HPE IMC Orchestrator 6.3 Container Computing Configuration Guide

i

HPE IMC Orchestrator 6.3 Container

Computing

Configuration Guide

The information in this document is subject to change without notice.

i 
Contents 
Overview ························································································1 
Configure basic controller settings ·······················································1 
Log in to the controller··················································································································· 1 
Configure fabrics ·························································································································· 1 
Configure a VDS ·························································································································· 2 
Configure global settings ··············································································································· 3 
Add a device group ······················································································································ 4 
Add a tenant ······························································································································· 5 
Configure interoperability between the CNI plug-in and the controller ··········1 
Restrictions and guidelines ············································································································ 1 
Network planning ························································································································· 1 
Network topology ·················································································································· 1 
Resource plan ······················································································································ 3 
Deployment workflow ···················································································································· 4 
Procedure ··································································································································· 4 
Configure the controller ·········································································································· 4 
Configure a worker node ······································································································· 12 
Configure the master node ···································································································· 13 
Install the CNI plug-in ··········································································································· 18 
Verify the configuration ··············································································································· 24 
Create a pod for service verification ························································································ 25 
Verify static IP address configuration ······················································································ 28 
Verify static IP address pool configuration ················································································ 31 
Verify communication between pods at Layer 2 ········································································· 33 
Verify communication between pods at Layer 3 ········································································· 34 
Verify the security group feature ····························································································· 35 
Verify the QoS feature ·········································································································· 36 
Verify the NetworkPolicy feature ····························································································· 38 
Verify access from a pod to anther pod in the same cluster ························································· 40 
Service access methods ······································································································· 40 
Verify access to the DNS service ···························································································· 41 
Verify the nodeport service ···································································································· 42 
Configure the K8s Calico network ······················································ 44 
Restrictions and guidelines ·········································································································· 44 
Network planning ······················································································································· 44 
Network topology ················································································································ 44 
Resource plan ···················································································································· 46 
Deployment workflow ·················································································································· 46 
Procedure ································································································································· 46 
Configure basic settings for the underlay network ······································································ 46 
Configure basic Calico environment settings ············································································ 46 
Configure BGP settings for the Calico network ·········································································· 47 
Configure basic controller settings ·························································································· 50 
Add a VLAN-VXLAN mapping ································································································ 50 
Add a vNetwork ·················································································································· 51 
Create a vRouter ················································································································· 52 
Verify the configuration ··············································································································· 55 
View the deployed configuration ····························································································· 55 
Verify the NIC status on the controller ····················································································· 56 
View the BGP peer state on the leaf switch ·············································································· 56 
Verify service access ··········································································································· 57 
O&M and monitoring ·········································································1 
 

1

Overview

This document describes interoperation between the controller and the CNI plug-in, and between the

controller and the Calico CNI plug-in.

• After the CNI plug-in is installed, the Pods can onboard to the controller and communicate with

each other at Layer 2 and Layer 3. The Pods can provide security group, QoS, and network

policy features. The container IP address can be a static IP, an IP address in a static IP address

pool, or an IP address in a DHCP pool on the controller. Cluster IP, Node Port, and DNS

services are supported.

• After the Calico CNI plug-in is installed, the plug-in establishes a BGP peer relationship with leaf

switches in the data center for communications between Pods through EVPN at Layer 2 and

Layer 3.

1

Configure basic controller settings

Log in to the controller

After you deploy the controller, the related menus will be displayed on IMC PLAT. You can use

controller features after logging in to IMC PLAT.

To log in to IMC PLAT, enter http://ucenter cluster northbound IP:30000/central/index.html in the

address bar, and then press Enter.

• ucenter_ip_address is the virtual IP address for northbound services provided by the Installer

cluster where IMC PLAT is deployed.

• 30000 is the port number.

Figure 1 Logging in to IMC PLAT

Configure fabrics

1. Navigate to the Automation > Data Center Networks > Fabrics > Fabrics page. Click Add to

create a fabric.

 Specify a name for the fabric. In this example, the name is fabric1.

 Specify an AS number. Make sure the AS number is the same as the BGP AS number of the

devices in the fabric. In this example, the AS number is 100.

 Multicast network is disabled by default.

 End point group (EPG) controller is disabled by default.

 Configure other parameters as needed. In this example, the default settings are used.

2

Figure 2 Configuring fabrics

2. Click OK.

3. Click in the Actions column for the fabric, and then click the Advanced Settings tab. As a

best practice to reduce packet flooding, select Suppress Unknown Unicast, Suppress

Unknown Multicast, and Suppress Unknown Broadcast.

4. Configure other parameters as needed. In this example, the default settings are used.

Figure 3 Configuring advanced settings

Configure a VDS

1. Navigate to the Automation > Data Center Networks > Common Network Settings >

Virtual Distributed Switches page. Edit the virtual distributed switch VDS1.

2. Click Add Fabric, select fabric1 in the dialog box that opens, and then click Apply.

3

Figure 4 Adding a fabric

3. Click the Advanced Settings tab to configure advanced settings for VDS 1.

 Specify the bridge name as vds1-br.

 Specify the name of the VXLAN tunnel interface as vxlan_vds1-br.

 Set the vSwitch learned flow entries aging time to 300 seconds.

 Configure other parameters as needed. In this example, the default settings are used.

Figure 5 Configuring advanced settings

Configure global settings

If IPv6 services are running on the network, enable IPv6 globally for IPv6 services to run correctly.

To configure global settings:

1. Navigate to the Automation > Data Center Networks > Fabrics > Parameters page, and

then click the Controller Global Settings tab.

2. Enable IPv6.

3. Select Off for Deploy Security Policy Flow Table to Switching Devices.

4

4. For VRF names to be automatically generated based on rules, select Rule-Based for VRF

Auto-Naming Mode. The generated VRF name is in the format of tenant name_router

name_Segment ID.

Figure 6 Configuring controller global settings

Add a device group

1. Navigate to the Automation > Data Center Networks > Fabrics > Fabrics page. Click for

fabric1, and then click the Device groups tab.

Figure 7 Adding a device group

2. Click Add, and configure the parameters as follows:

 Specify the device group name as bdgroup1.

5

 Select False for the remote device group parameter. This parameter is not editable once

configured.

 Select Border Gateway as the network position. This parameter is not editable once

configured.

 Select DRNI as the HA mode.

3. In the Boarder Gateway Settings area, configure the following parameters:

 Use the default setting for the third-party firewall parameter.

 Use the default setting for the firewall deployment mode parameter.

 Use the default setting for the connection mode parameter. This parameter is not editable

once configured.

 Select the default address pool.

 Select the default VLAN.

4. Add the border gateway to the group.

5. Click Apply.

Add a tenant

1. Navigate to the Automation > Data Center Networks > Tenant Management > All Tenants

page. Click Add, and then configure the following parameters:

 Specify the tenant name as tenant1.

 Specify the VDS name as VDS1.

Figure 8 Adding a tenant

2. Click Apply.

3. Click Details to obtain the UUID of the tenant. For interoperation with a Calico network, you do

not need to obtain the UUID.

Figure 9 Obtaining the UUID

6

1

Configure interoperability between the

CNI plug-in and the controller

Restrictions and guidelines

• The controller can interoperate with multiple Kubernetes container clouds. You must follow

these restrictions and guidelines:

 The hostname for the Nodes on multiple Kubernetes container clouds cannot be the same.

 Multiple Kubernetes container clouds cannot share the same vNetwork if static IPs are

used.

• Change the cluster IP corresponding to kube-dns in the coredns.yaml file to the address

shipped with K8s before you install the DNS plug-in.

a. Display the cluster IP address for kube-dns.

[root@k8s-master140 yml]# kubectl get svc -n kube-system

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

Calico-etcd ClusterIP 10.96.232.136 <none> 6666/TCP 32d

kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP

2h

kubernetes-dashboard NodePort 10.110.95.160 <none> 443:30437/TCP

33d

sdnc-net-master ClusterIP 10.105.188.157 <none> 9797/TCP 5d

Modification finished.

spec:

selector:

k8s-app: kube-dns

clusterIP: 10.96. 0.10

b. Delete the svc of the kube-dns component. If the component is not deleted, DNS access

flapping will occur.

1

Network planning

Network topology

Figure 10 Network diagram

The K8s cluster contains one master node and two worker nodes, without any bare metal server

deployed. Plan the network as follows:

• K8s master node—Configure one bond interface as the management network.

• K8s work node 1—Configure two bond interfaces.

 One bond interface is used as the management network. A management address is

required.

 The other bond interface is used as the service network. No IP address is required.

• K8s worker node 2—Configure two bond interfaces.

 One bond interface is used as the management network. A management address is

required.

 The other bond interface is used as the service network. No IP address is required.

In the test environment, three nodes are available. One node is the master. Only a management

address is required, and the management interface onboards to the controller. The other two nodes

are configured with a management address and a service address, respectively. The management

address onboards on the controller.

Table 1 IP and interface description

Device

Type

Management

IP

Service IP and interface

Border 1

EVPN border device

192.168.11.8

• Loopback0 10.1.1.8/32

• HGE4/0/1 (connects to HGE4/0/1 on

Border 2)

Border2

Spine2

Border1

Leaf1 Leaf2

Node1 Node2

IPL

Spine1

Controller

Components

Master

Management Management Management

Service Service

2

Device

Type

Management

IP

Service IP and interface

• HGE4/0/2 (connects to HGE4/0/2 on

Border 2)

• XGE6/0/48 (connects to XGE6/0/48 on

Border 2)

• HGE4/0/3 (connects to HGE1/0/3 on Spine

1)

• HGE4/0/4 (connects to HGE1/0/3 on Spine

2)

Border 2

EVPN border device

192.168.11.9

• Loopback0 10.1.1.9/32

• HGE4/0/1 (connects to HGE4/0/1 on

Boarder 1)

• HGE4/0/2 (connects to HGE4/0/2 on

Boarder 1)

• XGE6/0/48 (connects to XGE6/0/48 on

Boarder 1)

• HGE4/0/3 (connects to HGE1/0/4 on Spine

1)

• HGE4/0/4 (connects to HGE1/0/4 on Spine

1)

Spine 1

Underlay physical

device

192.168.11.2

• Loopback0 10.1.1.2/32

• HGE1/0/3 (connects to HGE4/0/3 on

Boarder 1)

• HGE1/0/4 (connects to HGE4/0/3 on

Boarder 2)

• HGE1/0/5 (connects to HGE1/0/25 on Leaf

1)

• HGE1/0/6 (connects to HGE1/0/25 on Leaf

2)

Spine 2

Underlay physical

device

192.168.11.3

• Loopback0 10.1.1.3/32

• HGE1/0/3 (connects to HGE4/0/4 on

Boarder 1)

• HGE1/0/4 (connects to HGE4/0/4 on

Boarder 2)

• HGE1/0/5 (connects to HGE1/0/27 on Leaf

1)

• HGE1/0/6 (connects to HGE1/0/27 on Leaf

2)

Leaf 1

EVPN access device

192.168.11.4

• Loopback0 10.1.1.4/32

• XGE1/0/9 (connects to XGE1/0/9 on Leaf

2)

• HGE1/0/29 (connects to HGE1/0/29 on

Leaf 2)

• HGE1/0/30 (connects to HGE1/0/30 on

Leaf 2)

• HGE1/0/25 (connects to HGE1/0/5 on

Spine 1)

• HGE1/0/27 (connects to HGE1/0/5 on

Spine 2)

• XGE1/0/1 (BAGG1, connects to master's

enp9s0f0)

• XGE1/0/2 (BAGG2, connects to Node 1's

enp9s0f0)

• XGE1/0/3 (BAGG3, connects to Node 1's

enp9s0f0)

3

Device

Type

Management

IP

Service IP and interface

• XGE1/0/4 (BAGG4, connects to Node 2's

enp9s0f0)

• XGE1/0/5 (BAGG5, connects to Node 2's

enp9s0f0)

Leaf 2

EVPN access device

192.168.11.5

• Loopback0 10.1.1.5/32

• XGE1/0/9 (connects to XGE1/0/9 on Leaf

1)

• HGE1/0/29 (connects to HGE1/0/29 on

Leaf 1)

• HGE1/0/30 (connects to HGE1/0/30 on

Leaf 1)

• HGE1/0/25 (connects to HGE1/0/6 on

Spine 1)

• HGE1/0/27 (connects to HGE1/0/6 on

Spine 2)

• XGE1/0/1 (BAGG1, connects to Master's

enp9s0f1)

• XGE1/0/2 (BAGG2, connects to Node 1's

enp9s0f1)

• XGE1/0/3 (BAGG3, connects to Node 1's

enp9s0f3)

• XGE1/0/4 (BAGG4, connects to Node 2's

enp9s0f1)

• XGE1/0/5 (BAGG5, connects to Node 2's

enp9s0f3)

Master

K8s master node

11.29.2.2

bond0 (enp9s0f0 and enp9s0f1, mode4,

management)

Node 1

K8s worker node

11.29.2.3

bond0 (enp9s0f0 and enp9s0f1, mode4,

management)

bond1 (enp9s0f2 and enp9s0f3, mode4,

service)

Node 2

K8s worker node

11.29.2.4

bond0 (enp9s0f0 and enp9s0f1, mode4,

management)

bond1 (enp9s0f2 and enp9s0f3, mode4,

service)

Resource plan

Table 2 Resource plan

Resource

Configuration example

Remarks

Fabric

• Name: Fabric1

• AS number: 100

N/A

VDS

• Name: VDS1

• Backbone fabric: Fabric1

• VXLAN ID range: 1 to 16777215

The VXLAN ID range must contain

VXLAN IDs for all subnets in the

VDS. A VXLAN ID is unique in a

LAN. You cannot configure the same

VXLAN ID for different VDSs.

VLAN-VXLAN

mapping

• Start VLAN: 2114

• Start VXLAN: 2114

• Mapping range length: 1

The management interface

onboards through static mapping.

Make sure the 2114 is not in the

4

Resource

Configuration example

Remarks

• Access mode: VLAN

VLAN range specified for the plug-in.

Deployment workflow

Figure 11 Deployment workflow

Procedure

Configure the controller

Configure basic settings for the underlay network

Configure and incorporate switching devices in the network. For more information, see IMC

Orchestrator 6.3 Solution Underlay Network Configuration Guide.

Configure basic controller settings

See “Configure basic controller settings.”

Configure a border gateway

1. Navigate to the Automation > Data Center Networks > Public Network > Boarder

Gateways page. Click Add to create a border gateway named gw1 of the composite type.

Start End

Required main workflow

Optional main workflow

Required sub workflow

Optional sub workflow

Basic underlay

network settings Basic controller

settings

Bind a tenant to a

boarder gateway

Add a virtual

network

Tenant network

settings

Add fabrics

Configure a

VDS

Configure

controller global

settings

Add a border

device group

Add a tenant

Add a boarder

gateway

Configure worker

nodes

Add a VLAN-

VXLAN mapping

Onboard

management

interfaces

Add a virtual

router

Add a security

policy

Add a QoS

profile

Install the Open

vSwitch software

Install the

LLDPD

software

Configure bond

interfaces

Configure the

master node

Install the Open

vSwitch software

Upload images

Configure bond

interfaces

Install the

Core-DNS

plug-in

Install the H3C

CNI plug-in

Install the plug-in

Upload Docker

images

5

Figure 12 Creating a boarder gateway

2. Click Add Gateway Member, and then configuration the following parameters:

 Specify the name as gw1member.

 Select fabric fabric1.

 Select device group bdgroup1.

 Select priority 1.

3. Click Apply.

Figure 13 Adding a boarder gateway member

4. Click Apply.

Bind a tenant to a border gateway

1. Navigate to the Automation > Data Center Networks > Tenant Management > All Tenants

page. Click in the Actions column for tenant1.

2. Click Add in the Allocate Gateway Resource area, and then select gw1 in the dialog box that

opens. Click Apply.

6

Figure 14 Selecting a boarder gateway for a tenant

Add a vNetwork

Configure the following vNetworks and subnets as required:

vNetwork

name

Segment ID

Subnet

Remarks

network2901

2113

• IP version: IPv4.

• DHCP: Enable DHCP.

• Name: subnetv4-2901.

• Subnet: 11.29.1.0/24.

• Gateway IP: 11.19.1.1

• DHCP address pool:

11.29.1.2,11.29.1.100. IP

addresses not in the

DHCP address pool can

be used as static IP

addresses and addresses

in static IP address pools.

Used for pod services.

• IP version: IPv6.

• DHCP: Enable DHCP.

• Name: subnetv6-2901.

• Subnet:

2001:11:29:1::/24.

• Gateway IP:

2001:11:29:1::1.

• IPv6 mode: Select as

required. The default

setting is used in this

example.

• DHCP address pool:

2001:11:29:1::2,

2001:11:29:1::100. IP

addresses not in the

DHCP address pool can

be used as static IP

addresses and addresses

in static IP address pools.

network2902

2114

• IP version: IPv4.

• DHCP: Enable DHCP.

• Name: subnetv4-2902.

• Subnet: 11.29.2.0/24.

• Gateway IP: 11.29.2.1

Management network, for

the management interfaces

on the master and worker

nodes to onboard to the

controller.

7

vNetwork

name

Segment ID

Subnet

Remarks

network2903

2115

• IP version: IPv4.

• DHCP: Enable DHCP.

• Name: subnetv4-2903.

• Subnet: 11.29.3.0/24.

• Gateway IP: 11.29.3.1

• cviOVSNode network

• If the

node_port_net_id

parameter is specified

in the plug-in

installation file, you

must add this network

and obtain the UUID of

the network.

network2904

2116

• IP version: IPv4.

• DHCP: Enable DHCP.

• Name: subnetv4-2904.

• Subnet: 11.29.4.0/24.

• Gateway IP: 11.29.4.1

• Default network for the

default address pool.

• If the

default_network_id

parameter is specified

in the plug-in

installation file, you

must add this network

and obtain the UUID of

the network.

In the following example, a vNetwork named network2901, with a subnet of subnetv4-2901 is

created.

1. Navigate to the Automation > Data Center Networks > Tenant Management > All Tenants

page. Click the name of tenant1.

2. Click Add. Specify the vNetwork name as network2091, specify the type as VXLAN, and

specify the segment ID as 2113.

Figure 15 Adding a vNetwork

3. On the Subnets tab, click Add, and then perform the following tasks:

 Specify the IP version as IPv4.

 Enable DHCP.

 Specify the vNetwork name as subnetv4-2901.

 Specify the subnet as 11.29.1.0/24

 and gateway IP as 11.29.1.1.

 Add 11.29.1.2 and 11.29.1.100 to the DHCP address pool. IP addresses not in the DHCP

address pool can be used as static IP addresses and addresses in static IP address pools.

8

Figure 16 Adding an IPv4 subnet

4. Click Apply.

5. Click the Advanced Configuration tab. You can configure parameters such as packet

suppression. In this example, the default settings are used.

6. Click Apply.

7. Obtain the UUID of the network.

Figure 17 Obtaining the UUID of cviOVSNode

Figure 18 Obtaining the UUID of the default network

Configure a VLAN-VXLAN mapping

1. Navigate to the Automation > Data Center Networks > Resource Pools > VNID Pools >

VLAN-VXLAN Mappings page. On the Mapping Rules tab, perform the following tasks:

 Specify the name as map2901.

 Click Add Mapping, configuration the following parameters, and then click Apply.

9

− Specify both the start VLAN and start VXLAN as 2114. The start VXLAN ID is the

segment ID of the VXLAN.

− Specify the mapping range length as 1. The mapping range specifies the VLAN ID range

that can be contained in the packets sent by the VMs or physical devices to be

onboarded to the controller.

− Specify the access mode as VLAN.

If you specify the access mode as VLAN, the Ethernet frames received by and sent to

the local site must contain VLAN tags.

If you specify the access mode as Ethernet, the Ethernet frames received by and sent

to the local site are not required to contain VLAN tags.

2. Click Apply.

Onboard a management port

1. Navigate to the Automation > Data Center Networks > Tenant tenant1 Network > vPorts >

vPorts page. Click Add to create three vPorts.

2. Specify the name as master, specify the virtual network/external network as network2902, and

specify the IP as 11.29.2.2.

Figure 19 Creating vPorts

After sending ARP packets, the VMs or physical devices connected to the interfaces that have

been bound to VLAN-VXLAN mappings will automatically onboard to the controller.

3. Navigate to the Automation > Data Center Networks > Tenant tenant1 Network > Virtual

Port > Virtual Port page to view the onboarded vPorts.

Figure 20 Onboarded management ports

Add a vRouter

1. Navigate to the Automation > Data Center Networks > Tenant tenant1 Network > Virtual

Router > Virtual Router page. Click Add.

 Specify the name as router2901, and segment ID as 11113. The value for the segment ID

parameter must be within the VXLAN ID range for the VDS.

 On the Subnets tab, click Add to add a subnet for the vRouter. Select the configured

subnet.

10

 Configure other parameters as needed. In this example, the default settings are used.

Figure 21 Adding a vRouter

2. Click Apply.

3. On the virtual router list, click the gateway link, and then bind a gateway resource to the virtual

router. If you have set the gateway resource as the default gateway, you do not need to bind a

gateway resource to the virtual router.

Add a security policy

1. Navigate to the Automation > Data Center Networks > Tenant tenant1 Network > Virtual

Port > Security Policy page. Click Add.

 Specify the name as securityrule1.

 Enable IP-MAC anti-spoofing and set the empty rule action to permit.

Figure 22 Adding a security policy

2. Click the Details icon in the Actions column for securityrule1 to obtain the UUID of the

security policy.

Page is loading ...

HPE IMC Orchestrator 6.3 Container Computing Configuration Guide

HPE IMC Orchestrator 6.3 Container Computing Configuration Guide

Related papers

Other documents