• Use CVP to Automate a POE L2 MLAG Stack with In-Band Management and Telemetry

 
 
Print Friendly, PDF & Email

Overview

One of the advantages Arista offers for campus switches is an automated approach to stacking via CloudVision Portal (CVP), and this article covers a Configlet Builder that will allow for this automation in a Layer 2 Leaf Spine architecture.

Introduction

In a Data Center, switches are traditionally managed out-of-band where the forwarding of management information is in a separate data path than the actual data center traffic.  The management connections are via a separate management network, and the switches typically plug into that environment through a copper Ethernet port.  In campus, however, management is typically done in-band meaning that the management information traverses the same links that the users’ data passes.  This is because most wiring closets are not equipped with an out-of-band management network.  

Arista provides a campus stacking solution via MLAG which is a common technology used in data center environments to allow for forwarding and load balancing on uplink ports.  The technology is standardized and has been proven over many years.

This article will focus on the automation of the MLAG Stack to allow POE switches to participate in Zero Touch Provisioning (ZTP) so POE switches can be taken out of the box and plugged into the Spline switches which connect back to the data center.  Besides initial configuration, this solution allows for:

  • Future easy switch upgrades for individual closets or multiple closets at a time.
  • Simple configuration that goes across all switches in a closet or groups of closets.
  • Automated stack expansion to bring in additional switches as needed.
  • Replacing any switch in the stack in case of damage or failure.

A diagram of the network architecture used in this document can be seen below and shows how the Spline switches connect to the data center which in turn provides connectivity to DHCP and CVP.  The Spline downstream ports are configured to receive data and place it in a native VLAN that is configured to forward DHCP requests via DHCP relay.  The DHCP server is configured for Zero Touch Provisioning (ZTP) and will tell the requesting switch how to get to CVP using standard DHCP options.

Prerequisites

To run this Configlet Builder, the Splines, will need to have a configuration that includes the following:

Spline1 Spline2
vlan 4093
!
ip virtual-router mac-address 00:1c:73:00:01:00
!
interface Ethernet 48
  channel-group 1000 mode active
  switchport access vlan 4093
!
interface Port-Channel 1000
  no switchport access vlan 4093
  switchport mode trunk
  switchport trunk native vlan 4093
  port-channel lacp fallback
  port-channel lacp fallback individual
  port-channel lacp fallback timeout 3
  mlag 1
!
interface Vlan 4093
  ip address 192.168.25.2/24
  ip virtual-router address 192.168.25.1
  ip helper-address 192.168.15.251 
vlan 4093
!
ip virtual-router mac-address 00:1c:73:00:01:00
!
interface Ethernet 48
  channel-group 1000 mode active
  switchport access vlan 4093
!
interface Port-Channel 1000
  no switchport access vlan 4093
  switchport mode trunk
  switchport trunk native vlan 4093
  port-channel lacp fallback
  port-channel lacp fallback individual
  port-channel lacp fallback timeout 3
  mlag 1
!
interface Vlan 4093
  ip address 192.168.25.3/24
  ip virtual-router address 192.168.25.1
  ip helper-address 192.168.15.251

Where:

  • VLAN 4093 is the VLAN for the In-band Management Network. This can be any VLAN.
  • “ip virtual-router” is used for VARP for the Splines
  • “switchport access vlan” configures the management VLAN on the physical Ethernet port for use when the port channel is not up.
  • The port channel is configured to fall back to the physical Ethernet when LACP does not come up initially when the MLAG Stack Peers are in ZTP mode.
  • The port channel trunk has a native VLAN of the management VLAN.
  • The interface VLAN IP address scheme can be used across multiple POE closets meaning that multiple stacks can be a part of the same management network.  A separate port channel would be configured for each stack.
  • The virtual-router address is the gateway for the POE switches.

Assumptions for Running Automation

Assumptions that were made when the Configlet Builder was created are as follows:

  • The default gateway for the management VLAN is .1
  • One uplink to the Spline is used per switch as it is assumed most campus closets only have two fiber pairs for connections back to a central location.
  • Multiple downlinks per switch allow any number of MLAG Stack Member ports.
  • MLAG Stack Peer hostnames should end in 1 or 2, A or B, LEFT or RIGHT depending on MLAG peer position.  A set of MLAG Peers would normally have a notation like this to distinguish between the Peers.
  • MLAG downlinks to member switches are assumed to be 25G because that is the greatest number of higher speed links on the POE switches.
  • MLAG VLAN is assumed to be 4094, thus the Management VLAN cannot be 4094.

NOTE: All of these assumptions can be changed by simply editing the Configlet Builders.

Running the Automation

Configlet Import

Download the configlet set required for this automation here.

Once downloaded, import the configlets into CVP by clicking on the import icon on the right side of the Configlets screen and choose the downloaded configlet file from above 

Two Configlet Builders will appear named:  ‘Build L2 POE MLAG Peer’ and ‘Build L2 POE MLAG Member’

CVP Network Provisioning Preparation

Create Containers

Because MLAG Stack Peers will have different configuration requirements from the MLAG Stack Members, it is helpful to put them in separate containers in CVP.  Also, while it does not necessarily matter how the containers are grouped together, it is recommended to put the MLAG Peer container and MLAG member container together under a single container to manage them as a unit.  For example, in the CVP screenshot below, the POE switches are going into the IDF1 closet, so the top level container is IDF1 and the two containers below it are for the MLAG Stack Peers and for the MLAG Stack Members

Assign Configlets to containers

To assign configlets to containers, right click on the container, and choose Manage -> Configlet.

On the next screen, choose the Configlet Builder that corresponds to the container selected.  For instance, if assigning the Configlet Builder to an MLAG Peer container, choose the configlet ‘Build L2 POE MLAG Peer’.

 

Configlet Builder Dialog for MLAG Stack Peers

Assuming that the Splines have the required network connectivity for the POE switches, after the POE switches boot up, they will be in ZTP mode and fall under the Undefined container in CVP Network Provisioning.

Move one of the POE MLAG Stack Peers from the Undefined container to the container created earlier for the POE MLAG Stack Peers.  Notice that while there may be three or more devices in the MLAG Stack, only the MLAG Stack Peers show in the Undefined container at this time because all switches are in a layer 3 mode while they are trying to ZTP and MLAG Stack member switch traffic will not be able to traverse the MLAG Stack Peers until the Peers are configured.

To move the device into the MLAG Stack Peer container, right click on the device in the Undefined container and select ‘Move’.  

In the next dialog window, select the container created for the MLAG Stack Peers.  In the example above, that would be the ‘IDF1 MLAG Peer’ container.

After moving the device into the container, a dialog box will appear asking about generating a configlet.  Select Yes here to automate one of the MLAG Stack Peer devices.

Click on the ‘Build L2 POE MLAG Peer’ Configlet on the left side of the screen.  When clicking on that configlet, a dialog will open such as the one below.  Please review the instructions below to help with the configuration of each box.

Next, generate the configuration by clicking on the ‘Generate’ button below the MLAG Subnet, Validate the configuration, and Save the configuration.  Repeat the steps for the other MLAG Stack Peer.  Below is an example of how the form could be completed for a 720XP-48ZC2 POE switch:

After both switches have had the Configlets applied, click ‘Save’ in the Network Provisioning screen and run through Change Control to apply the configuration in CVP.  After the switches reboot, the MLAG Stack Peers will be up and allow for member ports to begin being configured.

 

Configlet Builder Dialog for MLAG Stack Members

Once the POE MLAG Stack Peers are up, MLAG member switches will be seen in the Undefined container in Network Provisioning.  Move each of the MLAG Member switches one at a time to the MLAG Member container created earlier. 

To move the device into the MLAG Stack Peer container, right click on the device in the Undefined container and select ‘Move’.  

In the next dialog window, select the container created for the MLAG Stack Peers.  In the example above, that would be the ‘IDF1 MLAG Mbr’ container.

After moving the device into the container, a dialog box will appear asking about generating a configlet.  Select Yes here to automate one of the MLAGE Stack Peer devices.

Click on the ‘Build L2 POE MLAG Member’ Configlet on the left side of the screen.  When the configlet is clicked, a dialog will open such as the one below.  Review the instructions below to help with the configuration of each box.

Next, generate the configuration by clicking on the ‘Generate’ button below the ‘Uplinks to MLAG Peers’, Validate the configuration, and Save the configuration.  Repeat the steps for other MLAG Member switches.  Below is an example of how the form could be completed for a 720XP-48ZC2 POE switch:

After both switches have had the Configlets applied, click ‘Save’ in the Network Provisioning screen and run through Change Control to apply the configuration in CVP.  After the switches reboot, the MLAG Stack will be complete.

 

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: