VyOS with ESXI 6.7
Prerequisites
To complete this tutorial, we will need:
- 1 node running ESXI. This tutorial is done on a node running EXSI 6.7
- 1 VM running the VyOS
- 4 testing VM's on separate VLAN's
Objective
Our Goal is to be able to create the network in the image below. Note that we are not going to discuss about how to use ESXI in this tutorial but we will be more focus on VyOS and how to use it to connect to the vswitches on the ESXI node.
Creating VSwitches and port groups on the EXSI server=
The Vswitch0 is already create and has two port groups already: "VM Network" and "Mangement Network" so we are not going to worry about this.
Create VSwtich
In this section, we will be creating 4 Vswithes called:
- asw-a-codfw
- asw-b-codfw
- asw-c-codfw
- asw-d-codfw
Do not assign any up-links to the Vswitches. Like a mentioned above we are not going to discuss how to create Vswithes in this tutorial. After you have created the 4 Vswitches above, the next step will be to create the port groups in the nest section.
Create Port groups
create 4 port groups like in the table below.
Port name | vlan | vswitch |
private1-a-codfw | 20 | asw-a-codfw |
private1-b-codfw | 30 | asw-b-codfw |
private1-c-codfw | 40 | asw-c-codfw |
private1-d-codfw | 50 | asw-d-codfw |
VyOS installation and configuration
Installation
The installation of VyOS is simple and easy. It is done like a regular VM installation on ESXI.
- First : create a VM with
- Name:vrouter4001 ( You can use any name)
- 1024MB of RAM
- 1 CPU
- 40GB of Disk
- 5 Network Interfaces
NIC | Port Group |
eth0 | VM Network |
eth1 | private1-a-codfw |
eth2 | private1-b-codfw |
eth3 | private1-c-codfw |
eth4 | private1-d-codfw |
- Second: Download the iso image
The Link to download the iso is: https://downloads.vyos.io/?dir=release/legacy/1.1.8
Download the vyos-1.1.8-amd64.iso version
- Third: attache the iso to your VM and boot the VM
After booting the VM, you will see the login prompt like in the image below
The default login username is vyos and the password is vyos too.
Once login, run the command
show interfaces
to make sure you have all the 5 interfaces. The output should look the same like in the image below
If you have all the five interfaces, proceed to the installation by running the command
install image
Follow the instructions on the screen bu just pressing enter and answering "YES" to all the question to use the default settings. Don't forget to enter a new password for login to replace the defaut password "vyos"
Once the installation completed, power off the VM, detach the iso image from the VM and power backup the VM and proceed to the configuration.
Configuration
Setting IP addresses and description
eth0
configuration set interfaces ethernet eth0 address 10.192.0.53/24 set interfaces ethernet eth0 description core_to_cr-gcsm
eth1
set interfaces ethernet eth1 address 10.192.16.1/22 set interfaces ethernet eth1 description private1-a-codfw
eth2
set interfaces ethernet eth2 address 10.192.32.1/22 set interfaces ethernet eth2 description private1-b-codfw
eth3
set interfaces ethernet eth3 address 10.192.48.1/22 set interfaces ethernet eth3 description private1-c-codfw
eth4
set interfaces ethernet eth4 address 10.192.64.1/22 set interfaces ethernet eth4 description private1-d-codfw commit save
Note: if you do not "save", after a reboot all the configuration will go away.
check the configuration with "show interfaces"
vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth0 10.192.0.53/24 u/u core_to_cr-gcsm eth1 10.192.144.1/22 u/u private1-a-codfw eth2 10.192.160.1/22 u/u private1-b-codfw eth3 10.192.176.1/22 u/u private1-c-codfw eth4 10.192.192.1/22 u/u private1-d-codfw lo 127.0.0.1/8 u/u ::1/128
Go back in configuration mode and change the router name from vyos to vrouter4001 ( you can call it anything)
set system host-name vrouter4001 commit save vyos@vrouter4001:~$
Setting default gateway
If we do not define the default gateway, all the VM's will not be able to access the internet.
set protocols static route 0.0.0.0/0 next-hop 10.192.0.1
10.192.0.1 being the IP address of the our physical router connected to the Internet
Setting OSPF
- On cr-gcsm
The configuration of OSFP on Cisco router is very simple just 2 commands
router ospf 1 network 10.192.0.1 0.0.0.255 area 0 do wr
- On vrouter4001
We are just going to do a minimum configuration needed for OSPF to work. Not worry about setting up lo interface or defining the router ID
set protocols ospf area 0 network 10.192.0.0/24 set protocols ospf area 0 network 10.192.144.0/22 set protocols ospf area 0 network 10.192.160.0/22 set protocols ospf area 0 network 10.192.176.0/22 set protocols ospf area 0 network 10.192.192.0/22
And that's all for setting the minimum configuration
vyos@vrouter4001:~$ show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL 10.192.0.1 1 Full/Backup 39.968s 10.192.0.1 eth0:10.192.0.53 0 0 0
cr-gcsm#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.192.160.1 1 FULL/DR 00:00:33 10.192.0.53 FastEthernet0/1
Setting DHCP relay
We have a DHCP server in vlan20 with IP address of 10.192.144.5. For now servers in the other vlan's can not contact the DHCP server because there are on different vlan's.
For servers on the other vlan's to be able to contact the DHCP server, we will need to configure a DHCP relay on the router.
Here, we just need to configure DHCP relay on eth1,eth2,eth3 and eth4.
- Enable dhcp-relay on the 4 interfaces
set service dhcp-relay interface eth1 set service dhcp-relay interface eth2 set service dhcp-relay interface eth3 set service dhcp-relay interface eth4
- Set the DHCP server IP address
set service dhcp-relay server 10.192.144.5 set service dhcp-relay relay-options relay-agents-packets discard commit
After this is done, restart the relay-agent with
restart dhcp relay-agent
Enable SSH on port 22 with SSH key
There are 3 steps on configuring SSH access to the vrouter: - Setup the SSH port - Setup the address to listen on - Upload your SSH-key
The command to setup the SSH port is:
set service ssh port 22
The command to setup the address to listen on is:
set service ssh listen-address <IPv4>
Since our vrouter has 4 ineterfaces, we are going to setup the listen-address on eth0 address (10.192.0.53)
set service ssh listen-address 10.192.0.53
Then
commit save
Upload your ssh key
set system login user vyos authentication public-keys ppaul key "AAAAB3NzaC1yc2EAAAADAQABAAABAQDST4EbXJc9l/AdrVmOZEPl3sxi6qjGIZyPwku..."
The command above needs to be in 1 line
set system login user vyos authentication public-keys ppaul type ssh-rsa" commit save
Note: do not copy the "ssh-rsa" at the beginning of your key or the comment at the end of your ssh key.