summaryrefslogtreecommitdiffstats
path: root/kud/tests/vIPSec
diff options
context:
space:
mode:
Diffstat (limited to 'kud/tests/vIPSec')
-rw-r--r--kud/tests/vIPSec/README.md36
-rwxr-xr-xkud/tests/vIPSec/ipsec163
-rwxr-xr-xkud/tests/vIPSec/pktgen77
-rwxr-xr-xkud/tests/vIPSec/remote_ipsec164
-rwxr-xr-xkud/tests/vIPSec/sink48
5 files changed, 488 insertions, 0 deletions
diff --git a/kud/tests/vIPSec/README.md b/kud/tests/vIPSec/README.md
new file mode 100644
index 00000000..3046db7a
--- /dev/null
+++ b/kud/tests/vIPSec/README.md
@@ -0,0 +1,36 @@
+# vIPSec use case in ONAP
+This use case is composed of four virtual functions (VFs) including two
+IPSec gateways, a packet generator and a traffic sink, each running in
+separate Ubuntu Virtual Machines:
+
+ * [Packet generator][1]: Sends packets to the packet sink through the
+tunnel constructed thru IPSec. This includes a script that installs the
+packet generator based on packetgen[4].
+ * [IPsec gateways][2]: Two IPSec gateways constructed the secure tunnel
+for traffic transportation. This includes a script to install and configure
+the IPSec gateways thru VPP.
+ * [Traffic sink][3]: Displays the traffic volume that lands at the sink
+VM using the link http://192.168.80.250:667 through your browser
+and enable automatic page refresh by clicking the "Off" button. You
+can see the traffic volume in the charts.
+
+This set of scripts aims to construct the vIPSec use case in order to set
+up a secure tunnel between peers and improve its performance along with
+hardware acceleration technologies such as SRIOV and QAT.
+
+User can apply the helm chart named 'vipsec' inside the k8s/kud/demo folder
+to set up the whole use case. A fully-functional Kubernetes cluster, Virtlet
+as well as ovn4nfv-k8s[5] plugin need to be pre-installed for the usage.
+*[Place needs improvements] After having the virtual machines ready, please
+manually change the MAC address inside the ipsec.conf to enable the routing.
+And also start up the packetgen to send packet with src and dst defined in
+the templates/values.yaml inside the helm chart. Detail instructions will be
+put inside the helm chart.
+
+If you'd like to test the performance with QAT/SRIOV involved, first get
+these hardwares pre-configured. Then change the value of 'qat_enabled' and
+'sriov_enabled' inside templates/values.yaml of the helm chart accordingly.
+User could observe variance in throughput inside the traffic sink.
+
+[4] https://pktgen-dpdk.readthedocs.io/en/latest/
+[5] https://github.com/opnfv/ovn4nfv-k8s-plugin
diff --git a/kud/tests/vIPSec/ipsec b/kud/tests/vIPSec/ipsec
new file mode 100755
index 00000000..4b278574
--- /dev/null
+++ b/kud/tests/vIPSec/ipsec
@@ -0,0 +1,163 @@
+#!/bin/bash
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2019 Intel Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+# This script prepares the runtime environment
+# for running vIPSec shell scripts on Ubuntu 18.04
+
+set -o nounset
+set -o pipefail
+set -o xtrace
+set -o errexit
+
