ZFB NSGv using an iso file

Network Services Gateway (NSG) is the Nuage SD-WAN product that comes in many forms. In this blog we’ll talk about how to bootstrap a Virtual NSG for KVM using an .iso file, or Zero Factor Bootstrap (ZFB). ZFB is one of three bootstrap methods. The other two require human intervention via email (single) or email plus SMS Text (dual).

I was going to start listing prerequisites which I typically post but realized that there really aren’t any. Since the .iso file can either be placed on a USB stick or mounted using either ESXi or KVM the options are really open as to how you want to utilize it.

In this article we’ll use the following to bootstrap an NSG

  • .iso file with NO USB stick required
  • CentOS KVM host simulating a server at a remote location (Branch1)
  • Static IP Address for both MPLS and Internet facing ports from the NSGv

1. Create an NSG Template

The following image takes into consideration that the required branch will have dual WAN uplinks and a single Ethernet/LAN connection. If different branches have different VLAN requirements make sure to keep the VLAN section blank within the template, (the VLAN ID can be added when creating the NSG FROM the Template).

2. Create an NSG Branch to be deployed

Once you’re created the template you can proceed with creating your first NSG to be deployed onto an .iso.gz file.

3. Assign VLAN ID’s (if no DHCP option is offered) and VSC allocation for both WAN1 and WAN2

As noted further above, here is where we need to define the NSG WAN and LAN VLAN ID’s. Note that if you’re not going to utilize a VLAN ID then use VLAN “0” (0 = zero).
You’ll also need to identify which VSC / VSC Pairs you’ll be utilizing for which WAN Ports. In this post I’ll be using WAN1 for MPLS, which will utilize my MPLS VSC’s, and WAN2 for Internet, which will utilize my INET VSC’s, as seen in the following image.

WAN1 / MPLS

WAN2 / INET

4. Static IP Addresses on NSG WAN Ports

In this next section we’ll setup the Static Addresses on the NSG WAN ports making MPLS the Primary Role and Internet the Secondary Role. Roles can utilized when defining Application Aware Routing (AAR) which is a Nuage L7 Intelligent application aware uplink feature for traffic steering.

The following image displays how to setup a Static Address on an NSG WAN Port. Repeat the process for both WAN1 and WAN2.

5. Download the .iso file and copy/move it the KVM host

It’s now time to download the .iso file and upload it to our KVM host where the NSG resides.

In the following image near the bottom center of the page select the USB icon circled in red and download the .iso file.

The file name will be downloaded as a .gz file “user-image.iso.gz” .gz is a compression format much like .zip but in unix format. Once you’ve downloaded it you’ll need to uncompress it either locally (easy if you have a MAC) or you can upload it first to your KVM host via SCP, FTP or your favor file transfer program and then decompress it.

6. BootStrap the NSG using the downloaded .iso file

Once you have the file uploaded to your KVM host (I placed mine in /var/lib/libvirt/images directory so that VirtManager can easily locate it), you’ll need to mount it as a USB device as seen in the following image. Note that I renamed my .iso file to nsg-zfb.iso, you can name it whatever you want.

If you don’t have VirtManager installed you can simply add the following to your .xml file.

<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/var/lib/libvirt/images/nsg-zfb.iso'/>
<target dev='sda' bus='usb' removable='on'/>
<readonly/>
<address type='usb' bus='0' port='1'/>
</disk>

7. Verifying NSG bootstrap process was successful

Once you’ve created the USB Disk and started the NSG image you should be able to see a new approval NSG within the “Auto BootStrap” as seen below.

You’ll also have the option of rejecting it if it wasn’t the intended NSG.

Note that if you wait to long to reject the NSG from the “Bootstrap Request” process both “Pending Bootstrap Requests” you see above will disappear from the menu. However, if you have a look at the “Dashboard” –> “Events” menu there will be some nsg activation activity as seen in the image below with a value of “ACTIVE”.

If all went well, you should now be able to see your newly bootstrapped NSG lit up in Green under your list of NSGs.

Green indicates that you’re good to go
Blue/Red indicates something went wrong



Categories: vns

Tags: , , ,

1 reply

  1. Reblogged this on Tricky Deadline and commented:
    Scott. Always wanted to publish a step-by-step for ZTB. You saved my date buddy!

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: