Enable Virtual Customer Premises Equipment (vCPE) with OpenStack* Part 2: Prepare the Virtual Network Functions

ID 659397
Updated 6/28/2016
Version Latest



This post shows how to create images to emulate two types of virtual network functions (VNFs) you may come across. These images may be useful, for example, if you are trying to set up virtual Customer Premises Equipment (vCPE), as described in Blog 1 of this series, Enabling vCPE with OpenStack* - Get Started.



The images being created in this case are:

  • The bump-in-the-wire operation, such as frame-forwarding (L2 VNF)
  • Software routing (L3 VNF)


Bump! What was that?

In this case, we will set up bridging on the "bump" (L2 VNF), and allow traffic to pass through. We will clear any IP addresses on the virtual machine (VM) and add both the interfaces to the bridge. The bridge will be configured to forward frames and not participate in the network otherwise. This VM will essentially be invisible to any other network user. In a production environment, this would carry out operations such as traffic inspection or WAN optimization.

Make sure bridge-utils is installed on the VM, and configure the bridge by adding the following to /etc/network/interfaces:

auto eth0
  iface eth0 inet manual
      up ifconfig eth0 
      up ifconfig ip link set eth0 promisc on

  auto eth1
  iface eth1 inet manual
      up ifconfig eth1
      up ifconfig ip link set eth1 promisc on

  auto br100
  iface br100 inet manual
      bridge_ports eth0 eth1
      bridge_stp on
      bridge_waitport 0

The eth0 and eth1 ip addresses are cleared and the interfaces are set to promiscuous mode, so that they accept all packets.

The bridge is then created, with the ports eth0 and eth1 added to it. All traffic entering the VM on eth0 will exit on eth1, and vice versa.

A software router

In order to configure a VM to act as a router it must be configured to allow IP forwarding and proxy ARP. This can be done through the /etc/sysctl.conf file:

net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.proxy_arp = 1
net.ipv4.conf.eth1.proxy_arp = 1

The IP addresses for the ports on the "router" should be the default routes for the LAN and WAN networks, which is done when the networks and ports are being created, as described in Blog 3 of this series, Enabling vCPE with OpenStack* - Create the Networks.

Add the images

Once you have saved these images in a safe place, add them to Glance so they can be used for booting VMs:

$ glance image-create --name bump_image --disk-format qcow2 --container-format bare --file ~/ubuntu-bump-in-the-wire.qcow2
$ glance image-create --name router_image --disk-format qcow2 --container-format bare --file ~/ubuntu-router.qcow2

Congratulations, you now have two images available in Glance, which can be used for booting VMs!

Continue Reading

You've just finished the second in a series of three blogs on the topic of enabling vCPE with OpenStack. Read the other blogs by clicking on the links below: