2.2.9. Install as a VM using Microsoft Azure

This section will guide you to deploy Virtual Service Router running on Microsoft Azure’s virtual machine.

The following tools are required:

1. Azure Command-Line Interface: The CLI used to create and manage Azure resources

2. AzCopy: A command-line utility to upload file on Azure.

These instructions demonstrate how to perform the steps using Azure CLI, but you can also use the Azure Portal or any other Azure capable API to complete these steps.

Azure MANA and Azure Boost Support

Azure Boost is a suite of software and hardware networking systems that significantly enhances both network performance (up to 200-Gbps bandwidth) and security. It incorporates the Microsoft Azure Network Adapter (MANA), which is built into compatible virtual machine hosts.

Availability

It is important to note that Azure Boost is not supported by all VM families. For a full list of currently supported VM families, see the Current availability documentation. The Standard_D8s_v6 size, which was used in our tests, is a supported VM family.

Build VHD image from qcow2

1. Resize image to align to 1MB

   size=$(qemu-img info -f qcow2 --output json <path to qcow2> | \
          gawk 'match($0, /"virtual-size": ([0-9]+),/, val) {print val[1]}')
   
   MB=$((1024*1024))
   rounded_size=$((($size/$MB + 1)*$MB))
   qemu-img resize -f qcow2 <path to qcow2> $rounded_size
   

2. Convert .qcow2 into a .vhd

   qemu-img convert -f qcow2 -o subformat=fixed,force_size -O vpc \
                  <path to qcow2> <path to vhd>
   

Upload VHD on Azure

The following steps are extracted from Microsoft Azure official documentation. To obtain the required Gen2 images for MANA, you’ll need to go to do the step (1) then step (4), upload the VHD image to storage, and then proceed directly to step (6).

1. Create a resource group:

   RESOURCE_GROUP="test"
   REGION="francecentral"
   az group create -l $REGION -g $RESOURCE_GROUP
   

2. Create a disk with an upload size:

   $upload_size=$(stat --print="%s" <path_to_vhd>)
   
   az disk create -n vsr-disk -g $RESOURCE_GROUP --for-upload --upload-size-bytes $upload_size --sku standard_lrs
   

   <path_to_vhd> is the path to the Virtual Service Router image in VHD file format.

3. Grant the disk access and copy the returned value:

   az disk grant-access -n vsr-disk -g $RESOURCE_GROUP --access-level Write --duration-in-seconds 3000
   

4. Upload the VHD image:

   azcopy copy <path_to_vhd> <disk_access> --blob-type PageBlob
   

   Or upload to storage for Gen2 images

   az storage blob upload --account-name <storage_account_name>  --container-name <name_of_container> --name <target_file_name> --file <path_to_vhd>
   

   The URL for the stored object follows the format https://<storage_account_name>.blob.core.windows.net/<name_of_container>/<target_file_name>. This Azure blob URL will be used to create the VSR gen2 image. For more details on naming and referencing, refer to the official documentation.

5. Make the disk usable:

   az disk revoke-access -n vsr-disk -g $RESOURCE_GROUP
   

6. Create Virtual Service Router image:

   Azure supports now the the launch of generation 2 VMs Azure gen2.

The image should be created like this for Gen1 images.

az image create -n vsr-img -g $RESOURCE_GROUP --source vsr-disk --os-type linux

For Gen2 (MANA) images:

The image is created directly with the vhd image uri uploaded to storage

For more information about image gallery, refer to the documentation Azure gallery.

