Difference between revisions of "VyOS with ESXI 6.7"
| (37 intermediate revisions by the same user not shown) | |||
| Line 12: | Line 12: | ||
=Creating VSwitches and port groups on the EXSI server== | =Creating VSwitches and port groups on the EXSI server== | ||
| + | The Vswitch0 is already create and has two port groups already: "VM Network" and "Mangement Network" so we are not going to worry about this. | ||
==Create VSwtich== | ==Create VSwtich== | ||
| Line 29: | Line 30: | ||
==Create Port groups== | ==Create Port groups== | ||
create 4 port groups like in the table below. | create 4 port groups like in the table below. | ||
| − | | class="wikitable" | + | |
| + | {| class="wikitable" | ||
|+Port Groups | |+Port Groups | ||
|- | |- | ||
| − | | | + | |Port name |
| − | | | + | |vlan |
| + | |vswitch | ||
| + | |- | ||
| + | |private1-a-codfw | ||
| + | |20 | ||
| + | |asw-a-codfw | ||
| + | |- | ||
| + | |private1-b-codfw | ||
| + | |30 | ||
| + | |asw-b-codfw | ||
| + | |- | ||
| + | |private1-c-codfw | ||
| + | |40 | ||
| + | |asw-c-codfw | ||
| + | |- | ||
| + | |private1-d-codfw | ||
| + | |50 | ||
| + | |asw-d-codfw | ||
|} | |} | ||
| + | =VyOS installation and configuration= | ||
| + | ==Installation== | ||
| + | The installation of VyOS is simple and easy. It is done like a regular VM installation on ESXI. | ||
| + | |||
| + | * First : create a VM with | ||
| + | |||
| + | - Name:vrouter4001 ( You can use any name) | ||
| + | |||
| + | - 1024MB of RAM | ||
| + | |||
| + | - 1 CPU | ||
| + | |||
| + | - 40GB of Disk | ||
| + | |||
| + | - 5 Network Interfaces | ||
| + | |||
| + | {| class="wikitable" | ||
| + | |+Network Interfaces and port groups | ||
| + | |- | ||
| + | |NIC | ||
| + | |Port Group | ||
| + | |- | ||
| + | |eth0 | ||
| + | |VM Network | ||
| + | |- | ||
| + | |eth1 | ||
| + | |private1-a-codfw | ||
| + | |- | ||
| + | |eth2 | ||
| + | |private1-b-codfw | ||
| + | |- | ||
| + | |eth3 | ||
| + | |private1-c-codfw | ||
| + | |- | ||
| + | |eth4 | ||
| + | |private1-d-codfw | ||
| + | |} | ||
| + | * Second: Download the iso image | ||
| + | The Link to download the iso is: https://downloads.vyos.io/?dir=release/legacy/1.1.8 | ||
| + | |||
| + | Download the vyos-1.1.8-amd64.iso version | ||
| + | |||
| + | * Third: attache the iso to your VM and boot the VM | ||
| + | |||
| + | After booting the VM, you will see the login prompt like in the image below | ||
| + | |||
| + | [[file:vyos2.png]] | ||
| + | |||
| + | The default login username is vyos and the password is vyos too. | ||
| + | |||
| + | Once login, run the command | ||
| + | |||
| + | show interfaces | ||
| + | |||
| + | to make sure you have all the 5 interfaces. The output should look the same like in the image below | ||
| + | |||
| + | [[file:vyos3.png]] | ||
| + | |||
| + | If you have all the five interfaces, proceed to the installation by running the command | ||
| + | |||
| + | install image | ||
| + | |||
| + | Follow the instructions on the screen bu just pressing enter and answering "YES" to all the question to use the default settings. Don't forget to enter a new password for login to replace the defaut password "vyos" | ||
| + | |||
| + | Once the installation completed, power off the VM, detach the iso image from the VM and power backup the VM and proceed to the configuration. | ||
| + | |||
| + | ==Configuration== | ||
| + | ===Setting IP addresses and description=== | ||
| + | eth0 | ||
| + | configuration | ||
| + | set interfaces ethernet eth0 address 10.192.0.53/24 | ||
| + | set interfaces ethernet eth0 description core_to_cr-gcsm | ||
| + | |||
| + | eth1 | ||
| + | set interfaces ethernet eth1 address 10.192.16.1/22 | ||
| + | set interfaces ethernet eth1 description private1-a-codfw | ||
| + | |||
| + | eth2 | ||
| + | set interfaces ethernet eth2 address 10.192.32.1/22 | ||
| + | set interfaces ethernet eth2 description private1-b-codfw | ||
| + | |||
| + | eth3 | ||
| + | set interfaces ethernet eth3 address 10.192.48.1/22 | ||
| + | set interfaces ethernet eth3 description private1-c-codfw | ||
| + | |||
| + | eth4 | ||
| + | set interfaces ethernet eth4 address 10.192.64.1/22 | ||
| + | set interfaces ethernet eth4 description private1-d-codfw | ||
| + | |||
| + | commit | ||
| + | save | ||
| + | |||
| + | Note: if you do not "save", after a reboot all the configuration will go away. | ||
| + | |||
| + | check the configuration with "show interfaces" | ||
| + | |||
| + | vyos@vyos:~$ show interfaces | ||
| + | Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down | ||
| + | Interface IP Address S/L Description | ||
| + | --------- ---------- --- ----------- | ||
| + | eth0 10.192.0.53/24 u/u core_to_cr-gcsm | ||
| + | eth1 10.192.144.1/22 u/u private1-a-codfw | ||
| + | eth2 10.192.160.1/22 u/u private1-b-codfw | ||
| + | eth3 10.192.176.1/22 u/u private1-c-codfw | ||
| + | eth4 10.192.192.1/22 u/u private1-d-codfw | ||
| + | lo 127.0.0.1/8 u/u | ||
| + | ::1/128 | ||
| + | Go back in configuration mode and change the router name from vyos to vrouter4001 ( you can call it anything) | ||
| + | set system host-name vrouter4001 | ||
| + | commit | ||
| + | save | ||
| + | vyos@vrouter4001:~$ | ||
| + | |||
| + | ===Setting default gateway=== | ||
| + | If we do not define the default gateway, all the VM's will not be able to access the internet. | ||
| + | |||
| + | set protocols static route 0.0.0.0/0 next-hop 10.192.0.1 | ||
| + | |||
| + | 10.192.0.1 being the IP address of the our physical router connected to the Internet | ||
| + | |||
| + | ===Setting OSPF=== | ||
| + | [[file:vyos4.png]] | ||
| + | |||
| + | *On cr-gcsm | ||
| + | The configuration of OSFP on Cisco router is very simple just 2 commands | ||
| + | router ospf 1 | ||
| + | network 10.192.0.1 0.0.0.255 area 0 | ||
| + | do wr | ||
| + | * On vrouter4001 | ||
| + | We are just going to do a minimum configuration needed for OSPF to work. Not worry about setting up lo interface or defining the router ID | ||
| + | |||
| + | set protocols ospf area 0 network 10.192.0.0/24 | ||
| + | set protocols ospf area 0 network 10.192.144.0/22 | ||
| + | set protocols ospf area 0 network 10.192.160.0/22 | ||
| + | set protocols ospf area 0 network 10.192.176.0/22 | ||
| + | set protocols ospf area 0 network 10.192.192.0/22 | ||
| + | |||
| + | And that's all for setting the minimum configuration | ||
| + | |||
| + | vyos@vrouter4001:~$ show ip ospf neighbor | ||
| + | Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL | ||
| + | 10.192.0.1 1 Full/Backup 39.968s 10.192.0.1 eth0:10.192.0.53 0 0 0 | ||
| + | |||
| + | cr-gcsm#show ip ospf neighbor | ||
| + | Neighbor ID Pri State Dead Time Address Interface | ||
| + | 10.192.160.1 1 FULL/DR 00:00:33 10.192.0.53 FastEthernet0/1 | ||
| + | |||
| + | ===Setting DHCP relay=== | ||
| + | [[file:vyos5.png]] | ||
| + | |||
| + | We have a DHCP server in vlan20 with IP address of 10.192.144.5. For now servers in the other vlan's can not contact the DHCP server because there are on different vlan's. | ||
| + | |||
| + | For servers on the other vlan's to be able to contact the DHCP server, we will need to configure a DHCP relay on the router. | ||
| + | |||
| + | Here, we just need to configure DHCP relay on eth1,eth2,eth3 and eth4. | ||
| + | |||
| + | - Enable dhcp-relay on the 4 interfaces | ||
| + | |||
| + | set service dhcp-relay interface eth1 | ||
| + | set service dhcp-relay interface eth2 | ||
| + | set service dhcp-relay interface eth3 | ||
| + | set service dhcp-relay interface eth4 | ||
| + | |||
| + | - Set the DHCP server IP address | ||
| + | |||
| + | set service dhcp-relay server 10.192.144.5 | ||
| + | set service dhcp-relay relay-options relay-agents-packets discard | ||
| + | commit | ||
| + | |||
| + | After this is done, restart the relay-agent with | ||
