane and data plane resources, software applications and forwarding hardware need not implement virtualization. This separation effectively eliminates arbitration for resources between virtual routing entities.

Secure domain routers (SDRs) provide a means of partitioning a router into multiple, independent routers. SDRs perform routing functions in the same manner as a physical router but share resources with the rest of the system. For example, the applications, configurations, protocols, and routing tables assigned to an SDR belong to that SDR only, but other functions such as chassis control, switch fabric, and partitioning are shared with the rest of the system.

SDRs provide full isolation between virtualized routing instances through the use of Distributed Route Processors (DRPs) for extra control plane resources. SDRs are defined on per-slot boundaries, with entire Route Processors (RPs) and Modular Services Cards (MSCs) dedicated to an SDR. Figure below depicts the deployment of SDRs on a Cisco CRS-1 Carrier Routing System running Cisco IOS XR Software.

 

Note: SDR is only available on IOS-XR devices 12K, ASR 9K, CRS. It isn’t usefull for my SkyLifter lab.

You can find more info about Cisco SDR on Cisco White Paper Router Virtualization in Service Providershttps://www.cisco.com/c/en/us/solutions/collateral/routers/carrier-routing-system/white_paper_c11-512753.html

Virtual Device Context

Cisco NX-OS introduces support for virtual device contexts (VDCs), which allows the switches to be virtualized at the device level. Each configured VDC presents itself as a unique device to connected users within the framework of that physical switch. The VDC runs as a separate logical entity within the switch, maintaining its own unique set of running software processes, having its own configuration, and being managed by a separate administrator.

Note: This feature looks like Juniper Logical System feature but it is not supported by IOS XRv. It isn’t usefull for my SkyLifter lab.

You can find more info about VDC on Cisco White Paper Technical Overview of Virtual Device Contextshttps://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-10-slot-switch/White_Paper_Tech_Overview_Virtual_Device_Contexts.html

S4: vMX Initial Configuration

This article contains how I configure the vMX virtual router hosted in Ubuntu VM. Before starting I like to make a clear diagram into my head. 🙂

0. vMX Logical Network Diagram

Next table contains a summary of the external interfaces related to vMX. Internal back-to-back interfaces are not included in this table.

Network Connected Device Device Port Info IP
vmnet3 vMX – VCP fxp0 OoB MNG Net 192.168.83.11
vMX – VFP vfp-int OoB MNG Net 192.168.83.12
vmnet4 vMX – Logical Systems ge-0/0/8 Intelink with VLANs not configured
vMX – Ubuntu Server eth1 Intelink with VLANs 172.16.109.10
vmnet5 vMX – Logical Systems ge-0/0/9 Intelink with VLANs not configured
vMX – Ubuntu Server eth2 Intelink with VLANs 192.168.50.10

Note: vmnet4 and vmnet5 are the networks where I will connect vSRX and XRv devices.

1. Ubuntu Host VM Interfaces Configuration

I configure Ubuntu Host VM interfaces into my recent article Ubuntu VM Network Configuration. When I reboot using sudo reboot the VM and get into the system using ssh I get this output:

Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-32-generic x86_64)

* Documentation: https://help.ubuntu.com/

System information as of Mon Nov 20 13:55:47 EET 2017

System load: 0.15 Processes: 407
 Usage of /: 23.4% of 48.11GB Users logged in: 0
 Memory usage: 1% IP address for eth0: 192.168.83.10
 Swap usage: 0% IP address for eth1: 172.16.109.10

Graph this data and manage this system at:
 https://landscape.canonical.com/

259 packages can be updated.
160 updates are security updates.

2. vMX VM Installation

I have installed vMX virtual router using Day One: vMX UP and Running book available on Juniper Networks website. The vMX VM deployment is out of the scope of this article.

3. HOST, VCP/vRE and VFP/vPFE Configuration

 silvia@vMX-ubuntu:~$ cd vmx-15.1F4-3/
 silvia@vMX-ubuntu:~/vmx-15.1F4-3$ cd config/
 silvia@vMX-ubuntu:~/vmx-15.1F4-3/config$ cat vmx.conf
 ##############################################################
 #
 # vmx.conf
 # Config file for vmx on the hypervisor.
 # Uses YAML syntax.
 # Leave a space after ":" to specify the parameter value.
 #
 ##############################################################

---
 #Configuration on the host side - management interface, VM images etc.
 HOST:
   identifier : vmx1 # Maximum 4 characters
   host-management-interface : eth0 <<-- Make sure here is the OoB MNG interface from Ubuntu VM
   routing-engine-image : "/home/silvia/vmx-15.1F4-3/images/jinstall64-vmx-15.1F4.15-domestic.img"
   routing-engine-hdd : "/home/silvia/vmx-15.1F4-3/images/vmxhdd.img"
   forwarding-engine-image : "/home/silvia/vmx-15.1F4-3/images/vFPC-20151203.img"

---
 #External bridge configuration
 BRIDGES:
   - type : external
     name : br-ext # Max 10 characters

---
 #vRE VM parameters
 CONTROL_PLANE:
   vcpus : 1
   memory-mb : 1024
   console_port: 8601

   interfaces :
      - type : static
        ipaddr : 192.168.83.11 <<-- Make sure here is the OoB MNG IP Add
        macaddr : "0A:00:DD:C0:DE:0E"

---
 #vPFE VM parameters
 FORWARDING_PLANE:
   memory-mb : 4096
   vcpus : 3
   console_port: 8602
   device-type : virtio

   interfaces :
     - type : static
       ipaddr : 192.168.83.12 <<-- Make sure here is the OoB MNG IP Add / same IP Subnet as vRE
       macaddr : "0A:00:DD:C0:DE:10"

---
 #Interfaces
 JUNOS_DEVICES: <<-- Maximum 10 are supported
   - interface : ge-0/0/0
     mac-address : "02:06:0A:0E:FF:F0"
     description : "ge-0/0/0 interface"

   - interface : ge-0/0/1
     mac-address : "02:06:0A:0E:FF:F1"
     description : "ge-0/0/1 interface"

   - interface : ge-0/0/2
     mac-address : "02:06:0A:0E:FF:F2"
     description : "ge-0/0/2 interface"

   - interface : ge-0/0/3
     mac-address : "02:06:0A:0E:FF:F3"
     description : "ge-0/0/3 interface"

