• Running a Guest VM on EOS

 
 
Print Friendly, PDF & Email

Introduction

One of the key features of Arista EOS is its Extensibility. (that is what the E in EOS stands for.) Many people already love that EOS is based on unmodified Linux kernel and basically runs a subset of Fedora Linux (as of writing, Fedora Core 14). To anyone familiar with Unix or Linux an Arista switch basically looks like a Linux server with lots of ethernet interfaces:

switch>enable
switch#bash

Arista Networks EOS shell

[admin@switch ~]$ uname -a
Linux switch 2.6.32.28.Ar-957380.EOS4104gaurav #1 SMP PREEMPT Sat Nov 3 13:07:31 PDT 2012 
x86_64 x86_64 x86_64 GNU/Linux
[admin@switch ~]$ ifconfig -a 
cpu       Link encap:Ethernet  HWaddr 00:1C:73:19:F6:46  
          UP BROADCAST RUNNING MULTICAST  MTU:9216  Metric:1

et1       Link encap:Ethernet  HWaddr 00:1C:73:19:F6:46  
          UP BROADCAST RUNNING MULTICAST  MTU:9212  Metric:1

et2       Link encap:Ethernet  HWaddr 00:1C:73:19:F6:46  
          UP BROADCAST MULTICAST  MTU:9212  Metric:1

et3       Link encap:Ethernet  HWaddr 00:1C:73:19:F6:46  
          UP BROADCAST MULTICAST  MTU:9212  Metric:1
...

et52      Link encap:Ethernet  HWaddr 00:1C:73:19:F6:46  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1

This is pretty neat for installing RPM and running scripts/code on the switch whereby traffic can be sent/received on interfaces just like if it was a Linux server.

Arista EOS provides a lot of countermeasures to protect itself and ensure that and user-installed scripts or code don’t disrupt switch operation. Arista switches don’t drop to software for forwarding as a general rule, so the (minimum) dual-core x86 CPU and (minimum) 4GB RAM is more than enough for switch operation with extensions installed.

That said, there are cases where you aren’t sure about how much RAM, CPU or system resources some 3rd party code or a script will consume and in those cases, a useful mechanism built into Arista EOS is the ability to run Guest VMs right on the switch.

Guest VMs

Arista EOS enables Guest VM instances by running KVM on the control-plane CPU of the switch. Its possible to define Guest VM instances right in the CLI:

switch#copy http://berrange.fedorapeople.org/images/2012-02-29/f16-x86_64-openstack-sda.qcow2 flash:
...
switch#config terminal
switch(config)#virtual-machine ?
    WORD  Virtual Machine name

switch(config)#virtual-machine foo
switch(config-vm-foo)#?
  comment      Up to 240 characters, comment for this mode
  config-file  VM's libvirt configuration file (overrides other settings)
  default      Set a command to its defaults
  disk-image   Add Virtual Machine disk image
  enable       Enable VM
  exit         Exit from Virtual Machine configuration mode
  help         Description of the interactive help system
  memory-size  Set memory size
  no           Negate a command or set its defaults
  show         Show running system information
  virtual-nic  Add virtual NIC
  vnc-port     Set VNC server port
  !!           Append to comment

switch(config-vm-foo)#disk-image flash:f16-x86_64-openstack-sda.qcow2 image-format ?
  iso    iso image format
  qcow   qcow image format
  qcow2  qcow2 image format
  raw    raw image format
  vmdk   vmdk image format

switch(config-vm-foo)#disk-image flash:f16-x86_64-openstack-sda.qcow2 image-format qcow2
switch(config-vm-foo)#memory-size 1024
switch(config-vm-foo)#virtual-nic ?
  <1-4>  Virtual NIC Id

switch(config-vm-foo)#virtual-nic 1 ?
  Management  Management interface
  Vlan        Vlan interface

switch(config-vm-foo)#virtual-nic 1 vlan 1
switch(config-vm-foo)#virtual-nic 2 management 1
switch(config-vm-foo)#enable 
switch(config-vm-foo)#
switch(config-vm-foo)#^Z
switch#write mem
switch# 
switch#show virtual-machine detail 

Virtual Machine: foo
   Enabled:             Yes
   State:               Running
   Disk Image:          /mnt/flash/f16-x86_64-openstack-sda.qcow2
   Disk Image Forrmat:  qcow2
   Memory Size:         1024MB
   VNC port:            5900
   Virtual Nic: vnic1
      Mac Address:    52:54:00:ee:11:c9
      Device:         Vlan1
      Model Type:     e1000
   Virtual Nic: vnic2
      Mac Address:    52:54:00:df:2a:e1
      Device:         Management1
      Model Type:     e1000

switch#

As shown above, its pretty simple to start a Guest VM instance of an OS running (the above uses a standard OpenStack Fedora Linux Just Enough OS image from http://berrange.fedorapeople.org/images/2012-02-29/f16-x86_64-openstack-sda.qcow2

Access to the Guest VM is initially via VNC and by default, Arista EOS ships with control-plane ACLs that allow TCP ports 5900-5910 for that purpose.

Once a Guest VM has its networking setup correctly, it can have virtual NIC connections in VLANs (inband) or on out-of-band management interfaces.

More Advanced Guest VM settings

The CLI config method of enabling a Guest VM provides connectivity in the majority of use cases. There may be cases however where more advanced configuration is required. For those cases, the ‘config-file’ virtual-machine config directive is supported:

switch#config terminal
switch(config)#virtual-machine foo
switch(config-vm-foo)#config-file flash:foo.xml

In this case, the config file is a KVM XML configuration file describing the characteristics of the Guest VM.

This config file can be generated from a pre-existing VM instance by virsh

1) first find the ‘id’ of the VM instance:

switch#bash sudo virsh list
Id Name                 State
----------------------------------
 8 foo                  running

switch#

2) dump the configuration:

switch#bash sudo virsh dumpxml 8 > /mnt/flash/foo.xml
switch#

3) edit the configuration as necessary

switch#bash sudo vi /mnt/flash/foo.xml

Once the configuration is as you want you can modify the Guest VM instance to use it with:

switch#config terminal
switch(config)#virtual-machine foo
switch(config-vm-foo)#config-file flash:foo.xml

Parent to Guest VM intercommunucation

By default the macvtap driver is used for Guest VM network connectivity. This does not permit Guest VM to Parent OS communication.

If you wish to enable Guest VM to Parent OS communication then some customizations to the VM xml config-file are necessary. Specifically, change one of the virtual-nic interfaces from:

<interface type='direct'>
  <source dev='vlan1' mode='bridge'/>
...

to:

<interface type='bridge'>
   <source bridge='br0'/>
...

At this point in (parent) Arista EOS you would then have a ‘br0’ interface which you would need to configure/enable with something like:

switch#config terminal
switch(config)#event-handler enable-foo-networking 
switch(config-handler-foo)#trigger onBoot
switch(config-handler-foo)#delay 30
switch(config-handler-foo)#action bash sudo ifconfig br0 192.254.254.1/24 
switch(config-handler-foo)#exit 
switch(config)#exit
switch#write mem
switch#bash sudo ifconfig br0 192.254.254.1/24

And in the Guest VM instance enable eth0 (if its the first virtual-nic) within the same subnet, e.g.:

[root@localhost ~]#ifconfig eth1 192.168.254.2/24 
[root@localhost ~]#ping 192.168.254.1

(and validate connectivity works)

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: