Installing SD-WAN SE Virtual Appliances (VPX) in Linux-KVM Platform
Apr 12, 2018
Installing SDWAN VPX-SE Appliances in KVM Hypervisor platform:
1) To set up NetScaler SDWAN VPX-SE for the Linux-KVM platform:
a. Use the graphical Virtual Machine Manager (Virtual Manager) application.
b. Use the virsh program Linux-KVM command line.
2) The host Linux operating system must be installed on suitable hardware by using virtualization tools such as KVM Module and QEMU. The number of virtual machines (VMs) that can be deployed on the hypervisor depends on the application requirement and the chosen hardware.
3) The .qcow2 file has to be unique for each of the NetScaler VPX instance provisioned. It is a virtual hard disk (VHD) that is attached to VM.
1) Install Ubuntu 16.04 on the bare metal appliance which supports Virtualization. Follow the below steps to check if the bare metal appliance supports Virtualization.
2) 64-bit x86 processors with the hardware virtualization features included in the AMD-V and Intel VT-X processors.
a. To test whether your CPU of Linux host supports virtualization, enter the following command at the host Linux shell prompt:
|egrep -c ‘(vmx||svm)’ /proc/cpuinfo, this output must be more than 0.**|
3) Alternative to step 2, install a package/tool called “cpu-checker” (sudo apt-get install cpu-checker), enter the following command :
kvm-ok, the output must be “KVM acceleration can be used”.
4) Minimum hardware requirements:
As the SDWAN-Virtual WAN (guest OS) requires 4 V CPUs, 4GB RAM and 40 GB (VHD). You must have a host with these specifications which can satisfy this.
5) Software requirements:
Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-78-generic x86_64)
Install qemu-kvm, libvirt-bin, virt-manager : sudo apt-get install qemu-kvm libvirt-bin virt-manager bridge-utils. Execute this command to obtain all the required packages/software.
Provisioning the SD-WAN VPX appliances by using Virtual Machine Manager (VMM):
1) Open the Virtual Machine Manager. Go to Application > System Tools > Virtual Machine Manager, and provide the logon credentials in the Authenticate window.
2) Once the VMM opens, you should see QEMU/KVM. This indicates that the VMM is not connected to the QEMU Virtualization.
NIC ordering for SD-WAN VPX-SE provisioning must be in the following order; Management, LAN and WAN.
3) Select New Virtual Machine.
4) Select the VHD, the VHD used by one machine cannot be shared. Unique VHD is required for every Virtual Machine.
Browse the image and select the path where it is downloaded.
5) Provide RAM as 4096 MB and CPU as 4.
6) Name the VM as needed and select Customize configuration before Install. As by default one NIC gets selected to the Virtual Machine, you can see the Network selection option.
In this setup enp4s0f0 is the Management Network for the Host machine, and if you want to use this NIC, sharing same NIC between guests and host for Management access. Source Mode is Bridge since it is shared between VMs.
7) After clicking Finish, ensure you select customize configuration before install for further configuration.
For the NIC that is assigned, in this example “enp4s0f0:macvtap” you need to select the Device model as “virtio”. The model that is supported for communication.
8) Add additional NICs for LAN and WAN with Add Hardware at the bottom left side corner.
For good Performance, it is recommended to use Source Mode as Pass-through (Only one VM can use the Lower NIC and hence it cannot be shared across VMs). For LAN and WAN interfaces use “Pass-through” Mode and Device Model should be “virtio”.
9) Select Begin Installation for the installation process to start and you can see the console of the appliance.
10) Use management_ip command to set the IP address.
How to Deploy SD-WAN Appliances in Linux-KVM Hypervisor Platform Instance on the same Host
Deploying SD-WAN appliances in HA mode on the same host requires sharing the same physical interface across SD-WAN VPX appliances. For example; the eth3 of physical hypervisor (host) is used for WANLink-1 for Primary VM, the same interface should be used for secondary appliance, so that if primary appliance becomes inactive, the secondary appliance can respond to the ARP requests for shared MAC.
For sharing of the Physical NIC between the VMs which are on the same host, the source modes that can be used according to KVM networking is MACVTAP Bridge or Linux Bridge.
How to use Linux Bridge
Create Bridge using “brctl” on the Host (KVM Hypervisor level).
Associate the required Physical NIC to the bridge created (using brctl commands).
These bridges created at Hypervisor level should be now be associated to the SD-WAN VM.
Primary and Secondary VMs are now associated with the Linux bridges created.
To create Linux Bridge and associate it with Virtual Machine:
“brctl addbr ha-brwan1”
Associating physical nic to the bridge “ha-brwan1”
“brctl addif ha-brwan1 eth3”
Associating the bridge “ha-brwan1” to the SD-WAN-SE (Virtual WAN) (both Physical and Secondary)
1. When adding network interface, select Network source as “Specify shared device name”.
2. Under Bridge Name, provide the name of the bridge created.
3. Device Model should always be “virtio”.
Create bridges for LAN and WAN interfaces. The below snapshot depicts the way to associate interface to SDWAN-SE using Virtual Machine Manager.
These steps should be followed only when both Primary and Secondary HA node are present on the same KVM Hypervisor/Host. In case, if HA nodes are present on different Hypervisors then MACVTAP: Passthrough source mode can be used.
Limitation with MACVTAP Bridge mode type
With interface associated to Virtual Machines as MACVTAP Bridge mode type there are issues with shared MAC communication. SD-WAN Virtual WAN uses shared MAC (AA: AA: AA: 00:00: XX). When MACVTAP Bridge mode is used, ARP resolution does not occur for shared Mac. So MACVTAP Bridge is not a recommended option.