   - interface : ge-0/0/4
     mac-address : "02:06:0A:0E:FF:F4"
     description : "ge-0/0/4 interface"

   - interface : ge-0/0/5
     mac-address : "02:06:0A:0E:FF:F5"
     description : "ge-0/0/5 interface"

   - interface : ge-0/0/6
     mac-address : "02:06:0A:0E:FF:F6"
     description : "ge-0/0/6 interface"

   - interface : ge-0/0/7
     mac-address : "02:06:0A:0E:FF:F7"
     description : "ge-0/0/7 interface"

   - interface : ge-0/0/8
     mac-address : "02:06:0A:0E:FF:F8"
     description : "ge-0/0/8 interface"

   - interface : ge-0/0/9
     mac-address : "02:06:0A:0E:FF:F9"
     description : "ge-0/0/9 interface"

4. Interfaces configuration (virtio)

Edit vmx-junosdev.conf file. I have used vi editor.

silvia@vMX-ubuntu:~$ cd vmx-15.1F4-3/config/
silvia@vMX-ubuntu:~/vmx-15.1F4-3/config$ vi vmx-junosdev.conf

Pres [i] to enter Insert mode. Edit the file according to the connectivity design. Pres [esc] to exit Insert mode. Then type :wq! to write and quit vi editor.

silvia@vMX-ubuntu:~/vmx-15.1F4-3/config$ cat vmx-junosdev.conf 
##############################################################
#
# vmx-junos-dev.conf
# - Config file for junos device bindings.
# - Uses YAML syntax. 
# - Leave a space after ":" to specify the parameter value.
# - For physical NIC, set the 'type' as 'host_dev'
# - For junos devices, set the 'type' as 'junos_dev' and
# set the mandatory parameter 'vm-name' to the name of
# the vPFE where the device exists
# - For bridge devices, set the 'type' as 'bridge_dev'
#
##############################################################
interfaces :

  - link_name : vmx_link1
    mtu : 1500
    endpoint_1 : 
      - type : junos_dev
        vm_name : vmx1 
        dev_name : ge-0/0/0
    endpoint_2 :
      - type : junos_dev
        vm_name : vmx1
        dev_name : ge-0/0/1

  - link_name : vmx_link2
    mtu : 1500
    endpoint_1 : 
      - type : junos_dev
        vm_name : vmx1
        dev_name : ge-0/0/2
    endpoint_2 :
      - type : junos_dev
        vm_name : vmx1
        dev_name : ge-0/0/3

  - link_name : vmx_link3
    endpoint_1 : 
      - type : junos_dev
        vm_name : vmx1
        dev_name : ge-0/0/4
    endpoint_2 :
      - type : junos_dev
        vm_name : vmx1
        dev_name : ge-0/0/5

  - link_name : vmx_link4
    endpoint_1 : 
      - type : junos_dev
        vm_name : vmx1
        dev_name : ge-0/0/6
    endpoint_2 :
      - type : junos_dev
        vm_name : vmx1
        dev_name : ge-0/0/7
 
  - link_name : vmx_link5
    endpoint_1 : 
      - type : junos_dev
        vm_name : vmx1
        dev_name : ge-0/0/8
    endpoint_2 :
      - type : host_dev
        dev_name : eth1

  - link_name : vmx_link6
    endpoint_1 :
      - type : junos_dev
        vm_name : vmx1
        dev_name : ge-0/0/8
    endpoint_2 :
      - type : host_dev
        dev_name : eth2

5. vMX RE-Installation

I will reinstall my vMX using the edited configuration files and the orchestration scrip vmx.sh.

silvia@vMX-ubuntu:~/vmx-15.1F4-3$ sudo ./vmx.sh -lv --install
[sudo] password for silvia: 
==================================================
 Welcome to VMX
==================================================
Date..............................................11/20/17 14:00:45
VMX Identifier....................................vmx1
Config file......................................./home/silvia/vmx-15.1F4-3/config/vmx.conf
Build Directory.................................../home/silvia/vmx-15.1F4-3/build/vmx1
Environment file................................../home/silvia/vmx-15.1F4-3/env/ubuntu_virtio.env
Junos Device Type.................................virtio
Initialize scripts................................[OK]
Copy images to build directory....................[OK]
==================================================
 VMX Environment Setup Completed
==================================================
==================================================
 VMX Install & Start
==================================================
Linux distribution................................ubuntu
Check GRUB........................................[Disabled]
Installation status of qemu-kvm...................[OK]
Installation status of libvirt-bin................[OK]
Installation status of bridge-utils...............[OK]
Installation status of python.....................[OK]
Installation status of libyaml-dev................[OK]
Installation status of python-yaml................[OK]
Installation status of numactl....................[OK]
Installation status of libnuma-dev................[OK]
Installation status of libparted0-dev.............[OK]
Installation status of libpciaccess-dev...........[OK]
Installation status of libyajl-dev................[OK]
Installation status of libxml2-dev................[OK]
Installation status of libglib2.0-dev.............[OK]
Installation status of libnl-dev..................[OK]
Check Kernel Version..............................[Disabled]
Check Qemu Version................................[Disabled]
Check libvirt Version.............................[Disabled]
Check virsh connectivity..........................[OK]
IXGBE Enabled.....................................[Disabled]
==================================================
 Pre-Install Checks Completed
==================================================
Check for VM vcp-vmx1.............................[Not Running]
Check for VM vfp-vmx1.............................[Not Running]
Cleanup VM states.................................[OK]
Check if bridge br-ext exists.....................[No]
Cleanup VM bridge br-ext..........................[OK]
Cleanup VM bridge br-int-vmx1.....................[OK]
==================================================
 VMX Stop Completed
==================================================
Check VCP image...................................[OK]
Check VFP image...................................[OK]
VMX Model.........................................FPC
Check VCP Config image............................[OK]
Check management interface........................[OK]
Setup huge pages to 8192..........................[OK]
Attempt to kill libvirt...........................[OK]
Attempt to start libvirt..........................[OK]
Sleep 2 secs......................................[OK]
Check libvirt support for hugepages...............[OK]
==================================================
 System Setup Completed
==================================================
Get Management Address of eth0....................[OK]
Generate libvirt files............................[OK]
Sleep 2 secs......................................[OK]
Find configured management interface..............eth0
Find existing management gateway..................eth0
Check if eth0 is already enslaved to br-ext.......[No]
Gateway interface needs change....................[Yes]
Create br-ext.....................................[OK]
Get Management Gateway............................192.168.83.1
Flush eth0........................................[OK]
Start br-ext......................................[OK]
Bind eth0 to br-ext...............................[OK]
Get Management MAC................................00:0c:29:9e:bb:5b
Assign Management MAC 00:0c:29:9e:bb:5b...........[OK]
Add default gw 192.168.83.1.......................[OK]
Create br-int-vmx1................................[OK]
Start br-int-vmx1.................................[OK]
Check and start default bridge....................[OK]
Define vcp-vmx1...................................[OK]
Define vfp-vmx1...................................[OK]
Wait 2 secs.......................................[OK]
Start vcp-vmx1....................................[OK]
Start vfp-vmx1....................................[OK]
Wait 2 secs.......................................[OK]
==================================================
 VMX Bringup Completed
==================================================
Check if br-ext is created........................[Created]
Check if br-int-vmx1 is created...................[Created]
Check if VM vcp-vmx1 is running...................[Running]
Check if VM vfp-vmx1 is running...................[Running]
Check if tap interface vcp_ext-vmx1 exists........[OK]
Check if tap interface vcp_int-vmx1 exists........[OK]
Check if tap interface vfp_ext-vmx1 exists........[OK]
Check if tap interface vfp_int-vmx1 exists........[OK]
==================================================
 VMX Status Verification Completed.
==================================================
Log file........................................../home/silvia/vmx-15.1F4-3/build/vmx1/logs/vmx_1511179244.log
==================================================
 Thankyou for using VMX
==================================================

6. Interfaces binding creation

First let’s review what Linux bridges the vMX script just created when the vMX instance was deployed. This is done using the shell brctl show command:

silvia@vMX-ubuntu:~/vmx-15.1F4-3$ brctl show
bridge name bridge id STP enabled interfaces
br-ext 8000.000c299ebb5b   yes    br-ext-nic 
 ^-- the external bridge that is used for management of the vMX and the KVM host.                                 
                                  eth0
                                  vcp_ext-vmx1
                                  vfp_ext-vmx1
br-int-vmx1 8000.5254007e46ae yes br-int-vmx1-nic
 ^--the internal bridge that is used for communication between the VCP and VFP
                                  vcp_int-vmx1
                                  vfp_int-vmx1
virbr0 8000.52540007eaed   yes    ge-0.0.0-vmx1
                                  ge-0.0.1-vmx1
                                  ge-0.0.2-vmx1
                                  ge-0.0.3-vmx1
                                  ge-0.0.4-vmx1
                                  ge-0.0.5-vmx1
                                  ge-0.0.6-vmx1
                                  ge-0.0.7-vmx1
                                  ge-0.0.8-vmx1
                                  ge-0.0.9-vmx1
                                  virbr0-nic

Next, let’s check that the virtio binding has not been activated. Again I will use the orchestration script that Juniper provide with vMX:

silvia@vMX-ubuntu:~/vmx-15.1F4-3$ sudo ./vmx.sh --bind-check
Checking package ethtool..........................[OK]
Check Link vmx_link1(ge-0.0.0-vmx1, ge-0.0.1-vmx1)
[Not Present]
Check Link vmx_link2(ge-0.0.2-vmx1, ge-0.0.3-vmx1)
[Not Present]
Check Link vmx_link3(ge-0.0.4-vmx1, ge-0.0.5-vmx1)
[Not Present]
Check Link vmx_link4(ge-0.0.6-vmx1, ge-0.0.7-vmx1)
[Not Present]
Check Link vmx_link5(ge-0.0.8-vmx1, eth1).........[Not Present]
Check Link vmx_link6(ge-0.0.9-vmx1, eth2).........[Not Present]

Using –bind-dev option, I will create the binding:

silvia@vMX-ubuntu:~/vmx-15.1F4-3$ sudo ./vmx.sh --bind-dev
Checking package ethtool..........................[OK]
Bind Link vmx_link1(ge-0.0.0-vmx1, ge-0.0.1-vmx1)
[OK]
Bind Link vmx_link2(ge-0.0.2-vmx1, ge-0.0.3-vmx1)
[OK]
Bind Link vmx_link3(ge-0.0.4-vmx1, ge-0.0.5-vmx1)
[OK]
Bind Link vmx_link4(ge-0.0.6-vmx1, ge-0.0.7-vmx1)
[OK]
Bind Link vmx_link5(ge-0.0.8-vmx1, eth1)..........[OK]
Numa node for eth1................................-1
Cores servicing numa node -1......................
Pid of vfp-vmx1...................................8540
Pin vhost-8540 (PID=8552) to cores ...............taskset: failed to parse CPU list: 
[Failed]
Pin vhost-8540 (PID=8551) to cores ...............taskset: failed to parse CPU list: 
[Failed]
Pin vhost-8540 (PID=8550) to cores ...............taskset: failed to parse CPU list: 
[Failed]
Pin vhost-8540 (PID=8549) to cores ...............taskset: failed to parse CPU list: 
[Failed]
Pin vhost-8540 (PID=8548) to cores ...............taskset: failed to parse CPU list: 
[Failed]
Pin vhost-8540 (PID=8547) to cores ...............taskset: failed to parse CPU list: 
[Failed]
Pin vhost-8540 (PID=8546) to cores ...............taskset: failed to parse CPU list: 
[Failed]
Pin vhost-8540 (PID=8545) to cores ...............taskset: failed to parse CPU list: 
[Failed]
Pin vhost-8540 (PID=8544) to cores ...............taskset: failed to parse CPU list: 
[Failed]
Pin vhost-8540 (PID=8543) to cores ...............taskset: failed to parse CPU list: 
[Failed]
Pin vhost-8540 (PID=8542) to cores ...............taskset: failed to parse CPU list: 
[Failed]
Pin vhost-8540 (PID=8541) to cores ...............taskset: failed to parse CPU list: 
[Failed]
Bind Link vmx_link6(ge-0.0.9-vmx1, eth2)..........[OK]

^– The taskset command is used to achieve better performance in virtio mode.

