Content

Introduction· 1

About SeerEngine-Campus· 1

Features· 1

Deployment modes· 1

Component dependencies· 2

Supported network schemes· 2

Layer 2 network scheme· 3

Layer 3 network scheme· 3

Preparing for installation· 1

Obtaining the installation packages· 1

Server requirements· 1

Hardware requirements· 1

Software requirements· 2

Pre-installation checklist 2

Deploying SeerEngine-Campus and vDHCP Server 1

Enabling NICs· 1

Accessing the component deployment page· 2

Uploading the installation packages· 2

Selecting components· 2

Configuring network settings· 3

Configuring network bindings· 5

Reviewing the deployment settings· 6

Viewing deployed component information· 8

Accessing SeerEngine-Campus· 9

Registering SeerEngine-Campus· 1

Obtaining the device information file· 1

Applying for license files· 1

Registering a license for the first time· 1

Registering an upgrade license· 2

Licensing· 2

Backing up and restoring SeerEngine-Campus configuration· 1

Upgrading SeerEngine-Campus· 1

Uninstalling SeerEngine-Campus· 1

Introduction

This document describes the procedures for deploying, registering, upgrading, and uninstalling SeerEngine-Campus.

About SeerEngine-Campus

SeerEngine-Campus is an SDN controller designed for the application-driven campus network. From a unified GUI, SeerEngine-Campus offers compressive campus network management capabilities, including zero-touch device deployment, user authentication and access control, service chaining, micro-segmentation, campus and DC interconnect, and service orchestration.

Features

SeerEngine-Campus provides the following features:

·     Zero-touch device deployment—Provides fully automated underlay network deployment. Network devices can be automatically configured in plug and play mode, which frees the administrator from the tedious, error-prone tasks of node-by-node device configuration.

·     User authentication—Supports various user authentication methods, including 802.1X, MAC authentication, and MAC portal authentication.

·     Access control—Enforces access control on users based on their user group membership.

·     Service chaining—Supports routing traffic along a chain of connected services such as firewalls and loading balancing. The chained service nodes can be third-party devices.

·     Micro-segmentation—Decouples security groups from virtual networks, enabling service orchestration and deployment across management domains.

·     Converged Campus & DC—Interconnects campus VPN networks and data center VPN networks.

Deployment modes

SeerEngine-Campus can be deployed only as a containerized component on the SNA Center platform through the SNA Center GUI. Before deploying SeerEngine-Campus on a server, you must deploy SNA Installer and SNA Center on the server first. See H3C SNA Center Installation and Component Deployment Guide for the deployment procedure.

If SNA Center is deployed in standalone mode, you can deploy SeerEngine-Campus only on the standalone SNA Center server.

If SNA Center is deployed in three-node cluster mode, you must deploy SeerEngine-Campus on all of the three SNA Center servers in the cluster.

The following restrictions apply to standalone SeerEngine-Campus deployments:

·     The remote backup function must be enabled on the standalone SeerEngine-Campus controller. This function allows the controller to back up its configuration and data to a remote server periodically (typically once in a couple of days). In case that SeerEngine-Campus redeployment is required, you can restore the most recent backup files for the system with minimal data loss.

·     Failures of server hardware components such as physical drives or RAID controllers cannot be recovered by rebooting the server. The SeerEngine-Campus service will be affected or unavailable until the faulty hardware or server is replaced. However, the time required for the replacement cannot be directly evaluated since it might involve purchasing the replacement components.

·     Standalone SeerEngine-Campus deployments do not support the following features:

¡     High availability.

¡     IP-username bindings.

¡     MAC portal authentication from endpoints shared by multiple users.

Component dependencies

To set up a SeerEngine-Campus network, you must deploy DHCP servers in addition to the SeerEngine-Campus component.

DHCP servers are required for assigning IP addresses to network devices during the zero-touch deployment process and to endpoint users requesting network access on the campus network.

You can deploy one DHCP server in standalone mode, or deploy two DHCP servers in cluster mode for high availability.

The SeerEngine-Campus network supports both Microsoft DHCP servers and vDHCP servers, of which vDHCP servers are more commonly used. The vDHCP server is provided by SNA Center as a public service component.

To use Microsoft DHCP servers, see the related document for the deployment procedure.

To use vDHCP servers, deploy the vDHCP Server component together with SeerEngine-Campus through SNA Center.

Supported network schemes

An application-driven campus network can be set up by using the Layer 2 network scheme or Layer 3 network scheme.

Depending on the network scheme used, the SeerEngine-Campus network can contain the following networks:

·     Management network—Network made up by devices managed by the controller.

¡     In the Layer 2 network scheme, the management network carries only the service traffic. 

¡     In the Layer 3 network scheme, the management network carries both automated device configuration traffic and service traffic.

After successful deployment, the controller and vDHCP servers automatically create virtual network interfaces for communications with network devices on the management network.

·     Default network—Network used for automated configuration of network devices. This network is used only by the Layer 2 network scheme.

After successful deployment, the controller and vDHCP servers automatically create virtual network interfaces for communications with network devices on the default network.

·     Calico network—Used for internal communications between containers. The Calico network uses the IP address pool set for the SNA Installer container cluster, which is 177.177.0.0/16 by default. You do not need to assign an IP address pool to the Calico network.

In both network schemes, the automated device configuration process works as follows for a device starting up with empty configuration:

1.     At startup, the device obtains from the DHCP server an IP address for VLAN-interface 1 for initial network configuration.

2.     The device obtains from the controller an IP address for VLAN-interface 4094 (as a spine or leaf device) or for VSI-interface 4094 (as an access switch) and its role-specific configuration file.

3.     The device uses the obtained configuration file to configure itself to get incorporated into the network.

Layer 2 network scheme

In the Layer 2 network scheme, the controller communicates with network devices at Layer 2. It needs two network interfaces, one with an IP address for VLAN-interface 1 and the other with an IP address for VLAN-interface 4094 or VSI-interface 4094.

The Layer 2 network scheme supports automated underlay network deployment only for one fabric and cannot meet the fabric scaling requirements.

Figure 1 SNA Layer 2 campus network scheme architecture

 

Layer 3 network scheme

In the Layer 3 network scheme, the controller communicates with network devices at Layer 3 through a gateway device. The controller needs only one network interface with the correct IP address and gateway address specified. This scheme supports automated underlay network deployment for multiple fabrics and can meet the fabric scaling requirements.

For the controller to provide automated underlay network deployment function, you must configure DHCP relay agents on the Layer 3 gateway device.

Figure 2 SNA Layer 3 campus network scheme architecture

 

 

Preparing for installation

Obtaining the installation packages

Before the deployment, obtain the installation packages for the SeerEngine-Campus and vDHCP Server components.

Table 1 Installation packages for SeerEngine-Campus and vDHCP Server

Scenario	Component	Component installation package
Campus network	SeerEngine-Campus	SeerEngine_CAMPUS-version-MATRIX.zip
	vDHCP Server	vDHCPS-version.zip

 

Server requirements

Hardware requirements

SeerEngine-Campus can be deployed on a single SNA Center server or on a cluster of three SNA Center servers.

Table 2 describes the hardware requirements for deploying SeerEngine-Campus on an SNA Center server.

Table 2 Hardware requirements for deploying SeerEngine-Campus on an SNA Center server

Item	Requirements
CPU	x86-64 (Intel 64/AMD 64) 16 cores 2.0 GHz or above
Memory	64 GB or above
Storage	·     RAID controller: 1G or above cache memory in RAID 1, RAID 5, or RAID 10, with support for power fail protection ·     Drive configuration: 1 TB or above of 7.2K RPM SATA/SAS HDDs or SSDs
NIC	Layer 2 network scheme: ·     3 × 1 Gbps or above ·     NIC bonding is supported (recommended mode: mode 2 or mode 4) Layer 3 network scheme (recommended): ·     2 × 1 Gbps or above ·     NIC bonding is supported (recommended mode: mode 2 or mode 4)

 

	IMPORTANT: NIC bonding allows you to bind multiple NICs to form a logical NIC for NIC redundancy, bandwidth expansion, and load balancing. NIC bonding can be configured on servers and switches. For more information about configuring NIC bonding, see H3C SNA Center Installation and Component Deployment Guide.

 

Software requirements

Device	Requirements
Server	Operating system: Support for CentOS 7.6 or higher versions
Client	Browser: Google Chrome 60 or higher

 

Pre-installation checklist

Table 3 Pre-installation checklist

Item		Requirements
Server	Hardware	The CPU, memory, disk, and NIC requirements for installing SeerEngine-Campus are met.
	Software	·     The server supports operating system CentOS 7.6 or its higher versions. ·     The system time settings are configured correctly. As a best practice, configure NTP on each node and specify the same time source for all the nodes.
Web browser		Google Chrome 60 or a higher version.

 

 

Deploying SeerEngine-Campus and vDHCP Server

The following information describes the procedure to deploy SeerEngine-Campus together with vDHCP Server on a three-host SNA Center cluster.

Enabling NICs

SeerEngine-Campus and vDHCP Server run in containerized mode on the physical server and require NICs for carrying their service traffic. You can use the NIC assigned to SNA Installer and SNA Center for this purpose, or enable new NICs. The latter is recommended to ensure network stability, and the number of NICs required varies by the network scheme used:

·     In the Layer 2 network scheme:

¡     To use non-bonding NICs, enable two NICs.

¡     To use bonding NICs, enable four NICs and bind each two of them to form a logical NIC.

·     In the Layer 3 network scheme:

¡     To use non-bonding NICs, enable one NIC.

¡     To use bonding NICs, enable two NICs and bind them to form a logical NIC.

To enable a NIC on a server:

1.     Access the server remotely.

2.     Open the configuration file of the NIC (ens34 in this example).

[root@sna001 /]# vi /etc/sysconfig/network-scripts/ifcfg-ens34

3.     Set the BOOTPROTO field to none to specify no boot-time protocol and set the ONBOOT field to yes to activate the NIC at system startup.

Figure 3 Modifying the configuration file of a NIC

 

4.     Execute the ifdown and ifup commands in sequence to reboot the NIC.

[root@sna001 /]# ifdown ens34

[root@sna001 /]# ifup ens34

5.     Execute the ifconfig command to verify that the NIC is in UP state.

 

IMPORTANT: If you enable only one NIC for SeerEngine-Campus on a server in the Layer 2 network scheme, configure VLAN settings to distinguish traffic in VLAN 1 from VSI 4094. For more information, see "Configuring network settings."

 

Accessing the component deployment page

1.     Log in to SNA Center.

See H3C SNA Center Installation and Component Deployment Guide for the operation procedure.

2.     On the top navigation bar, click System.

3.     Click Settings.

4.     Click Install.

Uploading the installation packages

Click Upload to upload the component installation packages, and then click Next.

Figure 4 Uploading the component installation packages

 

Selecting components

1.     Select Campus Network.

2.     Select the uploaded SeerEngine-Campus installation package.

3.     Select Layer 2 Network Scheme or Layer 3 Network Scheme.

Figure 5 Selecting components to install (1)

 

4.     In the Public Service area, select vDHCP Server.

5.     Select the uploaded vDHCP server installation package.

Figure 6 Selecting components to install (2)

 

6.     Click Next.

Configuring network settings

Tasks at a glance

1.     Determine the number of networks and subnets to be created.

¡     For the Layer 2 campus network, create two MACVLAN networks, one as the management network and the other as the default network.

¡     For the Layer 3 campus network, create one MACVLAN network.

2.     Create networks and subnets and configure network settings.

If you create different networks that use the same uplink interface, configure different VLANs for the networks to isolate network traffic. Make sure the network device ports are configured with VLAN settings to correctly tag the traffic of different VLANs.

For each network, you must create a subnet and specify the subnet address, address pool, and gateway address for it.

The gateway address is used as the default gateway of the component container.

The subnet address range and address pool are used to assign IP addresses to components. Make sure the address range of each subnet contains enough IP addresses. As a best practice, use Table 4 to determine the address pool size for a subnet.

Table 4 Number of IP addresses required for a subnet

Component	Number of IP addresses required in default network	Number of IP addresses required in management network	Max cluster members
SeerEngine-Campus	Number of cluster members + 1 (secondary cluster IP)	Number of cluster members + 1 (cluster IP)	3
vDHCP Server	Number of cluster members		2

 

The total number of IP addresses required for a subnet is the sum of IP addresses required by all components for the subnet scenario.

For example, to deploy a Layer 2 campus network, if the SeerEngine-Campus cluster has 3 members and the vDHCP cluster has 2 members, the number of required IP addresses for a subnet is as follows:

¡     For a default network subnet: (1 × 3 + 1) + (1 × 2) = 6.

¡     For a management network subnet: (1 × 3 + 1) + (1 × 2+1) = 7.

3.     On the list of hosts where the component will be deployed, select a NIC on each host as the uplink interface. The uplink interface is used by the host to carry the service traffic of the deployed component instance. 

As a best practice, select a NIC that is not used by other components to ensure network stability. For more information about choosing the NICs and enabling a NIC, see "Enabling NICs."

If a NIC has been configured as the member of a bonding interface, only the bonding interface can be used as the host uplink interface.

Procedure

The following information describes the procedure for configuring the network settings for deploying SeerEngine-Campus on a cluster of three hosts in a Layer 3 campus network.

1.     Click Create Network.

2.     Select MACVLAN from Network Type list.

3.     Enter a name for the network.

4.     Create a subnet for the network:

a.     Click Create under Subnet.

b.     Specify the subnet name, subnet CIDR, gateway address, and an IP address pool.

5.     Set the uplink interface on each host where SeerEngine-Campus will be deployed.

6.     Click Next.

Figure 7 Configuring network settings (1)

 

Figure 8 Configuring network settings (2)

 

Configuring network bindings

Bind the previously created network and subnet to SeerEngine-Campus and vDHCP Server, and then click Next.

Figure 9 Configuring network bindings for SeerEngine-Campus

 

Figure 10 Configuring network bindings for vDHCP Server

 

Reviewing the deployment settings

1.     Review the deployment settings for SeerEngine-Campus and vDHCP Server.

Verify that:

¡     On each of the three hosts where SeerEngine-Campus is deployed, SeerEngine-Campus is assigned an IP address from the IP address pool of the subnet bound to it.

¡     On each of the two hosts where vDHCP Server is deployed, vDHCP Server is assigned an IP address from the IP address pool of the subnet bound to it.

To modify the IP address of a component on a host, click the IP address in the Container NIC IP field and then specify a new IP address. The IP address specified must be in the IP address range of the subnet bound to the component.

Figure 11 Reviewing the deployment settings for SeerEngine-Campus

 

Figure 12 Reviewing the deployment settings for vDHCP Server

 

NOTE: ·     In the Layer 2 network scheme, the system automatically assigns a cluster IP address to the SeerEngine-Campus controller from the management network, and assigns a secondary cluster IP address to the controller from the default network. ·     In the Layer 3 network scheme, the system automatically assigns a cluster IP address to the SeerEngine-Campus controller from the management network

 

2.     Click Deploy.

The system starts to deploy the SeerEngine-Campus and vDHCP Server components and displays the deployment progress, as shown in Figure 13.

Figure 13 Deployment progress

 

Viewing deployed component information

1.     Navigate to the Components > Components page.

2.     On the component list shown in Figure 14, click the Expand icon  next to Campus Network to expand the SeerEngine-Campus information area.

Figure 14 Deployed component list

 

3.     Click the Details icon  in the Actions column for a deployed component instance to view its details, as shown in Figure 15.

Figure 15 Component details

 

Accessing SeerEngine-Campus

To access the SeerEngine-Campus controller interface, click the Application-Driven Campus widget on the SNA Center homepage.

Figure 16 Accessing SeerEngine-Campus controller interface

 

 

Registering SeerEngine-Campus

After you install SeerEngine-Campus, you can use its features for a 180-day trial period. After the trial period expires, you must get your SeerEngine-Campus licensed.

For information about registering vDHCP Server, see the related document.

To register SeerEngine-Campus:

1.     Log in to the license server and obtain the device information file from the license server.

2.     Log in to the H3C website and use the license keys and device information file to apply for license files.

3.     Upload the license files to the license server and connect SNA Center to the license server.

Obtaining the device information file

1.     Enter https://license_server_ip:28443/ in the address bar and then press Enter.

2.     Enter the username and password, and then click Login.

The default username is admin and the default password is admin@h3c.

3.     Select License Management > License Files.

4.     On the License Files page, click Export DID.

Applying for license files

To apply for a license for the first time, see "Registering a license for the first time." For any subsequent license applications, see "Registering an upgrade license."

A license key is required for each license file application.

Registering a license for the first time

1.     Go to the H3C website at http://www.h3c.com.hk/Technical_Support___Documents/Product_Licensing/ and select Register the First Time.

2.     From the Product category list, select New Network_SDN Campus Controller.

3.     Provide the license, device, and contact information as described in Table 5.

Table 5 Configuration items

Item	Description
License information	Enter the license key.
Device information	Upload the device information file.
Contact information	Enter your contact information. Items marked with an asterisk (*) are required.

 

4.     Enter the verification code and select I accept all terms of H3C Legal Statement, and then click Get activation key or file.

5.     Save the activation file to the PC.

Registering an upgrade license

1.     Go to the H3C Website at http://www.h3c.com.hk/Technical_Support___Documents/Product_Licensing/ and select Register Upgrade Licenses.

2.     From the Product category list, select New Network_SDN Campus Controller.

3.     Provide the license, device, and contact information as described in Table 6.

Table 6 Configuration items

Item	Description
Device information	Upload the device information file.
License information	Enter the license key.
Contact information	Enter your contact information. Items marked with an asterisk (*) are required.

 

4.     Enter the verification code and select I accept all terms of H3C Legal Statement, and click Get activation key or file.

5.     Save the activation file to the PC.

Licensing

1.     Upload the license files to the license server and add a license client.

a.     Log in to the license server. Select License Management > License Files.

b.     On the License Files page, click Install license file.

c.     In the dialog box that opens, click Browse… to select the license files saved locally. Then, click OK.

After the license files are uploaded, licensing information is displayed on the License Files page.

d.     Select Configuration > License Clients. On the page that opens, click Add.

e.     Enter client information such as client name and password, and then click OK.

2.     Log in to SNA Center to obtain licensing information.

a.     On the top navigation bar, click System. Click Settings, and then click License.

b.     In the License Server Info area, provide the IP address, username, password, and port number as described in Table 7.

Table 7 License server information

Item	Description
IP address	Specify the IP address configured on the license server used for internal communication in the cluster where SNA Center and SeerEngine-Campus are deployed.
Port number	Specify the service port number of the license server. The default value is 5555.
Username	Specify the username configured on the license server.
Password	Specify the user password configured on the license server.

 

c.     Click Connect to connect the controller to the license server.

SeerEngine-Campus automatically obtain licensing information after connecting to the license server.

Backing up and restoring SeerEngine-Campus configuration

Back up and restore SeerEngine-Campus configuration in the same way you back up and restore SNA Center configuration. For more information, see H3C SNA Center Installation and Component Deployment Guide.

 

Upgrading SeerEngine-Campus

This chapter describes procedure for upgrading SeerEngine-Campus while retaining the existing SeerEngine-Campus configuration. During the upgrade process, do not perform configuration backup or restoration operations.

To upgrade SeerEngine-Campus:

1.     Log in to SNA Center.

2.     On the top navigation bar, click System.

3.     Click Settings.

4.     From the navigation pane, select Components > Components. The component management page opens.

Figure 17 Component management page

 

5.     Click the Expand icon  next to Campus Network to expand the SeerEngine-Campus component information area.

6.     Click the Upgrade icon  in the Actions column for the SeerEngine-Campus component instance you want to upgrade.

7.     Upload the installation package.

8.     Select the uploaded installation package, and then click Upgrade.

Figure 18 Upgrading the selected SeerEngine-Campus component instance

 

9.     If the component upgrade fails, click Back to roll back to the previous version.

Uninstalling SeerEngine-Campus

1.     Log in to SNA Center.

2.     On the top navigation bar, click System.

3.     Click Settings, and then select Components > Components from the navigation pane.

4.     Select Campus Network on the component list, and then click Uninstall to uninstall it.

Figure 19 Uninstalling