Aruba JL852AAE Configuration Guide

Brand: Aruba

Model: JL852AAE

Category: Networking

Type: Configuration Guide

This manual is also suitable for

IMC Orchestrator 6.2 OpenStack Cloud

Scenario Service Configuration Guide

The information in this document is subject to change without notice.

 
i 
Contents 
Overview ························································································1 
Configure basic underlay network settings ·············································2 
Configure basic security device settings ················································3 
Configure basic controller settings ·······················································4 
Log in to the controller··················································································································· 4 
Add a fabric ································································································································ 4 
Configure a VDS ·························································································································· 5 
Configure global parameters ·········································································································· 6 
Configure security service resources ······························································································· 7 
Add a border device group ············································································································· 8 
Add a tenant ······························································································································· 8 
Add a border gateway ··················································································································· 9 
Configure basic OpenStack settings ·····················································0 
Configure a hybrid overlay network ······················································3 
Network planning ························································································································· 3 
Network topology ·················································································································· 3 
Resource plan ······················································································································ 5 
Deployment workflow ···················································································································· 7 
Procedure ··································································································································· 7 
Configure vBGP ···················································································································· 7 
Configure network overlay (non-hierarchical onboarding) ···························································· 11 
Configure network overlay (hierarchical onboarding) ·································································· 20 
Configure the network with direct egress ·················································································· 30 
Configure the network with security egress··············································································· 34 
Configure OpenStack bare metal ······················································· 43 
Network planning ······················································································································· 43 
Network topology ················································································································ 43 
Resource plan ···················································································································· 44 
Deployment workflow ·················································································································· 45 
Procedure ································································································································· 45 
Configure the compute node ································································································· 45 
Configure bonding interfaces on the ironic node ········································································ 46 
Configure IMC Orchestrator settings ······················································································· 46 
Configure OpenStack resources ····························································································· 49 
Configure settings in the inspection phase for bare metal nodes ··················································· 51 
Configure settings in the provisioning phase for bare metal nodes ················································ 55 
Configure settings in the running phase for bare metal nodes ······················································ 57 
O&M monitoring ············································································· 58 
 

Overview

IMC Orchestrator supports the hybrid overlay scenario of interoperating with native OpenStack. The

scenario mainly implements the hybrid traffic model containing weak-control EVPN network overlay

and strong-control host overlay. OpenStack provides rich versions. This configuration guide uses the

Rocky version as an example to describe the passthrough and secure incorporation network

scenario models.

Configure basic underlay network

settings

Configure and incorporate switching devices on the network. For more information, see IMC

Orchestrator 6.2 Underlay Network Configuration Guide.

Configure basic security device settings

Configure security devices on the network as needed. For more information, see IMC Orchestrator

6.2 Security Service Resource Configuration Guide.

Configure basic controller settings

After the controller is deployed, the corresponding menus are loaded in the unified platform. Log in

to the unified platform to use the controller functions.

The unified platform provides a friendly UI. To log in to the unified platform:

1. In the address bar of the browser, enter the login address (the default is

http://ip_address:30000/central/index.html) of the unified platform, and press Enter to enter

the login page.

 The ip_address parameter specifies the northbound service VIP of the cluster of the

Installer where the unified platform is installed.

 30000 is the port number.

Add a fabric

1. Navigate to the Automation > Data Center Networks > Fabrics > Fabrics page. Click Add.

On the page that opens, specify the following fabric parameters:

 Name: fabric1.

 Overlay BGP AS Number: Required. The AS number must be the same as the BGP AS

number on devices in the fabric, for example, 100.

 Specify the other parameters as needed. In this example, use the default settings.

Figure 1 Adding a fabric

2. Click OK.

3. After the fabric is created, click the icon in the Actions column for the fabric, and then

click the Settings tab. On this tab, you can configure advanced settings for the fabric

according to the network requirements. As a best practice to reduce packet flooding in the

network, select the Unknown Unicast Suppression, Unknown Multicast Suppression,

and Broadcast Suppression options. Use the default settings for the other parameters.