I chose to ignore the error for the current purposes of my lab as long as the bindings are present:

silvia@vMX-ubuntu:~/vmx-15.1F4-3$ sudo ./vmx.sh --bind-check
Checking package ethtool..........................[OK]
Check Link vmx_link1(ge-0.0.0-vmx1, ge-0.0.1-vmx1)
[OK]
Check Link vmx_link2(ge-0.0.2-vmx1, ge-0.0.3-vmx1)
[OK]
Check Link vmx_link3(ge-0.0.4-vmx1, ge-0.0.5-vmx1)
[OK]
Check Link vmx_link4(ge-0.0.6-vmx1, ge-0.0.7-vmx1)
[OK]
Check Link vmx_link5(ge-0.0.8-vmx1, eth1).........[OK]
Check Link vmx_link6(ge-0.0.9-vmx1, eth2).........[OK]

Another interesting view of host ifconfig output.

silvia@vMX-ubuntu:~$ ifconfig | grep -A 1 encap
br-ext Link encap:Ethernet HWaddr 00:0c:29:9e:bb:5b 
      inet addr:192.168.83.10 Bcast:192.168.83.255 Mask:255.255.255.0
--
br-int-vmx1 Link encap:Ethernet HWaddr 52:54:00:fa:1a:e1 
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
--
eth0 Link encap:Ethernet HWaddr 00:0c:29:9e:bb:5b 
     inet6 addr: fe80::20c:29ff:fe9e:bb5b/64 Scope:Link
--
eth1 Link encap:Ethernet HWaddr 00:0c:29:9e:bb:65 
     inet addr:172.16.109.10 Bcast:172.16.109.255 Mask:255.255.255.0
--
eth2 Link encap:Ethernet HWaddr 00:0c:29:9e:bb:6f 
     inet addr:192.168.50.10 Bcast:192.168.50.255 Mask:255.255.255.0
--
ge-0.0.0-vmx1 Link encap:Ethernet HWaddr fe:06:0a:0e:ff:f0 
     inet6 addr: fe80::fc06:aff:fe0e:fff0/64 Scope:Link
--
ge-0.0.1-vmx1 Link encap:Ethernet HWaddr fe:06:0a:0e:ff:f1 
     inet6 addr: fe80::fc06:aff:fe0e:fff1/64 Scope:Link
--
ge-0.0.2-vmx1 Link encap:Ethernet HWaddr fe:06:0a:0e:ff:f2 
     inet6 addr: fe80::fc06:aff:fe0e:fff2/64 Scope:Link
--
ge-0.0.3-vmx1 Link encap:Ethernet HWaddr fe:06:0a:0e:ff:f3 
     inet6 addr: fe80::fc06:aff:fe0e:fff3/64 Scope:Link
--
ge-0.0.4-vmx1 Link encap:Ethernet HWaddr fe:06:0a:0e:ff:f4 
     inet6 addr: fe80::fc06:aff:fe0e:fff4/64 Scope:Link
--
ge-0.0.5-vmx1 Link encap:Ethernet HWaddr fe:06:0a:0e:ff:f5 
     inet6 addr: fe80::fc06:aff:fe0e:fff5/64 Scope:Link
--
ge-0.0.6-vmx1 Link encap:Ethernet HWaddr fe:06:0a:0e:ff:f6 
     inet6 addr: fe80::fc06:aff:fe0e:fff6/64 Scope:Link
--
ge-0.0.7-vmx1 Link encap:Ethernet HWaddr fe:06:0a:0e:ff:f7 
     inet6 addr: fe80::fc06:aff:fe0e:fff7/64 Scope:Link
--
ge-0.0.8-vmx1 Link encap:Ethernet HWaddr fe:06:0a:0e:ff:f8 
     inet6 addr: fe80::fc06:aff:fe0e:fff8/64 Scope:Link
--
ge-0.0.9-vmx1 Link encap:Ethernet HWaddr fe:06:0a:0e:ff:f9 
     inet6 addr: fe80::fc06:aff:fe0e:fff9/64 Scope:Link
--
lo Link encap:Local Loopback 
     inet addr:127.0.0.1 Mask:255.0.0.0
--
vcp_ext-vmx1 Link encap:Ethernet HWaddr fe:00:dd:c0:de:0e 
     inet6 addr: fe80::fc00:ddff:fec0:de0e/64 Scope:Link
--
vcp_int-vmx1 Link encap:Ethernet HWaddr fe:54:00:1f:5d:9c 
     inet6 addr: fe80::fc54:ff:fe1f:5d9c/64 Scope:Link
--
vfp_ext-vmx1 Link encap:Ethernet HWaddr fe:00:dd:c0:de:10 
     inet6 addr: fe80::fc00:ddff:fec0:de10/64 Scope:Link
--
vfp_int-vmx1 Link encap:Ethernet HWaddr fe:54:00:f1:04:f1 
     inet6 addr: fe80::fc54:ff:fef1:4f1/64 Scope:Link
--
virbr0 Link encap:Ethernet HWaddr 52:54:00:07:ea:ed 
     inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
--
vmx_link1 Link encap:Ethernet HWaddr fe:06:0a:0e:ff:f0 
     inet6 addr: fe80::3cb1:36ff:fe47:58ee/64 Scope:Link
--
vmx_link2 Link encap:Ethernet HWaddr fe:06:0a:0e:ff:f2 
     inet6 addr: fe80::c432:7dff:fe91:f80e/64 Scope:Link
--
vmx_link3 Link encap:Ethernet HWaddr fe:06:0a:0e:ff:f4 
     inet6 addr: fe80::1cf7:7dff:fead:7ef5/64 Scope:Link
--
vmx_link4 Link encap:Ethernet HWaddr fe:06:0a:0e:ff:f6 
     inet6 addr: fe80::54f2:5fff:fe72:6601/64 Scope:Link
--
vmx_link5 Link encap:Ethernet HWaddr 00:0c:29:9e:bb:65 
     inet6 addr: fe80::cb1:6ff:fe88:a4e1/64 Scope:Link
--
vmx_link6 Link encap:Ethernet HWaddr 00:0c:29:9e:bb:6f 
     inet6 addr: fe80::2c26:b8ff:fed3:fd8d/64 Scope:Link

7. Connect to VFP using serial console

I will check my VFP serial console connectivity using user root and password root as configured default.

silvia@vMX-ubuntu:~/vmx-15.1F4-3$ sudo ./vmx.sh --console vfp vmx1 
--
Login Console Port For vfp-vmx1 - 8602
Press Ctrl-] to exit anytime
--
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.


Wind River Linux 6.0.0.12 vfp-vmx1 console

vfp-vmx1 login: root
Password: root

Here I can check logs:

root@vfp-vmx1:~# cd /var/log/ 
root@vfp-vmx1:/var/log# ls
boot riot.lcore.15.log riot.lcore.33.log riot.lcore.51.log
lastlog riot.lcore.16.log riot.lcore.34.log riot.lcore.52.log
messages riot.lcore.17.log riot.lcore.35.log riot.lcore.53.log
messages.0 riot.lcore.18.log riot.lcore.36.log riot.lcore.54.log
messages.1 riot.lcore.19.log riot.lcore.37.log riot.lcore.55.log
messages.2 riot.lcore.2.log riot.lcore.38.log riot.lcore.56.log
messages.3 riot.lcore.20.log riot.lcore.39.log riot.lcore.57.log
messages.4 riot.lcore.21.log riot.lcore.4.log riot.lcore.58.log
pfe.log riot.lcore.22.log riot.lcore.40.log riot.lcore.59.log
pfe.log.0 riot.lcore.23.log riot.lcore.41.log riot.lcore.6.log
pfe.log.1 riot.lcore.24.log riot.lcore.42.log riot.lcore.60.log
pfe.log.2 riot.lcore.25.log riot.lcore.43.log riot.lcore.61.log
pfe.log.3 riot.lcore.26.log riot.lcore.44.log riot.lcore.62.log
riot.lcore.0.log riot.lcore.27.log riot.lcore.45.log riot.lcore.63.log
riot.lcore.1.log riot.lcore.28.log riot.lcore.46.log riot.lcore.7.log
riot.lcore.10.log riot.lcore.29.log riot.lcore.47.log riot.lcore.8.log
riot.lcore.11.log riot.lcore.3.log riot.lcore.48.log riot.lcore.9.log
riot.lcore.12.log riot.lcore.30.log riot.lcore.49.log wtmp
riot.lcore.13.log riot.lcore.31.log riot.lcore.5.log
riot.lcore.14.log riot.lcore.32.log riot.lcore.50.log

!!! Some logs show up into this console. The can’t open ‘/var/jnx/card/local/type’ portion I remember from Junos vMX Router on VMWare Fusion article I’ve written 2 days ago. Interesting!

