Virtual ION on KVM for NFV Deployment Guide
    : Deploy Prisma SD-WAN Manually to an NFV or KVM Host
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. CloudBlades Integration and Deployment
    5. Virtual ION on KVM for NFV Deployment Guide
    6. Prisma SD-WAN to an NFV Environment Orchestration Deployment
    7. Deploy Prisma SD-WAN Manually to an NFV or KVM Host
    Download PDF

    Virtual ION on KVM for NFV Deployment Guide

    Deploy Prisma SD-WAN Manually to an NFV or KVM Host

    Table of Contents

    Deploy Prisma SD-WAN Manually to an NFV or KVM Host

    Learn how to deploy Prisma SD-WAN manually to an NFV or KVM host.
    The steps below go through the deployment of the above example topology using virt-install and virsh utilities, but your KVM management tool of choice could be used to deploy the virtual machine as well.
    1. Upload the provided qcow image to the KVM host.
    2. Prepare the host by creating the appropriate interfaces to bind the ION virtual machine interfaces to the physical interfaces of the host.
      1. The following example command sequence binds bridge br0 to the eth0 physical interface of the host.
        1. ip link add name br0 type bridge
        2. ip link set br0 up
        3. ip link set eth0 up
        4. ip link set eth0 master br0
      2. Repeat the steps for each interface and Layer 3/bridge (br1, br2,b3, eth1, eth2, and eth3).
    3. Execute the virt-install command with the following options set:
      1. -name=the name of the virtual machine.
      2. -vcpu=the vCPU requirement for the model as listed in the vCPU table.
      3. -memory=the memory requirement for the model as listed in the vCPU tabletable.
      4. -disk=the location of the qcow image on the KVM host.
      5. -network=reference the virtual interfaces to attach to this VM. Specify at a minimum 3 for data center deployments and 4 for branch deployments.
        virt-install --name 3102v-kvm-1 --vcpus 2 --memory 8192 --disk /var/lib/libvirt/images/3102v-kvm.qcow2 --import --network bridge=br0,model=e1000 --network bridge=br1,
model=e1000 --network bridge=br2,model=e1000 -- network bridge=br3,model=e1000
      6. -host-device=reference the SR-IOV interfaces to attach to this VM.
        virt-install --name 3102v-kvm-1 --vcpus 2 --memory 8192 --disk /var/lib/libvirt/images/3102v-kvm.qcow2 --import --network bridge=br0,model=e1000 --network bridge=br1,model=e1000 --network bridge=br2,
model=e1000 --import --host-device 45:0a.0
    4. Connect to the virtual console of the running VNF with virsh console <vm name> and run the Virtual Form Factor setup wizard.
      Example output:
      Current Hardware: CPU count: 2(None) Memory count: 8G Disk capacity: Unknown Network devices: 4 
Select an ION model: 1)ion 3102v2)ion 3104v3)ion 3108v4)ion 7108vChoose a Number or (Q)uit: 2 CPU: Passed (needed 2) Memory: Passed (needed 8.0G) Disk: Could not verify (needs 40.0G) Network: Passed (needed 4) Select an item to modify, or submit config: 1)Model : ion 3102v 2)ION Key : 3)Secret Key :4)Controller 1 : Controller - DHCP 5)Port 1 : Disabled/Unused 6)Port 2 : Disabled/Unused 7)Port 3 : Disabled/Unused 8)Port 4 : Disabled/Unused 9)Port 5 : Disabled/Unused 10)Port 6 : Disabled/Unused 11)Port 7 : Disabled/Unused 12)Port 8 : Disabled/Unused 13)Port 9 : Disabled/Unused 14)Submit and restartChoose a Number or (Q)uit: 2 Enter ION Key[None]: 2e4606d5-da92-4376-98c3-cbc08fcee8a5 Select an item to modify, or submit config: 1)Model : ion 3102v 2)ION Key : 2e4606d5-da92-4376-98c3-cbc08fcee8a5 3)Secret Key :4)Controller 1 : Controller - DHCP 5)Port 1 : Disabled/Unused 6)Port 2 : Disabled/Unused 7)Port 3 : Disabled/Unused 8)Port 4 : Disabled/Unused 9)Port 5 : Disabled/Unused 10)Port 6 : Disabled/Unused 11)Port 7 : Disabled/Unused 12)Port 8 : Disabled/Unused 13)Port 9 : Disabled/Unused 14)Submit and restartChoose a Number or (Q)uit: 3 Enter ION secret[None]: 3aca3f3cbae4792d7ca30c4841f71bf8e246e65c Select an item to modify, or submit config: 1)Model : ion 3102v 2)ION Key : 2e4606d5-da92-4376-98c3-cbc08fcee8a5 3)Secret Key : 3aca3f3cbae4792d7ca30c4841f71bf8e246e65c4)Controller 1 : Controller - DHCP 5)Port 1 : Disabled/Unused 6)Port 2 : Disabled/Unused 7)Port 3 : Disabled/Unused 8)Port 4 : Disabled/Unused 9)Port 5 : Disabled/Unused 10)Port 6 : Disabled/Unused 11)Port 7 : Disabled/Unused 12)Port 8 : Disabled/Unused 13)Port 9 : Disabled/Unused 14)Submit and restartChoose a Number or (Q)uit: 7 Port 1: 1)Role : Disable2)Cancel Port changes3)Apply and returnChoose a Number or (Q)uit: 1 Select Port Role: 1)Internet facing port (PublicWAN)2)Bypass Port Pair 1 (WAN Port)3)Bypass Port Pair 1 (LAN Port)4)Bypass Port Pair 2 (WAN Port)5)Bypass Port Pair 2 (LAN Port)6)Bypass Port Pair 3 (WAN Port)7)Bypass Port Pair 3 (LAN Port)8)Bypass Port Pair 4 (WAN Port)9)Bypass Port Pair 4 (LAN Port)10)Disabled/UnusedChoose a Number or (Q)uit: 1 Port 1: 1)Role : PublicWAN 2)Config via : DHCP3)Cancel Port changes4)Apply and returnChoose a Number or (Q)uit: 2 Select Port Configuration: 1)DHCP2)Static ConfigurationChoose a Number or (Q)uit: 2 Port 1: 1)Role : PublicWAN 2)Config via : STATIC3)Address : 0.0.0.0/0 4)Gateway : 0.0.0.0 5)DNS 1 : 0.0.0.0 6)DNS 2 : 0.0.0.0 7)Cancel Port changes8)Apply and returnChoose a Number or (Q)uit: 3 Enter Interface IP/mask[0.0.0.0/0]: 172.22.2.223/23 Port 1: 1)Role : PublicWAN 2)Config via : STATIC3)Address : 172.22.2.223/23 4)Gateway : 0.0.0.0 5)DNS 1 : 0.0.0.0 6)DNS 2 : 0.0.0.0 7)Cancel Port changes8)Apply and returnChoose a Number or (Q)uit: 4 Enter gateway[0.0.0.0]: 172.22.2.1 Port 1: 1)Role : PublicWAN 2)Config via : STATIC3)Address : 172.22.2.223/23 4)Gateway : 172.22.2.1 5)DNS 1 : 0.0.0.0 6)DNS 2 : 0.0.0.0 7)Cancel Port changes8)Apply and returnChoose a Number or (Q)uit: 5Enter DNS address[0.0.0.0]: 8.8.8.8 Port 1: 1)Role : PublicWAN 2)Config via : STATIC3)Address : 172.22.2.223/23 4)Gateway : 172.22.2.1 5)DNS 1 : 8.8.8.8 6)DNS 2 : 0.0.0.0 7)Cancel Port changes8)Apply and returnChoose a Number or (Q)uit: 8 Select an item to modify, or submit config: 1)Model : ion 3102v 2)ION Key : 2e4606d5-da92-4376-98c3-cbc08fcee8a5 3)Secret Key : 3aca3f3cbae4792d7ca30c4841f71bf8e246e65c4)Controller 1 : Controller - DHCP 5)Port 1 : Disabled/Unused 6)Port 2 : Disabled/Unused 7)Port 3 : PublicWAN – STATIC 8)Port 4 : Disabled/Unused 9)Port 5 : Disabled/Unused 10)Port 6 : Disabled/Unused 11)Port 7 : Disabled/Unused 12)Port 8 : Disabled/Unused 13)Port 9 : Disabled/Unused 14)Submit and restartChoose a Number or (Q)uit: 14 WARNING! After this configuration is submitted, all hardware will be signed, logged, and permanently tied to the ION Key/Secret Key in the Prisma SD-WAN Cloud Controller. WHAT THIS MEANS is that hardware cannot be added/removed (disks, network cards) after this 'SUBMIT' function. If any hardware changes are required beyond this 'SUBMIT', the ION will need to be re-deployed with a new ION Key and Secret Key. If there is a need to add or remove hardware, please answer 'N' below and shut down the ION and make the changes now. Submit these changes now?[N]: Y

    © 2024 Palo Alto Networks, Inc. All rights reserved.