Aruba JL853AAE Configuration Guide

Category
Networking
Type
Configuration Guide

This manual is also suitable for

HPE IMC Orchestrator 6.3 Security RBM
Scenario
Multiple Egresses and Primary/Backup
Egresses Configuration Guide
The information in this document is subject to change without notice.
© Copyright 2023 Hewlett Packard Enterprise Development LP
i
Contents
Overview ························································································1
Configure basic controller settings ·······················································2
Log in to the controller··················································································································· 2
Create a fabric ····························································································································· 2
Configure virtual distributed switch VDS1 ························································································· 3
Configure global controller settings ·································································································· 4
Create an IP address pool ············································································································· 5
Create VLAN pool VLAN300 ·········································································································· 5
Create a device group ··················································································································· 6
Configure VLAN-VXLAN mappings ·································································································· 7
Create a tenant ···························································································································· 9
Configure multiple egresses directly connected to external networks for a
single fabric (network segmentation) ·················································· 10
Network planning ······················································································································· 10
Network topology ················································································································ 10
Resource plan ···················································································································· 12
Deployment workflow ·················································································································· 13
Procedure ································································································································· 14
Configure the underlay network ······························································································ 14
Configure basic controller settings ·························································································· 14
Add a border gateway ·········································································································· 15
Bind gateways to tenants ······································································································ 18
Add a virtual network ··········································································································· 19
Add a vRouter ···················································································································· 21
Add an external network ······································································································· 22
Configure NQA profiles and bind the profiles to the external network ············································· 25
Bind gateways and external networks to a vRouter ···································································· 27
Verify the deployed configuration ···························································································· 29
Configure NQA entries and startup settings ·············································································· 29
Verify the service ················································································································· 32
Configure underlay settings on ED devices in multiple fabrics ·················· 34
Network planning ······················································································································· 34
Network topology ················································································································ 34
Resource plan ···················································································································· 38
Deployment workflow ·················································································································· 38
Procedure ································································································································· 38
Configure the underlay network ······························································································ 38
Configure basic controller settings ·························································································· 42
Add a fabric connection ········································································································ 42
View expected configuration deployment ················································································· 43
Configure network segment-based primary and backup egresses across
multiple fabrics ·············································································· 47
Network planning ······················································································································· 47
Network topology ················································································································ 47
Resource plan ···················································································································· 52
Configuration workflow ················································································································ 53
Procedure ································································································································· 53
Configure basic underlay network settings ··············································································· 53
Configure basic controller settings ·························································································· 53
Add a fabric connection ········································································································ 55
Add a border gateway ·········································································································· 55
Bind a border gateway to a tenant ·························································································· 57
ii
Add a virtual network and vRouters························································································· 57
Add external networks ·········································································································· 60
Configure primary and backup egresses to external networks through vRouters ······························ 65
Add and bind NQA profiles ···································································································· 66
Verify that the configuration has been deployed correctly ···························································· 67
Configure track entries for quick route failover ·········································································· 69
Configure the core device ····································································································· 69
Verify the service ················································································································· 70
Configure multi-fabric EVPN multicast ················································ 71
Network planning ······················································································································· 71
Network topology ················································································································ 71
Resource plan ···················································································································· 72
Deployment workflow ·················································································································· 73
Procedure ································································································································· 73
Configure basic underlay network settings ··············································································· 73
Configure basic settings on the controller ················································································· 74
Deploy the multi-fabric multicast network ················································································· 75
Verify the service ················································································································· 83
Configure direct Internet access with network segmentation in multifabric
deployment ··················································································· 87
Network planning ······················································································································· 87
Network topology ················································································································ 87
Resource plan ···················································································································· 90
Deployment workflow ·················································································································· 92
Procedure ································································································································· 92
Configure basic underlay network settings ··············································································· 92
Configure basic settings on the controller for network deployment ················································ 92
Add a fabric connection ········································································································ 94
Add the border gateways ······································································································ 95
Bind the gateway to the tenant ······························································································· 96
Add vNetworks and vRouters ································································································ 97
Add the external network ···································································································· 100
Configure primary and backup border gateways for Internet access without firewall protection ········· 105
Configure NQA and bind NQA profiles to the external subnets ··················································· 106
Verify that the configuration has been deployed correctly ·························································· 107
Manually configure settings from the CLI of the devices ···························································· 109
Verify the service ··············································································································· 110
Configure direct Internet access with BGP in multifabric deployment ······· 111
Network planning ····················································································································· 111
Network topology ·············································································································· 111
Resource plan ·················································································································· 114
Deployment workflow ················································································································ 115
Procedure ······························································································································· 116
Configure basic underlay network settings ············································································· 116
Configure external network switches manually ········································································ 116
Configure basic settings on the controller for network deployment ·············································· 118
Add a fabric connection ······································································································ 120
Add the border gateways ···································································································· 121
Bind the gateway to the tenant ····························································································· 122
Add vNetworks and vRouters ······························································································ 123
Bind the vRouter to border gateways ···················································································· 126
Configure vRouter connections ···························································································· 127
Configure BGP peers for border routers ················································································· 128
Bind DRNI routed peer links to border routers ········································································· 130
Verify configuration deployment ··························································································· 131
Manually configure devices from the CLI ················································································ 147
Verify the service ··············································································································· 147
iii
O&M monitoring ··········································································· 149
1
Overview
This guide describes how to configure multiple egresses and primary/backup egresses in a
single-fabric or multi-fabric network.
Traffic that accesses the external network through a secure link passes a firewall. Traffic that
accesses the external network through a direct link directly accesses the external network through
the default route, without passing a firewall. This guide contains configuration in the following
scenarios:
• Configure multiple egresses directly connected to external networks for a single fabric (network
segmentation)
A single-fabric network has three direct link egresses: egress 1, egress 2, and egress 3. Egress
1 has the highest priority. When egress 1 fails, egress 2 takes over to forward traffic. When
egress 2 fails, egress 3 takes over to forward traffic.
• Configure underlay settings on ED devices in multiple fabrics
This section describes how to configure edge device underlay and fabric connection settings in
a multi-fabric network when the edge devices in all the fabrics are configured with DRNI.
• Configure network segment-based primary and backup egresses across multiple fabrics
A multi-fabric network has multiple direct link egresses. One egress acts as the primary egress
and the others act as backup egresses. When the primary egress fails, a backup egress takes
over to forward traffic to the external network.
• Configure multi-fabric EVPN multicast
Configure EVPN multicast for multicast receivers on one fabric to receive multicast traffic from a
multicast source (or server) on another fabric.
• Configure direct Internet access with network segmentation in multifabric deployment
On a multifabric network, configure static routes on each fabric to provide external connectivity
for direct Internet access without traversing a firewall. Internet-bound traffic on a fabric
traverses its local external connection as long as the connection is available. When the local
external connection is unavailable, Internet-bound traffic on fabric traverses the external
connection on a remote fabric.
• Configure direct Internet access with BGP in multifabric deployment
On a multi-fabric network, configure BGP routes on each fabric to provide external connectivity
for direct Internet access without traversing a firewall. Internet-bound traffic on a fabric
traverses its local external connection as long as the connection is available. When the local
external connection is unavailable, Internet-bound traffic on fabric traverses the external
connection on a remote fabric.
2
Configure basic controller settings
Log in to the controller
After the controller is deployed, you can log in to IMC PLAT through a browser to use the controller
features.
To log in to IMC PLAT, access the URL http://ip_address:30000/central/index.html through a
browser. The ip_address address is the northbound service virtual IP address of the Installer where
IMC PLAT resides.
Figure 1 Logging in to IMC PLAT
Create a fabric
1. Navigate to the Automation > Data Center Networks > Fabrics > Fabrics page.
2. Click Add, and then configure the parameters as follows:
ï‚¡ Specify a name for the fabric. In this example, set the fabric name to fabric1.
ï‚¡ Set the overlay BGP AS number. The AS number must be the same as the BGP AS number
of devices in the fabric. In this example, set the AS number to 100.
ï‚¡ Enable the multicast network and EPG controller features as needed.
ï‚¡ Configure other parameters as needed. In this example, the default settings are used.
3. Click OK.
3
Figure 2 Creating a fabric
4. Click the icon in the Actions column for the added fabric, and then click the Settings tab.
5. Configure advanced settings for the fabric as needed. In this example, the default settings are
used.
Figure 3 Configuring advanced fabric settings
Configure virtual distributed switch VDS1
1. Navigate to the Automation > Data Center Networks > Common Network Settings >
Virtual Distributed Switch page.
2. Click the edit icon in the Actions column for VDS1.
3. On the Carrier Fabric tab, select fabric fabric1.
4
Figure 4 Selecting a fabric for the VDS
4. Click the Advanced Settings tab, and then configure the parameters as follows:
ï‚¡ Set the bridge name to vds1-br.
ï‚¡ Set the VXLAN tunnel interface name to vxlan_vds1-br.
ï‚¡ Set the aging time for flow entries learned by the vSwitch to 300 seconds.
ï‚¡ Configure other parameters as needed. In this example, the default settings are used.
Figure 5 Configuring advanced settings
Configure global controller settings
Navigate to the Automation > Data Center Networks > Fabrics > Parameters page, and then click
the Controller Global Settings tab.
1. To run IPv6 services in the network, enable IPv6.
2. To reduce the ACL resource usage of switches, disable the controller from deploying the
security policy flow table to switching devices.
3. To enable the controller to automatically generate VRF names based on a specific rule, set the
VRF autonaming mode to rule-based. Then, the controller will automatically generate VRF
names in the tenant name_router name_Segment ID format.
5
Figure 6 Configuring global controller settings
Create an IP address pool
1. Navigate to the Automation > Data Center Networks > Resource Pools > IP Address Pools
page.
2. Click Add, and then configure the parameters as follows:
ï‚¡ Specify a name for the address pool.
ï‚¡ Select an address pool type.
ï‚¡ Select whether to use this address pool as the default address pool. Each address pool type
can have only one default address pool.
ï‚¡ Configure the address ranges.
3. Click Apply.
Figure 7 Creating an IP address pool
Create VLAN pool VLAN300
1. Navigate to the Automation > Data Center Networks > Resource Pools > VNID Pools >
VLANs page.
2. Click Add, and then configure the parameters as follows:
6
ï‚¡ Set the VLAN pool name to VLAN300.
ï‚¡ Set the VLAN pool type to tenant carrier network.
ï‚¡ Add VLAN ID range 300 to 399.
3. Click Apply.
Figure 8 Creating a VLAN pool
Create a device group
1. Navigate to the Automation > Data Center Networks > Fabrics > Fabrics page.
2. Click the icon in the Actions column for fabric1, and then click the Device groups tab.
3. Click Add, and then configure the basic parameters as follows:
ï‚¡ Specify a name for the device group.
ï‚¡ Select whether the device group is a remote device group. This parameter cannot be edited
after configuration.
ï‚¡ Select network positions as needed. This parameter cannot be edited after configuration. In
a single-fabric scenario, select border gateway. In a fabric interconnection scenario, select
border gateway and fabric interconnection. In a DC interconnection scenario, select border
gateway and DC interconnection.
ï‚¡ Set the HA mode to DRNI.
IMPORTANT:
In a fabric interconnection scenario, if edge device and border device are deployed on the same
device, only one device group is required, and select border gateway and fabric interconnection
as the network positions. If edge device and border device are deployed on different devices,
two device groups are required, select fabric interconnection as the network position for the
device group to which the edge device belongs, and select border gateway as the network
position for the device group to which the border device belongs.
4. Configure the border gateway parameters as needed. The connection mode cannot be edited
after configuration.
5. Add border devices to the device group.
6. Click Apply.
7
Figure 9 Creating a device group
Configure VLAN-VXLAN mappings
The following information is provided only for illustration purposes. For scenario-specific
configuration and data, see the basic controller settings for each scenario.
To configure VLAN-VXLAN mappings:
1. Navigate to the Automation > Data Center Networks > Resource Pools > VNID Pools >
VLAN-VXLAN Mappings page.
2. Click Add, select VLAN-VXLAN Mapping, and then perform the following tasks:
a. Enter a name for the mapping. In this example, set the mapping name to map1.
Figure 10 Configuring VLAN-VXLAN mappings
b. Click Add Mapping, and then configure the parameters as follows:
− Set the mapping name to map001.
− Set the start VLAN ID to 2001.
− Set the start VXLAN ID to 2001.
− Set the mapping range length to 4.
− Set the access mode to VLAN.
After the configuration, click Apply.
8
Figure 11 Adding VLAN-VXLAN mapping
c. Click Apply.
3. On the VLAN-VXLAN Mappings page, click the link in the Applied to Interfaces column for
map1.
You can also click the link in the Applied to Devices column to apply the VLAN-VXLAN
mapping to devices.
Figure 12 Applying the VLAN-VXLAN mapping to interfaces
4. Select the target devices, select the access or aggregate interfaces on the selected devices,
add the selected interfaces to the selected interface list, and then click Apply.
NOTE:
In this step for a manually deployed device, you must click Specify Downlink Interfaces to add
the downlink aggregate interfaces of the device to the available interface list. For automatically
deployed devices, you do not need to perform this step. The controller can automatically obtain
the aggregate interface information. This document uses automated deployment as an
example.
9
Figure 13 Selecting interfaces
Create a tenant
This section gives only a configuration example. For detailed configuration and data, see the basic
controller settings chapter for each scenario.
To create a tenant:
1. Navigate to the Automation > Data Center Networks > Tenant Management > All Tenants
page.
2. Click Add, and then configure the parameters as follows:
ï‚¡ Specify a tenant name. In this example, set the tenant name to tenant1.
ï‚¡ Select a VDS. In this example, select VDS1.
Figure 14 Creating a tenant
3. Click Apply.
10
Configure multiple egresses directly
connected to external networks for a
single fabric (network segmentation)
Network planning
Network topology
As shown in Figure 15, the core switch has multiple egresses directly connected to the Internet:
internet1, internet2, and internet3. Make sure the priorities of internet1, internet2, and internet3 are in
descending order for internet2 to take over services when internet1 is down and internet3 to take
over services when both internet1 and internet2 are down.
Use Table 1 to identify device connections.
Figure 15 Network diagram
Border1 Border2
Leaf1 Leaf2
Server1 Server2
peer-link
peer-link
Spine1 Spine2
Leaf3 Leaf4
Server3 Server4
peer-link
Internet
Core Internet1 traffic
Internet2 traffic
External network traffic
Internet3 traffic
11
Table 1 Device IP address and interface description
Device
Description
Management IP
Border 1
EVPN border device
192.168.11.8
Border 2
EVPN border device
192.168.11.9
Border 3
EVPN border device
192.168.11.10
Border 4
EVPN border device
192.168.11.11
Spine 1
Underlay physical
device
192.168.11.2
Spine 2
Underlay physical
device
192.168.11.3
Leaf 1
EVPN access
device
192.168.11.4
12
Device
Description
Management IP
Leaf 2
EVPN access
device
192.168.11.5
Leaf 3
EVPN access
device
192.168.11.6
Leaf 4
EVPN access
device
192.168.11.7
NOTE:
In this example, the Spine and Border tiers use 12900E and the Leaf tier uses 5945. To use any
other devices, plan the network as needed. The interface connections are for illustration only.
Resource plan
Table 2 Resource plan
Item
Configuration example
Remarks
Management network
of physical devices
• 192.168.11.0/24
• Gateway: 192.168.11.1
N/A
Fabric
• Name: fabric1
• AS number: 100
N/A
VDS
• Name: VDS1
• Bearer fabric: fabric1
• VXLAN ID range: 1-16777215
The VXLAN ID range must
contain the VXLAN IDs in all
subnets of the VDS. The
VXLAN ID must be unique in
a LAN. Different VDSs
cannot be configured with the
same VXLAN ID.
External network 1
• Name: exnetwork1901
• Type: VLAN
• Network segmentation: Enabled
• Network segment name and segment ID:
ï‚¡ exnetwork1901_seg1
ï‚¡ Segment ID: 4006
ï‚¡ exnetwork1901_seg2
ï‚¡ Segment ID: 4007
ï‚¡ exnetwork1901_seg3
ï‚¡ Segment ID: 4008
N/A
13
Item
Configuration example
Remarks
• IPv4 subnet name, address, and gateway:
ï‚¡ Subnet name: v4exsubnet_int1
ï‚¡ Address: 100.0.6.0/24
ï‚¡ Gateway: 100.0.6.1
ï‚¡ Subnet name: v4exsubnet_int2
ï‚¡ Address: 100.0.7.0/24
ï‚¡ Gateway: 100.0.7.1
ï‚¡ Subnet name: v4exsubnet_int3
ï‚¡ Address: 100.0.8.0/24
ï‚¡ Gateway: 100.0.8.1
• IPv6 subnet name, address, and gateway:
ï‚¡ Subnet name: v6exsubnet_int1
ï‚¡ Address: 2001:100:0:6::/64
ï‚¡ Gateway: 2001:100:0:6::1
ï‚¡ Subnet name: v6exsubnet_int2
ï‚¡ Address: 2001:100:0:7::/64
ï‚¡ Gateway: 2001:100:0:7::1
ï‚¡ Subnet name: v6exsubnet_int3
ï‚¡ Address: 2001:100:0:8::/64
ï‚¡ Gateway: 2001:100:0:8::1
External network
service
• 19.1.1.0/24
• 19::/64
N/A
Deployment workflow
Figure 16 Deployment workflow
End
Required main process
Optional main process
Required sub process
Optional sub process
Configure controller
basics
Add border
gateway Add vNetwork
Add vRouter
Configure gateway
and service
resource
Configure tenant
network
Add fabric
Configure VDS
Configure global
parameters
Add border
device group
Add VLAN-to-
VXLAN mapping
Add tenant
Add external
network
Start Configure underlay
network
Allocate gateway to
tenant
Bind gateway and
external network to
vRouter
Add NQA profile and
bind profile to
external network
Configure NQA
entry and startup
setting
14
Procedure
Configure the underlay network
Configure and incorporate all switching devices in the network. For more information, see IMC
Orchestrator6.3 Underlay Network Configuration Guide.
Configure basic controller settings
For information about the configuration procedures, see "Configure basic controller settings." See
Table 3 for sample configuration.
Table 3 Basic controller settings
Item
Configuration example
Remarks
Add a fabric
• Basic:
ï‚¡ Name: fabric1
ï‚¡ AS number: 100
• Advanced:
ï‚¡ Unknown unicast suppression: Enabled
ï‚¡ Unknown multicast suppression: Enabled
ï‚¡ Broadcast suppression: Enabled
N/A
Configure a VDS
• Name: VDS1
• Bearer fabric: fabric1
• VXLAN ID range: 1-16777215
The VXLAN ID range
must contain the VXLAN
IDs in all subnets of the
VDS. The VXLAN ID must
be unique in a LAN.
Different VDSs cannot be
configured with the same
VXLAN ID.
Configure global
parameters
• IPv6 state: Enabled
• Deploy security policy flow table to switch
devices: Disabled
• VRF name generation: By rule
N/A
Add a device group
• Name: bdgroup1
• Position: Border gateway
• HA mode: DRNI
• Connection method: inter-subnet VLAN
• Address pool: Default address pool
• VLAN pool: Default VLAN pool
• Device group member: border1 and border2
You cannot edit the
position, remote device
group, firewall service,
and connection mode
after the group is added.
The firewall service and
position settings might
affect fabric expansion.
Please first plan the
network and then
configure the parameters.
Add a VLAN-to-VXLAN
mapping
• Name: map1
• VLAN-to-VXLAN mapping:
ï‚¡ Name: map1901
ï‚¡ Start VLAN ID: 2073
ï‚¡ Start VXLAN ID: 2073
ï‚¡ Mapping range length: 4
ï‚¡ Access mode: VLAN
• Apply to interface: Apply to all aggregate
interfaces on servers in server-leaf connections
Before applying a
mapping to an interface,
first navigate to the
Automation > Data
Center Networks >
Devices > Physical
Devices > Specify
Downlink Interfaces >
Specify Downlink
Interface [XXX] page and
configure the interface as
15
Item
Configuration example
Remarks
in the network
a downlink interface.
Add tenants
• Name: pulictenant1
• Name: tenant1
• VDS name: VDS1
N/A
Add a border gateway
Access the border gateway page and add the following non-shared gateways: gw1_internet1,
gw1_internet2, and gw1_internet3. For more information, see Table 4.
Table 4 Non-shared gateway configuration
Gateway name
Gateway sharing
Member name
Fabric
Device group
Priority
gw1_internet1
Disabled
gw1_member1
fabric1
Device group
bdgroup1
1
gw1_internet2
Disabled
gw1_member2
fabric1
Device group
bdgroup1
1
gw1_internet3
Disabled
gw1_member3
fabric1
Device group
bdgroup1
1
To configure a border gateway:
1. Navigate to the Automation > Data Center Networks > Common Network Settings >
Gateway page.
2. Click Add. Configure the following parameters:
ï‚¡ Gateway Name: gw1_internet1.
ï‚¡ Gateway Sharing: Off.
Figure 17 Adding border gateway gw1_internet1
3. Click Add Gateway Member. Configure the following parameters, and then click Apply:
ï‚¡ Member Name: gw1_member1.
ï‚¡ Fabric: fabric1.
ï‚¡ Device Group: bdgroup1.
ï‚¡ Priority: 1.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154

Aruba JL853AAE Configuration Guide

Category
Networking
Type
Configuration Guide
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI