Vlan Per User (VPU)

From ISPWiki
Jump to: navigation, search
Hierarchy: DCImanager -> Modules
DCImanager Enterprise -> Modules

This article describes how to install and configure the "VPU (Vlan Per User)" module. The module allows to place every server (a group of servers) into a separate broadcast domain.

More information can be found under VLAN.

Installing and configuring the module

To install the module, navigate to "Integration" → "Modules" → choose "VPU (Vlan Per User)" → click "Install".

After the installation "Install" will be changed into "Settings".


Модуль «Global settings(VLAN)»

Next, you need to create a server and configure the IRB-interface. Then add groups of IP addresses in IPmanager. For more information please refer to Router management".


  • IP address type after release — when the server status changes into "without owner", its IP addresses will be deleted from the VLAN-network and it will be assigned a new IP address according to the type selected in this field. Enter the name of IP group in IPmanager;
  • Add to VLAN during diagnostics - select the check box o add the server into VLAN after release;
  • Router for synchronization - the IRB interface will be configure on this router;
  • IP address type — select a type of IP addresses that will be allocated to servers in the VPU-network;
  • IPMI IP address type— select a type of IP addresses that will be allocated to IPMI servers in the VPU-network. You need to enter the type for automatic setup of IPMI when adding servers into the VPU;
  • Alias IP type — select a type of IP addresses that aliases for servers with the VPU-network will be allocated from;
  • VLAN ID range - identifiers of the VLAN that can be used to create a VPU. When entering the start and the end identifier of the range separate them by the hyphen, ranges should be separated by the space. Eg. "1-15 29 50 333-400";
  • Provider network - enter the networks that must include alias IP addresses. Otherwise, the aliases will be excluded from the switch announcement. The value from this field is used for Bird configuration.
  • ID AS - ID of the autonomous system. It is used for Bird configuration;

After you have configured the "VPU (Vlan Per User)" in Main" -> "VLAN" you will see the "Networks" button.

Managing the module

To enable the VPU mode for the sever, complete the following steps:

  • create a network in VLAN;
  • configure the IPMI server;
  • set up the server.

Switching the server into the VPU module will start when running the operation on the server or after configuring the IPMI (starting from version 5.155).

Creating network in VLAN

To manage the VPU, navigate to "Main menu" -> "VLAN" -> select a VLAN from the list -> click "Networks".

On the page that will open you can see a list of VPU-networks connected to the selected VLAN.

Click '"Add" to create a VPU in VLAN:

Adding a VPU-network


  • Use the IP group
    • Group of IP addresses — IP for the VPU will be allocated from;
  • Network prefix — defines the number of IP addresses that will be allocated for the VPU.

The VPU-network will be added into the list of networks. The following icons will be displayed in the "Status" column

VPU-network status

The exclamation mark means that you need to run a number of commands on the router. To see a command, hover the mouse cursor over the "Envelope" icon.

Example of router configuration:

set interface irb unit 2001 family inet address 11.0.0.4/31
set vlans vlan2001 vlan-id 2001 l3-interface irb.2001

where

  • 2001 — is the target VLAN;
  • 11.0.0.4/31 — the first IP address in the VPU network.

After executing the command on the router, you need to request information from the control panel. Navigate to "Equipment" -> "Routers" -> select a router -> click "Refresh".

Once completed the icon "Exclamation mark " in the "Status" column will be removed.

Configuring the server IPMI

if you have a server connected only to the switch where the IPMI is located, connection with the IPMI will be lost when adding this server into the VLAN. To avoid this, in version 5.155 we launched automatic configuration of IPMI when adding a server into the VPU.

Automatic IPMI configuration:

1. in DCImanager:

  • Select a "IPMI IP address type" in the "VPU (Vlan Per User)" configuration form;
  • Enable the "Add IPMI automatically" option in "Settings" -> "Global settings" -> "IPMI".

2. On the server you should make sure that:

  • The server is not included into the VPU (i.e VPU-addresses are not allocated to the server);
  • No operations are running on the server;
  • Only "Connection to IPMI" is enabled.

Once completed, the "Configure IPMI" option will be available for that server.

Complete the following steps for automatic configuration of IPMI after server release:

  1. enter the ID VLAN during release in the VPU configuration form;
  2. enable the "Check before releasing " option in "Settings" -> "Global settings" -> "Policy";
  3. select Pool of IP addresses for IPMI in "Settings" -> "Global settings" -> "IPMI".

Therefore, after deleting the last VPU address, the system will start a new operation to change the IPMI IP address. During the diagnostics, the system will change the IPMI settings. VLAN on the switch port will be changed into the one specified in the module settings.

Server configuration

Configuring the existing server

To configure the server, you need to allocate an IP address to connect the server to the VPU. To do so, navigate to "Main" -> "Servers" -> select a server -> click "IP-addresses" -> "Add":

Configuring the server
  • Use VPU network — select the check box to create a VPU-network for еры server;
  • Configure IPMI — IPMI automatic configuration;
  • Hostname — enter the domain name associated with the IP address;
  • VPU network — select a VPU-network that the IP address will be allocated from.

Configuring a new server

To configure a new server, you need to allocate an IP address to that server when adding it into the VPU-network. Navigate to "Main" -> "Servers" -> click "Add". In the "System" section check the Use VPU network box and enter the VPU network to select the VLAN that the new server will be added to.

Module «Server management»

Disabling VPU on the server

To disable the VPU on the server, you need to delete all server's IP addresses from the VPU-networks.

Note: deleting IP addresses from the VPU-network will release those IP addresses in the IP pool or in IPmanager.

How it works

Automatic configuration of the IPMI server

Automatic configuration of IPMI when adding the IP address from the VPU includes the following steps:

  1. The system creates /31 VPU-network for the IPMI according to the type selected in the module configuration form (the "IP address type after release " parameter);
  2. The server is allocated a temporary IP with the domain "temp.ipmi.ip.address" from the newly created VPU-network;
  3. The server runs the operation to change IPMI settings;
  4. During the operation the server is allocated an IP address for the IPMI from the network with the same VLAN, as specified in the network for the server;
  5. After completing the operation the temporary IP address will be deleted, and the server connection will be changed from VPU into VLAN.

Automatic configuration of IPMI when deleting the last IP address from the VPU includes the following steps:

  1. The server is allocated a temporary IP address with the domain "temp.ipmi.ip.address" from the VLAN network where the server is located;
  2. The server runs the operation to change IPMI settings;
  3. During the operation the server is allocated an IP address for the IPMI according to the type specified in "Settings" -> "Global settings" -> "IPMI" -> the "Pool of IP addresses for IPMI " field;
  4. After completing the operation the temporary IP address will be deleted, and the server connection will be changed into the VLA specified in the module configuration form (the "Assign ID VLAN after release" parameter).

Technical details

Configuring DHCP-relay

set forwarding-options dhcp-relay forward-snooped-clients all-interfaces
set forwarding-options dhcp-relay server-group dci-dhcp-relay 10.10.10.1
set forwarding-options dhcp-relay active-server-group dci-dhcp-relay
set forwarding-options dhcp-relay group dci-dhcp-relay interface irb.2001

where:

  • 10.10.10.1 - the primary IP address of DCImanager, where DHCP server is set up.
  • irb.2001 - the IRB interface.

Alias IP-addresses

Alias IP addresses can be allocated from any network. After you have added them, the following information will be added into the filter ibgp_policy section of the Bird(bird.conf) configuration file.

filter ibgp_policy { 
    if ( dest = RTD_UNREACHABLE && pref_from_isp() && net =10.0.0.2/32  ) then { 
        bgp_next_hop = 11.0.0.15; 
        print "Alias accepted: ",net; 
        bgp_origin = 0; 
        bgp_community = -empty-; 
        bgp_community.add((1111,1)); 
        accept; 
    } 
    reject; 
}

Where:

  • 10.0.0.2 - alias IP address.
  • 11.0.0.15 _ IP address from VPU network.

Reconfiguring the Bird configuration file

Run the following command to synchronize the Bird configuration file with the settings from DCImanager:

/usr/local/mgr5/sbin/mgrctl -m dcimgr bird.rebuild

The Bird configuration file will be cleaned and all the information for servers with the VPU will be added. You can find the old configuration file in "/etc/bird.conf.reset.bak".

Parameters and options of the DCImanager configuration file

Options:

  • Option AllowVPU — enable"VPU";
  • Option AllowVlanOnFree — specify a default VLAN after that switch connections will be included to;
  • Option CreateNetOnRouter — enable automatic interface configuration for VPU on Juniper routers (from version 5.147).

Parameters:

  • DefaultIpType — when releasing a server with VPU, a new IP address of the selected type will be allocated to the server;
  • VPUFreeIpPool — when releasing a server with VPU, an IP address will be allocated from this pool (for internal user with PmanagementV2);
  • DefaultVlan — default VLAN which is specified when releasing a server provided that the "AllowVlanOnFree" option is set;
  • RouterSync — router id for synchronization of VLAN list on that router with the router"_vlan tbale";
  • VpuNetIpType — specifies a type of IP addresses that will be allocated to servers in VPU;
  • VPUNetIpPool — (for internal use with IPManagementV2) specifies a pool of IP ranges that will be allocated to servers in the VPU-network;
  • VpuNetIpTypeIpmi — specifies a type of IP addresses that will be allocated to IPMI in the VPU-network;
  • VPUNetIpPoolIpmi — - (for internal use with IPManagementV2) specifies a pool of IP addresses that will be allocated to IPMI in the VPU-network;
  • AliasIpType — specifies a type of the range of alias IP addresses that will be allocated to servers in the VPU-network;
  • VPUAliasIpPool — a pool of IP addresses that will be allocated to servers in the VPU as alias IP. (for internal user with PmanagementV2);
  • AllowVlanRange — specifies VLAN ranges for the VPU (note the correct format: 102-105, 2000-2500);
  • AutonomSystem — ID of the autonomous system (AutonomousSystem) for the VPU BGP.