#create the storage gallery
RESOURCE_GROUP="test"
GALLERY_NAME="vsr"
REGION="francecentral"
DISTRIB="ubuntu"
IMAGE_VERSION="1.0.0"
az sig create --resource-group $RESOURCE_GROUP --gallery-name $GALLERY_NAME --location $REGION

#create the image definition
az sig image-definition create \
   --resource-group $RESOURCE_GROUP \
   --gallery-name $GALLERY_NAME \
   --gallery-image-definition $DISTRIB \
   --publisher $GALLERY_NAME \
   --offer $DISTRIB \
   --sku $DISTRIB \
   --os-type Linux \
   --os-state Generalized \
   --features "SecurityType=TrustedLaunch DiskControllerTypes=NVMe,SCSI IsAcceleratedNetworkSupported=true"


az sig image-version create \
   --resource-group $RESOURCE_GROUP \
   --gallery-name $GALLERY_NAME \
   --gallery-image-definition $DISTRIB \
   --gallery-image-version  $IMAGE_VERSION \
   --target-regions "$REGION" \
   --replica-count 1 \
   --os-vhd-uri <storage_vhd_uri> \
   --os-vhd-storage-account <storage_account_id>

How to Retrieve storage_vhd_uri

This refers to the url of the stored object obtained in step (4)

How to Retrieve storage_account_id

If the storage account already exist, directy type the following command to get it’s id. The variables must be updated to match your platform.

RESOURCE_GROUP="test"
STORAGE_NAME="your-storage-name"
az storage account show --name $STORAGE_NAME --resource-group $RESOURCE_GROUP --query id --output tsv

Create a new storage account with the following command, then retrieve it’s id with the previous command.

RESOURCE_GROUP="test"
REGION="francecentral"
STORAGE_NAME="your-storage-name"


az storage account create \
   --name $STORAGE_NAME \
   --resource-group $RESOURCE_GROUP \
   --location $REGION \
   --sku Standard_LRS

Launch a Virtual Service Router VM

Start Virtual Service Router on Azure’s virtual machine with 3 network interfaces: eth0 with a public IP address, eth1 and eth2 are used by DPDK.

Create network interfaces

1. Create a network security rule allowing ssh connexion:

   az network nsg create -n nsg -g $RESOURCE_GROUP
   az network nsg rule create -n nsgrule1 -g $RESOURCE_GROUP --nsg-name --access Allow --protocol Tcp --direction Inbound --source-port-range "*" --destination-address-prefix "*" --destination-port-range 22 --priority 500
   

2. Create a virtual network:

   az network vnet create -n vnet -g $RESOURCE_GROUP --address-prefixes 10.0.0.0/16 --network-security-group nsg
   az network vnet subnet create -n subnet -g $RESOURCE_GROUP --vnet-name vnet --address-prefixes 10.0.0.0/24
   

3. Create a public IP address for ssh connexion:

   az network public-ip create -n publicIp -g $RESOURCE_GROUP --allocation-method Dynamic --version IPv4
   

4. Create network interfaces:

   az network nic create -n nic0 -g $RESOURCE_GROUP --vnet-name vnet --subnet subnet --network-security-group nsg --public-ip-address publicIp
   az network nic create -n nic1 -g $RESOURCE_GROUP --vnet-name vnet --subnet subnet --ip-forwarding true --accelerated-networking true
   az network nic create -n nic2 -g $RESOURCE_GROUP --vnet-name vnet --subnet subnet --ip-forwarding true --accelerated-networking true
   

Important

Do not forget IP forwarding and accelerated network options. These options will enable traffic forwarding and SR-IOV on the interface.

Create a Virtual Service Router VM from the image

1. Get the id of the created vsr image:

   id=$(az image show -n vsr-img -g $RESOURCE_GROUP --query {id:id} -o tsv)
   

2. Start the VM from this image id:

   az vm create -n vsr -g $RESOURCE_GROUP --image $id --nics nic0 nic1 nic2
   

   For Azure MANA with the Gen2 image, extra params must be added to az vm create command

   #Retrieve the image id
   id=$(az sig image-version show \
      --resource-group <resource-group-name> \
      --gallery-name <gallery-name>  \
      --gallery-image-definition <image-definition-name> \
      --gallery-image-version  <image-version-name> \
      --query "id" \
      --output tsv)
   
   az vm create -n vsr -g $RESOURCE_GROUP --image $id --nics nic0 nic1 nic2  --security-type TrustedLaunch --enable-secure-boot false
   

Then connect on the VM with the provided password. The next step is to perform your first configuration.