Figure 2 Advanced configuration for a fabric

Configure a VDS

1. Navigate to the Automation > Data Center Networks > Common Network Settings >

Virtual Distributed Switch page. Click the Edit icon in the Actions column for VDS1 to enter

the page for editing VDS1. Click the Carrier Fabric tab. On this tab, add fabric fabric1.

Figure 3 Adding a fabric to a VDS

2. Click the Advanced Settings tab. On this tab, configure advanced settings for VDS1.

 Bridge Name: vds1-br.

 VXLAN Tunnel Interface Name: vxlan_vds1-br.

 vSwitch Learned Entries Aging Time (seconds): 300.

 Specify the other parameters as needed. In this example, use the default settings.

Figure 4 Advanced settings

Configure global parameters

1. If IPv6 services exist in the network, to ensure proper operation of IPv6 services, you must

enable global IPv6 configuration on the controller as follows:

a. Navigate to the Automation > Data Center Networks > Fabrics > Parameters page.

Click the Controller Global Settings tab.

b. Select On for the IPv6 field.

2. Disable deploying security policy flow table to switching devices as follows:

a. Navigate to the Automation > Data Center Networks > Fabrics > Parameters page.

Click the Controller Global Settings tab.

b. Select Off for the Deploy Security Policy Flow Table to Switching Devices field.

3. To generate the VRF names according to rules, you must specify the global VRF autonaming

mode on the controller as follows:

a. Navigate to the Automation > Data Center Networks > Fabrics > Parameters page.

Click the Controller Global Settings tab.

b. Select Rule-Based for the VRF Autonaming Mode field. The generated VRF names are

in the format of tenant name_router name_segment ID.

Figure 5 Controller global settings

Configure security service resources

According to the service gateway section for the corresponding device model in IMC Orchestrator

6.2 Security Service Resource Configuration Guide, complete the following configurations:

• Configure IP address pools. In this scenario, you must configure three IP address pools,

including the tenant carrier LB internal network address pool, the tenant carrier FW internal

network address pool, and the virtual management network address pool. See Table 1 for IP

address pool planning.

• Configure VLAN address pools. In this scenario, you must configure the tenant carrier

network VLAN pool. See Table 1 for VLAN pool planning.

• Configure and incorporate security devices on the network. Create L4-L7 resource pools and

templates. Create two address pools, FWpool1 and LBpool1.

Table 1 Security service resource table

Configuration item

Configuration example

Description

address

pools

Tenant carrier

LB internal

network

• Name: Tenant carrier LB internal

network 1

• Address ranges:

 10.50.1.2/24-10.50.1.254/24

 2001::10:50:1:2/112-

2001::10:50:1:254/112

• Default address pool: Unselected

On an RBM network, the LB

service of a vRouter uses two

IPv4 addresses with the mask

length as 31 and uses two

IPv6 addresses with the prefix

length as 127

Tenant carrier

FW internal

network

• Name: Tenant carrier FW internal

network 1

• Address ranges:

 10.60.1.2/24-10.60.1.254/24

 2001::10:60:1:2/112-

2001::10:60:1:254/112

• Default address pool: Unselected

On an RBM network, the FW

service of a vRouter uses two

IPv4 addresses with the mask

length as 31 and uses two

IPv6 addresses with the prefix

length as 127

Configuration item

Configuration example

Description

Virtual

management

network

• Name: Virtual management network

• Address ranges: 192.168.10.2/24-

192.168.10.254/24

• Gateway address: 192.168.10.1

• Default address pool: Unselected

On an RBM network, either of

the primary vFW context and

secondary vFW context uses

one IPv4 address.

VLAN

pools

Tenant carrier

network

• Name: Tenant carrier vlan1

• VLAN range: 500 to 999.

• Default VLAN pool: Unselected

On an RBM network, the FW

service of one vRouter uses

one VLAN ID resource, and

the LB service of one vRouter

uses one VLAN ID resource.

Add a border device group

1. Navigate to the Automation > Data Center Networks > Fabrics > Fabrics page. Click the

icon in the Actions column for fabric1. Click the Border Device Groups tab.

2. Click Add. On the page that opens, configure the following parameters:

 Device Group Name: bdgroup1.

 Position: Border Gateway.

 HA Mode: DRNI.

 Connection Mode: IPs from Different Networks.

 Address Pools: Tenant Carrier FW Internal Network address pool 1, Tenant Carrier LB

Internal Network address pool 1, Virtual Management Network address pool 1.

 VLANs: VLAN 1 of the tenant carrier network type.

Figure 6 Adding a border device group

3. In the device group member area, add border devices to the border device group.

4. Click Apply in the upper right corner.

Add a tenant

1. Navigate to the Automation > Data Center Networks > Tenant Management > All Tenants

page. Click Add. On the page that opens, configure the following parameters:

 Tenant Name: tenant1.

 VDS Name: VDS1.

Figure 7 Adding a tenant

2. Click Apply.

Add a border gateway

This section provides only a configuration example. For detailed configuration contents and data,

see the basic controller settings section for each scenario.

1. Navigate to the Automation > Data Center Networks > Common Network Settings >

Border Gateways page. Click Add. On the page that opens, configure the following

parameters:

 Name: gw1.

 Gateway Sharing: Off.

 Gateway Type: Composite Gateway.

 Specify the other parameters as needed. In this example, use the default settings.

Figure 8 Adding a border gateway

2. Click Add Gateway Member. On the page that opens, configure the following parameters:

 Name: gw1member.

 Fabric: fabric1.

 Device Group: bdgroup1.

 Priority: 1.

3. You can add resources on the page for adding or editing a gateway member. On this page,

configure the following parameters:

 Service Type: Options include Virtual Firewall and Virtual Load Balancer. Select an

option according to the network requirements.

 Source from: Options include VNF Resources and L4-L7 Physical Resource Pool.

Select an option according to the network requirements.

 Resource Pool: Select an existing resource pool according to the network requirements.

Figure 9 Adding a border gateway member

4. Click Apply. On the page for adding a border gateway, click Apply.

Configure basic OpenStack settings

Before performing configuration tasks in this chapter, first install the HPE IMC Orchestrator

OpenStack plug-in in OpenStack to enable the controller to interoperate with OpenStack. For how

to install the HPE IMC Orchestrator OpenStack plug-in, see HPE IMC Orchestrator Converged

OpenStack Plug-Ins Installation Guide.

NOTE:

If the IMC Orchestrator controller has interoperated with a non-converged OpenStack plug-in, you

must configure parameters according to the configuration items for a non-converged plug-in. For

more information, see the chapter about upgrading non-converged plug-ins to converged plug-ins

in HPE IMC Orchestrator Converged OpenStack Plug-Ins Installation Guide.

Perform the following tasks when OpenStack interoperates with the controller for the first time.

Add OpenStack nodes on the controller

1. Navigate to the Automation > Data Center Networks > Virtual Networking > OpenStack

page. Click Add. The page for adding an OpenStack control node opens, as shown in Figure

10.

Configure the parameters as follows:

 After adding a node, you cannot modify its name, and the node name must be the same

as the value for the cloud_region_name field in the plug-in configuration file

/etc/neutron/plugins/ml2/ml2_conf.ini.

 The VNI range must be the same as the value for the vni_ranges field in the

/etc/neutron/plugins/ml2/ml2_conf.ini file. The VNI ranges for different OpenStack

nodes cannot overlap.

 If the controller nodes operate in HA mode, you must add the addresses of all controller

nodes rather than only the cluster VIP. If the keystone service is shared, you must add two

OpenStack nodes.

 You must install the websocket-client toolkit on the controller nodes.

Figure 10 Adding OpenStack nodes on the controller side

2. Click the Parameter Settings tab. Configure parameters. For how to configure these

parameters, see the controller help or HPE IMC Orchestrator Converged OpenStack Plug-Ins

Installation Guide.

Figure 11 OpenStack parameter settings

NOTE:

• When the tenant border gateway policy is configured as matching the border gateway

name in the egress settings, you must enter the border gateway name correctly.

• In the network fail-open scenario, you must enable the DHCP agent, and as a best

practice, configure the network node access policy as No Access.

• When the network node access policy is configured as VLAN, the DHCP-type vPorts will

be activated on the controller (come online in hierarchical mode), and the packets will be

encapsulated as VLAN packets when they are sent out of network nodes. When the

network node access policy is configured as VXLAN, the DHCP-type vPorts are not

activated on the controller, and the packets are encapsulated as VXLAN packets when

they are sent out of the network nodes. When a network node accesses a DR system,

only the VLAN mode is supported.

• If a network node can act as a DHCP server in the network, you must disable the function

of sending DHCP packets to the controller in the vNetwork settings on the controller side.

As a best practice, use the controller as the DHCP server (enable the function of sending

DHCP packets to the controller).

Configure the default VDS and VXLAN pool

This task is required only for interoperating with the controller for the first time.

In the current software version, only one VDS is supported.

To configure the default VDS and VXLAN pool:

1. Navigate to the Automation > Data Center Networks > Common Network Settings >

Virtual Distributed Switch page. Click Settings. In the dialog box that opens, select the

system VDS.

Figure 12 Setting a VDS

2. Navigate to the Automation > Data Center Networks > Resource Pools > VNID Pools >

VXLANs page. Click Add. The page for adding VXLANs opens. Add a VXLAN pool.

Figure 13 Configuring VXLAN pools

NOTE:

Create a VXLAN pool for uniformly managing the L3VNI segments of user vRouters.

Configure the default cloud platform

This task is required only when OpenStack interoperates with the controller for the non-first time and

the previous plug-in configuration items do not have the multi-cloud attribute.

To configure the default cloud platform:

1. Navigate to the Automation > Data Center Networks > Virtual Networking > OpenStack

page. Click Default Cloud Platform. In the dialog box that opens, select the default cloud

platform.

Figure 14 Setting the default cloud platform

Configure a hybrid overlay network

The campus access devices do not support bare metal access.

Network planning

Network topology

Figure 15 OpenStack hybrid overlay network diagram

A hybrid overlay network includes a host overlay network and network overlay network. The ARP

proxy function is not supported on the host overlay side. The LB VIP and members cannot be on the

same subnet. The client and VIP cannot be on the same subnet.

On a host overlay network, the vSwitches on OpenStack compute nodes act as VTEPs and establish

VXLAN tunnels to other VTEPs for forwarding VXLAN packets. On a host overlay network, you need

the vBGP component to provide the IBGP routing function. The vBGP component is deployed on the

IMC PLAT server. The IMC PLAT server is connected to the management switch through an

aggregate interface, and the management switch is connected to Spine1 and Spine2. An IBGP

neighbor is established between the vBGP component and RR to synchronize route information.

On a network overlay network, leaf switches act as VTEPs and establish VXLAN tunnels to other

VTEPs, and the vSwitches on OpenStack compute nodes do not act as VTEPs or provide VXLAN

packet forwarding. The network overlay includes hierarchical onboarding and non-hierarchical

onboarding scenarios. In the non-hierarchical onboarding scenario, the controller deploys VXLAN

configuration to leaf devices based on VLAN-VXLAN mappings. In the hierarchical onboarding

Internet

Border1 Border2

Leaf1 Leaf2 Leaf3 Leaf4

IPL

IPL IPL

Spine1 Spine2

Leaf5 IPL Leaf6

FW2 LB1 LB2

FW1

OpenStack

Compute Node 1

（Host overlay）

OpenStack

Compute Node 2

（Host overlay）

OpenStack

Compute Node 3

（Network overlay）

OpenStack

Compute Node 4

（Network overlay）

OpenStack

Compute Node 5

（Hierarchical network

overlay）

OpenStack

Compute Node 6

（Hierarchical network

overlay）

OpenStack

components

Managem

ent switch

vBGP1 vBGP2

IMC Orchestrator

scenario, the controller deploys VXLAN configuration to leaf devices based on VXLAN-VLAN

mappings on different compute nodes dynamically negotiated by OpenStack and the controller.

For the connections between switching devices, see IMC Orchestrator 6.2 Underlay Network

Configuration Guide. For the connections between devices and OpenStack compute nodes, see

Table 2.

Table 2 Device IP addresses and interfaces on the network

Device

Purpose

Management

Service IP and interface

Spine1

Underlay

physical

device

192.168.11.2

Loopback0 10.1.1.2/32

XGE6/0/20 (connecting to XGE1/0/5

on management switch)

Spine2

Underlay

physical

device

192.168.11.3

Loopback0 10.1.1.3/32

XGE6/0/20 (connecting to XGE1/0/6

on management switch)

vBGP node 1

vBGP

192.168.13.4

vBGP service aggregate interface on

the physical server of vBGP node 1

(connecting to BAGG4 on

management switch, with member

ports XGE1/0/3 and XGE1/0/4)

vBGP node 2

vBGP

192.168.13.3

vBGP service aggregate interface on

the physical server of vBGP node 2

(connecting to BAGG5 on

management switch, with member

ports XGE1/0/5 and XGE1/0/6)

Leaf1

Access switch

192.168.11.31

XGE1/0/40 (connecting to ens1f0 on

OpenStack compute node 1)

XGE1/0/41 (connecting to ens1f0 on

OpenStack compute node 2)

Leaf2

Access switch

192.168.11.32

XGE1/0/40 (connecting to ens1f1 on

OpenStack compute node 1)

XGE1/0/41 (connecting to ens1f1 on

OpenStack compute node 2)

Leaf3

Access switch

192.168.11.33

XGE1/0/42 (connecting to ens1f0 on

OpenStack compute node 3)

XGE1/0/43 (connecting to ens1f0 on

OpenStack compute node 4)

Leaf4

Access switch

192.168.11.34

XGE1/0/42 (connecting to ens1f1 on

OpenStack compute node 3)

XGE1/0/43 (connecting to ens1f1 on

OpenStack compute node 4)

Leaf5

Access switch

192.168.11.35

XGE1/0/44 (connecting to ens1f0 on

OpenStack compute node 3)

XGE1/0/45 (connecting to ens1f0 on

OpenStack compute node 4)

Leaf6

Access switch

192.168.11.36

XGE1/0/44 (connecting to ens1f1 on

OpenStack compute node 3)

XGE1/0/45 (connecting to ens1f1 on

OpenStack compute node 4)

Openstack compute node 1

Host name: compute-host-

Compute

node

192.168.11.164

ens1f0 (connecting to XGE1/0/40 on

leaf1)

Device

Purpose

Management

Service IP and interface

vxlan-1

ens1f1 (connecting to XGE1/0/40 on

leaf2)

Openstack compute node 2

Host name: compute-host-

vxlan-2

Compute

node

192.168.11.165

ens1f0 (connecting to XGE1/0/41 on

leaf1)

ens1f1 (connecting to XGE1/0/41 on

leaf2)

Openstack compute node 3

Host name: compute-host-

vxlan-3

Compute

node

192.168.11.166

ens1f0 (connecting to XGE1/0/42 on

leaf3)

ens1f1 (connecting to XGE1/0/42 on

leaf4)

Openstack compute node 4

Host name: compute-host-

vxlan-4

Compute

node

192.168.11.167

ens1f0 (connecting to XGE1/0/43 on

leaf3)

ens1f1 (connecting to XGE1/0/43 on

leaf4)

Openstack compute node 5

Host name: compute-host-

vxlan-5

Compute

node

192.168.11.168

ens1f0 (connecting to XGE1/0/44 on

leaf5)

ens1f1 (connecting to XGE1/0/44 on

leaf6)

Openstack compute node 6

Host name: compute-host-

vxlan-6

Compute

node

192.168.11.169

ens1f0 (connecting to XGE1/0/45 on

leaf5)

ens1f1 (connecting to XGE1/0/45 on

leaf6)

Resource plan

Table 3 Resource plan

Aruba JL852AAE Configuration Guide

Brand: Aruba

Model: JL852AAE

Category: Networking

Type: Configuration Guide

This manual is also suitable for

Download PDF

report

Aruba JL852AAE Configuration Guide

This manual is also suitable for

Aruba JL852AAE Configuration Guide

Related papers

Other documents