Cisco UCS Manager CLI Configuration Guide, Release 1.4
Configuring Network-Related Policies
Downloads: This chapterpdf (PDF - 499.0KB) The complete bookPDF (PDF - 7.24MB) | The complete bookePub (ePub - 1.16MB) | Feedback

Configuring Network-Related Policies

Configuring Network-Related Policies

This chapter includes the following sections:

Configuring vNIC Templates

vNIC Template

This policy defines how a vNIC on a server connects to the LAN. This policy is also referred to as a vNIC LAN connectivity policy.

You need to include this policy in a service profile for it to take effect.


Note


If your server has two Emulex or QLogic NICs (Cisco UCS CNA M71KR-E or Cisco UCS CNA M71KR-Q), you must configure vNIC policies for both adapters in your service profile to get a user-defined MAC address for both NICs. If you do not configure policies for both NICs, Windows still detects both of them in the PCI bus. Then because the second eth is not part of your service profile, Windows assigns it a hardware MAC address. If you then move the service profile to a different server, Windows sees additional NICs because one NIC did not have a user-defined MAC address.


Configuring a vNIC Template

Procedure
      Command or Action Purpose
    Step 1 UCS-A# scope org org-name  

    Enters organization mode for the specified organization. To enter the root organization mode, type / as the org-name .

     
    Step 2 UCS-A /org # create vnic-templ vnic-templ-name [eth-if vlan-name] [fabric {a | b}] [target [adapter | vm]]  

    Creates a vNIC template and enters organization vNIC template mode.

     
    Step 3 UCS-A /org/vnic-templ # set descr description   (Optional)

    Provides a description for the vNIC template.

     
    Step 4 UCS-A /org/vnic-templ # set fabric {a | b}   (Optional)

    Specifies the fabric to use for the vNIC. If you did not specify the fabric when creating the vNIC template in Step 2, you have the option to specify it with this command.

     
    Step 5 UCS-A /org/vnic-templ # set mac-pool mac-pool-name  

    Specifies the MAC pool to use for the vNIC.

     
    Step 6 UCS-A /org/vnic-templ # set mtu mtu-value  

    Specified the maximum transmission unit, or packet size, that the vNIC accepts.

     
    Step 7 UCS-A /org/vnic-templ # set nw-control-policy policy-name  

    Specifies the network control policy to use for the vNIC.

     
    Step 8 UCS-A /org/vnic-templ # set pin-group group-name  

    Specifies the LAN pin group to use for the vNIC.

     
    Step 9 UCS-A /org/vnic-templ # set qos-policy policy-name  

    Specifies the QoS policy to use for the vNIC.

     
    Step 10 UCS-A /org/vnic-templ # set stats-policy policy-name  

    Specifies the server and server component statistics threshold policy to use for the vNIC.

     
    Step 11 UCS-A /org/vnic-templ # set type {initial-template | updating-template}  

    Specifies the vNIC template update type. If you do not want vNIC instances created from this template to be automatically updated when the template is updated, use the initial-template keyword; otherwise, use the updating-template keyword to ensure that all vNIC instance are updated when the vNIC template is updated.

     
    Step 12 UCS-A /org/vnic-templ # commit-buffer  

    Commits the transaction to the system configuration.

     

    The following example configures a vNIC template and commits the transaction:

    UCS-A# scope org /
    UCS-A /org* # create vnic template VnicTempFoo
    UCS-A /org/vnic-templ* # set descr "This is a vNIC template example."
    UCS-A /org/vnic-templ* # set fabric a
    UCS-A /org/vnic-templ* # set mac-pool pool137
    UCS-A /org/vnic-templ* # set mtu 8900
    UCS-A /org/vnic-templ* # set nw-control-policy ncp5
    UCS-A /org/vnic-templ* # set pin-group PinGroup54
    UCS-A /org/vnic-templ* # set qos-policy QosPol5
    UCS-A /org/vnic-templ* # set stats-policy ServStatsPolicy
    UCS-A /org/vnic-templ* # set type updating-template
    UCS-A /org/vnic-templ* # commit-buffer
    UCS-A /org/vnic-templ # 
    

    Deleting a vNIC Template

    Procedure
        Command or Action Purpose
      Step 1 UCS-A# scope org org-name  

      Enters organization mode for the specified organization. To enter the root organization mode, type / as the org-name .

       
      Step 2 UCS-A /org # delete vnic-templ vnic-templ-name  

      Deletes the specified vNIC template.

       
      Step 3 UCS-A /org # commit-buffer  

      Commits the transaction to the system configuration.

       

      The following example deletes the vNIC template named VnicTempFoo and commits the transaction:

      UCS-A# scope org /
      UCS-A /org # delete vnic template VnicTempFoo
      UCS-A /org* # commit-buffer
      UCS-A /org # 
      

      Configuring Ethernet Adapter Policies

      Ethernet and Fibre Channel Adapter Policies

      These policies govern the host-side behavior of the adapter, including how the adapter handles traffic. For example, you can use these policies to change default settings for the following:

      • Queues
      • Interrupt handling
      • Performance enhancement
      • RSS hash
      • Failover in an cluster configuration with two fabric interconnects

      Note


      For Fibre Channel adapter policies, the values displayed by Cisco UCS Manager may not match those displayed by applications such as QLogic SANsurfer. For example, the following values may result in an apparent mismatch between SANsurfer and Cisco UCS Manager:

      • Max LUNs Per Target—SANsurfer has a maximum of 256 LUNs and does not display more than that number. Cisco UCS Manager supports a higher maximum number of LUNs.
      • Link Down Timeout—In SANsurfer, you configure the timeout threshold for link down in seconds. In Cisco UCS Manager, you configure this value in milliseconds. Therefore, a value of 5500 ms in Cisco UCS Manager displays as 5s in SANsurfer.
      • Max Data Field Size—SANsurfer has allowed values of 512, 1024, and 2048. Cisco UCS Manager allows you to set values of any size. Therefore, a value of 900 in Cisco UCS Manager displays as 512 in SANsurfer.

      Operating System Specific Adapter Policies

      By default, Cisco UCS provides a set of Ethernet adapter policies and Fibre Channel adapter policies. These policies include the recommended settings for each supported server operating system. Operating systems are sensitive to the settings in these policies. Storage vendors typically require non-default adapter settings. You can find the details of these required settings on the support list provided by those vendors.

      Important:

      We recommend that you use the values in these policies for the applicable operating system. Do not modify any of the values in the default policies unless directed to do so by Cisco Technical Support.

      However, if you are creating an Ethernet adapter policy for a Windows OS (instead of using the default Windows adapter policy), you must use the following formulas to calculate values that work with Windows:

      • Completion Queues = Transmit Queues + Receive Queues
      • Interrupt Count = (Completion Queues + 2) rounded up to nearest power of 2

      For example, if Transmit Queues = 1 and Receive Queues = 8 then:

      • Completion Queues = 1 + 8 = 9
      • Interrupt Count = (9 + 2) rounded up to the nearest power of 2 = 16

      Configuring an Ethernet Adapter Policy

      Procedure
          Command or Action Purpose
        Step 1 UCS-A# scope org org-name  

        Enters organization mode for the specified organization. To enter the root organization mode, type / as the org-name .

         
        Step 2 UCS-A /org # create eth-policy policy-name  

        Creates the specified Ethernet adapter policy and enters organization Ethernet policy mode.

         
        Step 3 UCS-A /org/eth-policy # set comp-queue count count   (Optional)

        Configures the Ethernet completion queue.

         
        Step 4 UCS-A /org/eth-policy # set descr description   (Optional)

        Provides a description for the policy.

        Note   

        If your description includes spaces, special characters, or punctuation, you must begin and end your description with quotation marks. The quotation marks will not appear in the description field of any show command output.

         
        Step 5 UCS-A /org/eth-policy # set failover timeout timeout-sec   (Optional)

        Configures the Ethernet failover.

         
        Step 6 UCS-A /org/eth-policy # set interrupt {coalescing-time sec | coalescing-type {idle | min} | count count | mode {intx | msi | msi-x}}   (Optional)

        Configures the Ethernet interrupt.

         
        Step 7 UCS-A /org/eth-policy # set offload {large-receive | tcp-rx-checksum | tcp-segment | tcp-tx-checksum} {disabled | enabled}   (Optional)

        Configures the Ethernet offload.

         
        Step 8 UCS-A /org/eth-policy # set recv-queue {count count | ring-size size-num}   (Optional)

        Configures the Ethernet receive queue.

         
        Step 9 UCS-A /org/eth-policy # set rss receivesidescaling {disabled | enabled}   (Optional)

        Configures the RSS.

         
        Step 10 UCS-A /org/eth-policy # set trans-queue {count count | ring-size size-num}   (Optional)

        Configures the Ethernet transmit queue.

         
        Step 11 UCS-A /org/eth-policy # commit-buffer  

        Commits the transaction to the system configuration.

         

        The following example configures an Ethernet adapter policy, and commits the transaction:

        UCS-A# scope org /
        UCS-A /org* # create eth-policy EthPolicy19
        UCS-A /org/eth-policy* # set comp-queue count 16
        UCS-A /org/eth-policy* # set descr "This is an Ethernet adapter policy example."
        UCS-A /org/eth-policy* # set failover timeout 300
        UCS-A /org/eth-policy* # set interrupt count 64
        UCS-A /org/eth-policy* # set offload large-receive disabled
        UCS-A /org/eth-policy* # set recv-queue count 32
        UCS-A /org/eth-policy* # set rss receivesidescaling enabled
        UCS-A /org/eth-policy* # set trans-queue
        UCS-A /org/eth-policy* # commit-buffer
        UCS-A /org/eth-policy # 
        

        Deleting an Ethernet Adapter Policy

        Procedure
            Command or Action Purpose
          Step 1 UCS-A# scope org org-name  

          Enters organization mode for the specified organization. To enter the root organization mode, type / as the org-name .

           
          Step 2 UCS-A /org # delete eth-policy policy-name  

          Deletes the specified Ethernet adapter policy.

           
          Step 3 UCS-A /org # commit-buffer  

          Commits the transaction to the system configuration.

           

          The following example deletes the Ethernet adapter policy named EthPolicy19 and commits the transaction:

          UCS-A# scope org /
          UCS-A /org # delete eth-policy EthPolicy19
          UCS-A /org* # commit-buffer
          UCS-A /org # 
          

          Configuring Network Control Policies

          Network Control Policy

          This policy configures the network control settings for the Cisco UCS instance, including the following:

          • Whether the Cisco Discovery Protocol (CDP) is enabled or disabled
          • How the VIF behaves if no uplink port is available in end-host mode
          • Whether the server can use different MAC addresses when sending packets to the fabric interconnect

          The network control policy also determines the action that Cisco UCS Manager takes on the remote Ethernet interface, vEthernet interface , or vFibreChannel interface when the associated border port fails.

          By default, the Action on Uplink Fail property in the network control policy is configured with a value of link-down. For adapters such as the Cisco UCS M81KR Virtual Interface Card, this default behavior directs Cisco UCS Manager to bring the vEthernet or vFibreChannel interface down if the associated border port fails. For Cisco UCS systems using a non-VM-FEX capable converged network adapter that supports both Ethernet and FCoE traffic , such as Cisco UCS CNA M72KR-Q and the Cisco UCS CNA M72KR-E, this default behavior directs Cisco UCS Manager to bring the remote Ethernet interface down if the associated border port fails. In this scenario, any vFibreChannel interfaces that are bound to the remote Ethernet interface are brought down as well.


          Note


          Cisco UCS Manager, version 1.4(2) and earlier did not enforce the Action on Uplink Fail property for those types of non-VM-FEX capable converged network adapters mentioned above. If the Action on Uplink Fail property was set to link-down, Cisco UCS Manager would ignore this setting and instead issue a warning. Therefore, if your implementation includes one of those converged network adapters and the adapter is expected to handle both Ethernet and FCoE traffic, we recommend that you configure the Action on Uplink Fail property with a value of warning.

          Please note that this configuration may result in an Ethernet teaming driver not being able to detect a link failure when the border port goes down.


          Configuring a Network Control Policy

          Procedure
              Command or Action Purpose
            Step 1 UCS-A# scope org /  

            Enters the root organization mode.

             
            Step 2 UCS-A /org # create nwctrl-policy policy-name  

            Creates the specified network control policy, and enters organization network control policy mode.

             
            Step 3 UCS-A /org/nwctrl-policy # {disable | enable} cdp  

            Disables or enables Cisco Discovery Protocol (CDP).

             
            Step 4 UCS-A /org/nwctrl-policy # set uplink-fail-action {link-down | warning}  

            Specifies the action to be taken when no uplink port is available in end-host mode.

            Use the link-down keyword to change the operational state of a vNIC to down when uplink connectivity is lost on the fabric interconnect, and facilitate fabric failover for vNICs. Use the warning keyword to maintain server-to-server connectivity even when no uplink port is available, and disable fabric failover when uplink connectivity is lost on the fabric interconnect. The default uplink failure action is link-down.

             
            Step 5 UCS-A /org/nwctrl-policy # {create mac-security  

            Enters organization network control policy MAC security mode

             
            Step 6 UCS-A /org/nwctrl-policy/mac-security # {set forged-transmit {allow | deny}  

            Allows or denies the forging of MAC addresses when sending traffic. MAC security is disabled when forged MAC addresses are allowed, and MAC security is enabled when forged MAC addresses are denied. By default, forged MAC addresses are allowed (MAC security is disabled).

             
            Step 7 UCS-A /org/nwctrl-policy/mac-security # commit-buffer  

            Commits the transaction to the system configuration.

             

            The following example creates a network control policy named ncp5, enables CDP, sets the uplink fail action to link-down, denies forged MAC addresses (enables MAC security), and commits the transaction:

            UCS-A# scope org /
            UCS-A /org # create nwctrl-policy ncp5
            UCS-A /org/nwctrl-policy* # enable cdp
            UCS-A /org/nwctrl-policy* # set uplink-fail-action link-down   
            UCS-A /org/nwctrl-policy* # create mac-security
            UCS-A /org/nwctrl-policy/mac-security* # set forged-transmit deny
            UCS-A /org/nwctrl-policy/mac-security* # commit-buffer
            UCS-A /org/nwctrl-policy/mac-security #
            

            Deleting a Network Control Policy

            Procedure
                Command or Action Purpose
              Step 1 UCS-A# scope org /  

              Enters the root organization mode.

               
              Step 2 UCS-A /org # delete nwctrl-policy policy-name  

              Deletes the specified network control policy.

               
              Step 3 UCS-A /org # commit-buffer  

              Commits the transaction to the system configuration.

               

              The following example deletes the network control policy named ncp5 and commits the transaction:

              UCS-A# scope org /
              UCS-A /org # delete nwctrl-policy ncp5
              UCS-A /org* # commit-buffer
              UCS-A /org #