Installation (Local Mode) - gfrebello/bsec-nfvo GitHub Wiki

The BSec-NFVO orchestration tool is built on top of Open Platform for Network Function Virtualization (OPNFV) and a main server written with the Django Python framework. We need to install both modules to make the tool operational.

Installing OPNFV

OPNFV is a cloud operating system platform mantained by the Linux Foundation that provides the tools for the NFV orchestration Sinfonia is based upon. To install it, please read the official documentation for its current relase. We recommend the deployment through Fuel as it is easier to debug and it has a graphical installation tool. The hardware requirements for a minimum OPNFV environment deployment through Fuel are:

  • 1 Fuel Master node
    • CPU: Dual-core
    • RAM: 2GB
    • Disk: 50GB per node
    • NIC: 1 Gigabit network port
  • 1 Controller node
    • CPU: 1 socket x86_AMD64 with Virtualization support
    • RAM: 16GB per server (Depending on VNF work load)
    • Disk: 256GB 10kRPM spinning disks
  • 1 Compute node
    • CPU: 1 socket x86_AMD64 with Virtualization support
    • RAM: 16GB/server (Depending on VNF work load)
    • Disk: 256GB 10kRPM spinning disks
  • Networks
    • 4 Tagged VLANs (PUBLIC, MGMT, STORAGE, PRIVATE)
    • 1 Un-Tagged VLAN for PXE Boot - ADMIN Network Note: These can be allocated to a single NIC - or spread out over multiple NICs as your hardware supports.

BSec-NFVO was originally developed in a 4-node deployment (1 controller node, 3 compute nodes) of OPNFV Danube 3.0 and it should be compatible with previous and future releases.

Installing BSec-NFVO

BSec-NFVO itself is written in Python and uses the Django framework to build its interface and main server. To install the tool simply clone the git repository:

 git clone https://github.com/gfrebello/bsec-nfvo.git

And install its dependencies with pip:

cd ./bsec-nfvo
pip install -r requirements.txt

If you are running Python < 2.7.9 and don't have pip installed, check its installation guide. By running these simple commands, you should have a full installation of Sinfonia.

Configuring and running BSec-NFVO locally

BSec-NFVO is designed to be used in a distributed scenario where different modules run on different hosts. However, the easiest and fastest way to deploy is by instantiating everything locally. This section shows BSec-NFVO's simplest form of deployment. For advanced features, please refer to (). We recommend using terminator and a terminal multiplexer such as Linux screen for easier visualization and running multiple commands simultaneously.

apt-get install -y screen terminator

After OPNFV is up and running and the the BSec-NFVO installation setup is done, we need to configure our orchestrator and initialize our blockchain modules. First, define the OPNFV controller IP and the port for communication between the modules ('localhost' and port 2346 by default). Make sure the port you choose is available and not being blocked by a firewall.

On orchestrator/orchestrator.py:

PORT = 2346

On backChain/config.py:

RPC_IP = 'localhost'
RPC_PORT = 2346

Then, run the orchestrator on a screen

screen -S orchestrator python orchestrator/orchestrator.py

Detatch from the screen with Ctrl+A then Ctrl+D and intialize the blockchain client module in a new screen.

screen -S client python backChain/managementClient.py

Note: By default, BSec-NFVO ships with a key pair that the blockchain client module uses to sign its transactions. If you want to generate your own key pair or define custom configurations, please refer to the Sinfonia advanced page.

Now, we will start the blockchain modules that will store our sensitive commands. The blockchain modules contain all communication and consensus-related code. First configure the environment by running ./configure_nodes [N] where N is the number of blockchain modules to be used. In this tutorial, we will use 3 nodes.

./configure_nodes 3

The configuration script will create fully configured copies of the master blockchain module as the nodes/node-[N]/backChain subfolders. First start the master node in your main terminal

screen -S master python backChain/chainNode.py

Then use terminator to open a terminal for each slave node. For each slave node, do

cd nodes/node-N
screen -S node-N python backChain/chainNode.py

Note: The use of screen and terminator here is once again recommended as a way to visualize the environment. However this is equivalent to running the codes on two bash terminals.

Finally, add your hostname to ALLOWED_HOSTS in maestro/settings.py and start BSec-NFVO's main server with:

python manage.py runserver 0.0.0.0

You should now see an authentication screen on http://localhost/dashboard. Register yourself and the dashboard will appear. Congratulations, you have just installed BSec-NFVO!

Checking command validation

Want to check that the commands are being validated through consensus and registered in the blockchain? Attempt to create, delete or edit any service function chain. For each command, you should see a transaction being issued from the client to on of the blockchain modules and a response transaction from the orchestrator with the result.

The consensus algorithm will start and each node will output the consensus phases and the commit score of received signed votes. The transaction is appended to the blockchain if and only if number of negative votes on the commit score of each node represents less than 1/3 of the network. When consensus is over, the client module checks the blockchain for the response transaction and outputs it to the web interface.