+function setup_dependencies {
+ apt-get update
+ apt-get install -y curl gnupg2 pciutils make gcc libnuma-dev python git linux-headers-`uname -r` module-init-tools libssl-dev
+ echo "deb [trusted=yes] https://packagecloud.io/fdio/release/ubuntu bionic main" >> /etc/apt/sources.list.d/99fd.io.list
+ curl -L https://packagecloud.io/fdio/master/gpgkey | apt-key add -
+}
+
+function install_vpp {
+ apt-get update
+ apt-get install -y vpp vpp-plugin-core vpp-plugin-dpdk
+}
+
+function install_dpdk {
+ cd /opt
+ git clone http://dpdk.org/git/dpdk
+ cd /opt/dpdk
+ export RTE_TARGET=x86_64-native-linux-gcc/ && export DESTDIR=/opt/dpdk && export RTE_SDK=/opt/dpdk && make install T=x86_64-native-linux-gcc
+ modprobe uio
+ insmod x86_64-native-linux-gcc/kmod/igb_uio.ko
+}
+
+function ipsec_settings {
+# Create vpp configuration file
+ cat > /opt/config/vpp.config << EOF
+ unix {
+ exec /opt/config/ipsec.conf
+ nodaemon
+ cli-listen /run/vpp/cli.sock
+ log /tmp/vpp.log
+ }
+
+ cpu {
+ main-core 0
+ corelist-workers 1
+ }
+
+ dpdk {
+ socket-mem 512
+ log-level debug
+ no-tx-checksum-offload
+ dev default{
+ num-tx-desc 512
+ num-rx-desc 512
+ }
+ dev interfaceABus
+ {
+ workers 0
+ }
+ dev interfaceBBus
+ {
+ workers 0
+ }
+ vdev crypto_aesni_mb0
+
+ no-multi-seg
+
+ #enable_cryptodev
+
+ }
+EOF
+
+# Check if sriov and qat are enabled, bind the pci devices with igb_uio driver
+ if [ "$sriov_enabled" = true ]; then
+ export interfaceABus=$(lspci -D -nn | grep -m1 '8086:154c' | cut -d ' ' -f 1)
+ export interfaceBBus=$(lspci -D -nn | grep -m2 '8086:154c' | cut -d ' ' -f 1 | tail -n1)
+ else
+ export interfaceABus=$(ls -la /sys/class/net | grep 'eth1' | cut -d '/' -f 5)
+ export interfaceBBus=$(ls -la /sys/class/net | grep 'eth3' | cut -d '/' -f 5)
+ fi
+ sed -i -e "s/interfaceABus/${interfaceABus}/g" -e "s/interfaceBBus/${interfaceBBus}/g" /opt/config/vpp.config
+ python /opt/dpdk/usertools/dpdk-devbind.py -b igb_uio $interfaceABus $interfaceBBus
+ export interfaceA=$(vppctl sh int | awk '$2 == "1"' | cut -d ' ' -f 1)
+ export interfaceB=$(vppctl sh int | awk '$2 == "2"' | cut -d ' ' -f 1)
+
+ if [ "$qat_enabled" = true ]; then
+ export qatABus=$(lspci -D -nn | grep -m1 '8086:37c9' | cut -d ' ' -f 1)
+ export qatBBus=$(lspci -D -nn | grep -m2 '8086:37c9' | cut -d ' ' -f 1 | tail -n1)
+ python /opt/dpdk/usertools/dpdk-devbind.py -b igb_uio $qatABus $qatBBus
+ sed -i "/#enable_cryptodev/a\n dev $qatABus\n dev $qatBBus\n" /opt/config/vpp.config
+ sed -i "/vdev crypto_aesni_mb0/d" /opt/config/vpp.config
+ fi
+
+# Create the sample ipsec configuration file
+ cat > /opt/config/ipsec.conf << EOF
+ set interface state VirtualFunctionEthernet0/5/0 up
+ set interface state VirtualFunctionEthernet0/6/0 up
+
+ set interface ip address VirtualFunctionEthernet0/5/0 input_interface_ip/24
+ set interface ip address VirtualFunctionEthernet0/6/0 output_interface_ip/24
+
+ set int promiscuous on VirtualFunctionEthernet0/5/0
+ set int promiscuous on VirtualFunctionEthernet0/6/0
+
+ set ip arp VirtualFunctionEthernet0/6/0 remote_tunnel_ip fa:16:3e:a6:e4:c7
+ set ip arp VirtualFunctionEthernet0/5/0 input_interface_ip fa:16:3e:f1:65:dc
+
+ ip route add count 1 packet_dst/32 via route_interface VirtualFunctionEthernet0/6/0
+
+ ipsec spd add 1
+ set interface ipsec spd VirtualFunctionEthernet0/6/0 1
+ ipsec sa add 1 spi 1921681003 esp tunnel-src output_interface_ip tunnel-dst remote_tunnel_ip crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg aes-cbc-128 integ-key 6867666568676665686766656867666568676669 integ-alg sha1-96
+ ipsec policy add spd 1 traffic_direction priority 100 action protect sa 1 local-ip-range packet_src-packet_src remote-ip-range packet_dst-packet_dst
+ ipsec policy add spd 1 traffic_direction priority 90 protocol 50 action bypass local-ip-range packet_src-255.255.255.255 remote-ip-range remote_tunnel_ip-remote_tunnel_ip
+EOF
+
+# Replace all ip and interfaces inside the ipsec configuration file
+ sed -i -e "s/input_interface_ip/${input_interface_ip}/g" -e "s/output_interface_ip/${output_interface_ip}/g" -e "s/remote_tunnel_ip/${remote_tunnel_ip}/g" -e "s/route_interface/${route_interface}/g" -e "s#VirtualFunctionEthernet0/5/0#${interfaceA}#g" -e "s#VirtualFunctionEthernet0/6/0#${interfaceB}/g" -e "s/packet_src/${packet_src}/g" -e "s/packet_dst/${packet_dst}/g" -e "s/traffic_direction/${traffic_direction}/g" /opt/config/ipsec.conf
+ vpp -c /opt/config/vpp.config
+}
+
+
+mkdir /opt/config
+echo "$demo_artifacts_version" > /opt/config/demo_artifacts_version.txt
+echo "$dcae_collector_ip" > /opt/config/dcae_collector_ip.txt
+echo "$dcae_collector_port" > /opt/config/dcae_collector_port.txt
+echo "$ipsec_private_net_gw" > /opt/config/ipsec_private_net_gw_ip.txt
+echo "$ipsec_private_net_cidr" > /opt/config/ipsec_private_net_cidr.txt
+echo "$ipsec_private_network_name" > /opt/config/ipsec_private_network_name.txt
+echo "$packet_src" > /opt/config/packet_source_ip.txt
+echo "$packet_dst" > /opt/config/packet_destination_ip.txt
+echo "$remote_tunnel_ip" > /opt/config/remote_tunnel.txt
+echo "$route_interface" > /opt/config/route_interface.txt
+echo "$traffic_direction" > /opt/config/traffic_direction.txt
+echo "$vipsecA_private_ip_0" > /opt/config/vipsecA_private_ip0.txt
+echo "$vipsecA_private_ip_2" > /opt/config/vipsecA_private_ip2.txt
+echo "$protected_clientA_network_name" > /opt/config/protected_clientA_network_name.txt
+echo "$protected_clientA_net_gw" > /opt/config/protected_clientA_net_gw.txt
+echo "$protected_clientA_net_cidr" > /opt/config/protected_clientA_net_cidr.txt
+
+echo 'vm.nr_hugepages = 1024' >> /etc/sysctl.conf
+sysctl -p
+
+setup_dependencies
+install_vpp
+install_dpdk
+ipsec_settings
diff --git a/kud/tests/vIPSec/pktgen b/kud/tests/vIPSec/pktgen
new file mode 100755
index 00000000..14d7e6ca
--- /dev/null
+++ b/kud/tests/vIPSec/pktgen
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2019 Intel Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+# This script prepares the runtime environment
+# for running vIPSec shell scripts on Ubuntu18.04
+
+set -o nounset
+set -o pipefail
+set -o xtrace
+set -o errexit
+
+
+DPDK_DIR=$PWD/dpdk
+Pktgen_Dir=$PWD/pktgen-dpdk
+
+function setup_dependencies {
+ sudo apt-get update
+ git clone http://dpdk.org/git/dpdk
+ git clone http://dpdk.org/git/apps/pktgen-dpdk
+ KERNEL_VERSION=$(uname -r)
+ echo $KERNEL_VERSION
+ sudo apt-get install -y linux-headers-$KERNEL_VERSION libpcap-dev gcc make libnuma-dev liblua5.3-dev python
+}
+
+function build_dpdk {
+ export RTE_SDK=$DPDK_DIR
+ export RTE_TARGET=x86_64-native-linux-gcc
+ export DESTDIR=$DPDK_DIR
+ cd $RTE_SDK
+ make install T=x86_64-native-linux-gcc
+ echo "DPDK install finished"
+ modprobe uio
+ insmod x86_64-native-linux-gcc/kmod/igb_uio.ko
+ export interface=$(lspci -nn | grep -m1 'Ethernet controller' | cut -d ' ' -f 1)
+ python ./usertools/dpdk-devbind.py -b igb_uio $interface
+}
+
+function build_pktgen {
+ cd $Pktgen_Dir
+ export RTE_SDK=$DPDK_DIR
+ export RTE_TARGET=x86_64-native-linux-gcc
+ make
+}
+
+mkdir /opt/config
+echo "$demo_artifacts_version" > /opt/config/demo_artifacts_version.txt
+echo "$vpg_private_ip_0" > /opt/config/vpg_private_ip0.txt
+echo "$ipsec_a_private_ip_0" > /opt/config/ipsec_a_private_ip0.txt
+echo "$protected_clientA_network_name" > /opt/config/protected_clientA_network_name.txt
+echo "$dcae_collector_ip" > /opt/config/dcae_collector_ip.txt
+echo "$dcae_collector_port" > /opt/config/dcae_collector_port.txt
+echo "$protected_clientA_net_gw" > /opt/config/protected_clientA_net_gw.txt
+echo "$protected_clientA_net_cidr" > /opt/config/protected_clientA_net_cidr.txt
+
+echo 'vm.nr_hugepages = 1024' >> /etc/sysctl.conf
+sysctl -p
+
+setup_dependencies
+build_dpdk
+build_pktgen
diff --git a/kud/tests/vIPSec/remote_ipsec b/kud/tests/vIPSec/remote_ipsec
new file mode 100755
index 00000000..6a676c96
--- /dev/null
+++ b/kud/tests/vIPSec/remote_ipsec
@@ -0,0 +1,164 @@
+#!/bin/bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2019 Intel Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+# This script prepares the runtime environment
+# for running vIPSec shell scripts on Ubuntu18.04
+
+set -o nounset
+set -o pipefail
+set -o xtrace
+set -o errexit
+
+function setup_dependencies {
+ apt-get update
+ apt-get install -y curl gnupg2 pciutils make gcc libnuma-dev python git linux-headers-`uname -r` module-init-tools libssl-dev
+ echo "deb [trusted=yes] https://packagecloud.io/fdio/release/ubuntu bionic main" >> /etc/apt/sources.list.d/99fd.io.list
+ curl -L https://packagecloud.io/fdio/master/gpgkey | apt-key add -
+}
+
+function install_vpp {
+ apt-get update
+ apt-get install -y vpp vpp-plugin-core vpp-plugin-dpdk
+}
+
+function install_dpdk {
+ cd /opt
+ git clone http://dpdk.org/git/dpdk
+ cd /opt/dpdk
+ export RTE_TARGET=x86_64-native-linux-gcc/ && export DESTDIR=/opt/dpdk && export RTE_SDK=/opt/dpdk && make install T=x86_64-native-linux-gcc
+ modprobe uio
+ insmod x86_64-native-linux-gcc/kmod/igb_uio.ko
+}
+
+function ipsec_settings {
+# Create vpp configuration file
