Wednesday, March 30, 2016

Creating a Dynamic Lab Environment with vEOS and GNS3 - Part II

SETTING UP A DHCP AND FILE SERVER FOR USE WITH ZTP

Now that we have a couple vEOS instances configured and able to communicate, and we have our out-of-band network set up, we can now begin to use ZTP to provide an initial startup config.


NOTE
Notice that we did not connect the Management1 interface of either vEOS instance to anything inside of GNS3.  If you remember when we created the VMs, their first interface is a host-only adapter connected to the vboxnet in VirtualBox, so it’s automatically connected and there’s nothing additional we need to do there, but GNS3 doesn’t know that so it considers the interface disconnected, and that’s OK.  That saves us from having to add our management server(s) to the topology and cluttering it up (Just imagine trying to have a nice clean-looking topology in GNS3 if you had to have a connection from every vEOS instance to the management server(s) ), which is distracting and ugly - we’re better than that.


ZTP is enabled as a default on the vEOS instances, but we still need to set up a server to provide DHCP and File services.  For servers, Ubuntu is my go-to and I usually work with them in VirtualBox the same way I do with vEOS - I create a base image that is my raw golden standard and then create clones from it.


In this case, I already have a base image that is running Ubuntu Server 14.04.1 LTS, so I’ll go ahead and create a clone of that to work with.  For this server we’ll want one adapter connected to the vboxnet, and another adapter attached to NAT so that we can download and install DHCP and File services:




TIP!
Something I’ve found handy is to edit the description of my server VMs in VirtualBox to reflect what they have installed.  For example, my server base image has the following description:

BASE IMAGE - Ubuntu Server 14.04.1 LTS
==========================================
ifenslave-2.6 (NIC Bonding, LACP)
iperf 2.0.5-3

The description can be accessed in the VM settings under General > Description


Your NAT interface should get an IP address automatically, but you’ll need to edit /etc/network/interfaces in order to statically-set the IP address in your management subnet (vboxnet) for your host-only adapter:


# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).


# The loopback network interface
auto lo
iface lo inet loopback


# The primary network interface
auto eth0
iface eth0 inet dhcp


auto eth1
iface eth1 inet static
address 172.16.128.254
netmask 255.255.255.0


TIP!
Always make a backup of the file you’re going to edit before doing so, so that you’ll have a copy of the original in case you make a mistake and need to start over.  For example, when I’m backing up the original of a file I’ll do something like:

sudo cp /etc/network/interfaces /etc/network/interfaces.orig

And for future temporary backups I’ll just do:

sudo cp /etc/network/interfaces /etc/network/interfaces.old

Also, for servers that will go back and forth between different interface configurations, I’ll make backups of each config, for example:

sudo cp /etc/network/interfaces /etc/network/interfaces.BOND

This way, when I go from a configuration that isn’t using NIC bonding to a configuration with NIC bonding, I can just do something like the following instead of manually re-configuring the file each time:

sudo cp /etc/network/interfaces.BOND /etc/network/interfaces


Installing and Configuring DHCP Services

Once you’ve verified IP addressing is good to go, update your package lists with the sudo apt-get update command, then install the ISC DHCP server by using sudo apt-get install isc-dhcp-server. Then we’ll need to modify the /etc/dhcp/dhcpd.conf file.  Here is a basic dhcpd.conf file you can use, substituting as necessary:


ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;


subnet 172.16.128.0 netmask 255.255.255.0 {
 option subnet-mask 255.255.255.0;
 range 172.16.128.100 172.16.128.200;
}
host SPINE1 {
 #option dhcp-client-identifier 08:00:27:51:2b:4b;
 hardware ethernet 08:00:27:51:2b:4b;
 #fixed-address 172.16.128.21
 option bootfile-name "http://172.16.128.254/spine1_cfg";
}


As you can see, the subnet configuration represents our management network.  The host configuration is really the meat & potatoes of the ZTP configuration.  For the “hardware ethernet” field, enter the MAC address of the Management1 interface of your vEOS instance, which can be retrieved by using show int ma1 command:




The last line of the host configuration represents the location of the bootfile, which will be on the same server (after we install and configure it first of course). You may have also noticed two lines in the host configuration that are commented out - I’ve included these for reference - the client-identifier is something we’d use for a real switch, but not needed here.  The fixed-address won’t be needed here either - we’ll just let the DHCP server give it a temporary IP from the pool and instead include its management IP in a configuration file that the file server will provide.  After the dhcpd.conf file is modified, start the DHCP server using the sudo service isc-dhcp-server start command.


NOTE
Any time you modify the dhcpd.conf file in the future, you will need to restart the service with the sudo service isc-dhcp-server restart command for the changes to take effect


Installing and Configuring File Services

Now we’ll need file services.  For this I prefer Apache, which can be installed by using sudo apt-get install apache2.  The default location for files to be shared is /var/www/html, so in that location we will create a file called “spine1_cfg”, and provide a basic configuration, for example:


hostname SPINE1
!
aaa authorization exec default local
!
aaa authentication policy local allow-nopassword-remote-login
!
username admin privilege 15 role network-admin nopassword
username eapi privilege 15 secret password
!
interface Management1
  ip address 172.16.128.21/24
!
management api http-commands
  no shutdown
!
banner login
******************************
***  SPINE1 LOGIN BANNER   ***
******************************
EOF
!
banner motd
*****************************
***  SPINE1 MOTD BANNER   ***
*****************************
EOF
!
end


At this point we should have everything we need to verify functionality of ZTP - it’s the moment of truth.  Use the erase startup-config command followed by reload now to reload the vEOS instance with no startup configuration, which will trigger ZTP:




What we want to see is a successful DHCP process followed by the switch pulling down it’s basic config file and then rebooting:




So in this case, the vEOS instance was assigned a temporary IP of 172.16.128.100 from the pool, which allowed it to reach the file server at 172.16.128.254 to download its configuration file before finally rebooting.  Once the instance finishes rebooting, we can verify that ZTP was successful simply by the fact we can see the hostname and login banner:



Congratulations - you’ve just done your first automated “bare-metal” provisioning with ZTP!  Now you have a good reference config to work off of - just copy the spine1_cfg file as many times as needed for each vEOS instance, modify the appropriate fields (Mgmt IP address, hostname, etc.), and you’re good to go.  Don’t forget that you’ll also need to add the appropriate DHCP host configurations as well.

1 comment:

  1. This comment has been removed by a blog administrator.

    ReplyDelete