RPIO: Lost connection from localhost <-> localhost:3001
start_riot.sh: line 105: 3020 Killed /home/pfe/riot/build/app/riot -c 0x7 -n 2 -- --rx "(0,0,0,1),(1,0,1,1),(2,0,2,1),(3,0,3,1),(4,0,4,1),(5,0,5,1),(6,0,6,1),(7,0,7,1),(8,0,8,1),(9,0,9,1)," --tx "(0,1),(1,1),(2,1),(3,1),(4,1),(5,1),(6,1),(7,1),(8,1),(9,1)," --w "2" --rpio "local,3000,3001" --hostif "local,3002" --bsz "(32,32),(32,32),(32,32)"
mpc :
cat: can't open '/var/jnx/card/local/type': No such file or directory
tx_hello_tx: Failed to get card type defaulting to 0
cat: can't open '/var/jnx/card/local/slot': No such file or directory
tx_hello_tx: Failed to get card slot defaulting to 0
tnp_hello_tx: Board type 0
tnp_hello_tx: Board slot 0
SETTING UP DPDK ENVIRONMENT ON
Linux vfp-vmx1 3.10.38-ltsi-rt34-WR6.0.0.12_preempt-rt #1 SMP PREEMPT RT Wed Dec 2 16:34:33 PST 2015 x86_64 GNU/Linux
dpdk_setup.sh: line 21: make: command not found
insmod: can't insert '/home/pfe/riot/dpdk/x86_64-native-linuxapp-gcc/kmod/igb_uio.ko': File exists
Creating /mnt/huge and mounting as hugetlbfs
Detected Junos Device type VirtIO
bind interface 00:05.0 00:06.0 00:07.0 00:08.0 00:09.0 00:0a.0 00:0b.0 00:0c.0 00:0d.0 00:0e.0 from UIO
uio device registered with irq 2e
uio device registered with irq 2f
uio device registered with irq 30
uio device registered with irq 31
uio device registered with irq 32
uio device registered with irq 33
uio device registered with irq 34
uio device registered with irq 35
uio device registered with irq 36
uio device registered with irq 37
OK
kernel.core_pattern = /var/crash/core.%e.%t.%p.gz
Number of CPUs available : 3
Number of PORTs to service : 10
/home/pfe/riot/build/app/riot -c 0x7 -n 2 -- --rx "(0,0,0,1),(1,0,1,1),(2,0,2,1),(3,0,3,1),(4,0,4,1),(5,0,5,1),(6,0,6,1),(7,0,7,1),(8,0,8,1),(9,0,9,1)," --tx "(0,1),(1,1),(2,1),(3,1),(4,1),(5,1),(6,1),(7,1),(8,1),(9,1)," --w "2" --rpio "local,3000,3001" --hostif "local,3002" --bsz "(32,32),(32,32),(32,32)"
EAL: Setting up memory...
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f4057600000 (size = 0x200000)
EAL: Ask a virtual area of 0x9400000 bytes
EAL: Virtual area found at 0x7f404e000000 (size = 0x9400000)
EAL: Ask a virtual area of 0x3b800000 bytes
EAL: Virtual area found at 0x7f4012600000 (size = 0x3b800000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f4012200000 (size = 0x200000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f4011e00000 (size = 0x200000)
EAL: Ask a virtual area of 0xe400000 bytes
EAL: Virtual area found at 0x7f4003800000 (size = 0xe400000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f4003400000 (size = 0x200000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f4003000000 (size = 0x200000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f4002c00000 (size = 0x200000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f4002800000 (size = 0x200000)
EAL: Ask a virtual area of 0x400000 bytes
EAL: Virtual area found at 0x7f4002200000 (size = 0x400000)
EAL: Ask a virtual area of 0x2400000 bytes
EAL: Virtual area found at 0x7f3fffc00000 (size = 0x2400000)
EAL: Ask a virtual area of 0x800000 bytes
EAL: Virtual area found at 0x7f3fff200000 (size = 0x800000)
EAL: Ask a virtual area of 0x1400000 bytes
EAL: Virtual area found at 0x7f3ffdc00000 (size = 0x1400000)
EAL: Ask a virtual area of 0x400000 bytes
EAL: Virtual area found at 0x7f3ffd600000 (size = 0x400000)
EAL: Ask a virtual area of 0x3400000 bytes
EAL: Virtual area found at 0x7f3ffa000000 (size = 0x3400000)
EAL: Ask a virtual area of 0x800000 bytes
EAL: Virtual area found at 0x7f3ff9600000 (size = 0x800000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f3ff9200000 (size = 0x200000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f3ff8e00000 (size = 0x200000)
EAL: Ask a virtual area of 0x400000 bytes
EAL: Virtual area found at 0x7f3ff8800000 (size = 0x400000)
EAL: Ask a virtual area of 0x600000 bytes
EAL: Virtual area found at 0x7f3ff8000000 (size = 0x600000)
EAL: Ask a virtual area of 0x400000 bytes
EAL: Virtual area found at 0x7f3ff7a00000 (size = 0x400000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f3ff7600000 (size = 0x200000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f3ff7200000 (size = 0x200000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f3ff6e00000 (size = 0x200000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f3ff6a00000 (size = 0x200000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f3ff6600000 (size = 0x200000)
EAL: Ask a virtual area of 0x600000 bytes
EAL: Virtual area found at 0x7f3ff5e00000 (size = 0x600000)
EAL: Ask a virtual area of 0xc00000 bytes
EAL: Virtual area found at 0x7f3ff5000000 (size = 0xc00000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f3ff4c00000 (size = 0x200000)
EAL: Ask a virtual area of 0x400000 bytes
EAL: Virtual area found at 0x7f3ff4600000 (size = 0x400000)
EAL: Ask a virtual area of 0x600000 bytes
EAL: Virtual area found at 0x7f3ff3e00000 (size = 0x600000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f3ff3a00000 (size = 0x200000)
EAL: Ask a virtual area of 0x200000 bytes
EAL: Virtual area found at 0x7f3ff3600000 (size = 0x200000)
EAL: Requesting 768 pages of size 2MB from socket 0
EAL: TSC frequency is ~2903905 KHz
EAL: WARNING: cpu flags constant_tsc=yes nonstop_tsc=no -> using unreliable clock cycles !
EAL: 0000:00:03.0 not managed by UIO driver, skipping
EAL: 0000:00:04.0 not managed by UIO driver, skipping
CONFIG: --f argument not given : Flow caching will not be enabled
INIT: Creating the mbuf pool for socket 0 ...
INIT: Creating ring with priority 0 to connect I/O lcore 1 (socket 0) with worker lcore 2 ...
INIT: Creating ring with priority 1 to connect I/O lcore 1 (socket 0) with worker lcore 2 ...
INIT: Creating ring to connect worker lcore 2 with TX port 0 (through I/O lcore 1) (socket 0) ...
INIT: Creating ring to connect worker lcore 2 with TX port 1 (through I/O lcore 1) (socket 0) ...
INIT: Creating ring to connect worker lcore 2 with TX port 2 (through I/O lcore 1) (socket 0) ...
INIT: Creating ring to connect worker lcore 2 with TX port 3 (through I/O lcore 1) (socket 0) ...
INIT: Creating ring to connect worker lcore 2 with TX port 4 (through I/O lcore 1) (socket 0) ...
INIT: Creating ring to connect worker lcore 2 with TX port 5 (through I/O lcore 1) (socket 0) ...
INIT: Creating ring to connect worker lcore 2 with TX port 6 (through I/O lcore 1) (socket 0) ...
INIT: Creating ring to connect worker lcore 2 with TX port 7 (through I/O lcore 1) (socket 0) ...
INIT: Creating ring to connect worker lcore 2 with TX port 8 (through I/O lcore 1) (socket 0) ...
INIT: Creating ring to connect worker lcore 2 with TX port 9 (through I/O lcore 1) (socket 0) ...
INIT: No. of Lpolicer Buckets : 1
INIT: Setting worker Lpolicer: 0 start-idx 0
HOSTIF: Creating ring to connect hostif lcore 0 with worker lcore 2 ...
HOSTIF: Creating ring with priority 0 to connect worker lcore 0 (socket 0) with hostif worker lcore 2 ...
HOSTIF: Creating ring with priority 1 to connect worker lcore 0 (socket 0) with hostif worker lcore 2 ...
CONFIG: Runtime option summary:
CONFIG: rx capture port mask : 0x0
CONFIG: rx capture frequency : 1
CONFIG: rx capture length : 128
EAL: 0000:00:03.0 not managed by UIO driver, skipping
EAL: 0000:00:04.0 not managed by UIO driver, skipping
INIT: Initializing NIC port 0 ...
INIT: Initializing NIC port 0 RX queue 0 ...
INIT: Initializing NIC port 0 TX queue 0 ...
INIT: Initializing NIC port 1 ...
INIT: Initializing NIC port 1 RX queue 0 ...
INIT: Initializing NIC port 1 TX queue 0 ...
INIT: Initializing NIC port 2 ...
INIT: Initializing NIC port 2 RX queue 0 ...
INIT: Initializing NIC port 2 TX queue 0 ...
INIT: Initializing NIC port 3 ...
INIT: Initializing NIC port 3 RX queue 0 ...
INIT: Initializing NIC port 3 TX queue 0 ...
INIT: Initializing NIC port 4 ...
INIT: Initializing NIC port 4 RX queue 0 ...
INIT: Initializing NIC port 4 TX queue 0 ...
INIT: Initializing NIC port 5 ...
INIT: Initializing NIC port 5 RX queue 0 ...
INIT: Initializing NIC port 5 TX queue 0 ...
INIT: Initializing NIC port 6 ...
INIT: Initializing NIC port 6 RX queue 0 ...
INIT: Initializing NIC port 6 TX queue 0 ...
INIT: Initializing NIC port 7 ...
INIT: Initializing NIC port 7 RX queue 0 ...
INIT: Initializing NIC port 7 TX queue 0 ...
INIT: Initializing NIC port 8 ...
INIT: Initializing NIC port 8 RX queue 0 ...
INIT: Initializing NIC port 8 TX queue 0 ...
INIT: Initializing NIC port 9 ...
INIT: Initializing NIC port 9 RX queue 0 ...
INIT: Initializing NIC port 9 TX queue 0 ...
RPIO: Command socket listening on: localhost:3000
RPIO: Event socket listening on: localhost:3001
LU: Initializing LU
INIT: Initialization completed.
CONFIG: NIC RX ports: CONFIG: 0 (CONFIG: 0 CONFIG: ) CONFIG: 1 (CONFIG: 0 CONFIG: ) CONFIG: 2 (CONFIG: 0 CONFIG: ) CONFIG: 3 (CONFIG: 0 CONFIG: ) CONFIG: 4 (CONFIG: 0 CONFIG: ) CONFIG: 5 (CONFIG: 0 CONFIG: ) CONFIG: 6 (CONFIG: 0 CONFIG: ) CONFIG: 7 (CONFIG: 0 CONFIG: ) CONFIG: 8 (CONFIG: 0 CONFIG: ) CONFIG: 9 (CONFIG: 0 CONFIG: ) CONFIG: ;
CONFIG: I/O lcore 1 (socket 0): CONFIG: RX ports CONFIG: (0, 0, 0) CONFIG: (1, 0, 1) CONFIG: (2, 0, 2) CONFIG: (3, 0, 3) CONFIG: (4, 0, 4) CONFIG: (5, 0, 5) CONFIG: (6, 0, 6) CONFIG: (7, 0, 7) CONFIG: (8, 0, 8) CONFIG: (9, 0, 9) CONFIG: ; CONFIG: Output rings CONFIG:
Priority : HiCONFIG: 0x7f40577ea000 CONFIG:
Priority : NorCONFIG: 0x7f40577ec080 CONFIG: ;
CONFIG: Worker lcore 2 (socket 0) ID 0: CONFIG: Input rings CONFIG:
Priority : HiCONFIG: 0x1d9a540 CONFIG: 0x1d9a608 CONFIG:
Priority : NorCONFIG: 0x1d9a540 CONFIG: ;
CONFIG:
CONFIG:
CONFIG: NIC TX ports: CONFIG: 0 CONFIG: 1 CONFIG: 2 CONFIG: 3 CONFIG: 4 CONFIG: 5 CONFIG: 6 CONFIG: 7 CONFIG: 8 CONFIG: 9 CONFIG: ;
CONFIG: I/O lcore 1 (socket 0): CONFIG: Input rings per TX port CONFIG: 0 (CONFIG: 0x7f40577ee100 CONFIG: ) CONFIG: 1 (CONFIG: 0x7f40577f0180 CONFIG: ) CONFIG: 2 (CONFIG: 0x7f40577f2200 CONFIG: ) CONFIG: 3 (CONFIG: 0x7f40577f4280 CONFIG: ) CONFIG: 4 (CONFIG: 0x7f40577f6300 CONFIG: ) CONFIG: 5 (CONFIG: 0x7f40577f8380 CONFIG: ) CONFIG: 6 (CONFIG: 0x7f40577fa400 CONFIG: ) CONFIG: 7 (CONFIG: 0x7f40577fc480 CONFIG: ) CONFIG: 8 (CONFIG: 0x7f3ff5b8c740 CONFIG: ) CONFIG: 9 (CONFIG: 0x7f3ff5b8e7c0 CONFIG: ) CONFIG: ;
CONFIG: Worker lcore 2 (socket 0) ID 0:
CONFIG: Output rings per TX port CONFIG: 0 (0x7f40577ee100) CONFIG: 1 (0x7f40577f0180) CONFIG: 2 (0x7f40577f2200) CONFIG: 3 (0x7f40577f4280) CONFIG: 4 (0x7f40577f6300) CONFIG: 5 (0x7f40577f8380) CONFIG: 6 (0x7f40577fa400) CONFIG: 7 (0x7f40577fc480) CONFIG: 8 (0x7f3ff5b8c740) CONFIG: 9 (0x7f3ff5b8e7c0) CONFIG: ;
CONFIG: Ring sizes: NIC RX = 1024; Worker in = 1024; Worker out = 1024; NIC TX = 1024;
CONFIG: Burst sizes: I/O RX (rd = 32, wr = 32); Worker (rd = 32, wr = 32); I/O TX (rd = 32, wr = 32)
RUNTIME: Logical core 1 (I/O) main loop.

