Extreme Networks Insight Switches Or why on the switches a virtual machine

    Extreme Networks' SLX, VSP, and EXOS switch ranges include models with a special hardware architecture, collectively called “Insight.” Unlike the standard version, when the switch’s Contol and Data Plane are connected only by the PCIe bus (with all the resulting bandwidth limitations), “Insight” switches have several Data Plane interfaces that are directly connected to virtual machines that are deployed to Control Plane. Consider how it works and what resources are utilized:



    “Insight” interfaces are usually several dedicated 10GE links, which are connected from the ASIC via the multiplexer to the Control Plane. There they are mounted as ethernet interfaces of an isolated Ubuntu Linux 16.04 virtual machine, briefly called TPVM (Third Party Virtual Machine). This physical separation allows you to transfer large amounts of traffic with minimal delay, while not causing degradation in the performance of either Control or Data Plane. Virtualization itself is built on the basis of KVM. Together, this makes it possible to run tools and services such as tcpdump, p0f, snort, distributed DPI or analytics, as well as many other services directly on the device, without deploying additional network infrastructure. To speed up the deployment of the TVPM itself, the image has many necessary packages,

    • build-essential
    • checkinstall
    • iperf
    • mtools
    • netperf
    • qemu-guest-agent
    • tshark
    • valgrind
    • vim-gnome
    • wireshark
    • xterm



    On board the “Insight” switches, Intel XEON x86 CPU, increased RAM and SSD drive are installed, which allows you to allocate resources in case of deployment of several VMs. The resources themselves are dedicated and isolated so as not to disrupt the OS of the switch itself.


    To use TPVM for its intended purpose, you need to do only four steps:

    1. Download and install TVPM
    2. Configure Insight Interfaces
    3. Add ACLs or mirror traffic to these interfaces
    4. Launch TPVM Applications

    Below is actually a small example of how all this unfolds and works. After the TPVM image has been downloaded via scp2, you need to run several commands to install the VM:

    slx# show tpvm status
    TPVM is not installed
    slx# tpvm install
    Installation starts. To check the status use ‘show tpvm status’ command
    slx# show tpvm status
    TPVM is being installed now

    When the TPVM has already booted, there are several ways to access it. By default, the VM will try to get the address via DCHP, or it can assign a link-local IPv6 address, after which it will be possible to get SSH access. There is also a console connection to the TPVM via TTY.

    slx# show tpvm ip-address
    IPv4:
    eth0 192.168.2.249
    docker0 172.17.0.1
    IPv6:2a02:0000:c000:0:da80:00ff:f00b:8800
    eth0: fe80::da80:00ff:f00b:8800
    slx# ssh 192.168.2.249 -l admin vrf mgmt-vrf
    admin@192.168.2.249’s password:
    Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0–128-generic x86_64)
    Last login: Tue Apr  2 12:12:46 2019
    admin@TPVM:~$ sudo -s
    [sudo] password for admin:
    root@TPVM:~# id
    uid=0(root) gid=0(root) groups=0(root)

    The eth0 interface is our management, and eth1 is the “Insight” that we need to configure.

    root@TPVM:~# ip -4 link
    1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    2: eth0:  mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
     link/ether d8:00:00:00:00:04 brd ff:ff:ff:ff:ff:ff
    3: eth1:  mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
     link/ether d8:00:00:00:00:02 brd ff:ff:ff:ff:ff:ff
    4: docker0:  mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
     link/ether 02:42:28:2d:60:b9 brd ff:ff:ff:ff:ff:ff

    By analogy with the stacking technology, the last ports on the front panel of the switch have a dual purpose and we need to transfer them to Insight mode, after which data transfer through them will be temporarily impossible.

    slx# conf t
    slx(config)# hardware
    slx(config-hardware)#connector 0/48
    slx(config-connector-0/48)# no breakout
    slx(config-connector-0/48)# insight mode

    The system will create an interface 0/125 which we will use

    slx(config)# interface Port-channel 22
    slx(config-Port-channel-22)# insight enable
    slx(config-Port-channel-22)# no shutdown
    slx(config)# interface Ethernet 0/125
    slx(conf-if-eth-0/125)# channel-group 22 mode on type standard
    slx(conf-if-eth-0/125)# no shutdown
    

    Check the interfaces on the switch:

    slx(conf-if-eth-0/125)# do show interface ethernet 0/125
    Ethernet 0/125 is up, line protocol is up (connected)
    slx(conf-if-eth-0/125)# do show interface port-channel 22
    Port-channel 22 is up, line protocol is up

    and on TPVM

    root@TPVM:~#dmesg
    [ 2172.748418] ixgbe 0000:00:09.0 eth1: NIC Link is Up 10 Gbps
    [ 2172.748508] IPv6: eth1: link becomes ready

    Now you can hang up ACLs on Insight, configure VLANs (or several) and inspect traffic.

    root@TPVM:~# tcpdump -i eth1 -n -v
    tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
    02:38:38.107923 IP6 fe80::8802 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
    02:38:39.059939 IP6 fe80::8802 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
    02:38:39.119922 LLDP, length 111: slx
    02:38:40.120076 LLDP, length 111: slx

    Further use is limited only by the requirements or the imagination of the customer. Extreme Networks engineers, partners, and customers have tested many different applications such as:

    • Vnc server
    • DHCP server
    • AAA server (Radius and TACACS)
    • DNS server
    • Ostinato - Ostinato packet crafter, network traffic generator and analyzer with GUI.
    • SNMP trap receiver
    • Surricata - Real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline PCAP processing.
    • Syslog server
    • Google-chrome and cURL
    • Arpsponge
    • Perfsonar
    • Puppet
    • Logstash
    • Docker-Container (version supported: docker-1.13.0)

    If you have questions, please contact our local Extreme Networks representative .

    Also popular now: