Overview to Cisco VTS Installation in Cisco NFVI
The Cisco Virtual Topology System is an overlay management and provisioning system for data center networks. It automates data center overlay fabric provisioning for both physical and virtual workloads. It provides a policy-based approach for overlay provisioning, and can be used for multitenant data centers for cloud services, including Cisco NFVI.
To install Cisco VTS with Cisco NFVI, you must manually install the Cisco VTS Virtual Topology Controller (VTC) and its VTSR VMs before you start the Cisco VIM installation. The VTC and VTSR VMs must be run on an independent pair of servers, and not on a Cisco NFVI control, compute, storage, or management node. You can set up the networking on those servers as described in the installation procedures. When you run the Cisco VIM installer, you have to provide the VTC VIP and appropriate VTS credentials.
The following figure shows how Cisco VTS Virtual Topology Controller (VTC) and VTSR virtual machines (VMs) connect to the Cisco NFVI networks.
The following table maps Cisco VTS network names to Cisco VIM network names.
Cisco VTS VM |
Cisco VTS Network Name |
Cisco VIM Network Name |
---|---|---|
VTC |
Management Network |
API (a) |
VTC |
Underlay Network |
Management or Provision (mx) |
VTSR |
Management Network |
Management or Provision (mx) |
VTSR |
Underlay Network |
Tenant (t) |
The following table describes the required IP address allocations for VTS components.
Cisco VIM Network |
Required Cisco VTS IP Addresses |
Description |
---|---|---|
API (a) |
3 total (1 VIP + 1 IP per VTC VM) |
Set up in the VTC config.iso and cluster.conf |
Management or Provisioning (mx) |
|
Set up in VTSR config.iso. Note: VTS component IP addresses cannot overlap with the pool ranges configured in the Cisco VIM setup_data.yaml. |
Tenant (t) |
2 total—(one IP address VTSR VM. |
Set up in VTSR config.iso Note: The VTS component IPs cannot overlap with pool ranges that are configured in the Cisco VIM setup_data.yaml. |
The following is the VTS IP distribution and setup mechanism.
VIM API network
-
VTC1—api (a) network IP1 (associated through the VTC1 config ISO)
-
VTC2—api (a) network IP2 (associated through the VTC2 config ISO)
-
VTC VIP—api (a) network IP3 (associated through the HA step cluster.conf)
VIM Management/Provisioning network
-
VTC1—management/provisioning (mx) network IP1 (associated through the VTC1 config ISO)
-
VTC2—management/provisioning (mx) network IP2 (associated through the VTC2 config ISO)
-
VTC VIP—management/provisioning (mx) network IP3 (associated through the HA step cluster.conf)
-
VTSR 1—management/provisioning (mx) network IP4 (associated through the VTSR-1 config ISO)
-
VTSR 2—management/provisioning (mx) network IP5 (associated through the VTSR-2 config ISO)
VIM Tenant network:
-
VTSR 1—tenant (t) network IP1 (associated through the VTSR-1 config ISO)
-
VTSR 2—tenant (t) network IP2 (associated through the VTSR-2 config ISO)
Cisco VTS Usernames and Passwords in Cisco NFVI
The following table lists the Cisco VTS usernames and passwords that are deployed after you install Cisco VTS in Cisco NFVI.
Configuration Location |
Value Requirements |
Description/Comments |
---|---|---|
CVIM: openstack-configs/setup_data.yaml VTS_PARAMETERS: VTS_USERNAME VTS_PASSWORD VTS_SITE_UUID The following parameters are optional, only required if VTS_DAY0 is enabled. VTC_SSH_PASSWORD VTC_SSH_USERNAME VTS_SITE_UUID Optional: MANAGED |
VTS_USERNAME must be admin. VTS_PASSWORD must match VTC UI login password for the admin user. Password must have a minimum of 8 characters and at least one uppercase letter, one digit, and one special character. VTS_SITE_UUID is unique UUID of VTS SITE controlled by Cisco VIM. The VTS_SITE_UUID must be in a generic UUID format (Unique Pod UUID to indicate which pod the VTS is controlling) The VTC_SSH_PASSWORD and VTC_SSH_USERNAME are ssh credentials to login to VTC VMs. MANAGED is either True or False. By default, it is false. If it is True, VTS deployment mode is managed. |
Used by VTF to register with the VTC / VTSR. |
VTC ISO config.txt : vts-adminPassword AdministrativeUser AdministrativePassword |
Must match the Cisco VIM setup_data.yaml VTC_SSH_PASSWORD parameter. AdministrativeUser must match with setup_data.yml VTC_SSH_USERNAME parameter AdministrativePassword matches with VTC_SSH_PASSWORD parameter. |
Configures VTC admin user's initial password. SSH username/password for VTC VM. |
VTSR ISO: USERNAME PASSWORD |
VTSR VM SSH username/password The VTSR adds this in VTS Inventory > Authorization Group > vtsgroup Device User Name associated with VTC admin user |
Modes of TOR Configuration with VTS
Cisco VTS supports two modes of TOR configuration:
-
Unmanaged TOR: It is the default mode of operation for VTS with Cisco VIM. VTS network inventory is added as “Unmanaged” device instead of actual TOR switches. BGP EVPN ingress replication mode mechanism is used for admin domain, but the port configuration does not push configuration to the TOR switches.
-
Managed TOR: VTS network inventory is added with actual TOR switches.Control and compute nodes information are added with their corresponding interfaces connected with TOR in the VTS host inventory. BGP EVPN multicast replication mode is used for admin domain, while the port configuration enables multicast Internet Group Management Protocol (IGMP) snooping and PIM configuration for Tenant VLAN on actual TOR switches.
Note
As the storage nodes do not have VTF, the switch ports hanging off the storage nodes are configured statically.
To maintain consistency, add the tor_info to the storage nodes in the setup_data of the pod. .
Listed below is the snippet of the Multicast configuration push to Cisco Nexus 9000, when port is configured with Tenant VLAN ID 111.
interface Vlan111
no shutdown
no ip redirects
ip address 22.22.22.200/24
no ipv6 redirects
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
ip igmp version 3
ip igmp static-oif 239.0.0.1
hsrp 22
ip 22.22.22.1
vlan configuration 111
ip igmp snooping static-group 239.0.0.1 interface port-channel12
ip igmp snooping static-group 239.0.0.1 interface port-channel13
ip igmp snooping static-group 239.0.0.1 interface port-channel14
Note |
Due to limitation of VTS, Tenant VLAN ID needs to be selected as lowest number in the TOR interface. If not, Multicast configuration will be pushed incorrectly. |
The following table lists the configurations required to enable the functionality of TORs “managed” through VTS.
Configuration Location |
Value Requirements |
Description |
---|---|---|
CVIMmercury: openstack-configs/setup_data.yaml VTS_PARAMETERS: MANAGED: |
MANAGED: Set to True or False. By default, it is False. |
MANAGED: Must be configured as True, when VTS deployment mode is managed. It is a day-0 configuration, and cannot be enabled as a reconfigure option. |
TORSWITCHINFO: CONFIGURE_TORS |
CONFIGURE_TORS: False |
CONFIGURE_TORS value has be to False to indicate that CVIM is not configuring the TORs; this is a way for VTC to know what switches to access and manage |
SWITCHDETAILS: |
Hostname, ssh_ip, username, and password of the switches for VTC to manage {switch_a_hostname: ethx/y, switch_b_hostname: ethx/y} |
Need minimum switch details to access it. |
SERVERS: <SERVER_NAME>: tor_info: |
For each server, list the tor_info associated to the server, so that VTC can manage the switch ports. Note that the storage nodes do not have VTF and hence switch ports hanging off the storage nodes are configured statically.To maintain consistency, add the tor_info to the storage nodes in the setup_data of the pod. |
From an architecture point of view, the following are configured automatically in VTC Node when Managed TOR mode is selected in setup_data.yaml:
-
VTS System Settings and Route reflector are configured in VTC.
-
Openstack Virtual Machine Manager is configured.
-
Global VNI POOL is configured.
-
Multicast pools are created to allocate multicast IP address for Tenant VLAN ID.
-
Authentication Group is created for device.
-
TOR switches are configured under Network Inventory.
-
Admin domain is created with BGP EVPN multicast replication mode for L2 and L3 Gateway.
-
TOR switches and VTSR are added to L2 and L3 Gateway in admin domain.
-
Controller and Compute Node are added under host inventory with corresponding TOR interfaces.
-
All VTFs are registered with VTSRs and appear under Virtual Forwarding Groups.