Micro infrastructure server with OpenWRT – part 2

This is the second part in a series of three articles describing how I created a basic DNS/DHCP/NTP server for my lab that only uses 24MB RAM and 12MB disk space.

Micro infrastructure server with OpenWRT – part 1
Micro infrastructure server with OpenWRT – part 3

Installation

To install OpenWRT as  VM, start by downloading the latest version. At the time of writing the latest version is the 12.09 release from April 2013. A pre-build virtual disk image is available from here:

http://downloads.openwrt.org/attitude_adjustment/12.09/x86/generic/openwrt-x86-generic-combined-ext4.vmdk

In your vSphere Web Client (or Windows Client) create a new VM. I based it on Ubuntu 32bit.

Install - Ubuntu 32bit

Before powering on the VM, upload the openwrt-x86-generic-combined-ext4.vmdk image to the VM’s datastore folder. Then edit the VM’s settings to reduce the vRAM down (I run mine with 24MB, but you can probably go lower), make sure that only 1 vCPU is configured, delete the VMDK that was originally attached during the creation process, and attach the OpenWRT disk.

Install - Edit settings

Now that the install is complete, onto the configuration.

Configuration

Power on the VM and you’ll be faced with some console output:

Power on

Just hit enter and the command prompt is displayed:

Power on -enter

Set the password

First thing you’ll probably want to do is to set a password. By default the console will log you in as root and no password is required (it’s blank). So on the console:

passwd root

This ensures that the web interface, once it’s reachable via an IP interface, will have some protection. This by itself doesn’t force a login at the console. This is a lab so I’m not that concerned, but if you want to set this up there is a script here. (I think the reason is the OpenWRT image is primarily aimed at home routers, and you’d only see this if you were attached to it via a console serial cable. Telnet and Web access forces you to log in.)

Network setup

Please note: I’m only going to discuss the configuration of the VM and the host it sits on. How your hosts are connected to their switch, how the switch is configured and what it’s capable of (layer 3 switching?) is up to you.

Ordinarily, at least couple of interfaces are created (not including the loopback interface): lan and wan and they’re bridged together. But because we built a standard VM which only has a single vNIC, then only the lan interface is created. This is exactly what we want because we’re not planning on using this appliance for routing or firewalling traffic (although you could if you wanted to).

Initial network config

By default the lan interface is set to 192.169.1.1/24 so if the VM is on a subnet that you can connect to via this IP, then you should be able to connect with a web browser and configure everything in the GUI.

However, I want to set up DHCP for several trunked subnets and I’ve found it much quicker just to enter this straight into the config file from the outset. Here’s how I set it up.

vi /etc/config/network

I changed the lan (eth0) interface to remove the bridging and set the IP address appropriately.

I also added two virtual trunked interfaces (mgt and vms). The syntax to do this is eth0.x where x is the VLAN ID. For each virtual interface give it a name and an appropriate IP settings for that VLAN’s subnet. My lan interface doesn’t need VLAN tagged as it sits on the switch port’s default VLAN (PVID).

Here’s how I configured mine:

config interface 'loopback'
 option ifname 'lo'
 option proto 'static'
 option ipaddr '127.0.0.1'
 option netmask '255.0.0.0'
config interface 'lan'
 option ifname 'eth0'
 option proto 'static'
 option netmask '255.255.255.0'
 option gateway '192.168.1.254'
 option ipaddr '192.168.1.99'
config interface 'mgt'
 option proto 'static'
 option ifname 'eth0.1000'
 option ipaddr '10.0.0.99'
 option netmask '255.255.255.0'
 option gateway '10.0.0.1'
config interface 'vms'
 option proto 'static'
 option ifname 'eth0.1003'
 option ipaddr '10.0.3.99'
 option netmask '255.255.255.0'
 option gateway '10.0.3.1'

Top tip: in vi you can use yy to copy (yank) a line, and p to paste it.

Once you make any changes to the /etc/config/network file, you need to execute:

/etc/init.d/network reload

to stop and restart the network interfaces.

VM’s trunked connection

In most cases these days, a VM is a connected to a port group in ESXi using Virtual Switch Tagging (VST) – remember the contents of this classic white paper. But here we’re getting the guest OS in the VM to tag the traffic. We don’t want the port group to act as an access port, but we want it to act like a trunk port, sending and receiving traffic on multiple VLANs. To do this, create a new port group and set it to VLAN ID 4095:

VGT web

and set the port group as promiscuous:

Promiscuous web

Now, if everything is set correctly you should be able to ping each interface from something in each subnet (or from anywhere if you have layer 3 switching in your lab).

In the next post I describe how to configure NTP, DHCP and DNS services in OpenWRT.

Micro infrastructure server with OpenWRT – part 3

4 thoughts on “Micro infrastructure server with OpenWRT – part 2

  1. I every time usewd to study piece off writing in news papers but
    now as I am a user of web thus frm nnow I
    am using net for articles or reviews, thanks
    to web.

Leave a Reply