Configuring Network-Related Policies
Download this chapter
Configuring Network-Related PoliciesConfiguring Network-Related Policies
 Feedback

Configuring Network-Related Policies

This chapter includes the following sections:

Configuring vNIC Templates

vNIC Template

This policy defines how a vNIC on a server connects to the LAN. This policy is also referred to as a vNIC LAN connectivity policy.

You need to include this policy in a service profile for it to take effect.

Creating a vNIC Template

Before You Begin

This policy requires that one or more of the following resources already exist in the system:


  • Named VLAN

  • MAC pool

  • QoS policy

  • LAN pin group

  • Statistics threshold policy


Procedure
Step 1   In the Navigation pane, click the LAN tab.
Step 2   On the LAN tab, expand LAN > Policies.
Step 3   Expand the node for the organization where you want to create the policy.

If the system does not include multi-tenancy, expand the root node.

Step 4   Right-click the vNIC Templates node and choose Create vNIC Template.
Step 5   In the Create vNIC Template dialog box:
  1. In the General area, complete the following fields:
    Name Description

    Name field

    The name of the vNIC template.

    This name can be between 1 and 16 alphanumeric characters. You cannot use spaces or any special characters, and you cannot change this name after the object has been saved.

    Description field

    A user-defined description of the template.

    Enter up to 256 characters. You can use any characters or spaces except ^ (carat), \ (backslash), > (greater than), < (less than), ' (single quote), " (double quote), ` (accent mark).

    Fabric ID field

    The fabric interconnect associated with the component.

    If you want vNICs created from this template to be able to access the second fabric interconnect if the default one is unavailable, check the Enable Failover check box.

    Note   

    Do not select Enable Failover if you plan to associate vNICs created from this template with servers that have adapters which do not support fabric failover, such as a Cisco UCS 82598KR-CI 10-Gigabit Ethernet Adapter. If you do so, Cisco UCS Manager generates a configuration fault when you associate the service profile with the server.

    Target list box

    A list of the possible targets for vNICs created from this template. This can be:


    • Adapter—The vNICs apply to all adapters.

    • VM—The vNICs apply to all virtual machines.

    Template Type field

    This can be:


    • Initial Template—vNICs created from this template are not updated if the template changes.

    • Updating Template—vNICs created from this template are updated if the template changes.

  2. In the VLANs area, use the table to select the VLAN to assign to vNICs created from this template. The table contains the following columns:
    Name Description

    Select column

    Check the check box in this column for each VLAN you want to use.

    Name column

    The name of the VLAN.

    Native VLAN column

    To designate one of the VLANs as the native VLAN, click the radio button in this column.

    Create VLAN link

    Click this link if you want to create a VLAN.

  3. In the Policies area, complete the following fields:
    Name Description

    MTU field

    The maximum transmission unit, or packet size, that vNICs created from this vNIC template should use.

    Enter an integer between 1500 and 9216.

    MAC Pool drop-down list

    The MAC address pool that vNICs created from this vNIC template should use.

    QoS Policy drop-down list

    The quality of service policy that vNICs created from this vNIC template should use.

    Network Control Policy drop-down list

    The network control policy that vNICs created from this vNIC template should use.

    Pin Group drop-down list

    The LAN pin group that vNICs created from this vNIC template should use.

    Stats Threshold Policy drop-down list

    The statistics collection policy that vNICs created from this vNIC template should use.

Step 6   Click OK.
What to Do Next

Include the vNIC template in a service profile.

Deleting a vNIC Template

Procedure
Step 1   In the Navigation pane, click the LAN tab.
Step 2   On the LAN tab, expand LAN > Policies > Organization_Name.
Step 3   Expand the vNIC Templates node.
Step 4   Right-click the policy you want to delete and choose Delete.
Step 5   If Cisco UCS Manager GUI displays a confirmation dialog box, click Yes.

Binding a vNIC to a vNIC Template

You can bind a vNIC associated with a service profile to a vNIC template. When you bind the vNIC to a vNIC template, Cisco UCS Manager configures the vNIC with the values defined in the vNIC template. If the existing vNIC configuration does not match the vNIC template, Cisco UCS Manager reconfigures the vNIC. You can only change the configuration of a bound vNIC through the associated vNIC template. You cannot bind a vNIC to a vNIC template if the service profile that includes the vNIC is already bound to a service profile template.

Important:

If the vNIC is reconfigured when you bind it to a template, Cisco UCS Manager reboots the server associated with the service profile.

Procedure
Step 1   In the Navigation pane, click the Servers tab.
Step 2   On the Servers tab, expand Servers > Service Profiles.
Step 3   Expand the node for the organization that includes the service profile with the vNIC you want to bind.

If the system does not include multi-tenancy, expand the root node.

Step 4   Expand Service_Profile_Name > vNICs.
Step 5   Click the vNIC you want to bind to a template.
Step 6   In the Work pane, click the General tab.
Step 7   In the Actions area, click Bind to a Template.
Step 8   In the Bind to a vNIC Template dialog box, do the following:
  1. From the vNIC Template drop-down list, choose the template to which you want to bind the vNIC.
  2. Click OK.
Step 9   In the warning dialog box, click Yes to acknowledge that Cisco UCS Manager may need to reboot the server if the binding causes the vNIC to be reconfigured.

Unbinding a vNIC from a vNIC Template

Procedure
Step 1   In the Navigation pane, click the Servers tab.
Step 2   On the Servers tab, expand Servers > Service Profiles.
Step 3   Expand the node for the organization that includes the service profile with the vNIC you want to unbind.

If the system does not include multi-tenancy, expand the root node.

Step 4   Expand Service_Profile_Name > vNICs.
Step 5   Click the vNIC you want to unbind from a template.
Step 6   In the Work pane, click the General tab.
Step 7   In the Actions area, click Unbind from a Template.
Step 8   If Cisco UCS Manager GUI displays a confirmation dialog box, click Yes.

Configuring Ethernet Adapter Policies

Ethernet and Fibre Channel Adapter Policies

These policies govern the host-side behavior of the adapter, including how the adapter handles traffic. For example, you can use these policies to change default settings for the following:


  • Queues

  • Interrupt handling

  • Performance enhancement

  • RSS hash

  • Failover in an cluster configuration with two fabric interconnects


Note

For Fibre Channel adapter policies, the values displayed by Cisco UCS Manager may not match those displayed by applications such as QLogic SANsurfer. For example, the following values may result in an apparent mismatch between SANsurfer and Cisco UCS Manager:


  • Max LUNs Per Target—SANsurfer has a maximum of 256 LUNs and does not display more than that number. Cisco UCS Manager supports a higher maximum number of LUNs.

  • Link Down Timeout—In SANsurfer, you configure the timeout threshold for link down in seconds. In Cisco UCS Manager, you configure this value in milliseconds. Therefore, a value of 5500 ms in Cisco UCS Manager displays as 5s in SANsurfer.

  • Max Data Field Size—SANsurfer has allowed values of 512, 1024, and 2048. Cisco UCS Manager allows you to set values of any size. Therefore, a value of 900 in Cisco UCS Manager displays as 512 in SANsurfer.

Operating System Specific Adapter Policies

By default, Cisco UCS provides a set of Ethernet adapter policies and Fibre Channel adapter policies. These policies include the recommended settings for each supported server operating system. Operating systems are sensitive to the settings in these policies. Storage vendors typically require non-default adapter settings. You can find the details of these required settings on the support list provided by those vendors.

Important:

We recommend that you use the values in these policies for the applicable operating system. Do not modify any of the values in the default policies unless directed to do so by Cisco Technical Support.

However, if you are creating an Ethernet adapter policy for a Windows OS (instead of using the default Windows adapter policy), you must use the following formulas to calculate values that work with Windows:


  • Completion Queues = Transmit Queues + Receive Queues
  • Interrupt Count = (Completion Queues + 2) rounded up to nearest power of 2

For example, if Transmit Queues = 1 and Receive Queues = 8 then:


  • Completion Queues = 1 + 8 = 9
  • Interrupt Count = (9 + 2) rounded up to the nearest power of 2 = 16

Creating an Ethernet Adapter Policy


Tip

If the fields in an area are not displayed, click the Expand icon to the right of the heading.

Procedure
Step 1   In the Navigation pane, click the Servers tab.
Step 2   On the Servers tab, expand Servers > Policies.
Step 3   Expand the node for the organization where you want to create the policy.

