Using Virtual Machine Tracker Auto-Config

Virtual Machine Tracker Auto-Config

Virtual Machine Tracker auto-config is a feature that automatically configures a tenant for provisioning.

The Virtual Machine Tracker auto-config feature retrieves information about a tenant from the database (LDAP) and issues the necessary configuration commands for the provisioning.

The commands required for provisioning the tenant are stored in the form of a configuration profile. A configuration profile is a set of commands that will be required for provisioning a particular tenant, except the required parameters are written as variables instead of actual values in a command.

The information about the tenant includes:

  • The values for the variables of a configuration profile.

  • The actual configuration profile that a tenant uses.

Orchestrators, such as the Cisco Virtual Topology System (VTS) or the Cisco UCS Director (UCSD), are used to populate the tenant information.


Note

Virtual Machine Tracker auto-config is only supported on Cisco Nexus 9300 Series switches.


Note

Virtual Machine Tracker auto-config supports Cisco Nexus 9300 Series switches in FEX configurations.

Configuration Profile

A configuration profile for auto-config is a collection of commands used to instantiate a specific configuration. Based on appropriate end-host triggers (VM Tracker trigger), configuration profiles are grouped to allow flexible and extensible options to instantiate tenant-related configurations on a leaf node.

The commands are entered using variables for certain parameters instead of entering the actual value. The switch fills in the actual values to derive the completed command. When the required parameters for a particular configuration profile are available, the profile can be instantiated to create a configuration set. The switch applies this configuration set to complete the command execution belonging to the configuration set.

The commands that are supported in a configuration profile are called config-profile-aware commands. Most of the commands for a switch can be used in the configuration profile.

Various sets of configuration profiles can be created and stored in the network database using LDAP, and each network can use a different configuration profile. The configuration profiles from the network are used to configure the leaf whenever required. Configuration profiles can also be designed with VRFs. An "include profile any" in the configuration profile can indicate that a particular profile needs to be instantiated for the VRF. The network database for the VRF carries the name to be used for the included profile.

Configuration Profile Refresh

A configuration profile refresh involves updating and/or removing profile parameters (arguments or variables) without disrupting network traffic. When the network database is modified for parameters of a network profile, the changes are pulled down to the switch by issuing a refresh command. When using Cisco DCNM for auto-config, Cisco Prime DCNM executes the fabric database refresh vni/dot1q/vrf command on the fabric switches when network parameters are modified for a particular entry in the network database.

Network Database

A network database is stored in an external LDAP server as multiple tables. There are three different tables:

  • Network Table

  • Partition Table

  • Profile Table

Network Table

All the parameters for a host network are stored in this table in the LDAP. This includes, segment ID, VLAN, Gateway, and VRF information. 


fabric database type network
  server protocol ldap host dcnm721_39.cisco.com vrf management
     db-table ou=networks,dc=cisco,dc=com key-type 1
     db-security user cn=reader,dc=cisco,dc=com password cisco123
Partition Table

All parameters that are required to provision a VRF on the switch are stored in the partition table. A network table entry specifies which VRF it uses. The VRF partition table specifies the parameters that are required for this VRF, including the profile that the VRF partition uses. 


fabric database type partition
  server protocol ldap host dcnm721_39.cisco.com vrf management
     db-table ou=partitions,dc=cisco,dc=com
     db-security user cn=reader,dc=cisco,dc=com password cisco123
ProfileTable

The profile table stores the configuration profiles that are required to instantiate a particular network. Each network/partition table specifies which profile it uses. The profile table holds the configuration profile itself. 


fabric database type profile
  server protocol ldap host dcnm721_39.cisco.com vrf management
     db-table ou=profilesIPFabric,dc=cisco,dc=com
     db-security user cn=reader,dc=cisco,dc=com password cisco123

Configuration Profile Example

The following are examples of configuration profiles that can be used for network host and VRF provisioning.

  • The defaultNetworkEVPNProfile profile can be attached to a network table entry to provision VLAN, segment, gateway IP, and VTEP related information for workloads attached to a switch. 

    
config profile defaultNetworkEVPNProfile
 vlan $vlanId
   vn-segment $segmentId
 interface vlan $vlanId
   vrf member $vrfName
   ip address $gatewayIpAddress/$netMaskLength tag 12345
   ipv6 address $gatewayIpv6Address/$prefixLength tag 12345
   fabric forwarding mode anycast-gateway
   no shutdown
 interface nve $nveId
   member vni $segmentId 
      mcast-group $mcastGroupIpAddress
 evpn
   vni $segmentId l2
     rd auto
     route-target import auto
     route-target export auto
 include profile any
end

  • The vrf-common-evpn profile can be used to provision corresponding Layer 3 VRF information. 

    
configure profile vrf-common-evpn
   vrf context $vrfName
    vni $include_vrfSegmentId
    rd auto
     address-family ipv4 unicast
      route-target both auto
      route-target both auto evpn
    router bgp $asn
     vrf $vrfName
      address-family ipv4 unicast
       advertise l2vpn evpn
       redistribute direct route-map FABRIC-RMAP-REDIST-SUBNET
      address-family ipv6 unicast
       advertise l2vpn evpn
       redistribute direct route-map FABRIC-RMAP-REDIST-SUBNET
   interface nve $nveId
    member vni $include_vrfSegmentId associate-vrf
End

Using auto-pull

In certain scenarios, you might be required to manually provision a network based on the LDAP database. You can perform this from DCNM using the deploy option or directly from a switch.

You can use one of the following to manually provision a network from a switch: 


switch# fabric database auto-pull dot1q interface ethernet <id>
switch# fabric database auto-pull vni interface ethernet <id> overwrite-vlan <vlan-id>

Virtual Machine Tracker Auto-Config Workflow

The following is a typical workflow to provision a tenant and provide an EVPN capable fabric connection to the tenant's workloads.


Note

All leaf switches in the network fabric are provisioned with the VM Tracker connections based on the set of hosts that are connected to the switch.

  • Identify the VLAN that a tenant’s virtual machine needs to utilize.

  • Provision the required port-groups on the VMware vSphere Distributed Virtual Switch (DVS) or virtual switch.

    (You can use an orchestrator such as Cisco UCS Director (UCSD) or provision directly on the VMware vCenter.)

  • Determine the configuration profile that needs to be associated with the tenant for provisioning the VRF. For example, associating the vrf-common-universal-evpn profile.

  • Collect the tenant's network information and provision the network database with an application that uses the documented DCNM REST APIs.

    The network information includes:

    • Required configuration profile associated with the server-facing network that is being created.

    • All the network parameters required to provision the required configuration profile.

    • The mobility domain that is associated with the network.


      Note

      Only one mobility domain can be supported.

    At this point, the fabric is ready for auto provisioning the workloads at any switch which is configured with the suitable mobility domain and the VM Tracker connection.

  • When the workloads are powered on, VM Tracker detects the workload and pulls the appropriate network information from the LDAP database and provisions the network on the switch where the workload is connected.

  • When a workload is no longer necessary, powering the workload off ensures that the previously configured provisioning is removed.

Guidelines and Limitations for Virtual Machine Tracker Auto-Config

VM Tracker has the following guidelines and limitations:

  • show commands with the internal keyword are not supported.

  • Enabling the VM Tracker auto-config feature is disruptive. A best practice is to disconnect all VM Tracker connections before enabling VM Tracker auto-config.

  • When VM Tracker auto-config is enabled after VM Tracker is already connected to VMware vCenter and has configured the switch, the existing VM Tracker configuration is removed and then VM Tracker auto-config is triggered.

  • When VM Tracker auto-config is disabled, the auto-config triggered configuration is removed and the VM Tracker reverts back to the configured VLAN that was initially created by VM Tracker.

  • switchport trunk allowed vlan vlan-list are configured on the host facing interface for both auto-config triggered configurations and initial VM Tracker configurations.

  • The VLAN is always created when the VM Tracker auto-config triggers the configuration. The autovlan enable command is ineffective and is not supported when VM Tracker auto-config is enabled.

  • allowed-vlan takes effect when VM Tracker auto-config is enabled.

  • VM Tracker and a vPC Configuration

    • VM Tracker should be configured on both switches of the vPC pair so that the host facing trunk port is configured.

    • In a vPC configuration when both the vPC primary and the vPC secondary are configured to connect to the VMware vCenter, VM Tracker on the vPC secondary will not trigger auto-config. The auto-config profile is synced from primary to standby by HMM. The purpose of this is not to overwhelm HMM with downloading and sync profiles from the vPC primary to the vPC secondary and from the vPC secondary to the vPC primary at the same time.

    • If the primary vPC interface is down, when vCenter detects the link being down, VM Tracker is updated, VM Tracker triggers the profile unapply request to HMM, and the host facing “trunk allowed vlan” configuration is removed. When the VM Tracker retry timer expires on the secondary, the “skipped” profile is inspected and VM Tracker triggers the auto-config from the standby side if it detects the primary vPC interface is down.

    • When the primary vPC interface is up again, VM Tracker on the primary triggers auto-config. At this time both switches trigger auto-config.

  • When migrating from VM Tracker to VM Tracker auto-config in a vPC setup, the following procedure is a best practice:

    • Disconnect all VM Tracker connections on the vPC primary and the vPC secondary switches.

    • Enable VM Tracker auto-config using the vmtracker fabric auto-config command on the vPC primary and the vPC secondary switches.

    • Connect the VM Tracker connection on the vPC primary switch.

    • Connect the VM Tracker connection on the vPC secondary switch.

Enabling Virtual Machine Tracker Auto-Config


Caution

Enabling the VM Tracker auto-config feature is disruptive. A best practice is to disconnect all VMTracker connections before enabling VM Tracker auto-config.

Before You Begin

VM Tracker feature is enabled.

SUMMARY STEPS

    1.    switch# configure terminal

    2.    switch(config)# [no] vmtracker fabric auto-config

    3.    switch(config)# [no] vmtracker connection connection-name

    4.    switch(config-vmt-conn)# [no] remote {ip address ip_address | port port_number | vrf}

    5.    switch(config-vmt-conn)# username username password password

    6.    switch(config-vmt-conn)# [no] connect


DETAILED STEPS
     Command or ActionPurpose
    Step 1switch# configure terminal  

    Enters global configuration mode.

     
    Step 2 switch(config)# [no] vmtracker fabric auto-config
     

    Enables VM Tracker auto-config trigger.

    The no form of the command disables the auto-config trigger.

     
    Step 3 switch(config)# [no] vmtracker connection connection-name
     

    Enters VM Tracker connection configuration mode for the connection name specified.

    The no form of the command disables the connection.

     
    Step 4switch(config-vmt-conn)# [no] remote {ip address ip_address | port port_number | vrf}
     

    Configures remote IP parameters.

     
    Step 5switch(config-vmt-conn)# username username password password
     

    Verifies the username and password to connect to vCenter.

     
    Step 6switch(config-vmt-conn)# [no] connect
     

    Connects to vCenter.

    The no form of the command disconnects VM Tracker from vCenter.

     

    This example shows how to enable the VM Tracker auto-config trigger: 

    switch# configure terminal
switch(config)# vmtracker fabric auto-config
switch(config)# vmtracker connection v229
switch(config-vmt-conn)# remote ip address  172.29.21.29 port 80 vrf management
switch(config-vmt-conn)# username user1 password abc1234
switch(config-vmt-conn)# connect

    Triggering Auto-Config

    You can use the fabric database auto-pull dot1q interface ethernet id command or the fabric database auto-pull vni interface ethernet id overwrite-vlan vlan-id command to trigger VM Tracker auto-config to automatically configure a switch.


    Note

    When triggering an automatic configuration with auto-pull, subsequent VM Tracker auto-config requests are not supported and are rejected.


    Note

    An auto-pull automatic configuration is not supported when the VM Tracker auto-vlan feature is enabled.

    Verifying Virtual Machine Tracker Auto-Config Configuration

    Use the following command to display and verify VM Tracker auto-config configuration information:

    Command

    Purpose

    show vmtracker fabric auto-config

    Displays the VM Tracker auto-config information.

    Example Configuration for Virtual Machine Tracker Auto-Config

    
switch# configure terminal
switch(config)# feature vmtracker
switch(config)# vmtracker fabric auto-config
switch(config)# vmtracker connection v229
switch(config-vmt-conn)# remote ip address 172.29.21.29 port 80 vrf management
switch(config-vmt-conn)# username root password Nbv!23
switch(config-vmt-conn)# connect


    
switch(config-vmt-conn)# show vmtracker fabric auto-config 

Fabric Auto Configuration is enabled
Auto Configure Retry Time left: 107 seconds
Switch Device: SAL1833YM0V
------------------------------------------------------------------------------
Port                          Port-Channel                  Vlan     Status
------------------------------------------------------------------------------
Ethernet1/3                   port-channel13                50       Pending
Ethernet1/3                   port-channel13                56       Pending
    On Standalone or VPC Pair Primary: 
    
switch(config-vmt-conn)# show vmtracker fabric auto-config 

Fabric Auto Configuration is enabled
Auto Configure Retry Time left: 100 seconds
Switch Device: SAL1833YM0V
------------------------------------------------------------------------------
Port                          Port-Channel                  Vlan     Status
------------------------------------------------------------------------------
Ethernet1/3                   port-channel13                50       Success
Ethernet1/3                   port-channel13                56       Success
    On VPC Pair Secondary: 
    
switch(config-vmt-conn)# show vmtracker fabric auto-config 

Fabric Auto Configuration is enabled
Auto Configure Retry Time left: 82 seconds
Switch Device: SAL1833YM64
------------------------------------------------------------------------------
Port                          Port-Channel                  Vlan     Status
------------------------------------------------------------------------------
Ethernet1/3                   port-channel13                50       Skipped
Ethernet1/3                   port-channel13                56       Skipped
    Switch downloaded profile: 
    
switch(config-vmt-conn)# show fabric database host 

Active Host Entries
flags: L - Locally inserted, V - vPC+ inserted, R - Recovered, X - xlated Vlan
VLAN  VNI      STATE           FLAGS PROFILE(INSTANCE) 
50    30001    Profile Active  L     defaultNetworkUniversalEvpnProfile-edcs(instance_def_50_1)
56    30056    Profile Active  L     defaultNetworkUniversalEVPNProfileNew(instance_def_56_1)
    Switch was profiled synced from VPC peer: 
    
switch(config-vmt-conn)# show fabric  database host 

Active Host Entries
flags: L - Locally inserted, V - vPC+ inserted, R - Recovered, X - xlated Vlan
VLAN  VNI      STATE           FLAGS PROFILE(INSTANCE) 
50    30001    Profile Active  V     defaultNetworkUniversalEvpnProfile-edcs(instance_def_50_1)
56    30056    Profile Active  V     defaultNetworkUniversalEVPNProfileNew(instance_def_56_1)


    
switch(config-vmt-conn)# show run vlan 50 expand-port-profile 

!Command: show running-config vlan 50 expand-port-profile
!Time: Sat Aug  8 05:25:09 2015version 7.0(3)I2(1)
vlan 50
  vn-segment 30001


    
switch(config-vmt-conn)# show run interface vlan 50 expand-port-profile 

!Command: show running-config interface Vlan50 expand-port-profile
!Time: Sat Aug  8 05:29:49 2015
version 7.0(3)I2(1)
interface Vlan50
  no shutdown
  vrf member Org1:vrfedcs
  ip address 50.50.50.15/24 tag 12345
  fabric forwarding mode anycast-gateway