RUNTIME: Logical core 2 (worker 0) main loop.

RPIO: Accepted connection from localhost <-> localhost:3000
RPIO: Accepted connection from localhost <-> localhost:3001
RIOT: Received bandwidth config: b/w : 6250000

RIOT: Initializing policer for bank 0, bucket : 0 rate: 6250000

METER: Low level srTCM config:
CIR period = 464, CIR bytes per period = 1
RIOT: New policer index: 0

HOSTIF: Accepted connection

RUNTIME: Detected port 0 status changed to UP

RUNTIME: Detected port 1 status changed to UP

RUNTIME: Detected port 2 status changed to UP

RUNTIME: Detected port 3 status changed to UP

RUNTIME: Detected port 4 status changed to UP

RUNTIME: Detected port 5 status changed to UP

RUNTIME: Detected port 6 status changed to UP

RUNTIME: Detected port 7 status changed to UP

RUNTIME: Detected port 8 status changed to UP

RUNTIME: Detected port 9 status changed to UP

8. Connect to VCP using serial console

The default configuration is user root with no password. I have already configured the vMX in my old laboratories.

silvia@vMX-ubuntu:~/vmx-15.1F4-3$ sudo ./vmx.sh --console vcp vmx1
[sudo] password for silvia:

vMX (ttyd0)

login: root
password: ********

--- JUNOS 15.1F4.15 built 2015-12-23 20:22:39 UTC

root@vMX% cli
root@vMX>

9. Configure SSH connectivity

I configure fxp0 interface with the OoB Management IP address:

[edit]
root@vMX# show interfaces fxp0 
unit 0 {
      family inet {
            address 192.168.83.11/24;
      }
}

[edit]
root@vMX# run show route

inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.83.0/24 *[Direct/0] 00:15:24
 > via fxp0.0
192.168.83.11/32 *[Local/0] 00:15:24
 Local via fxp0.0

Let’s test some ping:

[edit]
root@vMX# run ping 192.168.83.10  <<-- to Ubuntu Host
PING 192.168.83.10 (192.168.83.10): 56 data bytes
64 bytes from 192.168.83.10: icmp_seq=0 ttl=64 time=0.335 ms
^C
--- 192.168.83.10 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.270/0.352/0.430/0.058 ms

[edit]
root@vMX# run ping 192.168.83.1  <<-- to MacBook 
PING 192.168.83.1 (192.168.83.1): 56 data bytes
64 bytes from 192.168.83.1: icmp_seq=0 ttl=64 time=1.249 ms
^C
--- 192.168.83.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.591/0.920/1.249/0.329 ms

[edit]
root@vMX# run ping 192.168.83.12   <<-- to VFP
PING 192.168.83.12 (192.168.83.12): 56 data bytes
64 bytes from 192.168.83.12: icmp_seq=0 ttl=64 time=2.595 ms
^C
--- 192.168.83.12 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.613/1.604/2.595/0.991 ms

Let’s check if I can connect to vRE from Ubuntu Host:

silvia@vMX-ubuntu:~$ ssh root@192.168.83.11 
The authenticity of host '192.168.83.11 (192.168.83.11)' can't be established.
ECDSA key fingerprint is 34:0a:47:46:92:0f:f9:ba:8d:e3:99:9a:bd:3c:82:71.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.83.11' (ECDSA) to the list of known hosts.
Password:
Last login: Fri Nov 17 11:21:06 2017
--- JUNOS 15.1F4.15 built 2015-12-23 20:22:39 UTC
root@vMX% cli
root@vMX>

BINGO!! Now I can connect also from my MacBook using SecureCRT.

10. Create and save a vMX base configuration file vmx_base.conf

Next, I create and I save into my SkyLifter project folder a base configuration file using file path: SkyLifter/SkylifterSource/vmx_base.conf.

11. Comand Line Summary

cd vmx-15.1F4-3/

sudo ./vmx.sh -lv --install

brctl show

sudo ./vmx.sh --bind-check

sudo ./vmx.sh --bind-dev

sudo ./vmx.sh --bind-check

sudo ./vmx.sh --console vfp vmx1 (root, root)

sudo ./vmx.sh --console vcp vmx1 (root, SilviaMurgescu)

S3: Ubuntu VM Network Configuration

At the moment, my Ubuntu VM is already created with default configuration. Next, I will have to make some changes and connect the Ubuntu VM to the following networks:

Network Connected Device Device Port Info IP
vmnet3 vMX – Ubuntu Server eth0 OoB MNG Net 192.168.83.10
vmnet4 vMX – Ubuntu Server eth1 Intelink with VLANs 172.16.109.10
vmnet5 vMX – Ubuntu Server eth2 Intelink with VLANs 192.168.50.10

Software

  • Ubuntu 14.04.1 LTS
  • VMWare Fusion 10.0.1 Pro

Procedure

1. Create the needed networks into VMWare Fusion using Network GUI.

2. From Fusion application, click Ubuntu VM, go to Virtual Machine > Settings… and add the created networks.

3. Login to Ubuntu VM from Fusion console.

silvia@vMX-ubuntu:~$ sudo -i
[sudo] password for silvia:

4. Check the network setting.

root@vMX-ubuntu:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0c:29:9e:bb:5b  
          inet6 addr: fe80::20c:29ff:fe9e:bb5b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:185 errors:0 dropped:0 overruns:0 frame:0
          TX packets:111 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:18483 (18.4 KB)  TX bytes:14165 (14.1 KB)
eth1      Link encap:Ethernet  HWaddr 00:0c:29:9e:bb:65  
          inet6 addr: fe80::20c:29ff:fe9e:bb65/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:48 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3596 (3.5 KB)  TX bytes:3596 (3.5 KB)
virbr0    Link encap:Ethernet  HWaddr 52:54:00:07:ea:ed  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

4. Change default configuration for eth0 by deleting DHCP setting and adding the static setting. Note: eth0 is connected to vmnet3.

 root@vMX-ubuntu:~# cat /etc/network/interfaces
 # This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).

# The loopback network interface
 auto lo
 iface lo inet loopback

# The primary network interface
 auto eth0
 iface eth0 inet dhcp static
 address 192.168.83.10
 netmask 255.255.255.0
 network 192.168.83.0
 broadcast 192.168.83.255
 gateway 192.168.83.1

# The secondary networks interface
 auto eth1
 iface eth1 inet manual

5. Restart Ubuntu VM. It didn’t work for me to restart the interface or networking process.

6. When the Ubuntu VM is UP again, check the interface

silvia@vMX-ubuntu:~# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0c:29:9e:bb:5b
inet addr:192.168.83.10 Bcast:192.168.83.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe9e:bb5b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:201 errors:0 dropped:0 overruns:0 frame:0
TX packets:120 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:19908 (19.9 KB) TX bytes:16815 (16.8 KB)

7. Configure eth1 and eth2 network interfaces connected to vmnet4 and vmnet5.

silvia@vMX-ubuntu:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.83.10
netmask 255.255.255.0
network 192.168.83.0
broadcast 192.168.83.255
gateway 192.168.83.1



# The secondary networks interface
auto eth1
iface eth1 inet static
address 172.16.109.10
netmask 255.255.255.0
network 172.16.109.0
broadcast 172.16.109.255
gateway 172.16.109.1

# The secondary networks interface
auto eth2
iface eth2 inet static
address 192.168.50.10
netmask 255.255.255.0
network 192.168.50.0
broadcast 192.168.50.255
gateway 192.168.50.1

8. Restart the VM and check again the network configuration.

silvia@vMX-ubuntu:~$ ifconfig | grep -A 1 eth
eth0 Link encap:Ethernet HWaddr 00:0c:29:9e:bb:5b 
inet addr:192.168.83.10 Bcast:192.168.83.255 Mask:255.255.255.0
--
eth1 Link encap:Ethernet HWaddr 00:0c:29:9e:bb:65 
inet addr:172.16.109.10 Bcast:172.16.109.255 Mask:255.255.255.0
--
eth2 Link encap:Ethernet HWaddr 00:0c:29:9e:bb:6f 
inet addr:192.168.50.10 Bcast:192.168.50.255 Mask:255.255.255.0