FITS

Future Internet Testbed with Security

  • Increase font size
  • Default font size
  • Decrease font size
Home Software Installation

FITS Node Installation Manual

E-mail Print

Description

These instructions will guide you through a step-by-step setup of a testbed machine, which will be connected to the FITS v. 2.0  infrastructure.

At this time, both Xen and OpenFlow controllers are located at GTA (Grupo de Teleinformática e Automação), so this installation will be comprised of a single personal computer, configured as a Xen physical router and an OpenFlow switch.

Installation Steps

To install FITS v. 2.0, follow these 5 steps:

  1. Check Hardware/Software Requirements
  2. Install a Debian 7.5 Wheezy (Stable) with 3.2.0-4-amd64 kernel
  3. Send an email to Virtual_Testbed_BR list asking for the VPN and server TLS certificates
  4. Download and install FITS package
  5. Check to allow GRE tunnel traffic through a firewall

Hardware Requirements

These hardware requirements are based on Xen-Hypervisor ones. More resources impact directly on the number of virtual routers and switches that can be instantiated.

Computer Hardware Recommended Minimum
CPU 2.5 GHz or faster Intel multicore CPU  One Intel 64-bit x86 CPU 1.5 Ghz 
Memory 8 GB or more  4 GB
Hard Disk Locally attached storage with 500 GB or more Locally attached storage with 200 GB

You will need at least one network interface with internet access.

Software Requirements

FITS installation requires a fresh Debian 7.5 Wheezy (Stable) installation with 3.2.0-4-amd64 kernel.

FITS also requires non-free and contrib packages to be enabled during Debian Wheezy installation, and GRUB2 as the bootloader (default choice). Package repositories can be modified after installation through modification of '/etc/apt/sources.list' file:

deb http://ftp.br.debian.org/debian/ wheezy main non-free contrib
deb-src http://ftp.br.debian.org/debian/ wheezy main non-free contrib

Please, replace 'ftp.br.debian.org' with your repository of choice.

Obtaining FITS Certificates

First you need to subscribe to FITS mailing list, to do so send email to virtual_testbed_br-subscribe AT gta DOT ufrj DOT br. To ask for the VPN and server TLS certificates, send email to virtual_testbed_br AT gta DOT ufrj DOT br.

Pease include in this email:

  1. University/Research group you are affiliated with.
  2. Representative name(s) for your node(s), with an accompanying picture. The name and picture usually represent a location of interest within the node's city. Examples may be found in Partners section of this website.
  3. Researchers, professors and students associated with your FITS node, to be listed in our partners section.
  4. Approximated latitude and longitude of your FITS node, to be displayed in our partners section map.

Following your membership approval, you will receive a compacted file for each certificate and a set of custom scripts, note that these certificates and scripts apply only to one testbed machine. If you need more than one machine connected to Virtualization Testbed, please ask for more certificates.

FITS Installation

Download FITS install package, extract to your "/root" folder and follow the steps bellow logged in as root. Note that this script assume a fresh Debian Wheezy installation.

  1. Run "install.sh" script located in your root folder.
  2. Install VPN and server TLS certificate files you received by email, as described in next section.
  3. Reboot your machine when prompted.

In order to allow GRE tunnel traffic through a firewall, you must allow protocol 47 (GRE) traffic; tcp traffic to port 1723; and packet forwarding. The setup bellow is an example of such configuration using iptables, the third setting is usually enabled in routers already:

iptables -A INPUT -p tcp -s 146.164.69.71 -d $NODE_IP --dport 1723 -m state --state NEW,ESTABLISHED -j ACCEPT;
iptables -A INPUT -p 47 -s 146.164.69.71 -d $NODE_IP -j ACCEPT;
iptables -A FORWARD -i eth0 -s 0/0 -j ACCEPT;

In order to connect to Control and Management VPNs, you must allow outbound connections to tcp ports 5000 and 5001. The setup bellow is an example of such configuration using iptables:

iptables -A OUTPUT -p tcp --dport 5000 -j ACCEPT;
iptables -A OUTPUT -p tcp --dport 5001 -j ACCEPT;

FITS Certificates Installation 

Certificate installation procedure is described below.

  1. Copy the files received to "/root" folder and extract them.
  2. Then, run "libvirt_certificate_install.sh" from libvirt certificate extraction folder (it's commonly named "libvirt-machine's Common Name").
  3. Finally, run "vpn_certificate_install.sh" from vpn certificate extraction folder (it's commonly named "vpn-machine's Common Name").

Common Issues