H3C SeerEngine-Campus Deployment Guide-E65XX-5W100

HomeSupportAD-NET(SDN)H3C SeerEngine-CampusInstall & UpgradeInstallation GuidesH3C SeerEngine-Campus Deployment Guide-E65XX-5W100
01-Text
Title Size Download
01-Text 1.52 MB

About the SeerEngine-Campus controller

SeerEngine-Campus is an SDN controller designed for the application-driven campus network. From a unified GUI, SeerEngine-Campus offers compressive campus network management capabilities, including zero-touch device deployment, user authentication and access control, service chaining, micro-segmentation, campus and DC interconnect, and service orchestration.

Features

SeerEngine-Campus provides the following features:

·     Zero-touch device deploymentProvides fully automated underlay network deployment. Network devices can be automatically configured in plug and play mode, which frees the administrator from the tedious, error-prone tasks of node-by-node device configuration.

·     User authenticationSupports various user authentication methods, including 802.1X, MAC authentication, and MAC portal authentication.

·     Access controlEnforces access control on users based on their user group membership.

·     Service chaining—Supports routing traffic along a chain of connected services such as firewalls and loading balancing. The chained service nodes can be third-party devices.

·     Micro-segmentation—Decouples security groups from virtual networks, enabling service orchestration and deployment across management domains.

·     Converged Campus & DC—Interconnects campus VPN networks and data center VPN networks.

Deployment modes

SeerEngine-Campus can be deployed only as a containerized component on Unified Platform through the Unified Platform GUI. Before deploying SeerEngine-Campus on a server, you must deploy Matrix and Unified Platform on the server first. See H3C Unified Platform Deployment Guide for the deployment procedure.


Preparing for installation

Component dependencies

You can deploy DHCP, EIA, and WSM servers in addition to the SeerEngine-Campus component. The servers are optional.

DHCP servers are required for assigning IP addresses to network devices during the zero-touch deployment process and to endpoint users requesting network access on the campus network.

You can deploy one DHCP server in standalone mode, or deploy two DHCP servers in cluster mode for high availability.

The SeerEngine-Campus network supports Microsoft DHCP servers, vDHCP servers, and Infoblox DHCP servers, of which vDHCP servers are more commonly used. The vDHCP server is provided by Unified Platform as a public service component.

To use Microsoft DHCP servers, see the related document for the deployment procedure.

To use vDHCP servers, deploy the vDHCP Server component together with SeerEngine-Campus from Unified Platform.

The EIA component manages endpoint authentication and access.

The WSM component monitors and configures wireless devices.

Standalone deployment restrictions

The following restrictions apply to standalone SeerEngine-Campus deployments:

·     The remote backup function must be enabled on the standalone SeerEngine-Campus controller. This function allows the controller to back up its configuration and data to a remote server periodically (typically once in a couple of days). In case that SeerEngine-Campus redeployment is required, you can restore the most recent backup files for the system with minimal data loss.

·     Failures of server hardware components such as physical drives or RAID controllers cannot be recovered by rebooting the server. The SeerEngine-Campus service will be affected or unavailable until the faulty hardware or server is replaced. However, the time required for the replacement cannot be directly evaluated since it might involve purchasing the replacement components.

Installation packages

Before the deployment, obtain the installation packages for the SeerEngine-Campus, vDHCP Server, EIA Server, and WSM Server components.

Table 1 Installation packages for SeerEngine-Campus and vDHCP Server

Scenario

Component

Component installation package

Campus network

SeerEngine-Campus

SeerEngine_CAMPUS-version-MATRIX.zip

vDHCP Server

vDHCPS-version.zip

EIA Server

EIAversion.zip

WSM Server

WSM-version.zip

 

Server requirements

Hardware requirements

SeerEngine-Campus can be deployed on a single server or on a cluster of servers. You can deploy SeerEngine-Campus on physical servers or on VMs.

The controller supports the following deployment modes:

·     Deploy the controller separately.

·     Deploy the controller together with SeerAnalyzer on a server.

·     Deploy SeerAnalyzer separately.

If you deploy SeerAnalyzer separately and deploy the controller cluster and SeerAnalyzer cluster separately, the nodes in the SeerAnalyzer cluster operate in load balancing mode. A decrease of nodes degrades analysis performance.

Deploying the controller on physical servers

Table 2 Hardware requirements

Item

Requirements

Drive

The drives must be set up in RAID 1, 5, or 10 mode.

·     System drive: 7.2K RPM SATA/SAS HDDs, with a size of 2.4 TB or above in RAID setup.

·     etcd drive: 7.2K RPM SATA/SAS HDDs, with a size of 50 GB or above in RAID setup. (Installation path: /var/lib/etcd.)

·     Storage controller: 1GB cache, power fail protected with a supercapacitor installed.

·     Data drive: SSDs or SATA/SAS HDDs. As a best practice, configure a minimum of three data drives in RAID 5.

NIC

·     Non-bonding mode:

¡     1 × 1 Gbps or above Ethernet port.

¡     2 × 10 Gbps or above Ethernet ports if SeerAnalyzer is deployed.

·     Bonding mode (recommended mode: mode 2 or mode 4): 2 × 10 Gbps Linux bonding interfaces. As a best practice, enable the controller and Unified Platform to share one NIC and enable the SeerAnalyzer southbound network to use a separate NIC if you deploy the controller together with SeerAnalyzer on a server. If the southbound networks can only use one NIC, the southbound networks for the controller and SeerAnalyzer can share one NIC and Unified Platform uses a separate NIC.

 

IMPORTANT

IMPORTANT:

In the following tables, the ratio of switches to ACs/APs is 1:3.

 

Table 3 Standalone deployment of the controller (Unified Platform + vDHCP + SE + EIA + WSM, provides basic wireless management only)

Node settings

Maximum resources that can be managed

Node name

Node quantity

Minimum single-node requirements

Controller

1

·     CPU: 24 cores, 2.0 GHz.

·     Memory: 144 GB.

·     System drive: 2.4 TB (after RAID setup).

·     etcd drive: 50 GB (after RAID setup).

·     5000 online users

·     1000 switches, ACs, and APs in total

 

Table 4 Cluster deployment of controllers (Unified Platform + vDHCP + SE + EIA + WSM, excluding the wireless intelligent analysis feature)

Node settings

Maximum resources that can be managed

Node name

Node quantity

Minimum single-node requirements

Controller

3

·     CPU: 24 cores, 2.0 GHz.

·     Memory: 128 GB.

·     System drive: 2.4 TB (after RAID setup).

·     etcd drive: 50 GB (after RAID setup).

·     2000 online users

·     400 switches, ACs, and APs in total

Controller

3

·     CPU: 24 cores, 2.0 GHz.

·     Memory: 128 GB.

·     System drive: 2.4 TB (after RAID setup).

·     etcd drive: 50 GB (after RAID setup).

·     5000 online users

·     1000 switches, ACs, and APs in total

Controller

3

·     CPU: 26 cores, 2.0 GHz.

·     Memory: 144 GB.

·     System drive: 2.4 TB (after RAID setup).

·     etcd drive: 50 GB (after RAID setup).

·     10000 online users

·     2000 switches, ACs, and APs in total

Controller

3

·     CPU: 26 cores, 2.0 GHz.

·     Memory: 144 GB.

·     System drive: 2.7 TB (after RAID setup).

·     etcd drive: 50 GB (after RAID setup).

·     20000 online users

·     4000 switches, ACs, and APs in total

Controller

3

·     CPU: 28 cores, 2.0 GHz.

·     Memory: 144 GB.

·     System drive: 3.0 TB (after RAID setup).

·     etcd drive: 50 GB (after RAID setup).

·     40000 online users

·     8000 switches, ACs, and APs in total

Controller

3

·     CPU: 36 cores, 2.0 GHz.

·     Memory: 176 GB.

·     System drive: 3.2 TB (after RAID setup).

·     etcd drive: 50 GB (after RAID setup).

·     60000 online users

·     12000 switches, ACs, and APs in total

Controller

3

·     CPU: 38 cores, 2.0 GHz.

·     Memory: 192 GB.

·     System drive: 3.4 TB (after RAID setup).

·     etcd drive: 50 GB (after RAID setup).

·     100000 online users

·     20000 switches, ACs, and APs in total

 

IMPORTANT

IMPORTANT:

·     The server must support the CentOS 7.6 or later operating system.

·     NIC bonding allows you to bind multiple NICs to form a logical NIC for NIC redundancy, bandwidth expansion, and load balancing. NIC bonding can be configured on servers and switches. For more information about configuring NIC bonding, see H3C Unified Platform Deployment Guide.

 

Deploying the controller on VMs

CAUTION

CAUTION:

·     To ensure system environment stability, make sure the CPUs, memory, and disks allocated to a VM meet the recommended capacity requirements and there are physical resources with corresponding capacity. Make sure VM resources are not overcommitted, and reserve resources for the VM.

·     As a best practice, install the etcd drive on a different physical drive than any other drives and make sure etcd has exclusive use of the drive where it is installed.

·     To deploy the controller on a VMware-managed VM, enable the network card hybrid mode and pseudo transmission on the host where the VM resides.

 

You can deploy the controller on a VM, which provides the CPU, memory, and disk resources required by the controller. The supported virtualization platform and version information for a VM are the same as those for Unified Platform.

The number of vCPU cores required for deploying the controller on a VM is twice the number of CPU cores required for deploying the controller on a physical server if hyper-threading is enabled on the server where the virtualization platform is deployed. If hyper-threading is disabled, the required number of vCPU cores is the same as that of CPU cores, and memory and disks can also be configured as required for deployment on a physical server.

For configuration requirements for the memory and disks, see "Deploying the controller on physical servers."

Application installation packages

SeerEngine-Campus is deployed on Unified Platform. Table 5 shows the application installation packages required when you install Unified Platform. The following installation packages must be deployed when you deploy Unified Platform:

·     common_PLAT_GlusterFS_2.0_<version>.zip (required)

·     general_PLAT_portal_2.0_<version>.zip (required)

·     general_PLAT_kernel_2.0_<version>.zip (required)

The following installation packages are deployed automatically when you deploy SeerEngine-Campus components:

·     general_PLAT_kernel-base_2.0

·     general_PLAT_network_2.0

·     general_PLAT_Dashboard_2.0

·     general_PLAT_widget_2.0

Table 5 Installation packages

Installation package

Description

Remarks

common_PLAT_GlusterFS_2.0_<version>.zip

Provides local shared storage functionalities.

Required.

general_PLAT_portal_2.0_<version>.zip

Provides portal, unified authentication, user management, service gateway, and help center functionalities.

Required.

general_PLAT_kernel_2.0_<version>.zip

Provides access control, resource identification, license, configuration center, resource group, and log functionalities.

Required.

general_PLAT_kernel-base_2.0_<version>.zip

Provides alarm, access parameter template, monitoring template, report, email, and SMS forwarding functionalities.

Optional.

general_PLAT_network_2.0_<version>.zip

Provides basic network management functions, including network resources, network performance, network topology, and iCC.

Required.

general_PLAT_Dashboard_2.0_<version>.zip

Provides the dashboard framework.

Required.

general_PLAT_widget_2.0_<version>.zip

Provides dashboard widget management.

Required.

general_PLAT_websocket_2.0_<version>.zip

Provides the southbound Websocket function.

Required.

general_PLAT_cmdb_2.0_<version>.zip

Provides database configuration and management.

Optional.

general_PLAT_kernel_region_2.0_<version>.zip

Provides hierarchical management functions.

Optional.

general_PLAT_netconf_1.0_<version>.zip

Provides NETCONF channel services and validity check services about NETCONF configuration.

Optional.

 

Deployment procedure at a glance

Table 6 Deployment procedure

Task

Procedure

Remarks

Install the H3Linux operating system

Install the H3Linux operating system on each server.

See H3C Unified Platform Deployment Guide.

Deploy Unified Platform

·     Deploy Matrix.

·     Configure Matrix cluster parameters.

·     Deploy the Matrix cluster.

·     Deploy Unified Platform.

See H3C Unified Platform Deployment Guide.

Deploy the SeerEngine-Campus, vDHCP Server, EIA, and WSM components

Deploy the required components.

See "Deploying the controller."

 

Client requirements

You can access Unified Platform from a Web browser without installing any client. For more information, see H3C Unified Platform Deployment Guide.

Pre-installation checklist

Table 7 Pre-installation checklist

Item

Requirements

Server

Hardware

·     The CPUs, memory, drives, and NICs meet the requirements.

·     The server supports Unified Platform.

Software

The system time settings are configured correctly. As a best practice, configure NTP for time synchronization and make sure the devices synchronize to the same clock source.

Client

You can access Unified Platform from a Web browser without installing any client. As a best practice, use Google Chrome 55 or a later version.

 


Deploying the controller

IMPORTANT

IMPORTANT:

·     The controller runs on Unified Platform. You can deploy, upgrade, and uninstall it only on Unified Platform.

·     Before deploying the controller, make sure the required applications have been deployed.

 

Preparing for deployment

Enabling the NICs

SeerEngine-Campus and vDHCP Server run in containerized mode on a physical server and require NICs for processing their service traffic. You can use the NIC assigned to Unified Platform for this purpose, or enable new NICs. The latter is recommended to ensure network stability. To use bonding NICs, double the number of enabled NICs.

To enable a NIC:

1.     Log in to the server on which Unified Platform is deployed remotely and edit the NIC configuration file. This example edits the configuration file for NIC ens192.

a.     Open the NIC configuration file.

[root@UC01 /]# vi /etc/sysconfig/network-scripts/ifcfg-ens192

b.     Set the BOOTPROTO field to none to remove NIC startup protocols, and set the ONBOOT field to yes to enable automatic NIC connection at server startup.

 

 

2.     Restart the NIC.

[root@UC01 /]# ifdown ens192

[root@UC01 /]# ifup ens192

3.     Use the ifconfig command to display network information and verify that the NIC is in up state.

Planning the networks

The campus scenario uses the Layer 3 network scheme, where the controller NIC IP and the two IP addresses of the device are on different subnets. In this network scheme, device in multiple fabrics can come online automatically. For the controller to provide automated underlay network deployment function, you must configure DHCP relay agent on the Layer 3 gateway device between the server that hosts the controller and the spine and leaf devices.

The solution deploys the following networks:

·     Calico networkNetwork for containers to communicate with each other. The Calico network uses the IP address pool (177.177.0.0 by default) specified at Unified Platform cluster deployment. You do not need to configure addresses for the Calico network at component deployment. The network can share the same NIC as the MACVLAN network.

·     MACVLAN networkManagement network for the SeerEngine-Campus and the vDHCP components. You must plan network address pools for the MACVLAN network before deploying a component.

As a best practice, use Table 8 to calculate the number of required IP addresses in the subnet assigned to the MACVLAN network. For example, if the SeerEngine-Campus cluster has three members and the vDHCP cluster has two members, the required number of IP addresses is: (1*3+1) + (1*2+1)=7.

Table 8 IP address planning for the MACVLAN network

Component name

Max cluster members

Default cluster members

Required addresses for SeerEngine-Campus or vDHCP

SeerEngine-Campus

32

3

1*Member quantity + 1

The additional address is reserved as the cluster IP address.

vDHCP

2

2

 

Figure 1 Network planning

 

Deploying SeerEngine-Campus and vDHCP

1.     Log in to Unified Platform. See H3C Unified Platform Deployment Guide for the operation procedure.

2.     On the top navigation bar, click System.

3.     Click Settings.

4.     Click Install.

5.     Click Upload to upload the SeerEngine-Campus, vDHCP Server, EIA, and WSM packages to the system.

Figure 2 Upload Package page

 

6.     Select components to deploy, and then click Next.

¡     Campus NetworkSpecify the SeerEngine-Campus version, and select Converged EIA.

¡     The End User Intelligent AccessSpecify the EIA version.

¡     Public ServiceSpecify the vDHCP Server version. Unified Platform will deploy the vDHCP server in a two-node cluster automatically.

Figure 3 Selecting components (1)

 

Figure 4 Selecting components (2)

 

7.     On the Select Component page, select Wireless System Management. Select the WSM Server software package to be uploaded. The WSM component is optional. To run wireless services, you must install the WSM component.

Figure 5 Selecting components (3)

 

8.     Retain default parameter settings and click Next.

9.     Specify network information, create subnets, configure host information, and then click Next.

The controller uses the management network to manage southbound devices. Configure the following parameters as needed:

¡     VLANIf multiple networks use the same uplink interface on a host, configure VLANs to isolate the networks. By default, no VLAN is specified.

¡     Subnet CIDR, Gateway, Address PoolThe platform uses the subnet and address pool to assign IP addresses to components and uses the gateway as the default gateway for containers.

¡     Uplink InterfaceHosts use their uplink interface for providing services to SeerEngine-Campus and vDHCP Server containers.

Figure 6 Network Configuration

 

 

NOTE:

Address pool settings cannot be edited once applied. As a best practice, configure a minimum of 32 IP addresses in each address pool.

 

10.     Skip node binding and click Next.

Figure 7 Binding to nodes

 

11.     Bind networks and subnets to SeerEngine-Campus and vDHCP Server, and then click Next.

Figure 8 Binding networks and subnets to components

 

12.     Confirm parameters and then click Deploy.

¡     Cluster IP—The platform sets the cluster IP address for each component based on address pool configuration. To edit the cluster IP address for a component, click Reset. Make sure the manually specified address is within the specified subnet for the component.

¡     VRRP Group Number—Specify a VRRP group number for vDHCP, in the range of 1 to 255. Specify different VRRP group numbers for vDHCP servers in the same network.

¡     EIA parameters—The EIA component uses the northbound service virtual IP as the system address. You do not need to confirm EIA parameters.

¡     WSM parameters—You do not need to confirm WSM parameters.

Figure 9 Confirming campus network parameters

 

Figure 10 Confirming vDHCP server parameters

 

Figure 11 Confirming EIA parameters

 

Figure 12 Confirming WSM parameters

 

13.     To view detailed information about a component, click the  icon to the left of a component, and then click  in the Actions column for that component.

Figure 13 Expanding component information

 

14.     Enter the Unified Platform login address in your browser and then press Enter. The default login address is http://ip_address:30000/central/index.html. ip_address represents the virtual IP for the northbound service of Unified Platform. 30000 represents the port number.

15.     Click Automation on the top navigation bar and then select Campus Network from the left navigation pane to configure the campus network.

Figure 14 SeerEngine-Campus controller home page

 

Registering and installing licenses

After you install the controller, you can use its complete features and functions for a 90-day trial period. After the trial period expires, you must get the controller licensed. For how to license the vDHCP server, see the user guide for the vDHCP server.

Installing the activation file on the license server

For the activation file request and installation procedure, see H3C Software Products Remote Licensing Guide.

Obtaining licenses

1.     Log in to the SeerEngine-Campus controller.

2.     From the navigation pane, select System > License.

3.     Configure the parameters for the license server as described in Table 9.

Table 9 License server parameters

Item

Description

IP address

Specify the IP address configured on the license server used for internal communication in the cluster.

Port number

Specify the service port number of the license server. The default value is 5555.

Username

Specify the client username configured on the license server.

Password

Specify the client password configured on the license server.

 

4.     Click Connect to connect the controller to the license server.

The controller will automatically obtain licensing information after connecting to the license server.


Upgrading the controller

CAUTION

CAUTION:

The upgrade might cause service interruption. Be cautious when you perform this operation.

 

The controller can be upgraded on Unified Platform with the configuration retained.

To upgrade the controller:

1.     Log in to Unified Platform. Click System > Deployment.

Figure 15 Deployment page

 

2.     Click the left chevron button  for the controller to expand controller information, and then click the upgrade icon  .

3.     Upload and select the installation package.

Figure 16 Upgrading the controller

 

4.     If the upgrade fails, click Roll Back to roll back to the previous version.


Uninstalling the controller

1.     Log in to Unified Platform. Click System > Deployment.

2.     Click the  icon to the left of the controller name and then click Uninstall.

Figure 17 Uninstalling the controller

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网