Managing Resources

The resources in this chapter refers to VLAN, VNI or EVI, and Multicast-IP pools that need to be managed across all devices in the fabric. Some of the resources are fabric-wide, and apply across all devices in the fabric. Some of them are device scoped. The resources managed across all devices in the fabric are termed 'global'. The resources managed local to a device are termed 'device-local'. Cisco VTS facilitates the creation and management of these resource pools.

Overlay VxLAN networks can utilize the IP multicast capability of underlay fabric switches to handle BUM traffic. A range of multicast IP addresses need to be reserved across the fabric for this purpose. Hence multicast pool is a global resource. Likewise, the VNI allocation needs to be unique within the fabric and is also a global resource.

VLAN range can be assigned or each device. You can also group devices and assign VLAN range to the device group.

Additionally, for Nexus 7000 devices, you can assign VLAN resources at physical or FEX interface level. You can also group the interfaces from different devices and assign VLAN ranges to the interface group.


Note

Default resource pools are device-specific VLAN pools that are also created automatically when leafs are added to the inventory. The default VLAN range is from 1001 to 2000. You can modify the range as per your requirement.

You can edit the range and also delete any unused ranges.

This chapter has the following sections:

Specifying Global Provider VLAN Range

OpenStack defines the notion of provider VLANs where the connectivity between the computes are backed by external switches carrying those specific VLANs. The expectation is that a given provider VLAN network, the segmentation ID is reserved within all switches in the fabric and dedicated for a specific tenant L2 network.

Cisco VTS can facilitate the provisioning of the provider VLAN in a fabric, by assigning those VLANs to an exclusive pool called the Global Provider VLAN pool. For normal tenant networks, VTS will always allocate VLAN IDs from a dynamic pool (which are device local pools). So, it is likely that for a given tenant L2 network, the VLAN-ID allocated on different switches can vary (They however translate to the same VNI). However, if there is a request from OpenStack admin to provision a provider VLAN network with an explicit segmentation id, and if the segmentation-id falls in the Global Provider VLAN pool range, Cisco VTS will honor the request and consider it to be a provider VLAN network. The VLAN ID specified by OpenStack is essentially 'reserved' across all devices in the fabric for that specific tenant network.

Global Provider VLAN pool has to be mutually exclusive from Cisco Nexus 9000 device VLAN pool and Cisco Nexus 7000 interface VLAN pool.

Global Provider VLAN pool is introduced in Cisco VTS 2.6.1. When upgrading a VTS deployment from prior releases (which did not support this feature), you may want to reserve a range of VLANs for global provider VLAN pool. However, gathering information about the usage of VLAN pools used across all devices can be cumbersome. A script called 'global_provider_vlan_tool.py' is available in Cisco VTS to find suitable 'gaps' in the VLAN range. And if needed, you can reserve specific ranges for Global Provider VLAN.

Procedure

Step 1

Go to Resources > Global Provider VLAN Pool. The Resource / Global Provider VLAN Pool window appears.

Step 2

Click the Add (+) icon. The Add Global VLAN Pool popup window appears.

Step 3

Specify the From and To values. This can be an integer number between 2 and 4094.

Step 4

Click Save.

To edit a device specific VLAN pool, select the Device check box, and click the Edit icon. To delete a group specific VLAN pool, select the Device check box, and click the Delete (X) icon.

Global Provider VLAN Tool

The global provider VLAN tool helps you find and free up VLAN range blocks within the resource pools, which can be used later for creation of global VLAN ranges.

The tool prompts the user to enter a comma separated list of range values to be freed up. Upon receiving the input, it re-carve existing device and interface ranges to accommodate the request. After having these ranges freed up, you can choose to create those ranges (or a subset of them) for the global VLAN pool.

The global_provider_vlan_tool.py script is located at /opt/vts/bin.

Procedure

Step 1

Run the global_provider_vlan_tool.py script. For example: 

admin@vtc1:/home/admin# sudo python global_provider_vlan_tool.py

Available ranges for global vlan pool:

2-2021

2023-3009

3011-3929

3931-3979

3981-4095

Please enter global vlan ranges using common separated ranges (like 1001-1500,1600-1800,2500-3900):2100-2200,2300-2400,2500-2600

Shrinking range 8181e1d5-1083-4c5f-90bf-ab2a77c03129 in pool n9k from 1500 - 2204 to 1500 - 2099

 

Creating range in pool n9k with values 2201 - 2204

 

Shrinking range 2dd0eadc-496e-47bd-ba2e-9498be5937c4 in pool vtf_11.11.11.11 from 2200 - 2214 to 2201 - 2214

 

Deleting range 29f37570-c4e1-4971-a1ab-6f7ad5ec84d9 in pool vts_n7k_ethernet1/5

 

Shrinking range f6979637-7699-406d-a59e-6a206872d657 in pool n9k from 2208 - 2999 to 2208 - 2299

 

Creating range in pool n9k with values 2401 - 2999

 

Shrinking range 07f7083a-eaa0-4442-914a-a348703657f6 in pool n9k from 2401 - 2999 to 2401 - 2499

 

Creating range in pool n9k with values 2601 - 2999

 

Creating range in pool default with values 2100 - 2200

 

Creating range in pool default with values 2300 - 2400

 

Creating range in pool default with values 2500 - 2600

 

Done
Step 2

Exit the script. 

root@VTC1:/opt/vts/bin# exit
exit

Specifying Global VNI Range

You can specify the global VNI range. To do this:

Procedure

Step 1

Go to Resources > Global VNI Pool. The Resources / Global VNI Pool window appears.

In Global VNI Pool window, the range table lists the following details:

  • Range From

  • Range To

  • Restricted Range - data is Boolean (Yes or No)

  • Used

  • Available

  • Total

Step 2

Click the Add (+) icon. Add VNI Pool popup appears.

Step 3

Specify the ranges, select the Restricted Range radio button to enable or disable the range, and click Save.

Step 4

To edit the range, select the Range From check box, and click the Edit icon as required .

All ranges are editable. Overlapping of range is allowed if Restricted Range field is Yes.
Step 5

To delete the range, select the Range From check box, and click the Delete (X) icon.

Specifying Global EVI Range

You can specify the global EVI range. To do this:

Procedure

Step 1

Go to Resources > Global EVI Pool. The Resources / Global EVI Pool window appears.

In Global EVI Pool window, the range table lists the following details:

  • Range From

  • Range To

  • Restricted Range - data is Boolean (Yes or No)

  • Used

  • Available

  • Total

Step 2

Click the Add (+) icon. Add EVI Pool popup appears.

Step 3

Specify the ranges, select the Restricted Range radio button to enable or disable the range, and click Save.

Step 4

To edit the range, select the Range From check box, and click the Edit icon as required.

All ranges are editable. Overlapping of range is allowed if Restricted Range field is Yes.
Step 5

To delete the range, select the Range From check box, and click the Delete (X) icon.

Specifying VLAN Range

VLAN ranges needs to be created for all the leafs and DCIs. You can create device specific VLAN range. You can also group devices together, and create a VLAN range for the group.

For Cisco Nexus 7000 devices, you can specify VLAN range per interface. You can also group interfaces together and specify ranges.

When you add Nexus 7000 devices to inventory, Cisco VTS checks whether these devices are in vPC and the compute links attached to these vPC devices are dual homed. If the devices are in vPC, VTC automatically creates a device group containing these two devices. This device group would have BD range associated with it, which VTS uses to provision overly networks. The default BD range is 1000 to 2000. you can configure this value.

  • For computes attached to Cisco Nexus 7000 switch as single homed, Cisco VTS automatically creates a default device interface pool per interface attached to the compute. This default interface pool is of name vts-Device-InterfaceName with a default VLAN range of 2-4094.

  • If a compute attached to the Cisco Nexus 7000 is dual homed, Cisco VTS automatically creates a default device interface group pool containing the dual homed interfaces of two switches. This default interface group pool is of name vts-group-<number> with a default VLAN range of 0-4096.

  • For single homed and non vPC interfaces, Cisco VTS creates a default per interface level VLAN range of 0-4096.

  • If computes are attached to FEX, the interface pool with default range is created for the FEX device. This FEX VLAN pool is of name vts-device-<fexId> with default range of 0-4096.

  • For computes attached in vPC to two different FEX, Cisco VTS automatically creates a group for the two interfaces going to two different FEXs. Overlay network provisioning on this vPC compute uses a common VLAN from the two FEXs ranges.

    Cisco VTS only allows grouping of two FEXs to form a logical group. It does not allow a FEX from one logical group to form a grouping with a FEX from a different logical group. For example, if a host compute1 is connected in vPC to two FEXs 101 and 102, these two FEXs will form a logical group. Cisco VTS does not allow having a host compute2 connected in vPC to FEX 102 and FEX 103. This is because the same VLAN across multiple FEXs for a given network would be difficult to maintain.

  • The default VLAN pool of a device gets deleted when the device is added to a Device Group. This is because it will be using the default VLAN pool of the Device Group once it is part of the group. However, when the device is removed from the Device Group, Cisco VTS does not add back the original VLAN pool to it. The Cisco VTS admin has to add the VLAN pool back to the device, manually.

Note

We recommend that you check the supported VLAN range for the device that is created automatically, and also take a note of the reserved VLAN range. Every device has its own limitation. You need to ensure that you are not using a reserved VLAN range for your particular device.

See the following sections for details:

Specifying Device VLAN Range

To specify device VLAN pool:

Procedure

Step 1

Go to Resources > Devices. The Resource / Devices window appears. It lists all the device VLAN ranges.

Step 2

Click Devices.

Step 3

Click the Add (+) icon. The Add Range pop up window appears.

Step 4

Enter the Device details, and specify the From and To values.

The device name should match the leaf name in the inventory. From is VLAN start number and To is VLAN end number to be used for the leaf.

Step 5

Select the Restricted Range radio button to enable or disable the range, and click Save.

To edit a device specific VLAN pool, select the Device check box, and click the Edit icon.

To delete a device specific VLAN pool, select the Device check box, and click the Delete (X) icon.

Specifying Group VLAN Range

You can group devices and assign VLAN range for the device group. To specify VLAN range for a device group:

Procedure

Step 1

Go to Resources > Devices. The Resource / Devices window appears.

Step 2

Click Groups.

Step 3

Click the Add (+) icon. The Set Range popup window appears.

Step 4

Enter the Group Name and select the devices that need to be part of the group. Click the help icon for guidelines about the group name.

Step 5

Select the Restricted Range radio button to enable or disable the range, and Click Save.

Step 6

To view the devices associated with a group, select the group and click Associated Devices.

Step 7

Click Save. The group gets created and is listed in the table.

Step 8

To add range to the group, select the group and click the Add (+) icon.

Step 9

Specify the From and To values.

Step 10

Click Save.

Step 11

To edit a device specific VLAN pool, select the Device check box, and click the Edit icon.

All ranges are editable.
Step 12

To delete a group specific VLAN pool, select the Device check box, and click the Delete (X) icon.

Specifying Interface VLAN Range

To specify VLAN range for an interface:

Procedure

Step 1

Go to Resource > Devices. The Resource / Devices window appears.

Step 2

Click Interfaces. It lists all the Cisco Nexus 7000 devices.

Step 3

Click on the corresponding chassis icon.

The Interfaces pop up window appears. You can view the Physical Interfaces and the FEX interfaces.

  1. Click Physical Interfaces tab to view the physical interface.

    The interfaces are displayed based on odd and even numbered interfaces, with the odd numbered interfaces on top and the even numbered interfaces at the bottom.

    You can control the display using the filter options.

    • Choose the desired option from the Module drop-down to filter ports for a specific module.

    • Enter port details in the search field to display a desired port.

    .

  2. Click Physical Interfaces tab to view the physical interface.

    Reserved ports are grayed out. Editing is enabled for ports that are connected to computes.

    Clicking on an available port shows the ranges.

  3. To edit the VLAN range, click the Edit button.

    You can use the Restricted range toggle button to restrict the range.

  4. Click Save.

Step 4

Click the FEX Interfaces tab to view the details about the FEX modules. By default, the range for the first FEX module is shown.

You can control the display using the filter options.

  • Choose the desired option from the FEX drop-down to filter ports for a specific module.

  • Enter port details in the search field to display a desired port.

.

  1. To edit the VLAN range associated with the FEX module, click the Edit button.

    You can use the Restricted range toggle button to restrict the range.

  2. Click Save.

Creating Interface Groups

You can group interfaces and assign VLAN ranges for the group. You can create groups for physical interfaces or FEX interfaces and assign ranges.


Note

You cannot group physical and FEX interfaces together.

Procedure

Step 1

Go to Resource > Devices. The Resource / Devices window appears.

Step 2

Click Interface Groups. It lists all the interface groups for the Cisco Nexus 7000 devices.

Step 3

To add an interface group, click the Add (+) icon.

The Create Interface Group popup window appears.
Step 4

Enter a group name.

Step 5

Choose a group type—Physical Interface Group or FEX Interface Group.

To create a physical interface group:

  1. Click Physical Interface Group .

  2. Click Select Devices to select the devices. The Select Devices popup window appears.

  3. Click Select Interfaces to select the interfaces. The Select Interfaces popup window appears.

    The interfaces display sorted based on odd and even numbered interfaces, with the odd numbered interfaces on top and the even numbered interfaces at the bottom.

    You can control the display using the filter options.

    • Choose the desired option from the Module drop-down to filter ports for a specific module.

    • Enter port details in the search field to display a desired port

    .

    Reserved ports are greyed out. Editing is enabled for ports that are connected to computes.

  4. Click Define Ranges to define VLAN ranges. The Define Ranges and Group Details popup window appears.

    You can use the Restricted range toggle button to restrict a range.[Also, addinfo about the Add button]

  5. Click Review and Save. The Summary popup window displays the interface group range details you have modified. Click Edit if you need to modify any details. You can edit the interface ranges, the devices in the group, or edit the interfaces you have chosen for the device.

  6. Click Save.

    To delete an interface group, select the group and click Delete (X).

To create a FEX interface group:

  1. Click FEX Interface Group .

  2. Click Select Devices to select the devices. The Select Devices popup window appears.

  3. Click Select Interfaces to select the interfaces. The Select Interfaces popup window appears.

    The interfaces display sorted based on odd and even numbered interfaces, with the odd numbered interfaces on top and the even numbered interfaces at the bottom.

    You can control the display using the filter options.

    • Choose the desired option from the Module drop down to filter ports for a specific module.

    • Enter port details in the search field to display a desired port

    .

    Reserved ports are greyed out. Editing is enabled for ports that are connected to computes.

  4. Click Define Ranges to define VLAN ranges. The Define Ranges and Group Details popup window appears.

    You can use the Restricted range toggle button to restrict a range. You can add ranges using the Add (+) button.

  5. Click Review and Save. The Summary popup window displays the interface group range details you have modified. Click Edit if you need to modify any details. You can edit the interface ranges, the devices in the group, or edit the FEX interfaces you have chosen for the device.

  6. Click Save.

    To delete an interface group, select the group and click Delete (X).

Auto Select/Auto Delete functionality

The auto select/auto delete functionality gets triggered on the devices that have port channel config on them from devices Day Zero config.

Only auto delete functionality gets triggered on the devices that have Static Multi Homed (SMH) group attached to them from VTC UI (Host Inventory page).

Note 

Auto select functionality is not applicable for devices with only SMH group.

When you select one of the peer ports/devices that is part of a system defined group (port channel in this case), then the corresponding peer port/device also gets auto selected and gets added to the interface group (both Physical and FEX interface group).

If this is the only device in the interface group then the group cannot be saved. If there are other devices in this group, you should be able to save the group even after the system defined/SMH tagged group devices are deleted

When you deselect one of the peer ports/devices that is part of a system defined group (port channel in this case) or SMH group, then the corresponding peer port/device also gets auto de-selected/deleted and gets deleted from the interface group (both Physical and FEX interface group).

If this is the only device in the interface group then the group cannot be saved. If there are other devices in this group, you should be able to save the group even after the system defined/SMH tagged group devices are deleted.

Specifying Multicast IP Pool

You can specify the number of overlay networks that can be mapped to a single multicast address. Choose Enter VNI (Network Count) from the drop-down, and enter the number of networks you want to map to a single multicast address. You can also opt to have all networks to map to a single multicast IP. To do this choose All Network from the drop-down.

You can specify the IP range. The range must be within the multicast IP address range configured on leaf devices via Day Zero configuration file. The valid range is from 239.0.0.0 to 239.255.255.255.

Procedure

Step 1

Go to Resources > Multicast IP Pool. The Resources / Multicast IP Pool window appears.

Step 2

Click the Add (+) icon, and enter the Start and End values.

Click the Question Mark (?) icon to view the Multicast IP address range.

Use the Restricted Range toggle button to restrict or disallow allocations from this range.

Step 3

Click Save.

To delete Multicast IP Pool, select the desired check box, and click the Delete (X) icon.

Important Note

For versions earlier than 2.3.1, Cisco VTS restricted the use of static allocation to within a range, for all resources, and all attempts to allocate outside the range returned an exception. Currently, by default, ranges are not required for static allocation. A static allocation may be done both inside a range and outside it.

If you wish to enable the restriction, this can be done using REST API. See the Cisco VTS Developer Guide for details.

Resource Pool Use Cases

This section provides information about the VTS behavior related to resource pool allocation use cases.

Table 1. Terms and Description

Terms

Description

Restricted Range A range of VLAN or VNI from which VTS is restricted from allocating. Typically this sort of restriction is done to accommodate the following use cases: - Deployments where the fabric controller (VTC) will honor the VLAN/VNI pool allocation done by the VMM for tenant networks. - Deployment where the fabric controller (VTC) will honor VLAN/VNI segment id allocation done by VMM for realizing Provider VLAN networks
Dynamic Range A range of VLAN or VNI from which VTS would allocate for ports. Dynamic and Restricted ranges could overlap.
Out of Range Any VLAN IDs that have not been allocated to either Dynamic Range or Restricted Range.
Provider VLAN/VNI A VLAN/VNI id explicitly requested by the OpenStack Administrator to be assigned to a network. These are provider networks and are realized using hardware switches outside of compute.
Static VNI A VNI ID explicitly is requested by the VTC administrator to be assigned to a network.
Static VLAN A VLAN ID explicitly requested by the VTC administrator to be assigned to a port.
Note 
For more information about Static VLAN options and the behavior of each options see, Static VLAN Options
Table 2. Cisco VTS Behavior for Various Use Cases

Use Case

VTS Behavior

In Restricted Range1

In Dynamic Range

Out of Range

Provider VLAN segment ID used for SR-IOV links from Openstack VTS will honor this if port VLAN is available VTS will reject the request VTS will reject the request
VLAN segment ID from Openstack VTS will honor this if port VLAN is available VTS will ignore VLAN from Openstack. Will allocate VLAN from dynamic range VTS will ignore VLAN from Openstack. Will allocate VLAN from dynamic range
VxLAN segment ID from Openstack VTS will honor this if VNI is available VTS will ignore VNI from Openstack. Will allocate VNI from dynamic range VTS will ignore VLAN from Openstack. Will allocate VNI from dynamic range
Static VLAN segment ID on port (VTC admin) VTS will honor this if VLAN is available VTS will honor this if VLAN is available VTS will honor this if legacy-mode2 is OFF VTS will reject if legacy-mode is ON
Static VxLAN segment ID (VTC admin) VTS will honor this if VxLAN is available VTS will honor this if VxLAN is available VTS will honor this if legacy-mode flag is OFF VTS will reject if legacy-mode flag is ON
Multi-VMM VLAN provider network (merge) VLANs needs to match on both VMMs. Else Reject VTS will ignore VLAN from VMMs. Will allocate VLAN from dynamic range VTS will ignore VLAN from VMMs. Will allocate VLAN from dynamic range

Multi-VMM VLAN provider network (publish)

VTS preserves the source VMM's VNI in published network. VLAN is not published.

Multi-VMM VxLAN provider network (merge) VNI needs to match on both VMMs. Else Reject VTS will ignore VNI from VMMs. Will allocate VNI from dynamic range VTS will ignore VNI from VMMs. Will allocate VNI from dynamic range

Multi-VMM VxLAN provider network (publish)

VTS preserves the source VMM's VNI in published network.

1 Restricted range is meant to be a global setting in VTS. But is currently realized as a device specific resource pool. Hence to achieve a global behavior, the same restricted range needs to be configured on all devices.
2 Legacy mode—If enabled, VTS rejects if VLAN allocation is not in VTS managed pool.

Static VLAN Options

Following are the static VLAN options and the behavior of each option in legacy modes.

Request Type

VTS Version

Pool and Range Options

Static VLAN Behavior

Standard Static VLAN Request from VTS GUI or API

Before VTS 2.3.1

Only one range type is available for both dynamic and static allocations.

On BM ports attach operation, specify a VLAN.

Note 
Ensure to add this VLAN as part of a predefined range else, the request fails.

Standard Static VLAN Request from VTS GUI or API

VTS 2.3.1-> Present

Define ranges as restricted. You can carve out restricted ranges from inside the dynamic ranges. Dynamic allocated (often called VTS allocated) will not touch restricted ranges.

Note 
The term ‘restricted’ means ranges are restricted from dynamic allocation, not restricted from the user requesting it.

On BM ports attach operation, you can request a VLAN. This VLAN is available from a dynamic range, a restricted range, or no range at all.

Note 
It is not recommended to create a range of 1 just to allocate a single VLAN outside of any range.

Static VLAN Request with Range Check from VTS GUI or API

VTS 2.5.0 > Present

Same as above

Before 2.3.1, if you want to view the behavior of VTS failure with all requests that are not in a range, set a flag to re-enable this legacy option.

Honoring Provider VLANs from Openstack

 VTS 2.5.1 > 2.6.0

Same as above.

Note 
Create a restricted range matching the range of provider VLANs that are sent from Openstack in honor for VTS to honor it. A restricted range matching the provider range must be created on every device that provider networks create ports on.

If a port attach comes from Openstack and the network segmentation id VLAN is not in the restricted range, VTS allocates its own dynamic VLAN.

If it is an SRIOV port attach operation, which must have a known provider VLAN, VTS fails the operation.

For VTS GUI static VLAN requests, there is no change.

Honoring Provider VLANs from Openstack

VTS 2.6.1 > Present

Same standard options. You need not create a restricted range on every device. Instead, create a single range in the Global Provider VLAN Pool. Multiple ranges can be given if needed. The ranges though cannot overlap any of the ranges of the site’s device pools.

Same as above.

VTS does not check the restricted range for nonlegacy networks (networks that are created before 2.6.1). VTS will instead check the Global Provider VLAN Pool.

For VTS GUI static VLANs requests, there is no change. Static VLANs are provided from the global provider pool ranges or the device pool ranges.