...
Assuming you already have the permission to use the lab, the following instructions are intended to make you understand how the lab is used, what can you expect from it and what do we expect you to do (and not to do).
Access the RARE@NMaaS Domain
In order to provide access to the lab and provide also with some services that are needed to support it, the RARE@NMaaS provides among others with VPN access, a reservation service based on schedule (Booked) and a bastion from which the resources are accessible. The picture below is a simplistic representation on your access to the lab.
...
Following subsections explain more in detail and technically the actions needed from your side to get access to the resources.
VPN Access
So once you are granted administratively access to the lab, a vpn configuration file is provided to you. The vpn is based on openvpn and any Operating service can be used to connect to it. In particular if you are working from a linux system you can use the following command to connect to it and you should get some output similar to the one you can see below
...
At this point you shall be able to reach the services provided by the RARE@NMaaS , in particular, our booking service at https://p4-bkd-srv.rare.nmaas.eu
Providing your public SSH Key
Access to the bastion and also to the devices capable of building and running p4 programs is available through ssh connectivity employing asymmetric keys.
...
That key will be installed in our provisioning system to be installed automatically on reservation. If your key has been compromised or you just want to change it, please send us your new public key.
Generating your keys
This section is intended to help if you ever used ssh keys for ssh access.
...
In case you used putty there is the option to export your key as openssh format, if possible that's the format desired.
Scheduling system
The lab will enforce user access thanks to the automation of ssh public key installation into the bastion and the switches. The reservations will be checked everyday at 00:00 am so will not be possible to make a reservation for current day but it is possible to make a reservationfor multiple days timespan. The reservation system is based on booked and is accessible here: https://p4-bkd-srv.rare.nmaas.eu Your credentials will be provided to you alongside with the openvpn configuration.
...
Alternatively there is a drag and drop reservation mechanism accessible via Schedule → Bookings . This approach simplifies the search of available devices when no particular device is required but rather simply any device.
Accessing a precise resource
Once the time of your reservation arrives, your cryptographic material will be set in the places where it must be automatically. At that point you will be able to access the device with the following steps
- Start the VPN access as said above
- ssh the resource jumping via the p4-tbd-srv.rare.nmaas.eu
- There is an option to make a 1 step jump to the resources via command
For this to work you will need to may want to configure your .ssh/config file with the following piece of configuration$ ssh -i ~/.ssh/gn4_4096_rsa -J netops@p4lab p4@172.16.26.103 Linux FRA0001 4.14.151-OpenNetworkLinux #1 SMP Tue May 26 16:08:08 UTC 2020 x86_64 Last login: Wed Jun 3 22:39:51 2020 from 172.16.11.11 p4@FRA0001:~$Host p4lab Hostname 192.168.113.104 User netops IdentityFile ~/.ssh/gn4_4096_rsa - If you want to do a two step jump, you will need to deploy your rsa key to the p4-tbd-srv and take care to remove it when you finish and before access is removed
- There is an option to make a 1 step jump to the resources via command