H3C VCF Controller Installation Guide for CentOS-5W512

HomeSupportResource CenterSDNVCF ControllerVCF ControllerTechnical DocumentsInstall & UpgradeInstallation GuidesH3C VCF Controller Installation Guide for CentOS-5W512
01-Text
Title Size Download
01-Text 1.93 MB

Contents

Overview·· 1

Preparing for installation· 2

SDN network requirements· 2

Server requirements· 2

Hardware requirements· 2

Software requirements· 3

Installing a VCF controller 4

Obtaining the installation package· 4

Installing a VCF controller on a server 4

Logging in to the VCF controller 11

Logging in to the VCF controller through GUI 11

Logging in to the VCF controller through RSdoc· 12

Registering the VCF controller 15

Obtaining the device information file· 15

Applying for license files· 15

Registering a license for the first time· 15

Registering an upgrade license· 16

Licensing· 16

Upgrading VCF controllers· 17

Pre-upgrade tasks· 17

Checking the software versions for compatibility· 17

Checking the software dependencies· 17

ISSU flowchart 18

Setting the upgrade mode· 18

Preparing a controller for upgrade· 19

Upgrading the VCF controller 21

Removing the old VCF controller version· 21

Installing a new controller version· 22

Verifying the configuration and service data synchronization status· 24

Checking the controller and its configuration recovery states· 24

Checking the device status· 25

Verifying the virtual network state· 25

Quitting the upgrade mode· 26

Troubleshooting· 27

Software dependencies cannot be installed by using the yum command· 27

Controller software dependencies cannot be installed by using the wget command· 28

Communication fails when a VCF controller is the next hop of a route to the destination VCF controller on a Layer 3 network  29

Symptom·· 29

Analysis· 29

Solution· 29

Controller software version does not support automatic check of upgrade preparation qualifications· 32

Symptom·· 32

Solution· 32

Appendix· 33

Using an ISO file to upgrade VCF controllers and operating systems· 33

Upgrading VCF controllers of E2187 or later 33

Upgrading VCF controllers earlier than E2187· 34

Configuring NICs of the leaders in a VCF controller team·· 35


Overview

Software-defined networking (SDN) is a new networking architecture that implements unified and flexible traffic management by separating the control plane and the forwarding plane. It offers a platform for core network and application innovations.

Virtual converged framework (VCF) is an SDN controller developed by H3C. Similar to a network operating system, it provides a platform for users to develop and run SDN applications. H3C VCF controller can control the network resources on the SDN network and provide interfaces for applications to implement specific packet forwarding.

H3C VCF controller has the following features:

·     It supports OpenFlow 1.3 and provides built-in services and device driver framework.

·     Provides a distributed platform with high availability and scalability.

·     Providescalable management interfaces for REST API, GUI, and IMC.

·     Supports standalone mode and team mode.


Preparing for installation

SDN network requirements

Before you install a VCF controller, plan your SDN network and configure the SDN switches that will be connected to the controller.

The VCF controller can directly access and operate the forwarding plane of SDN switches to control packet forwarding on the SDN switches. The control packets between the VCF controller and SDN switches are mainly defined by the OpenFlow protocol. The VCF controller supports OpenFlow 1.3.

All SDN switches connected to a VCF controller form a controller domain. When you plan and configure an SDN network, make sure no loops exist between the SDN switches inside and outside the domain to avoid broadcast storms.

 

 

NOTE:

An SDN switch might discard all received packets before it receives the flow entries from a controller. For more information about configuring an SDN switch, see the configuration guide for the SDN switch.

 

Server requirements

Hardware requirements

For correct operation of a VCF controller, install it on a physical server rather than a virtual machine (VM). However, in VLAN VPC networking, you can install a VCF controller on a VM.

Table 1 shows the hardware requirements for a server or VM to host a VCF controller.

Table 1 Hardware requirements

Item

CPU

Memory size

Disk

NIC speed

Remarks

Recommended configuration on a physical server

x86-64 (Intel 64/AMD 64), 24 cores, 2.6 GHz or above

64 GB or above

A size of 500 GB or above for the partition that contains the root directory

A transmission speed of 20 Mbps or above

10 Gbps

Support for complete features and functions of a VCF controller

Minimal configuration on a physical server

X86-64 (Intel 64/AMD 64), quad cores

8 GB

A size of 64 GB for the partition that contains the root directory

A transmission speed of 20 Mbps or above

1 to 10 Gbps

Support only for basic functions of a VCF controller

Recommended configuration on a VM in VLAN VPC networking

X86-64 (Intel 64/AMD 64), quad cores, 2.0 GHz or above

16 GB or above

A size of 500 GB or above for the partition that contains the root directory

A transmission speed of 20 Mbps or above

1 to 10 Gbps

Support for complete features and functions of a VCF controller

 

IMPORTANT

IMPORTANT:

To guarantee performance of the VCF controller, disable turbo boost on the server where you install the controller. For more information about disabling turbo boost, see the related manual for the server.

 

Software requirements

The VCF controller uses the CentOS 7.3 1611 64-bit operating system (DVD version).

 

IMPORTANT

IMPORTANT:

The CentOS system might have bugs such as Shellshock bugs. To minimize security risks, install the up-to-date officially released CentOS system updates.

 


Installing a VCF controller

CAUTION

CAUTION:

For a VCF controller team to operate correctly, make sure the system time of all members is the same before creating the VCF controller team. If the system time of a member is not the same as the other members after creation of the controller team, remove the member from the team, change the member's system time, and then add the member to the team.

 

IMPORTANT

IMPORTANT:

Installing a VCF controller on a server that already has an operating system installed replaces the existing operating system. To avoid data loss, back up data before you follow the procedure in this section to install a VCF controller. To back up data for a VCF controller on a server, select Controller > System > Backup & Recovery. For more information about data backup for a VCF controller, see VCF controller online help.

 

This section uses a server without an operating system as an example to describe the procedure for installing a VCF controller.

To create a VCF controller team, install VCF controllers on multiple servers and then configure team settings for the VCF controllers. For more information about creating a controller team, see the VCF controller online help.

Obtaining the installation package

Access the website at http://www.h3c.com/cn/Software_Download. Select SDN > H3C Virtual Converged Framework Controller, and download the installation package (.iso) of the required version.

This installation package includes the VCF controller installation package, operating system installation package, and VCF controller software dependencies.

Installing a VCF controller on a server

1.     Use the remote console on the server to load the installation package through the virtual optical drive. Then restart the sever.

2.     On the installation page displayed, select Install VCF Controller and press Enter.

Figure 1 Selecting VCF installation

 

3.     On the INSTALLATION SUMMARY page, click VCFC CONFIGURATION in the SOFTWARE area.

Figure 2 Installation summary page

4.     On the VCFC CONFIGURATION page, set the username and password for logging in to the controller and the team token for creating a team. Then click Done to return to the INSTALLATION SUMMARY page.

Figure 3 VCF controller configuration page

 

5.     Click NETWORK & HOST NAME in the SYSTEM area. On the NETWORK & HOST NAME page, perform the following tasks:

a.     (Optional.) To change the host name, enter a new host name in the Host name field and click Apply.

 

IMPORTANT

IMPORTANT:

After the VCF controller is installed, do not change the host name of the operating system. If you must change it, contact the after-sales engineer.

 

b.     Click Configure to enter the network configuration page.

Figure 4 NETWORK & HOST NAME page

 

6.     Configure the network configurations as follows:

a.     Click the General tab and select Automatically connect to this network when it is available.

Figure 5 General configurations

 

b.     Click the IPv4 Settings or IPv6 Settings tab, and configure an IPv4 or IPv6 address for the controller.

Figure 6 Configuring an IPv4 address for the controller

 

c.     Click Save to save the configurations.

d.     Click Done to return to the INSTALLATION SUMMARY page.

7.     To install a license server, perform the following steps:

a.     Click LICENSE SERVER in the SOFTWARE area.

b.     On the LICENSE SERVER page, select Install License Server.

c.     Click Done to return to the INSTALLATION SUMMARY page after the license server is installed.

Figure 7 License server page

 

8.     Click Begin Installation to start the installation. Set the root password and create a user account when prompted.

SSH is disabled for a root user by default. To use SSH to log in to the operating system, use the newly created user account or enable SSH and then log in as a root user.

For correct operation of the OS and software, do not use the following reserved usernames (case-sensitive) as your username: root, bin, daemon, adm, ip, sync, shutdown, halt, mail, operator, games, ftp, nobody, systemd-bus-proxy, systemd-network, dbus, polkitd, libstoragemgmt, abrt, rpc, postfix, tss, quagga, sshd, postgres, ntp, chrony, tcpdump, sdn, and sdnadmin.

Figure 8 Setting the root password and creating a user account

 

After the installation is complete, the system automatically reboots to finish the installation of the operating system and VCF controller.


Logging in to the VCF controller

You can use Web browsers to log in to and configure the VCF controller.

A VCF controller supports the following Web browsers:

·     Google Chrome 27 and later.

·     Mozilla Firefox 31 and later.

·     Internet Explorer 9 and later.

Logging in to the VCF controller through GUI

1.     Enter the login address in the Web browser's address bar in the https://controller_ip_address:8443/sdn/ui/ format, for example, https:// 192.168.217.230:8443/sdn/ui/.

?span style='font:7.0pt '>  The controller_ip_address argument represents the IP address of the server or VM that hosts the VCF controller.

?span style='font:7.0pt '>  8443 is the default port number.

 

 

NOTE:

If the HTTPS service is not available, use the HTTP service by entering the login address in either of the following formats:

·     http://controller_ip_address/sdn/ui/.

·     http://controller_ip_address:8080/sdn/ui/.

 

2.     Select English from the Language list. Enter the username and password and click Login.

Figure 9 VCF controller login page

 

The homepage of the VCF controller opens, as shown in Figure 10.

Figure 10 VCF controller GUI home page

 

Logging in to the VCF controller through RSdoc

RSdoc is the application programming interface (API) provided by the VCF controller.

To log in to the VCF controller through RSdoc:

1.     Enter the login address in the Web browser's address bar in the https://controller_ip_address:8443/api/ format, for example, https://172.16.100.226:8443/api/.

?span style='font:7.0pt '>  The controller_ip_address argument represents the IP address of the server or VM that hosts the VCF controller.

?span style='font:7.0pt '>  8443 is the default port number.

 

 

NOTE:

If the HTTPS service is not available, use the HTTP service by entering the login address in either of the following formats:

·     http://controller_ip_address/api/.

·     http://controller_ip_address:8080/api/.

 

2.     Press Enter.

The H3C RSdoc page opens, as shown in Figure 11.

Figure 11 H3C RSdoc page

 

3.     Apply for the token for RSdoc authentication:

For users exempted from authentication, skip this step. To be exempted from authentication, log in to the GUI, select Controller > System > Authentication and configure authentication exemption.

a.     Select H3C VCF Controller API v2.0 from the list at the top of the H3C RSdoc page, as shown in Figure 12.

Figure 12 Selecting H3C VCF Controller API v2.0

 

b.     Click /auth and select POST /auth.

Figure 13 Selecting POST /auth

 

c.     Enter {"login":{"user":"username","password":"password","domain":"sdn"}} in the value field, and click Try it out!. In this example, the username is sdn and the password is skyline123.