+ cat > /opt/config/vpp.config << EOF
+ unix {
+ exec /opt/config/ipsec.conf
+ nodaemon
+ cli-listen /run/vpp/cli.sock
+ log /tmp/vpp.log
+ }
+
+ cpu {
+ main-core 0
+ corelist-workers 1
+ }
+
+ dpdk {
+ socket-mem 512
+ log-level debug
+ no-tx-checksum-offload
+ dev default{
+ num-tx-desc 512
+ num-rx-desc 512
+ }
+ dev interfaceABus
+ {
+ workers 0
+ }
+ dev interfaceBBus
+ {
+ workers 0
+ }
+ vdev crypto_aesni_mb0
+
+ no-multi-seg
+
+ #enable_cryptodev
+
+ }
+EOF
+
+# Check if sriov and qat are enabled, bind the pci devices with igb_uio driver
+ if [ "$sriov_enabled" = true ]; then
+ export interfaceABus=$(lspci -D -nn | grep -m1 '8086:154c' | cut -d ' ' -f 1)
+ export interfaceBBus=$(lspci -D -nn | grep -m2 '8086:154c' | cut -d ' ' -f 1 | tail -n1)
+ else
+ export interfaceABus=$(ls -la /sys/class/net | grep 'eth1' | cut -d '/' -f 5)
+ export interfaceBBus=$(ls -la /sys/class/net | grep 'eth3' | cut -d '/' -f 5)
+ fi
+ sed -i -e "s/interfaceABus/${interfaceABus}/g" -e "s/interfaceBBus/${interfaceBBus}/g" /opt/config/vpp.config
+ python /opt/dpdk/usertools/dpdk-devbind.py -b igb_uio $interfaceABus $interfaceBBus
+ export interfaceA=$(vppctl sh int | awk '$2 == "1"' | cut -d ' ' -f 1)
+ export interfaceB=$(vppctl sh int | awk '$2 == "2"' | cut -d ' ' -f 1)
+
+ if [ "$qat_enabled" = true ]; then
+ export qatABus=$(lspci -D -nn | grep -m1 '8086:37c9' | cut -d ' ' -f 1)
+ export qatBBus=$(lspci -D -nn | grep -m2 '8086:37c9' | cut -d ' ' -f 1 | tail -n1)
+ python /opt/dpdk/usertools/dpdk-devbind.py -b igb_uio $qatABus $qatBBus
+ sed -i "/#enable_cryptodev/a\n dev $qatABus\n dev $qatBBus\n" /opt/config/vpp.config
+ sed -i "/vdev crypto_aesni_mb0/d" /opt/config/vpp.config
+ fi
+
+# Create ipsec configuration file
+ cat > /opt/config/ipsec.conf << EOF
+ set interface state VirtualFunctionEthernet0/5/0 up
+ set interface state VirtualFunctionEthernet0/6/0 up
+
+ set interface ip address VirtualFunctionEthernet0/5/0 input_interface_ip/24
+ set interface ip address VirtualFunctionEthernet0/6/0 output_interface_ip/24
+
+ set int promiscuous on VirtualFunctionEthernet0/5/0
+ set int promiscuous on VirtualFunctionEthernet0/6/0
+
+ set ip arp VirtualFunctionEthernet0/6/0 remote_tunnel_ip fa:16:3e:a6:e4:c7
+ set ip arp VirtualFunctionEthernet0/5/0 routing_ip fa:16:3e:f1:65:dc
+
+ ip route add count 1 packet_dst/32 via route_interface VirtualFunctionEthernet0/6/0
+
+ ipsec spd add 1
+ set interface ipsec spd VirtualFunctionEthernet0/6/0 1
+ ipsec sa add 1 spi 1921681004 esp tunnel-src local_tunnel_ip tunnel-dst remote_tunnel_ip crypto-key 2b7e151628aed2a6abf7158809cf4f3d crypto-alg aes-cbc-128 integ-key 6867666568676665686766656867666568676669 integ-alg sha1-96
+ ipsec policy add spd 1 traffic_direction priority 100 action protect sa 1 local-ip-range packet_src-packet_src remote-ip-range packet_dst-packet_dst
+ ipsec policy add spd 1 traffic_direction priority 90 protocol 50 action bypass local-ip-range packet_src-255.255.255.255 remote-ip-range remote_tunnel_ip-remote_tunnel_ip
+EOF
+
+# Replace the actual ip and interfaces into the ipsec configuration
+ sed -i -e "s/input_interface_ip/${input_interface_ip}/g" -e "s/output_interface_ip/${output_interface_ip}/g" -e "s/routing_ip/${vsn_private_ip_0}/g" -e "s#VirtualFunctionEthernet0/5/0#${interfaceA}#g" -e "s#VirtualFunctionEthernet0/6/0#${interfaceB}#g" -e "s/local_tunnel_ip/${local_tunnel_ip}/g" -e "s/remote_tunnel_ip/${remote_tunnel_ip}/g" -e "s/route_interface/${route_interface}/g" -e "s/packet_src/${packet_src}/g" -e "s/packet_dst/${packet_dst}/g" -e "s/traffic_direction/${traffic_direction}/g" /opt/config/ipsec.conf
+ vpp -c /opt/config/vpp.config
+}
+
+
+mkdir /opt/config
+echo "$demo_artifacts_version" > /opt/config/demo_artifacts_version.txt
+echo "$dcae_collector_ip" > /opt/config/dcae_collector_ip.txt
+echo "$dcae_collector_port" > /opt/config/dcae_collector_port.txt
+echo "$ipsec_private_net_gw" > /opt/config/ipsec_private_net_gw_ip.txt
+echo "$ipsec_private_net_cidr" > /opt/config/ipsec_private_net_cidr.txt
+echo "$ipsec_private_network_name" > /opt/config/ipsec_private_network_name.txt
+echo "$packet_src" > /opt/config/packet_source_ip.txt
+echo "$packet_dst" > /opt/config/packet_destination_ip.txt
+echo "$remote_tunnel_ip" > /opt/config/remote_tunnel.txt
+echo "$route_interface" > /opt/config/route_interface.txt
+echo "$traffic_direction" > /opt/config/traffic_direction.txt
+echo "$vipsecB_private_ip_0" > /opt/config/vipsecB_private_ip0.txt
+echo "$vipsecB_private_ip_2" > /opt/config/vipsecB_private_ip2.txt
+echo "$protected_clientB_network_name" > /opt/config/protected_clientB_network_name.txt
+echo "$protected_clientB_net_gw" > /opt/config/protected_clientB_net_gw.txt
+echo "$protected_clientB_net_cidr" > /opt/config/protected_clientB_net_cidr.txt
+
+echo 'vm.nr_hugepages = 1024' >> /etc/sysctl.conf
+sysctl -p
+
+setup_dependencies
+install_vpp
+install_dpdk
+ipsec_settings
diff --git a/kud/tests/vIPSec/sink b/kud/tests/vIPSec/sink
new file mode 100755
index 00000000..c180d43c
--- /dev/null
+++ b/kud/tests/vIPSec/sink
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2019 Intel Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+# This script prepares the runtime environment
+# for running vIPSec shell scripts on Ubuntu 18.04
+
+set -o nounset
+set -o pipefail
+set -o xtrace
+set -o errexit
+
+function setup_dependencies {
+ apt-get update
+ apt install -y wget darkstat net-tools unzip
+
+ # Configure and run Darkstat
+ sed -i "s/START_DARKSTAT=.*/START_DARKSTAT=yes/g;s/INTERFACE=.*/INTERFACE=\"-i eth1\"/g" /etc/darkstat/init.cfg
+
+ systemctl restart darkstat
+}
+
+mkdir -p /opt/config/
+echo "$protected_net_cidr" > /opt/config/protected_net_cidr.txt
+echo "$vfw_private_ip_0" > /opt/config/fw_ipaddr.txt
+echo "$vsn_private_ip_0" > /opt/config/sink_ipaddr.txt
+echo "$demo_artifacts_version" > /opt/config/demo_artifacts_version.txt
+echo "$protected_net_gw" > /opt/config/protected_net_gw.txt
+echo "$protected_private_net_cidr" > /opt/config/unprotected_net.txt
+
+setup_dependencies
+