No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Typical Application Scenario and Feature Deployment

Typical Application Scenario and Feature Deployment

Typical Application Scenario of API-based Virtualization Perception

This section describes VM login and migration in typical application process interface (API)-based virtualization perception networking.

Networking Requirements

Enterprises deploy server virtualization on a data center network to achieve IT resource integration, improve resource use efficiency, and reduce network costs. With the wider deployment of server virtualization, more and more virtual machines (VMs) run in physical servers, and more and more applications run in virtualization environments, all of which brings challenges to virtual networks.

You can configure virtualization perception to take advantage of server virtualization, overcome difficulties that server virtualization brings to enterprises.

Figure 10-67 Virtualization perception
Service Deployment

To implement communications between the nCenter and vCenter and between the SwitchA and vCenter, detect the network topology, and deploy policies, deploy the following features in API-based virtualization perception networking:

  • Link Layer Discovery Protocol (LLDP): is a Layer 2 discovery protocol defined in IEEE 802.1ab. LLDP provides a standard link-layer discovery method to encapsulate information about the capabilities, management address, device ID, and interface ID of a local device into LLDP packets. These packets are sent to neighboring devices that save the information received in a standard Management Information Base (MIB) to help the network management system (NMS) query and determine the communication status of links. LLDP is used to detect the topology of a virtualization perception-capable network.

  • NETCONF: provides mechanisms to install, manipulate, and delete the configurations of network devices. With NETCONF, network devices can provide standard application programming interfaces (APIs). Applications can directly use these APIs to send applications to or obtain applications from network devices. In virtualization perception, NETCONF enables the SwitchA and an nCenter to negotiate resources and policies when VMs go online.

  • The Remote Authentication Dial In User Service (RADIUS) uses User Datagram Protocol (UDP) as the transport protocol. RADIUS has high real-time performance. RADIUS possesses high reliability owing to retransmission and server backup mechanisms. It is easy to implement and applies to the multi-threaded structure of a server with a large number of login users. In virtualization detection, an nCenter uses RADIUS to deliver access control lists (ACLs) or quality of service (QoS) policies to switches.

  • Dynamic Host Configuration Protocol (DHCP) snooping: is a DHCP security feature. It intercepts and analyzes DHCP messages transmitted between DHCP clients and a DHCP server. DHCP snooping creates and maintains a DHCP snooping binding table and filters out invalid DHCP messages. DHCP snooping can be associated with IP source guard and dynamic ARP inspection (DAI) to filter out invalid IP and Address Resolution Protocol (ARP) packets. A DHCP snooping binding table contains information about the MAC address, IP address, lease, VLAN ID, and interface. In virtualization detection, DHCP snooping is used to implement data transmission between the SwitchA and an nCenter.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an ACL or a QoS policy for VMs on an nCenter based on network and service plans to deploy services.

  2. Deploy LLDP on the SwitchA to detect the topologies of virtual and physical networks.

  3. Configure RADIUS and NETCONF on the SwitchA to enable the SwitchA to communicate with an nCenter.

  4. Use a vCenter to start VMs to implement server virtualization.

  5. Use a vCenter to migrate VMs and policies that apply to the VMs.

Data Preparation

To complete the configuration, you need the following data:

  • VLAN ID (2) of VMs

  • RADIUS authentication and NETCONF information on the SwitchA

Procedure

  1. Plan a policy for VM1 and configure the policy on the nCenter.
  2. On a vCenter, configure a VLAN ID for a VM.
  3. Configure the SwitchA.

    The configuration roadmap is as follows:
    1. Add interfaces to the VLAN to which VM1 belongs.

    2. Configure LLDP to detect network topologies.

    3. Configure RADIUS and NETCONF on the SwitchA so that the SwitchA can communicate with the nCenter.

    4. Configure DHCP snooping on the SwitchA.

    The configuration procedures are as follows:
    1. Configure a VLAN.

      No. Command Description
      1
      <HUAWEI> system-view
      [~HUAWEI] sysname SwitchA
      [*HUAWEI] commit
      [~SwitchA] vlan batch 2
      [*SwitchA] commit
      Configures a VLAN.
      2
      [~SwitchA] interface 10ge 1/17/1
      [~SwitchA-10GE1/17/1] port link-type trunk
      [*SwitchA-10GE1/17/1] port trunk allow-pass vlan 2
      [*SwitchA-10GE1/17/1] quit
      [*SwitchA] commit
      Adds an interface to the VLAN.
    2. Enable LLDP.

      No. Command Description
      1
      [~SwitchA] lldp enable
      [*SwitchA] commit
      Enables LLDP.
      2
      [~SwitchA] interface 10ge 1/17/1
      [~SwitchA-10GE1/17/1] lldp mdn enable
      [*SwitchA-10GE1/17/1] quit
      [*SwitchA] interface 10ge 1/17/2
      [*SwitchA-10GE1/17/2] lldp mdn enable
      [*SwitchA-10GE1/17/2] quit
      [*SwitchA] interface 10ge 1/17/3
      [*SwitchA-10GE1/17/3] lldp mdn enable
      [*SwitchA-10GE1/17/3] quit
      [*SwitchA] commit
      Enable MDN for LLDP.
    3. Configure a RADIUS server.

      No. Command Description
      1
      [~SwitchA] radius enable
      [*SwitchA] commit
      Enables a RADIUS server.
      2
      [*SwitchA] radius server authorization 10.137.130.156 shared-key Huawei-123
      [*SwitchA] commit
      Creates a RADIUS server template and enters the RADIUS server template view.
      3
      [~SwitchA] radius server group sree
      Configures the shared key for the communication with the RADIUS authorization server.
      4
      [*SwitchA-radius-sree] radius server authentication 10.138.80.31 1812
      Configures IP addresses for the master and slave RADIUS authentication servers.
      5
      [*SwitchA-radius-sree] radius server accounting 10.138.80.31 1813
      [*SwitchA-radius-sree] quit
      [*SwitchA] commit
      Configures IP addresses for the master and slave RADIUS accounting servers.
      6
      [~SwitchA] vm-manager
      Enters the VM management view.
      7
      [~SwitchA-vm-manager] radius server group sree
      [*SwitchA-vm-manager] quit
      [*SwitchA] commit
      Configures a RADIUS server template.
      8
      [~SwitchA] vm-manager
      [~SwitchA-vm-manager] vsi authentication password cipher Huawei-123
      [*SwitchA-vm-manager] quit
      [*SwitchA] commit

      Configures the RADIUS authentication password for VMs.

      By default, the RADIUS authentication password for VMs is vm@huawei.com

    4. Configure NETCONF.

      No. Command Description
      1
      [~SwitchA] ssh user netconf
      [*SwitchA] commit
      Creates an SSH user.
      2
      [~SwitchA] aaa
      Enters the AAA view.
      3
      [~SwitchA-aaa] local-user netconf password irreversible-cipher Huawei-123
      Configures a local user name and password.
      4
      [*SwitchA-aaa] local-user netconf user-group manage-ug
      Allocates the management right to the local user.
      5
      [*SwitchA-aaa] local-user netconf service-type ssh
      Configures the access type of local users to SSH.
      6
      [*SwitchA-aaa] quit
      [*SwitchA] commit
      Commits the configuration.
      7
      [~SwitchA] ssh user netconf authentication-type password 
      Configures password authentication for the SSH user.
      8
      [*SwitchA] ssh user netconf service-type all
      Configures the service type of the SSH user to all.
      9
      [*SwitchA] snetconf server enable
      [*SwitchA] commit
      Enables NETCONF. By default, NETCONF is disabled.
    5. Configure SNMP.

      No. Command Description
      1
      [~SwitchA] snmp-agent sys-info version all
      [*SwitchA] commit
      Configures system information.
      2
      [~SwitchA] snmp-agent community write Private123
      [*SwitchA] commit
      Sets the community name to "Private" and enables read and write access using this community name.
      3
      [~SwitchA] snmp-agent community read Public123
      [*SwitchA] commit
      Sets the community name to "Public" and enables read-only access using this community name.
    6. Configure DHCP snooping.

      No. Command Description
      1
      [~SwitchA] dhcp snooping enable
      [*SwitchA] commit
      Enables DHCP snooping globally.
      2
      [~SwitchA] interface 10ge 1/17/1
      [~SwitchA-10GE1/17/1] dhcp snooping enable
      [*SwitchA-10GE1/17/1] quit
      [*SwitchA] commit
      Enables DHCP snooping on an interface.

  4. Use the vCenter to start VM1.
  5. Check VM1 login information on the SwitchA.

    [~SwitchA] display vm-manager vsi verbose
    VLAN      : 2
    MAC       : 0000-0000-0001
    Interface : 10GE1/17/2
    IP        : 12.12.122.111
    Profile   : 1
    Download Profile : success
    Upload Profile   : success
    
    User Defined QoS Information:
        Committed Access Rate:
        CIR : 661        (Kbps)
        PIR : 661        (Kbps)
    
    User Defined Security Information:
        ACL Name : zdsacl222
        Direction  Action  Protocol Source IP/Mask     Destination IP/Mask
                                    Source Port        Destination Port  
        ------------------------------------------------------------------
        inbound    permit  ip       10.139.0.0/23      any                
                                    any                any      

  6. Use the vCenter to enable VM1-to-VM2 migration.
  7. On the SwitchA, check VM2 information.

    [~SwitchA] display vm-manager vsi verbose
    VLAN      : 2
    MAC       : 0000-0000-0001
    Interface : 10GE1/17/3
    IP        : 12.12.122.111
    Profile   : 1
    Download Profile : success
    Upload Profile   : success
    
    User Defined QoS Information:
        Committed Access Rate:
        CIR : 661        (Kbps)
        PIR : 661        (Kbps)
    
    User Defined Security Information:
        ACL Name : zdsacl222
        Direction  Action  Protocol Source IP/Mask     Destination IP/Mask
                                    Source Port        Destination Port  
        ------------------------------------------------------------------
        inbound    permit  ip       10.139.0.0/23      any                
                                    any                any      

Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 59808

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next