| + | |||
| + | restart dhcp relay-agent | ||
| + | |||
| + | ===Enable SSH on port 22 with SSH key=== | ||
| + | There are 3 steps on configuring SSH access to the vrouter: | ||
| + | - Setup the SSH port | ||
| + | - Setup the address to listen on | ||
| + | - Upload your SSH-key | ||
| + | |||
| + | The command to setup the SSH port is: | ||
| + | set service ssh port 22 | ||
| + | |||
| + | The command to setup the address to listen on is: | ||
| + | set service ssh listen-address <IPv4> | ||
| + | Since our vrouter has 4 ineterfaces, we are going to setup the listen-address on eth0 address (10.192.0.53) | ||
| + | set service ssh listen-address 10.192.0.53 | ||
| + | Then | ||
| + | commit | ||
| + | save | ||
| + | Upload your ssh key | ||
| + | |||
| + | set system login user vyos authentication public-keys ppaul key "AAAAB3NzaC1yc2EAAAADAQABAAABAQDST4EbXJc9l/AdrVmOZEPl3sxi6qjGIZyPwku..." | ||
| + | |||
| + | The command above needs to be in 1 line | ||
| + | |||
| + | set system login user vyos authentication public-keys ppaul type ssh-rsa" | ||
| + | commit | ||
| + | save | ||
| + | Note: do not copy the "ssh-rsa" at the beginning of your key or the comment at the end of your ssh key. | ||
Latest revision as of 19:37, 5 May 2020
Prerequisites
To complete this tutorial, we will need:
- 1 node running ESXI. This tutorial is done on a node running EXSI 6.7
- 1 VM running the VyOS
- 4 testing VM's on separate VLAN's
Objective
Our Goal is to be able to create the network in the image below. Note that we are not going to discuss about how to use ESXI in this tutorial but we will be more focus on VyOS and how to use it to connect to the vswitches on the ESXI node.
Creating VSwitches and port groups on the EXSI server=
The Vswitch0 is already create and has two port groups already: "VM Network" and "Mangement Network" so we are not going to worry about this.
Create VSwtich
In this section, we will be creating 4 Vswithes called:
- asw-a-codfw
- asw-b-codfw
- asw-c-codfw
- asw-d-codfw
Do not assign any up-links to the Vswitches. Like a mentioned above we are not going to discuss how to create Vswithes in this tutorial. After you have created the 4 Vswitches above, the next step will be to create the port groups in the nest section.
Create Port groups
create 4 port groups like in the table below.
| Port name | vlan | vswitch |
| private1-a-codfw | 20 | asw-a-codfw |
| private1-b-codfw | 30 | asw-b-codfw |
| private1-c-codfw | 40 | asw-c-codfw |
| private1-d-codfw | 50 | asw-d-codfw |
VyOS installation and configuration
Installation
The installation of VyOS is simple and easy. It is done like a regular VM installation on ESXI.
- First : create a VM with
- Name:vrouter4001 ( You can use any name)
- 1024MB of RAM
- 1 CPU
- 40GB of Disk
- 5 Network Interfaces
| NIC | Port Group |
| eth0 | VM Network |
| eth1 | private1-a-codfw |
| eth2 | private1-b-codfw |
| eth3 | private1-c-codfw |
| eth4 | private1-d-codfw |
- Second: Download the iso image
The Link to download the iso is: https://downloads.vyos.io/?dir=release/legacy/1.1.8
Download the vyos-1.1.8-amd64.iso version
- Third: attache the iso to your VM and boot the VM
After booting the VM, you will see the login prompt like in the image below
The default login username is vyos and the password is vyos too.
Once login, run the command
show interfaces
to make sure you have all the 5 interfaces. The output should look the same like in the image below
If you have all the five interfaces, proceed to the installation by running the command
install image
Follow the instructions on the screen bu just pressing enter and answering "YES" to all the question to use the default settings. Don't forget to enter a new password for login to replace the defaut password "vyos"
Once the installation completed, power off the VM, detach the iso image from the VM and power backup the VM and proceed to the configuration.
Configuration
Setting IP addresses and description
eth0
configuration set interfaces ethernet eth0 address 10.192.0.53/24 set interfaces ethernet eth0 description core_to_cr-gcsm
eth1
set interfaces ethernet eth1 address 10.192.16.1/22 set interfaces ethernet eth1 description private1-a-codfw
eth2
set interfaces ethernet eth2 address 10.192.32.1/22 set interfaces ethernet eth2 description private1-b-codfw
eth3
set interfaces ethernet eth3 address 10.192.48.1/22 set interfaces ethernet eth3 description private1-c-codfw
eth4
set interfaces ethernet eth4 address 10.192.64.1/22 set interfaces ethernet eth4 description private1-d-codfw commit save
Note: if you do not "save", after a reboot all the configuration will go away.
check the configuration with "show interfaces"
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 10.192.0.53/24 u/u core_to_cr-gcsm
eth1 10.192.144.1/22 u/u private1-a-codfw
eth2 10.192.160.1/22 u/u private1-b-codfw
eth3 10.192.176.1/22 u/u private1-c-codfw
eth4 10.192.192.1/22 u/u private1-d-codfw
lo 127.0.0.1/8 u/u
::1/128
Go back in configuration mode and change the router name from vyos to vrouter4001 ( you can call it anything)
set system host-name vrouter4001 commit save vyos@vrouter4001:~$
Setting default gateway
If we do not define the default gateway, all the VM's will not be able to access the internet.
set protocols static route 0.0.0.0/0 next-hop 10.192.0.1
10.192.0.1 being the IP address of the our physical router connected to the Internet
Setting OSPF
- On cr-gcsm
The configuration of OSFP on Cisco router is very simple just 2 commands
router ospf 1 network 10.192.0.1 0.0.0.255 area 0 do wr
- On vrouter4001
We are just going to do a minimum configuration needed for OSPF to work. Not worry about setting up lo interface or defining the router ID
set protocols ospf area 0 network 10.192.0.0/24 set protocols ospf area 0 network 10.192.144.0/22 set protocols ospf area 0 network 10.192.160.0/22 set protocols ospf area 0 network 10.192.176.0/22 set protocols ospf area 0 network 10.192.192.0/22
And that's all for setting the minimum configuration
vyos@vrouter4001:~$ show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL 10.192.0.1 1 Full/Backup 39.968s 10.192.0.1 eth0:10.192.0.53 0 0 0
cr-gcsm#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.192.160.1 1 FULL/DR 00:00:33 10.192.0.53 FastEthernet0/1
Setting DHCP relay
We have a DHCP server in vlan20 with IP address of 10.192.144.5. For now servers in the other vlan's can not contact the DHCP server because there are on different vlan's.
For servers on the other vlan's to be able to contact the DHCP server, we will need to configure a DHCP relay on the router.
Here, we just need to configure DHCP relay on eth1,eth2,eth3 and eth4.
- Enable dhcp-relay on the 4 interfaces
set service dhcp-relay interface eth1 set service dhcp-relay interface eth2 set service dhcp-relay interface eth3 set service dhcp-relay interface eth4
- Set the DHCP server IP address
set service dhcp-relay server 10.192.144.5 set service dhcp-relay relay-options relay-agents-packets discard commit
After this is done, restart the relay-agent with
restart dhcp relay-agent
Enable SSH on port 22 with SSH key
There are 3 steps on configuring SSH access to the vrouter: - Setup the SSH port - Setup the address to listen on - Upload your SSH-key
The command to setup the SSH port is:
set service ssh port 22
The command to setup the address to listen on is:
set service ssh listen-address <IPv4>
Since our vrouter has 4 ineterfaces, we are going to setup the listen-address on eth0 address (10.192.0.53)
set service ssh listen-address 10.192.0.53
Then
commit save
Upload your ssh key
set system login user vyos authentication public-keys ppaul key "AAAAB3NzaC1yc2EAAAADAQABAAABAQDST4EbXJc9l/AdrVmOZEPl3sxi6qjGIZyPwku..."
The command above needs to be in 1 line
set system login user vyos authentication public-keys ppaul type ssh-rsa" commit save
Note: do not copy the "ssh-rsa" at the beginning of your key or the comment at the end of your ssh key.