If the system does not include multi-tenancy, expand the root node.

Step 4   Right-click Adapter Policies and choose Create Ethernet Adapter Policy.
Step 5   Enter a name and description for the policy in the following fields:
Name Description

Name field

The name of the policy.

Description field

A description of the policy. We recommend including information about where and when the policy should be used.

Enter up to 256 characters. You can use any characters or spaces except ^ (carat), \ (backslash), > (greater than), < (less than), ' (single quote), " (double quote), ` (accent mark).

Step 6   (Optional)In the Resources area, adjust the following values:
Name Description

Transmit Queues field

The number of transmit queue resources to allocate.

Enter an integer between 1 and 256.

Ring Size field

The number of descriptors in each transmit queue.

Enter an integer between 64 and 4096.

Receive Queues field

The number of receive queue resources to allocate.

Enter an integer between 1 and 256.

Ring Size field

The number of descriptors in each receive queue.

Enter an integer between 64 and 4096.

Completion Queues field

The number of completion queue resources to allocate. In general, the number of completion queue resources you should allocate is equal to the number of transmit queue resources plus the number of receive queue resources.

Enter an integer between 1 and 512.

Interrupts field

The number of interrupt resources to allocate. In general, this value should be equal to the number of completion queue resources.

Enter an integer between 1 and 514.

Step 7   (Optional)In the Options area, adjust the following values:
Name Description

Transmit Checksum Offload field

This can be:


  • disabled—The CPU calculates all packet checksums.

  • enabled—The CPU sends all packets to the hardware so that the checksum can be calculated. This option may reduce CPU overhead.

Receive Checksum Offload field

This can be:


  • disabled—The CPU validates all packet checksums.

  • enabled—The CPU sends all packet checksums to the hardware for validation. This option may reduce CPU overhead.

TCP Segmentation Offload field

This can be:


  • disabled—The CPU segments large TCP packets.

  • enabled—The CPU sends large TCP packets to the hardware to be segmented. This option may reduce CPU overhead and increase throughput rate.

Note   

This option is also known as Large Send Offload (LSO).

TCP Large Receive Offload field

This can be:


  • disabled—The CPU processes all large packets.

  • enabled—The hardware reassembles all segmented packets before sending them to the CPU. This option may reduce CPU utilization and increase inbound throughput.

Receive Side Scaling field

RSS distributes network receive processing across multiple CPUs in multiprocessor systems. This can be:


  • disabled—Network receive processing is always handled by a single processor even if additional processors are available.

  • enabled—Network receive processing is shared across processors whenever possible.

Failback Timeout field

After a vNIC has started using its secondary interface, this setting controls how long the primary interface must be available before the system resumes using the primary interface for the vNIC.

Enter a number of seconds between 0 and 600.

Interrupt Mode field

The preferred driver interrupt mode. This can be:


  • MSI-X—Message Signaled Interrupts(MSI) with the optional extension. This is the recommended option.

  • MSI—MSI only.

  • INTx—PCI INTx interrupts.

Interrupt Coalescing Type field

This can be:


  • min—The system waits for the time specified in the Interrupt Timer field before sending another interrupt event.

  • idle—The system does not send an interrupt until there is a period of no activity lasting as least as long as the time specified in the Interrupt Timer field.

Interrupt Timer field

The time to wait between interrupts or the idle period that must be encountered before an interrupt is sent.

Enter a value between 1 and 65535. To turn off interrupt coalescing, enter 0 (zero) in this field.

Step 8   Click OK.
Step 9   If Cisco UCS Manager GUI displays a confirmation dialog box, click Yes.

Deleting an Ethernet Adapter Policy

Procedure
Step 1   In the Navigation pane, click the LAN tab.
Step 2   On the LAN tab, expand LAN > Policies > Organization_Name.
Step 3   Expand the Adapter Policies node.
Step 4   Right-click the Ethernet adapter policy that you want to delete and choose Delete.
Step 5   If Cisco UCS Manager GUI displays a confirmation dialog box, click Yes.

Configuring Network Control Policies

Network Control Policy

This policy configures the network control settings for the Cisco UCS instance, including the following:


  • Whether the Cisco Discovery Protocol (CDP) is enabled or disabled

  • How the VIF behaves if no uplink port is available in end-host mode

  • Whether the server can use different MAC addresses when sending packets to the fabric interconnect

The network control policy also determines the action that Cisco UCS Manager takes on the remote Ethernet port or the vEthernet interface when the associated border port fails. By default, the Action on Uplink Fail property in the network control policy is configured with a value of link-down. This default behavior directs Cisco UCS Manager to bring the remote Ethernet or vEthernet port down if the border port fails.


Note

The default behaviour of the Action on Uplink Fail property is optimal for most Cisco UCS that support link failover at the adapter level or only carry Ethernet traffic. However, for those converged network adapters that support both Ethernet and Fibre Channel traffic, such as the Cisco UCS CNA M72KR-Q and the Cisco UCS CNA M72KR-E, the default behavior can affect and interrupt Fibre Channel traffic as well. Therefore, if the server includes one of those converged network adapters and the the adapter is expected to handle both Ethernet and Fibre Channel traffic, we recommend that you configure the Action on Uplink Fail property with a value of warning. Please note that this configuration may result in an Ethernet teaming driver not being able to detect a link failure when the border port goes down.

Creating a Network Control Policy

Procedure
Step 1   In the Navigation pane, click the LAN tab.
Step 2   On the LAN tab, expand LAN > Policies.
Step 3   Expand the node for the organization where you want to create the policy.

If the system does not include multi-tenancy, expand the root node.

Step 4   Right-click the Network Control Policies node and select Create Network Control Policy.
Step 5   In the Create Network Control Policy dialog box, complete the following fields:
Name Description

Name field

The name of the policy.

This name can be between 1 and 16 alphanumeric characters. You cannot use spaces or any special characters, and you cannot change this name after the object has been saved.

CDP field

This option determines whether Cisco Discovery Protocol (CDP) is enabled on servers associated with a service profile that includes this policy. This can be:


  • disabled

  • enabled

Action on Uplink Fail field

This option determines how the VIF behaves if no uplink port is available when the fabric interconnect is in end-host mode. This can be:


  • link-down— Changes the operational state of a vNIC to down when uplink connectivity is lost on the fabric interconnect, and enables fabric failover for vNICs.

  • warning— Maintains server-to-server connectivity even when no uplink port is available, and disables fabric failover when uplink connectivity is lost on the fabric interconnect.

The default is link-down.

Note   

The default behaviour of the Action on Uplink Fail property is optimal for most Cisco UCS that support link failover at the adapter level or only carry Ethernet traffic. However, for those converged network adapters that support both Ethernet and Fibre Channel traffic, such as the Cisco UCS CNA M72KR-Q and the Cisco UCS CNA M72KR-E, the default behavior can affect and interrupt Fibre Channel traffic as well. Therefore, if the server includes one of those converged network adapters and the the adapter is expected to handle both Ethernet and Fibre Channel traffic, we recommend that you configure the Action on Uplink Fail property with a value of warning. Please note that this configuration may result in an Ethernet teaming driver not being able to detect a link failure when the border port goes down.
Step 6   In the MAC Security area, do the following to determine whether the server can use different MAC addresses when sending packets to the fabric interconnect:
  1. Click the Expand icon to expand the area and display the radio buttons.
  2. Click one of the following radio buttons to determine whether forged MAC addresses are allowed or denied when packets are sent from the server to the fabric interconnect:

    • allow— All server packets are accepted by the fabric interconnect, regardless of the MAC address associated with the packets.

    • deny— After the first packet has been sent to the fabric interconnect, all other packets must use the same MAC address or they will be silently rejected by the fabric interconnect. In effect, this option enables port security for the associated vNIC.

    If you plan to install VMware ESX on the associated server, you must configure the MAC Security to allow for the network control policy applied to the default vNIC. If you do not configure MAC Security for allow, the ESX installation may fail because the MAC security permits only one MAC address while the installation process requires more than one MAC address.

Step 7   Click OK.

Deleting a Network Control Policy

Procedure
Step 1   In the Navigation pane, click the LAN tab.
Step 2   On the LAN tab, expand LAN > Policies > Organization_Name.
Step 3   Expand the Network Control Policies node.
Step 4   Right-click the policy you want to delete and select Delete.
Step 5   If Cisco UCS Manager GUI displays a confirmation dialog box, click Yes.