This is the second part in a series of three articles describing how I created a basic DNS/DHCP/NTP server for my lab that only uses 24MB RAM and 12MB disk space.
Micro infrastructure server with OpenWRT – part 1
Micro infrastructure server with OpenWRT – part 3
Installation
To install OpenWRT as VM, start by downloading the latest version. At the time of writing the latest version is the 12.09 release from April 2013. A pre-build virtual disk image is available from here:
In your vSphere Web Client (or Windows Client) create a new VM. I based it on Ubuntu 32bit.
Before powering on the VM, upload the openwrt-x86-generic-combined-ext4.vmdk image to the VM’s datastore folder. Then edit the VM’s settings to reduce the vRAM down (I run mine with 24MB, but you can probably go lower), make sure that only 1 vCPU is configured, delete the VMDK that was originally attached during the creation process, and attach the OpenWRT disk.
Now that the install is complete, onto the configuration.
Configuration
Power on the VM and you’ll be faced with some console output:
Just hit enter
and the command prompt is displayed:
Set the password
First thing you’ll probably want to do is to set a password. By default the console will log you in as root and no password is required (it’s blank). So on the console:
passwd root
This ensures that the web interface, once it’s reachable via an IP interface, will have some protection. This by itself doesn’t force a login at the console. This is a lab so I’m not that concerned, but if you want to set this up there is a script here. (I think the reason is the OpenWRT image is primarily aimed at home routers, and you’d only see this if you were attached to it via a console serial cable. Telnet and Web access forces you to log in.)
Network setup
Please note: I’m only going to discuss the configuration of the VM and the host it sits on. How your hosts are connected to their switch, how the switch is configured and what it’s capable of (layer 3 switching?) is up to you.
Ordinarily, at least couple of interfaces are created (not including the loopback interface): lan
and wan
and they’re bridged together. But because we built a standard VM which only has a single vNIC, then only the lan
interface is created. This is exactly what we want because we’re not planning on using this appliance for routing or firewalling traffic (although you could if you wanted to).
By default the lan
interface is set to 192.169.1.1/24 so if the VM is on a subnet that you can connect to via this IP, then you should be able to connect with a web browser and configure everything in the GUI.
However, I want to set up DHCP for several trunked subnets and I’ve found it much quicker just to enter this straight into the config file from the outset. Here’s how I set it up.
vi /etc/config/network
I changed the lan
(eth0) interface to remove the bridging and set the IP address appropriately.
I also added two virtual trunked interfaces (mgt
and vms
). The syntax to do this is eth0.x where x is the VLAN ID. For each virtual interface give it a name and an appropriate IP settings for that VLAN’s subnet. My lan
interface doesn’t need VLAN tagged as it sits on the switch port’s default VLAN (PVID).
Here’s how I configured mine:
config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0'
config interface 'lan' option ifname 'eth0' option proto 'static' option netmask '255.255.255.0' option gateway '192.168.1.254' option ipaddr '192.168.1.99'
config interface 'mgt' option proto 'static' option ifname 'eth0.1000' option ipaddr '10.0.0.99' option netmask '255.255.255.0' option gateway '10.0.0.1'
config interface 'vms' option proto 'static' option ifname 'eth0.1003' option ipaddr '10.0.3.99' option netmask '255.255.255.0' option gateway '10.0.3.1'
Top tip: in
vi
you can useyy
to copy (yank) a line, andp
to paste it.
Once you make any changes to the /etc/config/network
file, you need to execute:
/etc/init.d/network reload
to stop and restart the network interfaces.
VM’s trunked connection
In most cases these days, a VM is a connected to a port group in ESXi using Virtual Switch Tagging (VST) – remember the contents of this classic white paper. But here we’re getting the guest OS in the VM to tag the traffic. We don’t want the port group to act as an access port, but we want it to act like a trunk port, sending and receiving traffic on multiple VLANs. To do this, create a new port group and set it to VLAN ID 4095:
and set the port group as promiscuous:
Now, if everything is set correctly you should be able to ping each interface from something in each subnet (or from anywhere if you have layer 3 switching in your lab).
In the next post I describe how to configure NTP, DHCP and DNS services in OpenWRT.
I every time usewd to study piece off writing in news papers but
now as I am a user of web thus frm nnow I
am using net for articles or reviews, thanks
to web.