Build Testing Infrastructure

Build Testing Infrastructure

#opnsense #proxmox #docker #rack #edgecore

D907136acebc72f1df878541b26f271a?s=128

Phil Huang

May 18, 2017
Tweet

Transcript

  1. Build Testing Infrastructure Phil Huang phil_hunag@edge-core.com Open Networking Solution Engineer,

    Edgecore Networks
  2. About Me Phil Huang • Open Networking Solution Engineer •

    ONOS/CORD Ambassador • blog.pichuang.com.tw © 2017 Edgecore Networks. All rights reserved | www.edge-core.com
  3. Goal 5/18/17 © 2017 Edgecore Networks. All rights reserved |

    www.edge-core.com 3 • Build feature rich firewall solution • Provide VLAN-based network for projects • Provide remote access for customers • Provide SSL-VPN for staff
  4. Hardware Requirement • CPU: Up to you (Support Intel VT-d

    or AMD-V) • RAM: More than 8G • NIC: 2 physical port (one for LAN, one for WAN) 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 4 1U/2Nodes
  5. Proxmox VE Complete Server Virtualization Management Solution 5/18/17 © 2017

    Edgecore Networks. All rights reserved | www.edge-core.com 5
  6. Proxmox VE • Open source virtualization solution • Server virtualization

    with KVM and Linux Container (LXC) • Features • Central management with Web GUI and command line • A wide variety of storage technologies (File-level or block-level) • ZFS / File / NFS / GlusterFS / LVM / Ceph / Sheepdog • High availability • Shared storage / Cluster management 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 6
  7. PVE WEB Dashboard 5/18/17 © 2017 Edgecore Networks. All rights

    reserved | www.edge-core.com 7
  8. Virtualization - KVM • KVM (for Kernel-based Virtual Machine) •

    Full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V) • Features • Paravirtualized drivers (Virto) • Live or offline migration • Snapshots • … 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 8 Ref: https://www.slideshare.net/NOVL/virtualization-with-kvm-kernelbased-virtual-machine
  9. Virtualization - LXC • Consider as something in the middle

    between chroot and full fledged virtual machine • No emulation, run as process on the host • Features • Kernel namespaces (user, network, pid, mount, ips, uts) • Apparmor and SELinux profiles • Chroot • Kernel capabilities • Cgroups (control groups) • … 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 9
  10. Proxmox VE Technical Stack 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 10
  11. OPNsense Open Source Firewall that is easy-to-use and protects your

    network 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 11
  12. OPNsense • Complete high-end security firewall platform • Features •

    Offer dashboard to quickly check the status • Stateful firewall that keep track of the state of network connections • High Availability / Hardware Failover (CARP) • Offers a wide range of VPN technologies ranging from SSL VPN • IPsec / OpenVPN / L2TP / PPPoE / PPTP • Intrusion Detection & Prevention System 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 12 Ref: https://www.deciso.com/wp-content/uploads/2015/10/Deciso_About_OPNsense_latest.pdf
  13. OPNsense Dashboard 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 13
  14. CARP • Common Address Redundancy Protocol, CARP • One shared

    virtual IP to communicate to both networks 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 14 pfSync Ref: https://docs.opnsense.org/manual/how-tos/carp.html
  15. Virtual Private Networking • Virtual Private Network secures public network

    connections and in doing so it extends the private network into the public network such as internet • Technology of connections • Road warrior • Site-to-Site • VPN solutions • IPsec / OpenVPN / L2TP / PPPoE / PPTP 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 15
  16. System Integration Integrate OPNsense and Proxmox VE 5/18/17 © 2017

    Edgecore Networks. All rights reserved | www.edge-core.com 16
  17. Network Topology 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 17
  18. VPN Network Traffic 5/18/17 © 2017 Edgecore Networks. All rights

    reserved | www.edge-core.com 18 VPN Tunnel (IPSec/OpenVPN/PPTP) eth1: 192.168.100.254 tun0: 10.0.0.1 192.168.100.0/24 VPN-Client 10.0.0.2
  19. NAT Network Traffic 5/18/17 © 2017 Edgecore Networks. All rights

    reserved | www.edge-core.com 19 NAT Server Public IP: 5.5.5.5 Private IP: 192.168.11.1 Private GW: 192.168.11.254
  20. Port Forwarding 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 20 NAT Server Public IP: 5.5.5.5 Port: 7777 Private IP: 192.168.100.1 Port: 22 ssh 5.5.5.5 –p 7777
  21. VLAN 5/18/17 © 2017 Edgecore Networks. All rights reserved |

    www.edge-core.com 21 VLAN 10 192.168.10.0/24 VLAN 20 192.168.20.0/24 VLAN 10: 192.168.10.254 VLAN 20: 192.168.20.254 VLAN Trunk Port
  22. Docker Isolation, Lightweight, Simplicity, Community 5/18/17 © 2017 Edgecore Networks.

    All rights reserved | www.edge-core.com 22
  23. Docker • Isolation, Lightweight, Simplicity, Community • User cases •

    Containerize Traditional Apps • Continuous Integration and Deployment (CI / CD) • Microservices • IT Infrastructure Optimization 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 23 Ref: https://github.com/pointful/docker-intro
  24. IT Challenge 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 24
  25. The Matrix from Hell 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 25
  26. Shipping Container for Code 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 26
  27. Eliminates Matrix from Hell 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 27
  28. Why are Containers Lightweight 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 28
  29. 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com

    29
  30. Docker Image • Built on a union filesystem with meta-data

    for how to run a container • Every command in the Dockerfile creates a new layer in the filesystem • When a container is started all images are merged together into what appears to the process as unified 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 30
  31. Docker Compose • Defining and running multi-container Docker applications •

    Orchestrate containers for development 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 31
  32. Create Docker Compose File 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 32 Docker Compose Source code Ref: http://blog.pichuang.com.tw/How-do-I-use-docker-and-docker-compose/
  33. Start from Docker-compose 5/18/17 © 2017 Edgecore Networks. All rights

    reserved | www.edge-core.com 33
  34. 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com

    34
  35. Network Topology 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 35
  36. Rack Equipment 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 36
  37. Testing Rack 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 37 ToR Switch Cumulus® Linux® Network OS
  38. Rack Unit 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 38 1U = 1.75 inch 19 inch
  39. Layer 2 Clos Fabric Topology 5/18/17 © 2017 Edgecore Networks.

    All rights reserved | www.edge-core.com 39 Ref: https://cumulusnetworks.com/learn/web-scale-networking-resources/validated-design-guides/Cumulus-Linux-Layer-2-HA-Validated-Design-Guide_v1.0.0.pdf
  40. L2 Clos Fabric Topology 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 40
  41. Logical Pair of Switches 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 41
  42. L2 Clos Fabric Topology 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 42
  43. 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com

    43 Open Networking from Freedom Control Innovation