Network Services Gateway (NSG) is the Nuage SD-WAN product that comes in many forms. In this blog we’ll talk about how to bootstrap a Virtual NSG for KVM using an .iso file, or Zero Factor Bootstrap (ZFB). ZFB is one of three bootstrap methods. The other two require human intervention via email (single) or email plus SMS Text (dual).
I was going to start listing prerequisites which I typically post but realized that there really aren’t any. Since the .iso file can either be placed on a USB stick or mounted using either ESXi or KVM the options are really open as to how you want to utilize it.
In this article we’ll use the following to bootstrap an NSG
- .iso file with NO USB stick required
- CentOS KVM host simulating a server at a remote location (Branch1)
- Static IP Address for both MPLS and Internet facing ports from the NSGv
1. Create an NSG Template
The following image takes into consideration that the required branch will have dual WAN uplinks and a single Ethernet/LAN connection. If different branches have different VLAN requirements make sure to keep the VLAN section blank within the template, (the VLAN ID can be added when creating the NSG FROM the Template).
2. Create an NSG Branch to be deployed
3. Assign VLAN ID’s (if no DHCP option is offered) and VSC allocation for both WAN1 and WAN2
As noted further above, here is where we need to define the NSG WAN and LAN VLAN ID’s. Note that if you’re not going to utilize a VLAN ID then use VLAN “0” (0 = zero).
You’ll also need to identify which VSC / VSC Pairs you’ll be utilizing for which WAN Ports. In this post I’ll be using WAN1 for MPLS, which will utilize my MPLS VSC’s, and WAN2 for Internet, which will utilize my INET VSC’s, as seen in the following image.
4. Static IP Addresses on NSG WAN Ports
In this next section we’ll setup the Static Addresses on the NSG WAN ports making MPLS the Primary Role and Internet the Secondary Role. Roles can utilized when defining Application Aware Routing (AAR) which is a Nuage L7 Intelligent application aware uplink feature for traffic steering.
5. Download the .iso file and copy/move it the KVM host
It’s now time to download the .iso file and upload it to our KVM host where the NSG resides.
The file name will be downloaded as a .gz file “user-image.iso.gz” .gz is a compression format much like .zip but in unix format. Once you’ve downloaded it you’ll need to uncompress it either locally (easy if you have a MAC) or you can upload it first to your KVM host via SCP, FTP or your favor file transfer program and then decompress it.
6. BootStrap the NSG using the downloaded .iso file
Once you have the file uploaded to your KVM host (I placed mine in /var/lib/libvirt/images directory so that VirtManager can easily locate it), you’ll need to mount it as a USB device as seen in the following image. Note that I renamed my .iso file to nsg-zfb.iso, you can name it whatever you want.
If you don’t have VirtManager installed you can simply add the following to your .xml file.
<disk type='file' device='disk'> <driver name='qemu' type='raw'/> <source file='/var/lib/libvirt/images/nsg-zfb.iso'/> <target dev='sda' bus='usb' removable='on'/> <readonly/> <address type='usb' bus='0' port='1'/> </disk>
7. Verifying NSG bootstrap process was successful
Note that if you wait to long to reject the NSG from the “Bootstrap Request” process both “Pending Bootstrap Requests” you see above will disappear from the menu. However, if you have a look at the “Dashboard” –> “Events” menu there will be some nsg activation activity as seen in the image below with a value of “ACTIVE”.
Green indicates that you’re
good to go
something went wrong