Ing artikel iki, aku bakal nuduhake sampeyan carane nyiyapake opendaylight kanggo nggarap peralatan jaringan, lan uga nuduhake carane nggunakake Posmen lan prasaja RESTCONF panjalukan, peralatan iki bisa kontrol. Kita ora bakal bisa karo hardware, nanging kita bakal masang laboratorium virtual cilik karo router siji nggunakake Vrnetlab liwat Ubuntu 20.04 LTS.
Aku bakal nuduhake setelan rinci pisanan nggunakake conto router Juniper vMX 20.1R1.11, banjur kita mbandhingake karo setelan Cisco xRV9000 7.0.2.
Isi
- kawruh sing dibutuhake
- Bagéan saka 1: rembugan sedhela OpenDaylight (sabanjuré ODL), Posmen и Vrnetlab lan kenapa kita butuh wong-wong mau
- Bagéan saka 2: gambaran saka laboratorium virtual
- Bagéan saka 3: ngaturaken opendaylight
- Bagéan saka 4: ngaturaken Vrnetlab
- Bagéan saka 5: kanthi nggunakake Posmen nyambungake router virtual (Juniper vMX) Kanggo ODL
- Bagéan saka 6: njaluk lan ngganti konfigurasi router nggunakake Posmen и ODL
- Bagéan saka 7: nambah Cisco xRV9000
- kesimpulan
- PS
- Bibliografi
kawruh sing dibutuhake
Supaya artikel kasebut ora dadi lembaran, aku ngilangi sawetara rincian teknis (kanthi pranala menyang literatur sing bisa diwaca babagan).
Ing sambungan iki, aku menehi sampeyan topik sing apik (nanging meh ora perlu) ngerti sadurunge maca:
- ,
- /
Part 1: sawetara teori
- Platform SDN mbukak kanggo ngatur lan ngotomatisasi kabeh jinis jaringan, didhukung dening Yayasan Linux
- Jawa ing njero
- Adhedhasar Model-Driven Service Abstraction Level (MD-SAL)
- Nggunakake model YANG kanggo ngasilake API RESTCONF kanthi otomatis kanggo piranti jaringan
Modul utama kanggo manajemen jaringan. Iku liwat iku kita bakal komunikasi karo piranti sing disambungake. Ngatur liwat API dhewe.
Sampeyan bisa maca liyane babagan OpenDaylight .
- Alat tes API
- Prasaja lan gampang kanggo nggunakake antarmuka
Ing kasus kita, kita kasengsem minangka sarana kanggo ngirim panjalukan REST menyang OpenDaylight API. Sampeyan bisa, mesthi, ngirim panjalukan kanthi manual, nanging ing Postman kabeh katon cetha banget lan cocog karo tujuan kita.
Kanggo sing pengin digali: akeh materi latihan sing ditulis ing ().
- Alat kanggo nyebarake router virtual ing Docker
- Mendukung: Cisco XRv, Juniper vMX, Arista vEOS, Nokia VSR, lsp.
- Open Source
Instrumen sing menarik banget nanging kurang dikenal. Ing kasus kita, kita bakal nggunakake kanggo mbukak Juniper vMX lan Cisco xRV9000 ing Ubuntu biasa 20.04 LTS.
Sampeyan bisa maca liyane babagan ing .
Bagian 2: Lab
Ing tutorial iki, kita bakal nyiyapake sistem ing ngisor iki:
Carane ora karya iki
- Juniper vMX munggah ing docker wadah (kanthi cara Vrnetlab) lan fungsi minangka router virtual sing paling umum.
- ODL disambungake menyang router lan ngijini sampeyan kanggo ngontrol.
- Posmen dibukak ing mesin kapisah lan liwat iku kita ngirim printah ODL: kanggo nyambung / mbusak router, ngganti konfigurasi, etc.
Komentar ing piranti sistem
Juniper vMX и ODL mbutuhake cukup akèh sumber daya kanggo operasi stabil. mung siji vMX nyuwun 6 Gb RAM lan 4 intine. Mulane, diputusake kanggo mindhah kabeh "bobot abot" menyang mesin sing kapisah (Heulett Packard Enterprise MicroServer ProLiant Gen8, Ubuntu 20.04 LTS). Router, mesthi, ora "mabur" ing, nanging kinerja cukup kanggo nyobi cilik.
Part 3: Nggawe OpenDaylight
Versi ODL saiki nalika nulis iki yaiku Magnesium SR1
1) Instal Java Open JDK 11 (kanggo instalasi sing luwih rinci )
ubuntu:~$ sudo apt install default-jdk2) Temokake lan download mbangun paling anyar ODL
3) Unzip arsip sing diundhuh
4) Pindhah menyang direktori asil
5) Bukak ./bin/karaf
Ing langkah iki ODL kudu miwiti lan kita bakal nemokake dhéwé ing console (Port 8181 digunakake kanggo akses saka njaba, kang bakal digunakake mengko).
Sabanjure, instal Fitur ODLdirancang kanggo nggarap protokol NETCONF и RESTCONF. Kanggo nindakake iki ing console ODL kita eksekusi:
opendaylight-user@root> feature:install odl-netconf-topology odl-restconf-allIki persiyapan paling gampang. ODL rampung. (Kanggo rincian liyane, waca ).
Part 4: Nggawe Vrnetlab
Persiapan sistem
Sadurunge nginstal Vrnetlab sampeyan kudu nginstal paket sing dibutuhake kanggo operasi. Kayata , , :
ubuntu:~$ sudo apt update
ubuntu:~$ sudo apt -y install python3-bs4 sshpass make
ubuntu:~$ sudo apt -y install git
ubuntu:~$ sudo apt install -y
apt-transport-https ca-certificates
curl gnupg-agent software-properties-common
ubuntu:~$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
ubuntu:~$ sudo add-apt-repository
"deb [arch=amd64] https://download.docker.com/linux/ubuntu
$(lsb_release -cs)
stable"
ubuntu:~$ sudo apt update
ubuntu:~$ sudo apt install -y docker-ce docker-ce-cli containerd.ioNginstal Vrnetlab
Kanggo instalasi Vrnetlab kloning repositori sing cocog saka github:
ubuntu:~$ cd ~
ubuntu:~$ git clone https://github.com/plajjan/vrnetlab.gitPindhah menyang direktori vrnetlab:
ubuntu:~$ cd ~/vrnetlabIng kene sampeyan bisa ndeleng kabeh skrip sing dibutuhake kanggo mbukak. Elinga yen direktori sing cocog wis digawe kanggo saben jinis router:
ubuntu:~/vrnetlab$ ls
CODE_OF_CONDUCT.md config-engine-lite openwrt vr-bgp
CONTRIBUTING.md csr routeros vr-xcon
LICENSE git-lfs-repo.sh sros vrnetlab.sh
Makefile makefile-install.include topology-machine vrp
README.md makefile-sanity.include veos vsr1000
ci-builder-image makefile.include vmx xrv
common nxos vqfx xrv9kNggawe gambar saka router
Saben router sing didhukung Vrnetlab, nduweni prosedur persiyapan unik dhewe. kapan Juniper vMX kita mung kudu ngunggah arsip .tgz karo router (sampeyan bisa ngundhuh saka ) menyang direktori vmx lan jalanake perintah kasebut make:
ubuntu:~$ cd ~/vrnetlab/vmx
ubuntu:~$ # Копируем в эту директорию .tgz архив с роутером
ubuntu:~$ sudo makeNggawe gambar vMX bakal njupuk bab 10-20 menit. Wis wayahe golek kopi!
Kok suwe banget, sampeyan takon?
Jarwan penulis kanggo pitakonan iki:
"Iki amarga pisanan VCP (Control Plane) diwiwiti, maca file konfigurasi sing nemtokake manawa bakal mbukak minangka VCP VRR ing vMX. Sadurunge, peluncuran iki ditindakake nalika wiwitan Docker, nanging iki tegese VCP tansah diwiwiti maneh sapisan sadurunge router virtual kasedhiya, nyebabake wektu boot dawa (kira-kira 5 menit) Saiki, VCP pisanan wis rampung nalika mbangun gambar Docker, lan wiwit mbangun Docker ora bisa mbukak karo - pilihan -privileged, iki tegese qemu dianggo tanpa akselerasi hardware KVM lan kanthi mangkono mbangun njupuk wektu banget dawa. Sajrone proses iki, akèh log sing output, supaya paling sampeyan bisa ndeleng apa sing arep ing.Aku dawa mbangun ora medeni amarga kita nggawe gambar sapisan, nanging kita miwiti akeh.
Sawise sampeyan bisa ndeleng gambar router kita ing docker:
ubuntu:~$ sudo docker image list
REPOSITORY TAG IMAGE ID CREATED SIZE
vrnetlab/vr-vmx 20.1R1.11 b1b2369b453c 3 weeks ago 4.43GB
debian stretch 614bb74b620e 7 weeks ago 101MBBukak wadhah vr-vmx
Kita miwiti karo printah:
ubuntu:~$ sudo docker run -d --privileged --name jun01 b1b2369b453cSabanjure, kita bisa ndeleng informasi babagan wadhah aktif:
ubuntu:~$ sudo docker container list
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
120f882c8712 b1b2369b453c "/launch.py" 2 minutes ago Up 2 minutes (unhealthy) 22/tcp, 830/tcp, 5000/tcp, 10000-10099/tcp, 161/udp jun01Nyambung menyang router
Alamat IP antarmuka jaringan router bisa dipikolehi kanthi printah ing ngisor iki:
ubuntu:~$ sudo docker inspect --format '{{.NetworkSettings.IPAddress}}' jun01
172.17.0.2Default, Vrnetlab nggawe pangguna ing router vrnetlab/VR-netlab9.
Nyambung karo ssh:
ubuntu:~$ ssh [email protected]
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.
ECDSA key fingerprint is SHA256:g9Sfg/k5qGBTOX96WiCWyoJJO9FxjzXYspRoDPv+C0Y.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.
Password:
--- JUNOS 20.1R1.11 Kernel 64-bit JNPR-11.0-20200219.fb120e7_buil
vrnetlab> show version
Model: vmx
Junos: 20.1R1.11Iki ngrampungake persiyapan router.
Rekomendasi instalasi kanggo router saka macem-macem vendor bisa ditemokaké ing ing direktori masing-masing.
Part 5: Tukang pos - nyambungake router menyang OpenDaylight
Instalasi tukang pos
Kanggo nginstal, mung ngundhuh aplikasi kasebut .
Nyambungake router menyang ODL
Ayo nggawe sijine njaluk:
- String pitakon:
PUT http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01 - Badan panjaluk (tab Badan):
<node xmlns="urn:TBD:params:xml:ns:yang:network-topology"> <node-id>jun01</node-id> <host xmlns="urn:opendaylight:netconf-node-topology">172.17.0.2</host> <port xmlns="urn:opendaylight:netconf-node-topology">22</port> <username xmlns="urn:opendaylight:netconf-node-topology">vrnetlab</username> <password xmlns="urn:opendaylight:netconf-node-topology">VR-netlab9</password> <tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only> <schema-cache-directory xmlns="urn:opendaylight:netconf-node-topology">jun01_cache</schema-cache-directory> </node> - Ing tab Wewenang, sampeyan kudu nyetel parameter
Basic Authlan login / sandhi: admin / admin. Iki dibutuhake kanggo ngakses ODL:
- Ing tab Headers, sampeyan kudu nambah rong header:
- Nampa aplikasi / xml
- Aplikasi Tipe Konten/xml
Panyuwunan kita wis digawe. Kita ngirim. Yen kabeh wis dikonfigurasi kanthi bener, mula kita kudu bali status "201 Digawe":
Apa panjalukan iki?
Kita nggawe simpul ing njero ODL karo paramèter saka router nyata kita pengin ngakses.
xmlns="urn:TBD:params:xml:ns:yang:network-topology"
xmlns="urn:opendaylight:netconf-node-topology"Iki minangka ruang jeneng internal XML (Ruang jeneng XML) kanggo ODL miturut sing nggawe simpul.
Kajaba iku, jeneng router kasebut node-id, alamat router - inang lan sapiturute.
Baris sing paling menarik yaiku sing pungkasan. Skema-cache-direktori nggawe direktori ing ngendi kabeh file diundhuh Skema YANG router disambungake. Sampeyan bisa nemokake ing $ODL_ROOT/cache/jun01_cache.
Priksa sambungan router
Ayo nggawe Njaluk njaluk:
- String pitakon:
GET http://10.132.1.202:8181/restconf/operational/network-topology:network-topology/topology/topology-netconf/ - Ing tab Wewenang, sampeyan kudu nyetel parameter
Basic Authlan login / sandhi: admin / admin.
Kita ngirim. Sampeyan kudu nampa status "200 OK" lan dhaptar kabeh sing didhukung dening piranti Skema YANG:
komentar: Kanggo ndeleng sing terakhir, ing kasusku kudu ngenteni udakara 10 menit sawise eksekusi sijinenganti kabeh skema sing mbongkar ing ODL. Nganti titik iki, nalika nindakake iki Njaluk pitakon bakal nampilake ing ngisor iki:
Mbusak router
Ayo nggawe Busak njaluk:
- String pitakon:
DELETE http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01 - Ing tab Wewenang, sampeyan kudu nyetel parameter
Basic Authlan login / sandhi: admin / admin.
Part 6: Ngganti konfigurasi router
Njupuk konfigurasi
Ayo nggawe Njaluk njaluk:
- String pitakon:
GET http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01/yang-ext:mount/ - Ing tab Wewenang, sampeyan kudu nyetel parameter
Basic Authlan login / sandhi: admin / admin.
Kita ngirim. Sampeyan kudu nampa status "200 OK" lan konfigurasi router:
Nggawe konfigurasi
Minangka conto, ayo nggawe konfigurasi ing ngisor iki lan ngowahi:
protocols {
bgp {
disable;
shutdown;
}
}Ayo nggawe POST njaluk:
- String pitakon:
POST http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01/yang-ext:mount/junos-conf-root:configuration/junos-conf-protocols:protocols - Badan panjaluk (tab Badan):
<bgp xmlns="http://yang.juniper.net/junos/conf/protocols"> <disable/> <shutdown> </shutdown> </bgp> - Ing tab Wewenang, sampeyan kudu nyetel parameter
Basic Authlan login / sandhi: admin / admin. - Ing tab Headers, sampeyan kudu nambah rong header:
- Nampa aplikasi / xml
- Aplikasi Tipe Konten/xml
Sawise ngirim, dheweke kudu nampa status "204 No Content"
Kanggo mriksa manawa konfigurasi wis diganti, sampeyan bisa nggunakake pitakon sadurunge. Nanging umpamane, kita bakal nggawe liyane sing bakal nampilake informasi mung babagan protokol sing dikonfigurasi ing router.
Ayo nggawe Njaluk njaluk:
- String pitakon:
GET http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01/yang-ext:mount/junos-conf-root:configuration/junos-conf-protocols:protocols - Ing tab Wewenang, sampeyan kudu nyetel parameter
Basic Authlan login / sandhi: admin / admin.
Sawise nglakokake panjaluk kasebut, kita bakal weruh ing ngisor iki:
Ngganti konfigurasi
Ayo ngganti informasi babagan protokol BGP. Sawise tumindak kita bakal katon kaya iki:
protocols {
bgp {
disable;
}
}Ayo nggawe sijine njaluk:
- String pitakon:
PUT http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01/yang-ext:mount/junos-conf-root:configuration/junos-conf-protocols:protocols - Badan panjaluk (tab Badan):
<protocols xmlns="http://yang.juniper.net/junos/conf/protocols"> <bgp> <disable/> </bgp> </protocols> - Ing tab Wewenang, sampeyan kudu nyetel parameter
Basic Authlan login / sandhi: admin / admin. - Ing tab Headers, sampeyan kudu nambah rong header:
- Nampa aplikasi / xml
- Aplikasi Tipe Konten/xml
Nggunakake sadurunge Njaluk request, kita ndeleng owah-owahan:
Mbusak konfigurasi
Ayo nggawe Busak njaluk:
- String pitakon:
DELETE http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/jun01/yang-ext:mount/junos-conf-root:configuration/junos-conf-protocols:protocols - Ing tab Wewenang, sampeyan kudu nyetel parameter
Basic Authlan login / sandhi: admin / admin.
Nalika diarani Njaluk njaluk informasi babagan protokol, kita bakal weruh ing ngisor iki:
Tambahan:
Kanggo ngganti konfigurasi, iku ora perlu kanggo ngirim awak request ing format XML. Iki uga bisa ditindakake ing format JSON.
Kanggo nindakake iki, contone, ing pitakonan sijine kanggo ngganti konfigurasi, ganti awak panjalukan karo:
{
"junos-conf-protocols:protocols": {
"bgp": {
"description" : "Changed in postman"
}
}
}Aja lali ngganti header ing tab Header dadi:
- Nampa aplikasi / json
- Aplikasi Tipe Konten / json
Sawise ngirim, kita bakal entuk asil ing ngisor iki (We ndeleng jawaban nggunakake Njaluk njaluk):
Part 7: Nambahake Cisco xRV9000
Apa kita kabeh babagan Juniper, ya Juniper? Ayo dadi pirembagan bab Cisco!
Aku nemokake xRV9000 versi 7.0.2 (kewan sing mbutuhake 8Gb RAM lan 4 intine. Ora kasedhiya kanthi bebas, mula hubungi ) - ayo mlaku.
Mlaku wadhah
Proses nggawe wadhah Docker praktis ora beda karo Juniper. Kajaba iku, kita nyelehake file .qcow2 karo router menyang direktori sing cocog karo jenenge (ing kasus iki, xrv9k) lan nglakokake perintah kasebut. make docker-image.
Sawise sawetara menit, kita weruh yen gambar wis digawe:
ubuntu:~$ sudo docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
vrnetlab/vr-xrv9k 7.0.2 54debc7973fc 4 hours ago 1.7GB
vrnetlab/vr-vmx 20.1R1.11 b1b2369b453c 4 weeks ago 4.43GB
debian stretch 614bb74b620e 7 weeks ago 101MBKita miwiti wadah:
ubuntu:~$ sudo docker run -d --privileged --name xrv01 54debc7973fcSawise sawetara wektu, kita katon yen wadhah wis diwiwiti:
ubuntu:~$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
058c5ecddae3 54debc7973fc "/launch.py" 4 hours ago Up 4 hours (healthy) 22/tcp, 830/tcp, 5000-5003/tcp, 10000-10099/tcp, 161/udp xrv01Sambungake liwat ssh:
ubuntu@ubuntu:~$ ssh [email protected]
Password:
RP/0/RP0/CPU0:ios#show version
Mon Jul 6 12:19:28.036 UTC
Cisco IOS XR Software, Version 7.0.2
Copyright (c) 2013-2020 by Cisco Systems, Inc.
Build Information:
Built By : ahoang
Built On : Fri Mar 13 22:27:54 PDT 2020
Built Host : iox-ucs-029
Workspace : /auto/srcarchive15/prod/7.0.2/xrv9k/ws
Version : 7.0.2
Location : /opt/cisco/XR/packages/
Label : 7.0.2
cisco IOS-XRv 9000 () processor
System uptime is 3 hours 22 minutesNyambungake router menyang OpenDaylight
Nambahake kedadeyan kanthi cara sing padha karo vMX. Kita mung kudu ngganti jeneng.
sijine njaluk:
Telpon sawise sawetara wektu Njaluk pitakon kanggo mriksa manawa kabeh wis nyambung:
Ngganti konfigurasi
Ayo nyiyapake konfigurasi ing ngisor iki:
!
router ospf LAB
mpls ldp auto-config
!Ayo nggawe POST njaluk:
- String pitakon:
POST http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/xrv01/yang-ext:mount/Cisco-IOS-XR-ipv4-ospf-cfg:ospf - Badan panjaluk (tab Badan):
{ "processes": { "process": [ { "process-name": "LAB", "default-vrf": { "process-scope": { "ldp-auto-config": [ null ] } } } ] } } - Ing tab Wewenang, sampeyan kudu nyetel parameter
Basic Authlan login / sandhi: admin / admin. - Ing tab Headers, sampeyan kudu nambah rong header:
- Nampa aplikasi / json
- Aplikasi Tipe Konten / json
Sawise eksekusi, dheweke kudu nampa status "204 Ora Ana Konten".
Ayo dipriksa apa sing entuk.
Kanggo nindakake iki, kita bakal nggawe Njaluk njaluk:
- String pitakon:
GET http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/xrv01/yang-ext:mount/Cisco-IOS-XR-ipv4-ospf-cfg:ospf - Ing tab Wewenang, sampeyan kudu nyetel parameter
Basic Authlan login / sandhi: admin / admin.
Sawise eksekusi, sampeyan kudu ndeleng ing ngisor iki:
Kanggo mbusak nggunakake konfigurasi Busak:
- String pitakon:
DELETE http://10.132.1.202:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/xrv01/yang-ext:mount/Cisco-IOS-XR-ipv4-ospf-cfg:ospf - Ing tab Wewenang, sampeyan kudu nyetel parameter
Basic Authlan login / sandhi: admin / admin.
kesimpulan
Secara total, kaya sing wis dingerteni, prosedur kanggo nyambungake Cisco lan Juniper menyang OpenDaylight ora beda-beda - iki mbukak ruang lingkup kreatifitas sing cukup akeh. Miwiti saka manajemen konfigurasi kabeh komponen jaringan lan diakhiri karo nggawe kabijakan jaringan sampeyan dhewe.
Ing tutorial iki, aku wis menehi conto paling gampang babagan carane sampeyan bisa sesambungan karo peralatan jaringan nggunakake OpenDaylight. Tanpa mangu, pitakon saka conto ing ndhuwur bisa digawe luwih rumit lan nyiyapake kabeh layanan kanthi siji klik mouse - kabeh mung diwatesi dening imajinasi sampeyan *
Terus ...
PS
Yen dumadakan sampeyan wis ngerti kabeh iki utawa, ing nalisir, wis liwat lan dicemplungke ing nyawa ODL, banjur aku nyaranake looking menyang ngembangaken aplikasi ing ODL controller. Sampeyan bisa miwiti .
Eksperimen sing sukses!
Referensi
- / Brian Linkletter
- OpenDaylight Cookbook / Mathieu Lemay, Alexis de Talhouet, Et al
- Programmabilitas Jaringan karo YANG / Benoît Claise, Loe Clarke, Jan Lindblad
- Learning XML, Second Edition / Erik T. Ray
- DevOps Efektif / Jennifer Davis, Ryn Daniels
Source: www.habr.com