Signed-off-by: John DeNisco <jdenisco@cisco.com>
Change-Id: If4d5ef8ab93c905493af074fb4c2096f1ab222d4
scenario.
OS / Distro test results
scenario.
OS / Distro test results
-========================
+------------------------
This setup has been tested on an Ubuntu 18.04 LTS system. If you're
feeling adventurous, the same scenario also worked on a recent Ubuntu
This setup has been tested on an Ubuntu 18.04 LTS system. If you're
feeling adventurous, the same scenario also worked on a recent Ubuntu
Other distros may work fine, or not at all.
Proxy Server
Other distros may work fine, or not at all.
Proxy Server
If you need to use a proxy server e.g. from a lab system, you'll
probably need to set HTTP_PROXY, HTTPS_PROXY, http_proxy and
If you need to use a proxy server e.g. from a lab system, you'll
probably need to set HTTP_PROXY, HTTPS_PROXY, http_proxy and
```
Install and configure lxd
```
Install and configure lxd
-=========================
+-------------------------
Install the lxd snap. The lxd snap is up to date, as opposed to the
results of "sudo apt-get install lxd".
Install the lxd snap. The lxd snap is up to date, as opposed to the
results of "sudo apt-get install lxd".
containers from scratch. Ask me how I know that.
Create three network segments
containers from scratch. Ask me how I know that.
Create three network segments
-=============================
+-----------------------------
We'll explain the test topology in a bit. Stay tuned.
Set up the default container profile
We'll explain the test topology in a bit. Stay tuned.
Set up the default container profile
-====================================
+------------------------------------
Execute "lxc profile edit default", and install the following
configuration. Note that the "shared" directory should mount your vpp
Execute "lxc profile edit default", and install the following
configuration. Note that the "shared" directory should mount your vpp
```
Set up the network configurations
```
Set up the network configurations
-=================================
+---------------------------------
Edit the fake "internet" backbone:
Edit the fake "internet" backbone:
```
Create a "master" container image
```
Create a "master" container image
-=================================
+---------------------------------
The master container image should be set up so that you can
build vpp, ssh into the container, edit source code, run gdb, etc.
The master container image should be set up so that you can
build vpp, ssh into the container, edit source code, run gdb, etc.
```
Duplicate the "master" container image
```
Duplicate the "master" container image
-======================================
+--------------------------------------
To avoid having to configure N containers, be sure that the master
container image is fully set up before you help it have children:
To avoid having to configure N containers, be sure that the master
container image is fully set up before you help it have children:
See below for a handly script which executes lxc commands across the
current set of running containers. I call it "lxc-foreach," feel free
See below for a handly script which executes lxc commands across the
current set of running containers. I call it "lxc-foreach," feel free
Finally, we're ready to describe a test topology. First, a picture:
Finally, we're ready to describe a test topology. First, a picture:
"swan" bridges connect vpp instances to local hosts
End station configs
"swan" bridges connect vpp instances to local hosts
End station configs
The end-station Linux configurations set up the eth2 and eth3 ip
addresses shown above, and add tunnel routes to the opposite
The end-station Linux configurations set up the eth2 and eth3 ip
addresses shown above, and add tunnel routes to the opposite
Split nat44 / ikev2 + ipsec tunneling, with ipv6 prefix delegation in
the "dora" config.
Split nat44 / ikev2 + ipsec tunneling, with ipv6 prefix delegation in
the "dora" config.
```
IKEv2 certificate setup
```
IKEv2 certificate setup
In both of the vpp configurations, you'll see "/scratch/setups/xxx.pem"
mentioned. These certificates are used in the ikev2 key exchange.
In both of the vpp configurations, you'll see "/scratch/setups/xxx.pem"
mentioned. These certificates are used in the ikev2 key exchange.
Make sure that the "dora" and "swan" configurations point to the certificates.
DHCPv6 server setup
Make sure that the "dora" and "swan" configurations point to the certificates.
DHCPv6 server setup
If you need an ipv6 dhcp server to test ipv6 prefix delegation,
create the "dhcpserver" container as shown above.
If you need an ipv6 dhcp server to test ipv6 prefix delegation,
create the "dhcpserver" container as shown above.
address.
Container / Host Interoperation
address.
Container / Host Interoperation
-===============================
+-------------------------------
Host / container interoperation is highly desirable. If the host and a
set of containers don't run the same distro _and distro version_, it's
Host / container interoperation is highly desirable. If the host and a
set of containers don't run the same distro _and distro version_, it's