The token is displayed in the Response Body area, as shown in Figure 14.

Figure 14 Obtaining the token

 

d.     Copy and paste the token to the field in the upper right corner of the H3C RSdoc page, and click Explore, as shown in Figure 15.

Figure 15 RSdoc authentication

 


Registering the VCF controller

After you install the VCF controller, you can use complete features and functions of the VCF controller for a 180-day trial period. After the trial period expires, you must get the VCF controller licensed.

To register the VCF controller:

1.     Log in to the license server and obtain the device information file for the license server.

2.     Log in to the H3C website and use the license keys and device information file to apply for license files.

3.     Upload the license files to the license server and connect the VCF controller to the license server.

 

 

NOTE:

A license file might become invalid if the following hardware changes occur on the server:

·     NIC forbidden for use, new NIC start, NIC replacement, or NIC damage.

·     CPU replacement.

 

Obtaining the device information file

1.     Log in to the license server.

2.     Select License Management > License Files.

3.     On the License Files page, click Export DID.

Applying for license files

To apply for a license file for the VCF controller for the first time, see "Registering a license for the first time."

For any subsequent license file applications, see "Registering an upgrade license."

A license key is required for each license file application.

Registering a license for the first time

1.     Go to the H3C website at http://www.h3c.com.hk/Technical_Support___Documents/Product_Licensing/ and select Register the First Time.

2.     From the Product category list, select New Network_SDN Controller.

3.     Provide the license, device, and contact information as described in Table 2.

Table 2 Configuration items

Item

Description

License information

License key.

Device information

Upload the device information file.

Contact information

The items marked with the asterisk sign (*) are required.

 

4.     Enter the verification code and select I accept all terms of H3C Legal Statement, and click Get activation key or file.

5.     Save the activation file to the PC.

Registering an upgrade license

Go to the H3C website at http://www.h3c.com.hk/Technical_Support___Documents/Product_Licensing/ and select Register Upgrade Licenses.

1.     From the Product category list, select New Network_SDN Controller.

2.     Provide the license, device, and contact information as described in Table 3.

Table 3 Configuration items

Item

Description

Device information

Upload the device information file.

License information

License key

Contact information

The items marked with the asterisk sigh (*) are required.

 

3.     Enter the verification code and select I accept all terms of H3C Legal Statement, and click Get activation key or file.

4.     Save the activation file to the PC.

Licensing

1.     Upload the license files to the license server.

a.     Log in to the license server. Select License Management > License Files.

b.     On the License Files page, click Install license file.

c.     In the dialog box that opens, click Browse… to select the license files saved locally. Then click OK.

After the license files are uploaded, licensing information is displayed on the License Files page.

2.     Configure the VCF controller or the active leader VCF controller to obtain licensing information.

a.     Log in to the VCF controller or the active leader. Select Controller > License Manager.

You are placed on the Remote License tab.

b.     In the License Status area, set the required license quantity.

c.     In the License server info area, provide the license server IP address, username, password, and port number. Then click Connect to connect the VCF controller to the license server.

The username and password are those created for the VCF controller on the license server.

The VCF controller or the leader VCF controller automatically obtains licensing information after connecting to the license server.


Upgrading VCF controllers

In-Service Software Upgrade (ISSU) is available when the VCF controllers are operating in a team or region.

For service continuity, follow these guidelines to upgrade VCF controllers:

·     To upgrade a VCF controller team, first upgrade the member controllers and leaders other than the active leader and then the active leader.

·     Before upgrading a controller in a team, you must perform upgrade preparation for the controller. You can perform the operation from the controller or from the active leader.

·     You must upgrade the controllers in a region one after another because services on the target controller will be taken over by the other controller in the region. Before upgrading the second controller, make sure the first controller has been upgraded successfully and has started correctly.

·     To avoid controller operation failure, do not shut down or restart the server where the controller resides during the upgrading process.

Pre-upgrade tasks

Checking the software versions for compatibility

Before upgrading VCF controllers, check the old and new software versions for compatibility. For information about software compatibilities, see H3C VCF_CONTROLLER-version Release Notes, where version represents the version number of VCF controllers.

·     If the new version is compatible with the old version, you can choose to keep the configuration file or not for the upgrade.

As a best practice, keep the configuration file for the upgrade. The system restores the original configuration by using the original configuration file after the upgrade.

·     If the new version is not compatible with the old version, you can only upgrade the controller by keeping the configuration file.

Checking the software dependencies

For a VCF controller of E2184 or earlier, the software dependencies might be installed incorrectly. If the software dependencies are installed incorrectly, reinstall the software dependencies before upgrading the controller.

To check the software dependencies:

1.     Access the website at http://www.h3c.com/cn/Software_Download. Select SDN > H3C Virtual Converged Framework Controller, and download the script package of the required version for checking the software dependencies.

The script package for checking the software dependencies is named in the format of check-packages-version.sh, where version represents the version number of the script package.

2.     Copy the script package to the installation directory on the server.

If you use FTP or TFTP to upload the package to the directory, use the binary mode to avoid damaging the package.

3.     Execute the sh command to run the scripts. If the software dependencies fail the check, the system prompts you to reinstall the software dependencies of the required version.

[root@localhost ~]# sh check-packages-E2501.sh

ERROR: Please install software dependency unzip-6.0 correctly.

4.     Execute the scripts again after the software dependencies are installed. If the software dependencies pass the check, you can upgrade the VCF controller.

[root@localhost ~]# sh check-packages-E2501.sh

……

Software dependency check passed. All software dependencies have been installed correctly.

ISSU flowchart

Figure 16 ISSU flowchart for VCF controllers in a team

 

Setting the upgrade mode

You can upgrade controllers in a team only when they are all in the upgrade mode. In this mode, the master/subordinate switchover in a region will not be triggered unless you perform upgrade preparation for the master controller.

To set the upgrade mode:

1.     Log in to the active leader or access the team with the team IP address. Click Controller > System > Upgrade Preparation.

The upgrade preparation page opens.

2.     In the Controller info area, click Enter upgrade mode. All controllers in the team enter the upgrade mode.

Figure 17 Entering the upgrade mode

 

Preparing a controller for upgrade

IMPORTANT

IMPORTANT:

·     Before upgrading a controller, back up the controller configurations in case of upgrade failure. To back up control configurations, click Controller > System > Backup & Recovery.

·     Prepare a controller for upgrade only when you want to upgrade the controller. After you prepare a controller for upgrade, the controller stops operating.

 

Upgrade preparation is required only for a controller in a team. You do not need to prepare a standalone controller for upgrade.

The upgrade preparation procedure is the same for all controllers in a team, except that a leader role switchover occurs during the preparation of the active leader. The following describes the upgrade preparation procedure for the active leader.

To prepare a controller for upgrade:

1.     Click Controller > System > Upgrade Preparation.

The upgrade preparation page opens.

2.     In the Controller info area, click the Prepare icon  in the Operation column to prepare for upgrading the target controller. The system then checks whether or not the target controller is qualified for upgrade preparation. If the target controller does not support the auto check feature due to low software version, you must manually check the controller. For how to manually check whether or not a controller is qualified for upgrade preparation, see "Controller software version does not support automatic check of upgrade preparation qualifications."

?span style='font:7.0pt '>  If the target controller is qualified, the system prompts you whether to prepare for upgrade. Click OK to start preparing for upgrade.

Figure 18 Confirming the upgrade preparation operation

 

?span style='font:7.0pt '>  If the target controller is not qualified, the system displays the cause. Table 4 shows the causes and relevant solutions.

Table 4 Causes and relevant solutions

Cause

Solution

Some devices managed by the controllers in the team are operating incorrectly. Continue upgrade preparation?

Before you continue the upgrade preparation operation, make sure the abnormal devices do not affect the services. You can troubleshoot the fault as follows:

·     In the Controller info area, click Details in the Device status column to check whether or not all hosts and NEs in the team are operating correctly.

·     Go to the Carrier Network > Physical NEs page and the Carrier Network > VNF NEs page to view details about the abnormal NEs.

·     Go to the vNetwork > Domain > Host > vSwitch Bridge page to view the status of the host connections.

Some devices in the region are not prepared. You can view their IP addresses in the Device status column. Continue upgrade preparation?

Before you continue the upgrade preparation operation, make sure the unready devices do not affect the services. You can troubleshoot the fault as follows:

·     In the Controller info area, click Details in the Device status column to view the number of unready devices in the region and their IP addresses.

·     Log in to the unready devices and check the OpenFlow connections established to the controllers.

 

3.     If the "Read for upgrade" message is displayed, the upgrade preparation task is completed. However, the message is not displayed when you access the team with the team IP and prepare the active leader for upgrade. This upgrade preparation triggers a leader role switchover. If the role of the controller changes from active leader to leader, the controller has passed the automatic check and completed upgrade preparation.

4.     Log in to another controller in the team to verify the preparation.

The services on the prepared controller are taken over by the other controller in the region. The role and status of the prepared controller change, as shown in Figure 19.

In this example, the status of the controller at 192.168.217.230 changed from active to down, and the role of the controller changed from Leader* to Leader. The controller at 192.168.217.233 has become the active leader of the team.

Figure 19 Verifying the preparation

 

Upgrading the VCF controller

To upgrade both the VCF controller and its software dependencies, see "Installing a VCF controller" to install a new controller version.

This section describes the procedure to upgrade only the VCF controller. To upgrade the VCF controller, uninstall the old controller version first and then install the new controller version.

Removing the old VCF controller version

IMPORTANT

IMPORTANT:

·     Make sure the psql tool is closed before you remove a VCF controller. You can use the pstree | grep psql command to verify the status of the psql process. To close the psql process, quit psql view.

·     If you remove the configuration file when removing a VCF controller, you need to re-upload the license files when reinstalling the VCF controller. Back up the license files in advance.

·     To avoid removal failure, do not remove a VCF controller when the disk size is insufficient. Important system files are backed up during the removing process, which occupies some disk space.

 

When you remove a VCF controller, you can choose to remove the configuration file or not.

·     If you choose to remove the configuration file, the VCF controller and its configuration file and logs are all removed. Make sure you are fully aware of the impact of this operation before you perform it.

·     If you choose to not remove the configuration file, the configuration file or logs will be retained. After you install a new controller version, the controller restores the configuration from the retained configuration file.

To remove the VCF controller:

1.     Remove the VCF controller.

[root@localhost ~]# rpm -e vcf-controller

Uninstalling vcf-controller (Version: 2180 )...

Stopping zookeeper ... no zookeeper to stop

Stopping cassandra ... no cassandra to stop

Remove hsperfdata

2.     To retain the configuration file, enter Y. To delete the configuration file, enter N.

?span style='font:7.0pt '>  To delete the configuration file:

Do you want to purge the package? [Y/N]:Y

Removing team ip...

...done.

...

?span style='font:7.0pt '>  To retain the configuration file:

Do you want to purge the package? [Y/N]:N

Removing team ip...

...done.

...

Installing a new controller version

Obtaining the installation package

1.     Access the website at http://www.h3c.com/cn/Software_Download. Select SDN > H3C Virtual Converged Framework Controller, and download the VCF controller installation package (.rpm) of the required version.

2.     Copy the installation package to the VCF installation directory on the server.

If you use FTP or TFTP to upload the installation package to the directory, use the binary mode to avoid damaging the installation package.

Installing the VCF controller installation package

IMPORTANT

IMPORTANT:

Before you install the VCF controller, make sure the psql tool is closed. You can use the pstree | grep psql command to display the operating state of the psql process. To close the psql process, quit psql view.

 

To install the VCF controller installation package:

1.     Access the directory where the VCF controller installation package resides, /root as an example, and install the VCF controller installation package.

The VCF controller installation package is named in the format of VCF_CONTROLLER-version.rpm, where version represents the version number of the VCF controller installation package.

[root@localhost ~] rpm –ivh VCF_CONTROLLER-E2180.rpm

Preparing...                          ################################# [100%]

2.     You are prompted whether to continue the installation if the hardware does not meet the recommended configurations. To continue the installation, enter Y. To stop the installation, enter N.

For the recommended hardware configurations, see Table 1.

Current CPU cores: 24, sufficient    Recommended: 24 or above

Current CPU main frequency: 2.9 GHz, sufficient    Recommended: 2.6 GHz or above

Current memory size: 64 GB, sufficient    Recommended: 64 GB or above

Current disk size in the root directory: 512 GB, sufficient    Recommended: 512

 GB or above

Checked 4 hardware items, all passed

Remove hsperfdata

Creating system group 'sdn'...

...done.

Creating system user 'sdn'...

...done.

Creating system user 'sdnadmin'...

...done.

Configuring PostgreSQL database...

...done.

3.     You will be prompted whether to specify a team token. To specify a team token, enter Y as prompted and enter the token. In this example, the token is AuroraSdnToken37.

Do you want to input a TeamToken? [Y/N]:Y

Please enter a TeamToken:AuroraSdnToken37

Updating / installing...

   1:vcf-controller-2180-1.el6        ################################# [100%]

Certificate was added to keystore

Creating userinfo table...

...done.

The team token is the authorization credential used for access between VCF controller services. All members in a team must use the same team token.

To view the team token of a controller:

a.     Log in to the GUI of the controller.

b.     Select Controller > Configuration.

c.     Click the Standalone Config link.

If you do not specify a team token for a controller as prompted when you install the controller, the controller cannot join the team after it starts. You can use either of the following methods:

?span style='font:7.0pt '>  Log in to the GUI of the controller. Select Controller > Configuration, and then click Standalone Config. Enter the token in the Team Token field and click Create.

?span style='font:7.0pt '>  Uninstall the controller and then reinstall the controller. Set the team token as prompted during the reinstallation.

4.     Enter a username and a password as prompted.

In this example, the username is sdn and the password is skyline123.

Please enter a username:sdn

Please enter a password:

Please enter the password again:

Verifying the installation

1.     Verify that the system displays the controller version information. If the version information is displayed, the installation is successful.

[root@localhost ~]# rpm -qa | grep vcf

vcf-controller-2180-1.e16.x86_64

2.     Verify that the sdna, sdnc, and handshake services are started. If the command output displays the active (running) string for all these services, the controller service is started.

[root@localhost ~]# systemctl status sdna.service

sdna.service - sdna systemd conf

   Loaded: loaded (/etc/systemd/system/sdna.service; enabled)

   Active: active (running) since Wed 2015-06-10 16:43:13 CST; 8h ago

Main PID: 623 (java)

[root@localhost ~]# systemctl status sdnc.service

sdnc.service - sdnc systemd conf

   Loaded: loaded (/etc/systemd/system/sdnc.service; enabled)

   Active: active (running) since Thu 2015-03-26 16:49:40 CST; 17h ago

  Process: 12627 ExecStart=/etc/systemd/system/startSdnc (code=exited, status=0/S

UCCESS)

 Main PID: 12660 (java)

[root@localhost ~]# systemctl status handshake.service

handshake.service - handshake systemd conf

   Loaded: loaded (/etc/systemd/system/handshake.service; enabled)

   Active: active (running) since Wed 2015-06-10 16:43:13 CST; 24h ago

Main PID: 616 (hsServer.sh)

Verifying the configuration and service data synchronization status

After the new controller version is installed, the active leader of the team automatically detects the new controller and synchronizes the configuration and service data of the team to the new controller.

You need to verify that the controller, its associated network elements, and the virtual network are in normal state after the upgrade. You can upgrade another VCF controller only after this controller resumes normal operation.

 

 

NOTE:

For a team with controllers of E2187 or earlier, you might get incorrect configuration and service data synchronization status if you use the procedure introduced in this chapter. As a best practice, follow the procedure in "Controller software version does not support automatic check of upgrade " to verify the configuration and service data synchronization status.

 

Checking the controller and its configuration recovery states

1.     Click Controller > System > Upgrade Preparation.

2.     In the Controller Info area, check the State and Configuration recovery status fields. If the State is Active and the Configuration recovery is , the controller and its configuration recovery states are normal.

Figure 20 Checking the controller and its configuration recovery states

 

Checking the device status

1.     Click Controller > System > Upgrade Preparation and check the Device status field. If this field displays , no action is required. If the field displays , click detail to view the detailed information about the device. Make sure the abnormal device does not affect the services.

2.     Click Carrier Network > Physical NEs and check the Smooth status field. If this field displays , no action is required. If the field displays Not Synchronized , data on the NEs was not synchronized. If the field displays Some Settings Failed , some settings failed to be deployed. If this causes a service fault, enable data synchronization or modify the device configurations manually.

Figure 21 Verifying the data synchronization status of NEs

 

Verifying the virtual network state

Log in to the controller that has been upgraded. Select Home > Overview to verify that the controller has the same numbers of networks, routers, subnets, and ports as the active leader.

Figure 22 Verifying the virtual network state

 

Quitting the upgrade mode

After all controllers in the team are upgraded and resume their configurations and services, you must quit the upgrade mode to complete the upgrade.

To quit the upgrade mode:

1.     Log in to the active leader or access the team through the team IP address. Click Controller > System > Upgrade Preparation.

The upgrade preparation page opens.

2.     In the Controller info area, click Quit upgrade mode. All controllers in the team quit the upgrade mode.


Troubleshooting

Software dependencies cannot be installed by using the yum command

Symptom

Software dependencies cannot be installed by using the yum command when a proxy server is used for Internet access.

Solution

To resolve the problem:

1.     Make sure the server can access the HTTP proxy server.

2.     At the CLI of the CentOS system, use the vi editor to open the yum.conf configuration file. If the yum.conf configuration file does not exist, this step creates the file.

[root@localhost ~]# vi /etc/yum.conf

3.     Press I to switch to the insert mode, and provide HTTP proxy information as follows:

?span style='font:7.0pt '>  If the server does not require authentication, enter HTTP proxy information in the following format:
proxy = http://yourproxyaddress:proxyport

?span style='font:7.0pt '>  If the server requires authentication, enter HTTP proxy information in the following format:

proxy = http://yourproxyaddress:proxyport

proxy_username=username

proxy_password=password

Table 5 describes the arguments in HTTP proxy information.

Table 5 Arguments in HTTP proxy information

Field

Remarks

username

Username for logging in to the proxy server, for example, sdn.

password

Password for logging in to the proxy server, for example, 123456.

yourproxyaddress

IP address of the proxy server, for example, 172.25.1.1.

proxyport

Port number of the proxy server, for example, 8080.

 

proxy = http://172.25.1.1:8080

proxy_username = sdn

proxy_password = 123456

4.     Press Esc to return to the command mode.

5.     Enter :wq to quit the vi editor and save the yum.conf file.

:wq

6.     If the problem persists, contact H3C Support.

Controller software dependencies cannot be installed by using the wget command

Symptom

Controller software dependencies cannot be installed by using the wget command when a proxy server is used for Internet access.

Solution

To resolve the problem:

1.     Make sure the server can access the HTTP proxy server.

2.     At the CLI of the CentOS system, use the vi editor to open the wgetrc configuration file. If the wgetrc configuration file does not exist, this step creates the file.

[root@localhost ~]# vi /etc/wgetrc

3.     Press I to switch to the insert mode, and enter HTTP proxy information as follows.

?span style='font:7.0pt '>  If the server does not require authentication, enter HTTP proxy information in the following format:
http_proxy = http://yourproxyaddress:proxyport/

?span style='font:7.0pt '>  If the server requires authentication, enter HTTP proxy information in the following format:
http_proxy = http://username:password@yourproxyaddress:proxyport/

Table 6 describes the arguments in HTTP proxy information.

Table 6 Arguments in HTTP proxy information

Field

Remarks

username

Username for logging in to the proxy server, for example, sdn.

password

Password for logging in to the proxy server, for example, 123456.

yourproxyaddress

IP address of the proxy server, for example, 172.25.1.1.

proxyport

Port number of the proxy server, for example, 8080.

 

# You can set the default proxies for Wget to use for http, https, and ftp.

# They will override the value in the environment.

# https_proxy = http://proxy.yoyodyne.com:18023/

# http_proxy = http://proxy.yoyodyne.com:18023/

# ftp_proxy = http://proxy.yoyodyne.com:18023/

 

http_proxy = http://sdn:123456@172.25.1.1:8080/

4.     Press Esc to return to the command mode.

5.     Enter :wq to quit the vi editor and save the wgetrc file.

:wq

6.     If the problem persists, contact H3C Support.

Communication fails when a VCF controller is the next hop of a route to the destination VCF controller on a Layer 3 network

Symptom

As shown in Figure 23, a VCF controller (VCFC) team is deployed on a Layer 3 network, and multiple NICs are connected to the network. Communication failure occurs when a VCFC is the next hop of a route to the destination VCFC.

Figure 23 Network topology

 

Analysis

A VCFC can advertise routes but cannot forward packets based on routes. After a VCFC distributes the non-local routes it learns to a neighboring switch, the VCFC becomes the next hop of these routes on the switch. When the switch is to access a device or network segment by using these routes, the packets are forwarded to the next-hop VCFC. Because the VCFC cannot forward packets, the packets are dropped.

As shown in Figure 23, the next hop from a TOR, TOR 1 for example, to the loopback interface of VCFC 1 is typically an Ethernet NIC of VCFC 1. If the link between TOR 1 and VCFC 1 fails, the next hop from TOR 1 to VCFC 1 might become VCFC 2 rather than the router. Because VCFC 2 cannot forward packets, the packets are dropped.

Solution

When OSPF is running between TORs and VCFCs

As shown in Figure 23:

·     TOR 1 and TOR 2 establish OSPF neighbor relationships with VCFC 1 and VCFC 2, respectively.

·     TOR 1 and TOR 2 establish EBGP peer relationships with the router.

·     The controller team IP address is 215.129.129.129/32.

To resolve the problem, apply routing policies and modify route priorities on TORs so that when the link that connects a TOR and VCFC fails, the next hop is the router rather than another VCFC. The following procedure uses TOR 1 as an example:

1.     Configure ACL 2000 on TOR 1 to permit packets from the loopback interfaces of all VCFCs and the IP address of the VCFC team.

<TOR1> system-view

[TOR1] acl basic 2000

[TOR1-acl-ipv4-basic-2000] rule 10 permit source 215.124.124.124 0

[TOR1-acl-ipv4-basic-2000] rule 15 permit source 215.125.125.125 0

[TOR1-acl-ipv4-basic-2000] rule 20 permit source 215.129.129.129 0

[TOR1-acl-ipv4-basic-2000] quit

2.     Create routing policy ospf_import to permit routes that match ACL 2000 and that have the specified cost. Specify the cost based on the site deployment. The cost must be that of the route to the loopback interface of VCFC 1.

The following example sets the cost to 11.

[TOR1] route-policy ospf_import permit node 10

[TOR1-route-policy-ospf_import-10] if-match cost 11

[TOR1-route-policy-ospf_import-10] if-match ip address acl 2000

[TOR1-route-policy-ospf_import-10] quit

3.     Create routing policy ospf_preference to permit routes that match ACL 2000 and that have the specified cost. Set the preference for the matched routes to 2.

The following example sets the cost to 11.

[TOR1] route-policy ospf_preference permit node 10

[TOR1-route-policy-ospf_preference-10] if-match cost 11

[TOR1-route-policy-ospf_preference-10] if-match ip address acl 2000

[TOR1-route-policy-ospf_preference-10] apply preference 2

[TOR1-route-policy-ospf_preference-10] quit

4.     Redistribute the routes to the IP addresses of the loopback interfaces and the IP address of the VCFC team to the OSPF routing table. Apply routing policy ospf_preference to set the preference for the OSPF routes learned from VCFC 1 to 2. Enable OSPF on the interface that connects TOR 1 to VCFC 1.

[TOR1] ospf 1

[TOR1-ospf-1] default-route-advertise always

[TOR1-ospf-1] preference route-policy ospf_preference

[TOR1-ospf-1] area 0

[TOR1-ospf-1-area-0.0.0.0] network 10.16.0.0 0.0.255.255

[TOR1-ospf-1-area-0.0.0.0] quit

[TOR1-ospf-1]quit

5.     Redistribute routes to IP addresses of the loopback interfaces and the IP address of the VCFC team to the BGP routing table. Set the preference for EBGP, IBGP, and local routes to a value, 5 for example. Make sure the value is larger than preference 2 for the OSPF routes learned from VCFC 1 to the loopback interface of VCFC 1 and smaller than preference 10 for default OSPF routers. The higher the preference value, the less prior the route.

[TOR1] bgp 1003

[TOR1-bgp-default] address-family ipv4 unicast

[TOR1-bgp-default-ipv4] preference 5 5 5

[TOR1-bgp-default-ipv4] import-route direct

[TOR1-bgp-default-ipv4] import-route ospf 1 route-policy ospf_import

[TOR1-bgp-default-ipv4] peer 100.25.1.2 enable

[TOR1-bgp-default-ipv4] peer 100.25.1.2 preferred-value 32768

[TOR1-bgp-default-ipv4] quit

[TOR1-bgp-default] quit

The priorities of the routes to VCFC 1 are as follows:

·     The priority is 2 for the routes to the loopback interface learned from VCFC1.

·     The priority is 5 for the BGP routes learned from the router.

·     The priority is 10 for the OSPF routes learned from VCFC 2. (The OSPF routes distribution path: VCFC 1>TOR 2>VCFC 2>TOR 1)

Therefore, when the link between TOR 1 and VCFC 1 is operating correctly, the next hop of the route to VCFC 1 is NIC of VCFC 1. When the link between TOR 1 and VCFC 1 fails, the next hop to VCFC 1 is the router because this route has a higher priority. VCFC 2 will not be the next hop. Communication failure will not occur.

When BGP is running between TORs and VCFCs

As shown in Figure 23:

·     TOR 1 and TOR 2 establish EBGP peer relationships with VCFC 1 and VCFC 2, respectively, over direct links.

·     TOR 1 and TOR 2 establish EBGP peer relationships with the router.

·     The IP address of the VCFC team is 215.129.129.129/32.

The following uses TOR 1 as an example to describe the resolving procedure. Typically, the next hop from TOR 1 to the loopback interface of VCFC 1 is an Ethernet NIC of VCFC 1. To prevent VCFC 2 from becoming the next hop when the link between TOR 1 and VCFC 1 fails, configure routing policies to filter routing information on TOR 1 so that the next hop can only be the router.

To resolve the problem:

1.     Configure IP prefix lists VCFC 1 and VCFC 2 to permit routes destined for IP addresses of the loopback interfaces and the IP address of the VCFC team.

<TOR1> system-view

[TOR1] ip prefix-list VCFC1 index 10 permit 215.124.124.124 32

[TOR1] ip prefix-list VCFC1 index 20 permit 215.129.129.129 32

[TOR1] ip prefix-list VCFC1 index 30 deny 0.0.0.0 0 less-equal 32

[TOR1] ip prefix-list VCFC2 index 10 permit 215.125.125.125 32

[TOR1] ip prefix-list VCFC2 index 20 permit 215.129.129.129 32

[TOR1] ip prefix-list VCFC2 index 30 deny 0.0.0.0 0 less-equal 32

2.     Enable TOR 1 to exchange IPv4 routing information with VCFC 1 and VCFC 2. Apply routing policies to allow TOR1 to learn only routes coming from the IP addresses of the loopback interfaces and the IP address of the VCFC team.

[TOR1] bgp 1004

[TOR1-bgp-default] address-family ipv4 unicast

[TOR1-bgp-default-ipv4] peer 10.16.124.2 enable

[TOR1-bgp-default-ipv4] peer 10.16.124.2 route-policy VCFC1 import

[TOR1-bgp-default-ipv4] peer 10.16.125.2 enable

[TOR1-bgp-default-ipv4] peer 10.16.125.2 route-policy VCFC2 import

[TOR1-bgp-default-ipv4] quit

[TOR1-bgp-default] quit

TOR 1 can learn from VCFC 1 only routes to IP addresses of the loopback interface of VCFC 1 and the IP address of the controller team. It can learn from VCFC 2 only routes to IP addresses of the loopback interface of VCFC 2 and IP address of the controller team. Therefore, the next hop from TOR 1 to VCFC 1 can only be the NIC of VCFC 1 and the next hop from TOR 2 to VCFC 2 can only be the NIC of VCFC 2. When the link between a TOR and VCFC fails, the TOR can only send the packets to the router for further forwarding.

Controller software version does not support automatic check of upgrade preparation qualifications

Symptom

Before a controller prepares for upgrade, the system automatically checks whether or not the controller is qualified for upgrade preparation. However, the controller does not support auto check due to low software version.

Solution

Follow the flowchart in Figure 24 to manually check whether the controller is qualified for upgrade preparation.

Figure 24 Manually checking whether the controller is qualified for upgrade preparation

 


Appendix

Using an ISO file to upgrade VCF controllers and operating systems

Using an ISO file to install VCF controllers will upgrade the operating systems from CentOS 7.0 or CentOS 7.1 to CentOS 7.3 simultaneously.

 

IMPORTANT

IMPORTANT:

·     Follow the procedures described in this section to upgrade the operating system from CentOS 7.0 or CentOS 7.1 to CentOS 7.3, to ensure correct operation of the VCF controller team.

·     Make sure the new operating system has the same host name and IP address as the old operating system.

 

Upgrading VCF controllers of E2187 or later

Figure 25 Flowchart for upgrading VCF controllers of E2187 or later

 

To upgrade a VCF controller team, first upgrade the member controllers and leaders other than the active leader and then the active leader.

To upgrade VCF controllers of E2187 or later in a team:

1.     Complete pre-upgrade tasks. For more information, see "Pre-upgrade tasks."

2.     Configure the team to enter upgrade mode. For more information, see "Setting the upgrade mode."

3.     Prepare a controller for upgrade. For more information, see "Preparing a controller for upgrade."

4.     Use an ISO file to upgrade the operating system and VCF controller. For more information, see "Installing a VCF controller."

5.     Verify that the configurations and service data have been synchronized to the controller correctly. For more information, see "Verifying the configuration and service data synchronization status."

6.     Repeat steps 3, 4, and 5 to upgrade the other VCF controllers in the team.

7.     Quit upgrade mode after all the VCF controllers in the team have been upgraded. For more information, see "Quitting the upgrade mode."

Upgrading VCF controllers earlier than E2187

VCF controllers support the CentOS 7.3 operating system from E2187. To upgrade the operating system to CentOS 7.3 for a VCF controller earlier than E2187, you must first upgrade the VCF controller to E2187 or later by using an RPM file.

Figure 26 Upgrading VCF controllers earlier than E2187

 

To upgrade VCF controllers earlier than E2187 in a team:

1.     Complete pre-upgrade tasks. For more information, see "Pre-upgrade tasks."

2.     Use an RPM file to upgrade the member controllers and leaders other than the active leader to E2187 or later.

a.     Prepare a controller for upgrade. Click Controller > System > Upgrade Preparation. In the Controller info area, click the Prepare icon  in the Operation column to prepare for upgrading the target controller. For more information, see the installation guide for the VCF controller of the current version.

b.     Use the RPM file to upgrade the VCF controller. For more information, see "Upgrading VCF controllers."

c.     Verify that the configurations and service data have been synchronized to the controller correctly. For more information, see "Verifying the configuration and service data synchronization status."

d.     Repeat steps a, b, and c to upgrade other member controllers and leaders other than the active leader.

3.     Prepare the active leader for the upgrade. Then verify that the configurations and service data of the controller team are normal. For more information, see "Verifying the configuration and service data synchronization status."

A leader role switchover occurs during the preparation of the active leader.

4.     Use an ISO file to upgrade the member VCF controllers, leaders other than the active leader, and the operating systems.

Start from step c for the original active leader.

a.     Set the upgrade mode for the team. For more information, see "Setting the upgrade mode."

b.     Prepare a controller for upgrade. For more information, see "Preparing a controller for upgrade."

c.     Use the ISO file to upgrade the operating system and VCF controller. For more information, see "Installing a VCF controller."

d.     Verify that the configurations and service data have been synchronized to the controller correctly. For more information, see "Verifying the configuration and service data synchronization status."

e.     Repeat steps a, b, c, and d to upgrade other controllers and leaders other than the active leader.

5.     Use the ISO file to upgrade the active leader.

a.     Set the upgrade mode. For more information, see "Setting the upgrade mode."

b.     Prepare the active leader controller for upgrade.

c.     Use the ISO file to upgrade the operating system and controller. For more information, see "Installing a VCF controller."

d.     Verify that the configurations and service data of the team have been synchronized to the controller correctly. For more information, see "Verifying the configuration and service data synchronization status."

Configuring NICs of the leaders in a VCF controller team

NIC names might change after the operating system is upgraded from CentOS 7.0 or CentOS 7.1 to CentOS 7.3.

NIC name change will cause VCF controller team operation failure. As a best practice, reconfigure NICs of the leaders in a VCF controller team after the operating system is upgraded.

To configure NICs of the leaders in a VCF controller team:

1.     Log in to the active leader. Select Controller > Configuration.

2.     Click Modify team.

3.     Click the Modify icon . On the dialogue box that opens, configure NICs of the leaders and then click OK.

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网