Build Testing Infrastructure

Transcript

1. Build Testing Infrastructure Phil Huang [email protected] Open Networking Solution Engineer,

   Edgecore Networks

2. About Me Phil Huang • Open Networking Solution Engineer •

   ONOS/CORD Ambassador • blog.pichuang.com.tw © 2017 Edgecore Networks. All rights reserved | www.edge-core.com

3. Goal 5/18/17 © 2017 Edgecore Networks. All rights reserved |

   www.edge-core.com 3 • Build feature rich firewall solution • Provide VLAN-based network for projects • Provide remote access for customers • Provide SSL-VPN for staff

4. Hardware Requirement • CPU: Up to you (Support Intel VT-d

   or AMD-V) • RAM: More than 8G • NIC: 2 physical port (one for LAN, one for WAN) 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 4 1U/2Nodes

5. Proxmox VE Complete Server Virtualization Management Solution 5/18/17 © 2017

   Edgecore Networks. All rights reserved | www.edge-core.com 5

6. Proxmox VE • Open source virtualization solution • Server virtualization

   with KVM and Linux Container (LXC) • Features • Central management with Web GUI and command line • A wide variety of storage technologies (File-level or block-level) • ZFS / File / NFS / GlusterFS / LVM / Ceph / Sheepdog • High availability • Shared storage / Cluster management 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 6

7. PVE WEB Dashboard 5/18/17 © 2017 Edgecore Networks. All rights

   reserved | www.edge-core.com 7

8. Virtualization - KVM • KVM (for Kernel-based Virtual Machine) •

   Full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V) • Features • Paravirtualized drivers (Virto) • Live or offline migration • Snapshots • … 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 8 Ref: https://www.slideshare.net/NOVL/virtualization-with-kvm-kernelbased-virtual-machine

9. Virtualization - LXC • Consider as something in the middle

   between chroot and full fledged virtual machine • No emulation, run as process on the host • Features • Kernel namespaces (user, network, pid, mount, ips, uts) • Apparmor and SELinux profiles • Chroot • Kernel capabilities • Cgroups (control groups) • … 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 9

10. Proxmox VE Technical Stack 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 10

11. OPNsense Open Source Firewall that is easy-to-use and protects your

    network 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 11

12. OPNsense • Complete high-end security firewall platform • Features •

    Offer dashboard to quickly check the status • Stateful firewall that keep track of the state of network connections • High Availability / Hardware Failover (CARP) • Offers a wide range of VPN technologies ranging from SSL VPN • IPsec / OpenVPN / L2TP / PPPoE / PPTP • Intrusion Detection & Prevention System 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 12 Ref: https://www.deciso.com/wp-content/uploads/2015/10/Deciso_About_OPNsense_latest.pdf

13. OPNsense Dashboard 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 13

14. CARP • Common Address Redundancy Protocol, CARP • One shared

    virtual IP to communicate to both networks 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 14 pfSync Ref: https://docs.opnsense.org/manual/how-tos/carp.html

15. Virtual Private Networking • Virtual Private Network secures public network

    connections and in doing so it extends the private network into the public network such as internet • Technology of connections • Road warrior • Site-to-Site • VPN solutions • IPsec / OpenVPN / L2TP / PPPoE / PPTP 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 15

16. System Integration Integrate OPNsense and Proxmox VE 5/18/17 © 2017

    Edgecore Networks. All rights reserved | www.edge-core.com 16

17. Network Topology 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 17

18. VPN Network Traffic 5/18/17 © 2017 Edgecore Networks. All rights

    reserved | www.edge-core.com 18 VPN Tunnel (IPSec/OpenVPN/PPTP) eth1: 192.168.100.254 tun0: 10.0.0.1 192.168.100.0/24 VPN-Client 10.0.0.2

19. NAT Network Traffic 5/18/17 © 2017 Edgecore Networks. All rights

    reserved | www.edge-core.com 19 NAT Server Public IP: 5.5.5.5 Private IP: 192.168.11.1 Private GW: 192.168.11.254

20. Port Forwarding 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 20 NAT Server Public IP: 5.5.5.5 Port: 7777 Private IP: 192.168.100.1 Port: 22 ssh 5.5.5.5 –p 7777

21. VLAN 5/18/17 © 2017 Edgecore Networks. All rights reserved |

    www.edge-core.com 21 VLAN 10 192.168.10.0/24 VLAN 20 192.168.20.0/24 VLAN 10: 192.168.10.254 VLAN 20: 192.168.20.254 VLAN Trunk Port

22. Docker Isolation, Lightweight, Simplicity, Community 5/18/17 © 2017 Edgecore Networks.

    All rights reserved | www.edge-core.com 22

23. Docker • Isolation, Lightweight, Simplicity, Community • User cases •

    Containerize Traditional Apps • Continuous Integration and Deployment (CI / CD) • Microservices • IT Infrastructure Optimization 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 23 Ref: https://github.com/pointful/docker-intro

24. IT Challenge 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 24

25. The Matrix from Hell 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 25

26. Shipping Container for Code 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 26

27. Eliminates Matrix from Hell 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 27

28. Why are Containers Lightweight 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 28

29. 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com

    29

30. Docker Image • Built on a union filesystem with meta-data

    for how to run a container • Every command in the Dockerfile creates a new layer in the filesystem • When a container is started all images are merged together into what appears to the process as unified 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 30

31. Docker Compose • Defining and running multi-container Docker applications •

    Orchestrate containers for development 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com 31

32. Create Docker Compose File 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 32 Docker Compose Source code Ref: http://blog.pichuang.com.tw/How-do-I-use-docker-and-docker-compose/

33. Start from Docker-compose 5/18/17 © 2017 Edgecore Networks. All rights

    reserved | www.edge-core.com 33

34. 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com

    34

35. Network Topology 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 35

36. Rack Equipment 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 36

37. Testing Rack 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 37 ToR Switch Cumulus® Linux® Network OS

38. Rack Unit 5/18/17 © 2017 Edgecore Networks. All rights reserved

    | www.edge-core.com 38 1U = 1.75 inch 19 inch

39. Layer 2 Clos Fabric Topology 5/18/17 © 2017 Edgecore Networks.

    All rights reserved | www.edge-core.com 39 Ref: https://cumulusnetworks.com/learn/web-scale-networking-resources/validated-design-guides/Cumulus-Linux-Layer-2-HA-Validated-Design-Guide_v1.0.0.pdf

40. L2 Clos Fabric Topology 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 40

41. Logical Pair of Switches 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 41

42. L2 Clos Fabric Topology 5/18/17 © 2017 Edgecore Networks. All

    rights reserved | www.edge-core.com 42

43. 5/18/17 © 2017 Edgecore Networks. All rights reserved | www.edge-core.com

    43 Open Networking from Freedom Control Innovation