Installing Netvisor ONE and Initial Configuration

Overview

This section contains information about initial configuration of your switch as well as commands to manage, upgrade, and restoring Netvisor ONE configurations.

Using the Serial Console Port for Initial Configuration

This procedure assumes you installed the switch in the desired location and powered on the switch.


 

 Do not connect any ports to the network until the switch is configured. You can accidentally create loops or cause IP address conflicts on the network.

If you are going to cable host computers to the switch, there is an option to enable or disable host ports by default.

1. Connect the console port on the rear or front (depending on the model) of the switch to your laptop or terminal concentrator using a serial cable.

2. From the terminal emulator application on your computer, log into the switch with the username network-admin and the default password admin.

3. Begin initial configuration using the initialization procedure displayed:


 

Informational Note:  Netvisor supports IPv6 addresses for the in-band interface.


 

Warning: Be sure to type in a static IP address for the management interface during the initial configuration. Netvisor initially uses DHCP to obtain an IP address, but Netvisor does not support DHCP after the initial configuration.

switch console login: network-admin

Password: admin

Last login: Fri Oct 3 12:23:04 on console

Command Line Interface v2.5.4

System setup required:

System Name (switch): hostname <return>

network-admin Password: password <return>

Re-enter Password:****** <return>

Enable mgmt link aggregation[disable|enable|active-standby] (disable): active-standby

This might reset SSH connections after the setup.Are you Sure? (no): yes <return>

Mgmt IP/Netmask: ip-address/netmask <return>

Mgmt IP Assignment:

Mgmt IPv6: IPv6-address/netmask

Mgmt IPv6 Assignment:

In-band IP/Netmask: ip-address/netmask

In-band IPv6/Netmask:

In-band IPv6 Assignment:

Gateway IP (0.0.0.0): 192.168.100.254 <return> or ip-address

Gateway IPv6 ():

Primary DNS IP (0.0.0.0): 192.168.100.253 <return> or ip-address

Secondary DNS IP (0.0.0.0): 192.168.200.253 <return> or ip-address

Domain name (some-domain.com): domain-name <return>

NTP Server:

Secondary NTP Server:

Timezone:

EULA accepted:

EULA timestamp:

Date:

Automatically Upload Diagnostics (yes): <return>

Enable host ports by default (yes): <return>

nvOS system info:

Switch Setup:

Switch Name:                  T6001

Switch Mgmt IP:               192.168.100.1/24

Mgmt IP assignment: static

Switch Mgmt IPv6:             2001:0db8:85a3:0000:0000:8a2e:0370:7334

MGMT IPv6 assignment: autoconf

Mgmt Link State: up

Mgmt Link Speed: 1g

Switch In-band IP:            192.168.200.1/24

Switch In-band IPv6:          2001:0db8:85a3:0000:0000:8a2e:0370:7315

Switch Gateway:               192.168.100.254

Switch DNS Server:            192.168.100.254

Switch DNS2 Server:           192.168.100.253

Switch Domain Name:           pluribusnetworks.com

Switch NTP Server:            0.north-america.pool.ntp.org

Switch NTP Secondary-server   1.north-america.pool.ntp.org

Switch Timezone:           US/Pacific

Switch Date:               2017-05-03, 13:02:39

HostID: 184551182

Location ID: 1

Upload Diagnostics:        yes

Enable host ports:         yes

Analytics Store:           default

Fabric required. Please use fabric-create/join/show

Connected to Switch; nvOS Identifier:0x000044; Ver: 0.19.3398

 

When you setup a switch for initial configuration, disable host-facing ports until ready to plug in host cables to the switch. If Netvisor does not detect adjacency on a port during the quickstart procedure, the ports remain in the disabled state. To enable the ports after plugging in cables, use the port-config-modify port port-number host-enable command. Netvisor enables host ports by default unless you specify no during the quickstart procedure.

Netvisor OS Command Line Interface 3.0

By ANSWERING "YES" TO THIS PROMPT YOU ACKNOWLEDGE THAT YOU HAVE READ THE

TERMS OF THE PLURIBUS NETWORKS END USER LICENSE AGREEMENT (EULA) AND AGREE TO

THEM. [YES | NO | EULA]?: yes

Switch setup required:

Switch Name (e68-leaf-01):

network-admin Password:

Re-enter Password:

Mgmt IP/Netmask (10.13.25.225/16):

In-band IP/Netmask (192.168.97.2/24):

Gateway IP (10.42.42.1):

Primary DNS IP (10.42.44.1):

Secondary DNS IP:

Domain name (pluribusnetworks.com):

Automatically Upload Diagnostics (yes):

Enable host ports by default (yes): no

 

LI (network-admin@e68-leaf-01) > port-show

switch       port status                config

------------ ---- ------------          ------
e68-leaf-01  25   phy-up,host-disabled  10g

 

CLI (network-admin@e68-leaf-01) >port-config-modify port 25 host-enable

 

CLI (network-admin@e68-leaf-01) > port-show

switch       port status                config

------------ ---- ------------          ------
e68-leaf-01  25   up                    10g

 

With switch-setup Enable host ports mode set to no, all ports have this port-config-setting set to no. This can be viewed using the following command:

CLI (network-admin@Spine1) > port-config-show format port,host-enable,

In this mode, when any port comes up physically, Netvisor OS automatically sends and receives LLDP packets to look for peer switches. If LLDP packets are received and Netvisor forms an adjacency, Netvisor OS continues normally. If Netvisor does not detect an adjacency within in 5 seconds, Netvisor OS flags the port as host-disabled. With this flag set, Netvisor only accepts LLDP packets and does not initiate packet transmission.

CLI (network-admin@Spine01) > port-show

switch    port ip           mac               hostname  status        

--------  ---- --------     ---------------   --------  -------------------------------------------

Spine-01  34   192.168.97.4 66:0e:94:cc:ee:fc E68-pa    up,PN-switch,PN-other,LLDP,

Spine-01  5                                             phy-up,host-disabled

 

config      trunk

---------   --------

fd,10g      auto-128

 

After completing switch discovery and fabric creation, enable host, server, or router traffic switching, and enable the ports using the host-enable option:

port-config-modify port 5 host-enable

switch-setup-show displays enable-host-ports setting. You cannot change this global switch setting after the first initial switch-setup is performed. However, configure individual ports for host-enable or disable by using the port-config-modify command.

Autoconfiguration of IPv6 Addresses on the Management Interface Support

IPv6 Stateless Address Autoconfiguration (SLAAC)

Like IPv4 addresses, you configure hosts in a number of different ways for IPv6 addresses. Dynamc Host Configuration Protocol (DHCP) assigns IPv4 addresses dynamically and static addresses assign fixed IP addresses. DHCP provides a method of dynamically assigning addresses, and provides a way to assign the host devices other service information like DNS servers, domain names, and a number of different custom information.

SLAAC allows you to address a host based on a network prefix advertised from a local network router using Router Advertisements (RA). RA messages are sent by default by IPv6 router. These messages are sent out periodically by the router and include information including:

Netvisor enables SLAAC by default on the switch.

When you configure IPv6 address on the management interface during setup, the parameter, assignment, has two options:

none — Disables IPv6 addresses.

autoconf — Configure the interface with SLAAC.

 

Changes to the End User License Agreement (EULA)

Currently, the Netvisor OS displays the EULA during switch setup.

Netvisor OS Command Line Interface 2.6

By ANSWERING "YES" TO THIS PROMPT YOU ACKNOWLEDGE THAT YOU HAVE READ THE TERMS OF THE PLURIBUS NETWORKS END USER LICENSE AGREEMENT (EULA) AND AGREE TO THEM. [YES | NO | EULA]?:

 

When you enter the EULA option, the output displays the complete EULA text. After this action, you cannot confirm EULA acceptance again. In some cases, an integrator may have accepted the EULA on behalf of the actual end user.

Netvisor ONE displays the EULA acceptance with a timestamp of the event:

eula-show

End User License Agreement

Pluribus Networks, Inc.'s ("Pluribus", "we", or "us") software products are designed to provide fabric networking and analytics solutions that simplify operations, reduce operating expenses, and introduce applications online more rapidly. Before you download and/or use any of our software, whether alone or as loaded on a piece of equipment, you will need to agree to the terms of this End User License Agreement (this

"Agreement").

...

PN EULA v 2.1

accepted:  true

Zero-Touch Provisioning Support

Use Zero Touch Provisioning (ZTP) to quickly bring up and deploy a configuration on a Pluribus switch with no user interaction. Typically used in large-scale data center deployments where the data center engineers simply rack the equipment and connect it to the management network.

ZTP leverages an on-premise DHCP server where an administrator configures one or more vendor-specific DHCP options that Netvisor OS interprets and configures the switch.

ZTP runs when Netvisor is started and is in setup mode. Netvisor searches for vendor specific DHCP options (236 and 237),in addition to a few commonly used ones.

Phase 2 of ZTP allows you to bring up a new switch and automatically configure the required switch-setup settings, in-band-ip, or port-specific settings.

As new switches are connected to the DHCP-enabled management network, the new switch is provided the required configuration using DHCP options to connect and retrieve a script (ZTP script) interpreted by Netvisor OS.

If the switch is in ‘setup’ mode, Netvisor OS discovers and runs the ZTP script using the following algorithm:

1. local directory (/sftp/import/nv-ztp-installer)

2. directory of USB drive (i.e. /media/{drive}/nv-ztp-installer)

3. remote webserver (http://<host>/nv-ztp-installer)

In all of the above cases, the script must be named nv-ztp-installer. However, a complete URL may be specified using DHCP option 236, in which case the complete path to the installer may be specified. For example,

option Pluribus_ZTP_url “http://<server>/my_script”;

 

Also, if you use options 66 and/or 67, the script may be named option 67. If you do not use option 67, Netvisor OS defaults to the name nv-ztp-installer. Additionally, the Pluribus Networks Cloud developer portal encrypts and signs the script.

developer-portal.png

 

Upload the script and click Create Signed Package button. The portal then encrypts, signs, and downloads to the your switch. Pluribus Network Cloud does not store the script..


 

Informational Note:  Please contact Pluribus Networks for access to the Developer Portal.

If Netvisor OS mode is in setup mode, ZTP discovery is triggered upon service startup. This is the default mode for Netvisor OS.

The ZTP script contains a number of CLI commands that are interpreted in the order listed in the script and issued to Netvisor OS as if you typed them at the CLI prompt.

The following sample script accepts the EULA, sets the inband-ip (based on DHCP option 237), name of the switch, DNS domain, and joins the fabric, corp-fabric:

#

# Configure the setup-related options first

#

switch-setup-modify eula-accepted true

switch-setup-modify in-band-ip %NV_ZTP_INBAND_IP%

--script-password switch-setup-modify password changeme

switch-setup-modify switch-name august

switch-setup-modify domain-name pluribusnetworks.com

#

# At this stage, nvOS is no longer in setup mode, other commands

# may now be used.

#

switch-setup-modify phone-home

--user network-admin:test123 fabric-join name corp-fabric

Any command used at the CLI prompt can also be used in a ZTP script. However, regular Unix shell commands are not supported at this time and cause the script to fail.

When developing the script, Pluribus Networks recommends validating the script by first executing the equivalent commands at the CLI prompt to ensure the proper sequence and syntax. If any command fails, Netvisor ONE terminates the script.

The %NV_ZTP_INBAND_IP%, if used, replace the vendor-specific DHCP option 237. This allows the DHCP server to control the in-band IP assignment in much the same way as controlling management IP assignment by MAC. For example, the following DHCP server snippet sends the inband-ip of 1.1.1.1 to my-switch:

 

host my-switch {

hardware ethernet 01:02:03:04:05:06;

option host-name "my-switch1";

option Pluribus_ZTP_inband_ip "1.1.1.1/24";

fixed-address 192.168.1.10;

 

Figure 4:ZTP Script Discovery

atp-discovery.png

 

DHCP Options

The following options are queried and interrogated during ZTP discovery:

SFTP Discovery

SFTP discovery checks for the presence of the ZTP installer (nv-ztp-installer) in the directory: /sftp/import.

USB Discovery

USB discovery checks for the presence of the ZTP installer (nv-ztp-installer) on the root directory of a removable drive. For Netvisor OS, USB drives are auto-mounted under /media/{name of drive}.

HTTP Discovery

HTTP discovery uses the DHCP options above to find the ZTP script by performing a wget to each of the options.

When performing HTTP discovery, Netvisor OS sends a number of HTTP headers with each request. Specify the HTTP headers in the request to identify the client and platform to the server. This allows the server-side to generate a dynamic response based on these client parameters.

Netvisor OS sends the following HTTP headers during ZTP discovery:

Security Considerations

The script is encrypted and signed in the same way as Netvisor OS packages and can only be decrypted by Netvisor OS.

Additionally, the signer is also verified and only scripts signed by Pluribus are run.

Transport Layer Security Protocol 1.2 Support

The TLS protocol provides communications security over the Internet. The protocol allows client and server applications to communicate in a way designed to prevent eavesdropping, tampering, or message forgery.

GREP Support for Netvisor OS

Netvisor ONE supports filtering output and allows switch administrators to filter output using “grep|” from the CLI. This functionality is limited t

o the following commands:

CLI > help | grep “openstack” lists all of the commands for OpenStack

Running Commands on a Local Switch

Run commands locally on a switch by using the switch-local parameter. For instance, using switch-local port-stats-show displays output for the local switch ports only.

Changing Other Switch Setup Parameters

You can also modify other switch parameters including the following:

Setting the Date and Time

To set the date and time on the switch, modify the switch configuration using the switch-setup-modify command. To change the date and time to December 25, 2017, 12:00:00, use the following syntax:

switch-setup-modify date 2017-12-25T12:00:00

Display the configured setting using the switch-setup-show command:

switch-setup-show

switch-name:         switch

mgmt-ip:             10.9.11.211/16

mgmt-ip6:            fe80::3617:ebff:fef6:e2c4/64

mgmt-link-state:     up

mgmt-link-speed:     1g

in-band-ip:          10.9.11.213/16

gateway-ip:          10.14.2.1

gateway-ip6:         2001:1000:1111:2222:3333:abcd:1000:2

dns-ip:              10.20.4.1

dns-secondary-ip:    10.20.40.1

domain-name:         pluribusnetworks.com

ntp-server:          0.ubuntu.pool.ntp.org

timezone:            America/Los_Angeles

date:                2017-12-25,01:06:47

phone-home:          yes

hostid:              184551447

location-id:         1

analytics-store:     default

enable-host-ports:   yes

banner:

 

The analytics-store parameter refers to the storage location for analytics which in this case is the hard drive on the switch. Netvisor ONE does not support external hard drives.

Changing the Default Timezone

By default, Netvosisor sets the default timezone toUS/Pacific Standard Time (PST). To change the timezone, use the switch-setup-modify command:

switch-setup-modify timezone time-zone name

Configuring Administrative Session Timeout

By default, Netvisor sets the administrator sessions to unlimited session time, and set the unlimited session time by configuirng the timeout to 0 seconds. The session timeout also applies to using the shell command in Netvisor.

New commands support this feature:

admin-session-timeout-modify

timeout duration: #d#h#m#s

Specify Maximum time to wait for user activity before terminating login session

admin-session-timeout-show

switch: Spine1

timeout: 300s

Viewing User Sessions on a Switch

For security and troubleshooting, view user sessions on the switch. Netvisor now lists all currently logged-in users and the IP of the connection and the login time when you execute the command, mgt-session-show.

mgmt-session-show

user user-string

Displays the user name.

cli-user cli-user-string 

Displays the name used to log into the switch.

pid pid-number

Displays the process ID.

terminal terminal-string

Displays the terminal.

from-ip ip-address

Displays the IP address for the user.

login-time date/time: yyyy-mm-ddTHH:mm:ss

Displays the time and date that the user logged into the switch.

remote-node remote-node-string

Displays the name of the remote node.

vnet vnet-string

Displays the VNET assigned to the user.

type cli|api|shell

Displays the type of login session.

mgmt-session-show

switch        user   cli-user      pid   terminal from-ip      login-time

------------- ----- ------------- ----- -------- ------------ --------------

Spine-ext-41  admin network-admin 13805 pts/3    10.60.1.216  11:20:52

Spine-ext-41  root  network-admin 8589  pts/2    10.14.20.109 11-15,17:16:17

Spine-ext-41        network-admin                             08:24:10

Spine-ext-41  root                19139 pts/1    10.14.22.54  11-15,11:01:08

 

type

------

cli   

cli   

api   

shell

Confirming Connectivity on the Network

After connecting your switch, take the time to ensure connectivity by pinging an external IP address, and pinging a domain to ensure domain name resolution.

To ping the external network from the switch, use the ping command:

ping 98.138.253.109 : 56 data bytes

PING 98.138.253.109 (98.138.253.109) 56(84) bytes of data.

64 bytes from 98.138.253.109: icmp_seq=1 ttl=47 time=51.8 ms

64 bytes from 98.138.253.109: icmp_seq=2 ttl=47 time=51.9 ms

64 bytes from 98.138.253.109: icmp_seq=3 ttl=47 time=53.6 ms

Use the ping command again to ping a domain:

ping yahoo.com

PING yahoo.com (98.138.253.109) 56(84) bytes of data.

64 bytes from ir1.fp.vip.ne1.yahoo.com (98.138.253.109): icmp_seq=1 ttl=47 time=52.2 ms

64 bytes from ir1.fp.vip.ne1.yahoo.com (98.138.253.109): icmp_seq=2 ttl=47 time=52.5 ms

64 bytes from ir1.fp.vip.ne1.yahoo.com (98.138.253.109): icmp_seq=3 ttl=47 time=51.9 ms

64 bytes from ir1.fp.vip.ne1.yahoo.com (98.138.253.109): icmp_seq=4 ttl=47 time=51.8 ms

Adding License Keys to Netvisor OS

Netvisor binds the license key to the serial number of the switch and when downloading the Netvisor software, the Pluribus Networks Cloud locates the serial number.

To install the license key, use the following syntax:

CLI network-admin@switch > software-license-install key license-key

The license key has the format of four words separated by commas. For example,

License Key: rental,deer,sonic,solace

Once you install the license key, display information about the key using the following command:

software-license-show

switch:             T6001-ON

license-id:         NVOS-CLD-LIC-60D

description:        Pluribus Open Netvisor OS Linux Cloud Edition License

expires-on:         never

status:             VALID

 

Enabling Administrative Services

There are many features of the Pluribus Networks fabric that require or can be enhanced using remote access. For example, when Netvisor writes packets to a log file, transfer the file from a switch to a different system for analysis. Also, if you create a NetVM environment, you must load the OS of the guest OS on the switch.

Netvisor supports file transfer method SFTP.

SFTP is enabled by default. Because SFTP relies on Secure Shell (SSH), you must enable SSH before enabling SFTP.

1. To check the status of SFTP, use the following command:

admin-service-show

switch:       Leaf-2

if:           mgmt

ssh:          on

nfs:          on

web:          on

web-ssl:      off

web-ssl-port: 443

web-port:     80

web-log:      off

snmp:         on

net-api:      on

icmp:         on

switch:       techpub-accton-2

if:           data

ssh:          on

nfs:          on

web:          on

web-ssl:      off

web-ssl-port: 443

web-port:     80

web-log:      off

snmp:         on

net-api:      on

icmp:         onf

 

To enable SSH, use the following command:

admin-service-modify nic mgmt ssh

admin-sftp-modify enable

sftp password: <password>

confirm sftp password: <password>

 

The default SFTP username is sftp and change the password using the admin-sftp-modify command:

admin-sftp-modify

sftp password: <password>

confirm sftp password: <password>

admin-service-show

switch      nic     ssh   nfs   web   web-port   snmp   net-api   icmp

------      ---     ---   ---   ---   --------   ----   -------   ----

pleiades24  mgmt    on    on    off   80         off    off       off

 

admin-sftp-show

switch:     pleiades24

sftp-user:  sftp

enable:     yes

 

Use SFTP from a host to the switch, and login with the username sftp and the password configured for SFTP. Then you can download the available files or upload files to the switch.

admin-service-show

switch     nic   ssh   nfs   web   web-port   snmp   net-api   icmp

------     ---   ---   ---   ---   --------   ----   -------   ----

pleiades01 mgmt  on    off   on    80         off    on        on

Modifying and Upgrading Software

A switch contacts an upgrade server, either directly or through a proxy, to download and upgrade to a newer version of Netvisor OS. Modify the upgrade process for the switch and add a proxy host.


 

Informational Note:This upgrade procedure applies to only one switch. To upgrade switches on the fabric or to create a “rolling upgrade” on the fabric, see

What are Software Tracks?

Pluribus Networks manages different software releases using software tracks. By default, the software track, release, is the standard track, but other tracks, such as Beta, may be available for download.

software-modify phone-home

Updating Netvisor ONE on the Switch

Pluribus Networks switches send “phone home” messages to the Pluribus Networks update servers to determine the availability of a new release of software.

1. To view the current version of Netvisor OS on the switch, use the following command:

software-show

version:             2.2.1-202016524

track:               2.2-release

upgrade-status:      available

version-available:   2.2.0-202006524 -> 2.2.1-202016554

auto-upgrade:        disable

use-proxy:           no

 

2. If the upgrade status indicates the availability of a newer version of Netvisor ONE, request an update from the server:

software-upgrade

upgrade successful. rebooting...

Check the status while the switch is upgrading, use the software-upgrade-status-show command.

3. Check the status of the switch after upgrading, reconnect to the switch, and enter the fol­lowing command:

software-show

version:              2.2.1-202016554

track:                2.2-release

upgrade-status:       up-to-date

auto-upgrade:         disable

use-proxy:            no

 


 

Informational Note:  Allow plenty of time for the switch to download and install the new version of software. Do not interrupt the operation while the upgrade is in progress. After completing the upgrade, the switch reboots and loads the latest version of the software.

If you encounter any problems with the new version of the software, select a previous versionof the boot software.


 

Informational Note:  Upgrading without an Internet connection - If the switch does not have direct access to the Internet but uses a proxy server, enter the software-modify use-proxy command to configure the proxy and then check for software upgrade availability. If no access to the Internet from the switch, contact Pluribus Technical Support for instructions on upgrading a switch offline.

To upgrade the current Netvisor OS to a later release, use the software-upgrade command.

software-upgrade package nvos-2.3.1-203018600.tgz

The parameter package allows you to specify the name of the upgrade file.

To display information about the software upgrade path, you can use the software-track-show command.

Implementing a Fabric Upgrade or a “Rolling” Fabric Upgrade

Netvisor implements a fabric-wide upgrade and reboot the switches at the same time or in a sequential order. A fabric upgrade requires downloading the new Netvisor software package to each switch, and rolling upgrade downloads the software packages from the update server and then copies the software to each switch as the upgrade proceeds.

Issue the fabric-upgrade-start command on the upgrade controller. You must execute all upgrade commands from the upgrade controller.

The fabric upgrade feature has two phases:

Netvisor locks the fabric during the entire process and you cannot change any configurations during the process.

Before You Begin the Fabric Upgrade

Before you begin, review the following options for the fabric-upgrade-start command:

Starting the Fabric Upgrade

1. Download the latest Netvisor software from the update server onto a switch in the fabric.

2. Copy the Netvisor software package to each switch in the fabric.

3. Select a switch in the fabric to act as the upgrade controller switch, and use the fab­ric-upgrade-start command to begin the upgrade.

4. Depending on the options selected, the upgrade completes by reboot the fabric or reboot­ing all of the switches.

Starting the Rolling Fabric Upgrade

If you opted for a rolling fabric upgrade, then the upgrade controller switch begins copying to software packages to other switches in the fabric. Other than this step, the rolling fabric upgrade functions the same as a fabric upgrade depending on the selected options.

You can check the status of the upgrade using the fabric-upgrade-status-show command:

CLI (network-admin@sw1) > fabric-upgrade-status-show

log                                             switch   state

----------------------------------------------- -------- ------------------

(0:00:36)Upgrading software upgrade framework   sw3      Running

(0:00:08)Computing package update requirements. sw2      Running

(0:00:12)Agent needs restart                    sw1* Agent restart wait

 

The first entry in the log is the duration of the upgrade process. It does not include waiting time. The switch with the asterisk (*) is the controller server-switch where the fabric-upgrade-start command was issued.

Additional commands for the fabric upgrade feature:

If you issue the fabric-upgrade-abort command during the upgrade process, it may take some time before the process stops because the upgrade has to reach a logical completion point before the changes are rolled back on the fabric. This allows the proper cleanup of the changes.

Saving and Restoring Netvisor ONE Configurations

A switch contains local configuration information such as port settings as well as fabric configuration information. Fabric configurations are stored on every switch in the fabric and does not require that you save and restore before replacing a switch. When a switch is replaced, removed, or otherwise disrupted, you can save and restore the local configuration information.

The information that is saved and restored on the local switch includes the following:

To display a full list of the current configuration details for a switch, use the running-config-show command.

Use SFTP to transfer the configuration file, but you must enable the features:


 

Caution! There is a potential for data loss when restoring a configuration. The configuration on the switch is replaced by the configuration stored in the import file. Although ISO images and disk-library images are not likely to disappear, you should only perform switch-config-import on a switch that doesn’t have important data stored on it.

As a precaution, use the command switch-config-export to save the data on the switch to import the configuration file.

 

1. Use the following command to save the switch configuration to a file:

switch-config-export export-file pleiades24

Exported configuration to /nvOS/export/pleiades24.2013-11-04T22.33.31.tar.gz

 

Use the following command to display the files available for import and export:

switch-config-show

switch       export-file

pleiades24   pleiades24.2013-11-04T22.33.31.tar.gz

 

Now copy the configuration file to a different host using SFTP or NFS. For example, SFTP to the switch-ip-address, and login using the SFTP password. Then use cd/nvOS/import, and use get to download the configuration file.

The Netvisor command, switch-config-export exports the configuration of the local switch. The file created is a tar file that includes a number of configuration files for the switch. The file created under /nvOS/export. Also, each time you reset the switch using the command, switch-config-reset, Netvisor retains a backup of the configuration and places a file in the same location.

Once you export the switch configuration, use it to import on the same switch, by executing the switch-config-copy-to-import command. Netvisor copies the configuration tar file from the /nvOS/export to the /nvOS/import directory. Once in the /nvOS/import directory, use the switch-config-import command to import the switch configuration.

The switch-config-import command has a few parameters to it. The ignore-system-config and the apply-system-config parameters are 2 parameters that allow the imported configuration of the switch to override or not override the currently configured information found under the switch-setup-show command. When you select the ignore-system-config parameter, Netvisor s to an archive. If you select apply-system-config, Netvisor applies the settings in the tar file to the local switch.

When you import a configuration using the switch-config-import command, Netvisor over writes the current configuration on the switch with the imported configuration file.

When a switch that was part of a cluster is replaced, use the fabric-join repeer-to-cluster-node command for the new switch to receive all required switch configuration, including the local configuration.

To upload a configuration file to a switch and set the configuration for the switch using the configuration file, you must transfer the configuration file to the target switch using the following sequence of commands:

sftp sftp@<switch-ip-address>

Connecting to switch-ip-address

Password: <password>

sftp> cd nvOS/import

sftp> put pleiades24.2013-11-04T22.33.31.tar.gz

 


 

Informational Note:  The configuration file must use the *.tar.gz extension to be recognized by nvOS.


 

CAUTION! Loading the configuration file causes nvOS to restart which results in a brief interruption to switch traffic flow.

Now load the configuration file which replaces the current configuration on the switch with the information in the file.

switch-config-import import-file pleiades24.2013-11-04T22.33.31.tar.gz

New configuration imported. Restarting nvOS...

Connected to Switch pleiades24; nvOS Identifier:0xb000011; Ver: 0.19.3747

 

Netvisor provides many options to allow you to control how the switch-config-import modifies the switch, including the following:

By default, the initial switch system configuration, management IP addresses and other parameters, are not applied if there is another switch in the fabric with the same settings. To apply the initial settings, use the apply-system-config option. Also, by default, the imported configuration attempts to join the same fabric that the original switch was a member. If that join fails, then the import fails. You can avoid this issue by using the skip-fabric-join option. Finally, if the original switch is still on the network and you want to copy the configuration to a new switch, but you want to prevent the new switch from taking ownership of any objects specific to the original switch, such as VNET services, or VLAN port settings, you must use the no-replace-switch option.

Copying and Importing Configuration Files

Create a configuration file to import to another switch by using the switch-config-copy-to-import command. To create a configuration file with the name config-092613 to import on another switch, use the following syntax:

switch-config-copy-to-import export-file config-092613

After you create the configuration file, you can export it to /nvOS/export/ directory, and SFTP to it from the target switch.

To review the available files for import and export, use the following syntax:

switch-config-show

switch        export-file

pbg-nvos      config-092613.tar.gz

 

Depending on the available remote access services, you copy the configuration file to a different switch. For example, SFTP to another switch using the IP address of the switch, login as SFTP with the previously set password, cd /nvOS/import and get the configuration file.

To upload the configuration file to the target switch and set the configuration from the configuration file, transfer the configuration file to the target switch with the IP address, 192.168.3.35.

To export a configuration to a server, use the switch-config-export command:

switch-config-export

Exporting Configurations Using Secure Copy Protocol (SCP)

The SCP is a network protocol based on the BSD RCP protocol supporting file transfers between hosts on a network. SCP uses Secure Shell (SSH) for data transfer and uses the same mechanisms for authentication, and ensures the authenticity and confidentiality of the data in transit. A client uploads files to a server, optionally including basic attributes such as permissions or timestamps. Clients also download files or directories from a server. SCP runs over TCP port 22 by default. Like RCP, no RFC defines the specifics of the protocol.

In Netvisor, the CLI prompts for a password when you provide the upload-server option.

During the software upgrade process, Netvisor exports the switch configuration and moves it to a shared directory. Access the exported configuration archive from all boot environments. Netvisor exports the configuration before the start of the software upgrade.

Netvisor stores a maximum of three configuration archives on the switch and deletes older configurations.

New parameters in Netvisor support this feature:

switch-config-export

export-file switch-config export-file

Specify the name of the file to export.

upgrade-location-mappings
upgrade-location-mappings-string

Specify the upgrade location mappings.

Specify any of the following options:

upload-server upload-server-string

Specify the name of the upload server.

server-password server-password-string

Specify the password for the upload server.

If you specify an upload server and password, Netvisor OS prompts you for that information when you execute the software-upgrade command.

Displaying and Managing Boot Environment Information

Display information about the different boot environments on the switch. There are two boot environments: the current boot environment, and the previous boot environment. To display boot environment information, use the following command:

bootenv-show

name        version    current reboot space created             

----------- ---------- ------- ------ ----- -------------------

netvisor-22 2.2.7-7356 no      no     58.5M 2015-12-07,09:55:58

netvisor-23 2.3.1-8600 yes     yes    27.4G 01-06,09:13:11

 

To reset the boot environment and reboot using the previous environment, use the following syntax:

bootenv-activate-and-reboot name netvisor-22

To delete a boot environment, use the following syntax:

bootenv-delete name netvisor-22

Rolling Back to Previous Versions of Netvisor

After upgrading to a newer version of Netvisor, you can rollback to an earlier version and preserve the current configuration. Netvisor applies the new configuration before booting into the previous environment so Netvisor retains critical ACLs and security vFlows when Netvisor restarts.

A new parameter, apply-current-config, for the command, bootenv-active-and-reboot, provides support for this feature.

Before rebooting, Netvisor copies the current boot environment transaction logs into the target boot environment.

After rebooting, Netvisor performs the following:


 

 Retaining the current configuration when booting to an older version of Netvisor is best-effort. Some transaction IDs from the newer (or current) version may not properly apply due to feature incompatibility. It is not guaranteed that all changes are applied.


 

 You must apply the parameter, apply-current-config, on all nodes in the fabric. There is no coordination across the fabric for this process, therefore the commitment of fabric transactions on one node but not another using this process causes the fabric to go out of sync and may result in unrecoverable errors.

Creating Switch Groups

Create switch groups on your network, and you create as many switch groups as needed. Provide a name to a group of switches, and a switch can be a member of more than one group.

When you add an offline switch to a group,the configuration fails for that switch. Netvisor adds online switches normally.

Switch groups are static and you must manually remove a switch from a group. You cannot use a switch name for the switch group name and Netvisor displays a warning message due to the invalid configuration.

New Commands

switch-group-create

name name-string

Specify a name for the switch group.

description description-string 

Specify a description for the switch group.

To create a switch-group with the name, rack-1-row-1, use the following syntax:

switch-group-create name rack-1-row-1 description datacenter rack 1

switch-group-delete

name name-string

Specify a name for the switch group.

description description-string 

Specify a description for the switch group.

To delete a switch-group with the name, rack-1-row-1, use the following syntax:

switch-group-delete name rack-1-row-1 description datacenter rack 1

switch-group-modify

name name-string

Specify a name for the switch group.

description description-string 

Specify a description for the switch group.

To modify a switch-group with the name, rack-1-row-1, and change the description, use the following syntax:

switch-group-modify name rack-1-row-1 description datacenter

switch-group-show

name name-string

Displays the name of the switch group.

description description-string 

Displays a description of the switch group.

To display a switch-group with the name, rack-1-row-1, use the following syntax:

rack-1-row-1 datacenterswitch-group-show

name         description

------------ -----------

rack-1-row-1 datacenter

 

Adding Switches to Switch-Groups

switch-group-member-add

name name-string

Specify the name of the switch group to add the member.

member fabric-node name 

Specify the name of the switch to add as a member.

To add switch, Leaf-1, to switch-group, rack-1-row-1, use the following syntax:

switch-group-member-add name rack-1-row-1 member Leaf-1

switch-group-member-remove

name name-string

Specify the name of the switch group to remove the member.

member fabric-node name 

Specify the name of the switch to remove as a member.

To remove switch, Leaf-1, from switch-group, rack-1-row-1, use the following syntax:

switch-group-member-remove name rack-1-row-1 member Leaf-1

switch-group-member-show

name name-string

Displays the name of the switch group.

member fabric-node name 

Displays the name of the switches in a group.

To display switch-group, use the following syntax:

switch-group-member-show

switch   name         member        

-------- ------------ -------------

Spine-1  rack-1-row-1 Leaf-1

Support for Enabling or Disabling LLDP

This feature provides for a generic LLDP ON/OFF toggle function set at the system level.

Currently, to disable LLDP on a switch you must disable the LLDP configuration on all ports. This resets all related configurations of LLDP protocol setting and LLDP vFlows.

Use the following CLI command to enable and disable the protocol:

system-settings-modify [lldp|no-lldp]

LLDP packets are executed on the CPU with the help of LLDP vFlows.

To clear all LLDP protocol system flows use the parameter no-lldp.

To add all LLDP protocol system flows use the parameter lldp.

This approach does not disturb port LLDP configurations

system-settings-show

switch:                        Spine1

optimize-arps:                 on

lldp:                          on

 

Managing RMAs for Switches

RMA Use Case


 

Informational Note:  This process applies to Version 2.5.4 and earlier.

A primary case for an RMA is a failed switch in the network. Netvisor restores the configuration to a replacement switch using the following commands:

RMA Process

This procedure assumes a failed switch is part of a HA pair (cluster). Nodes part of a cluster automatically back up the other configuration.

For an RMA case, the host ID differs between the new switch and the old failed switch. Netvisor ties both cluster membership and service object locations to the host ID.

1. Retrieve the host id of the old node:

CLI> fabric-node-show name <old-hostname> format name,id

2. Evict the old node from the fabric. This allows Netvisor to process fabric provisioning oper­ations before completing the RMA. Additionally, the presence of the old node ID interferes with subsequent steps.

CLI> fabric-node-evict name <old-hostname>

3. Setup the new switch with basic settings, such as hostname and IP address.

Perform this step at the console when booting the switch for the first time:

CLI> switch-setup-modify

4. Configure the new switch to rejoin the fabric. As it is part of a cluster, use the repeer-to-cluster-node option.

CLI> fabric-join name <fabric-name> repeer-to-cluster-node <existing-peer-name>

Netvisor downloads the entire backed up configuration from the cluster peer and restarts Netvisor ONE to apply it. The process restores local, cluster, and fabric scoped configuration.

5. After restart, any service objects present on the failed switch, must be migrated to the new host. Use the value retrieved in Step 1 for the location parameter:

CLI network-admin@switch > object-location-modify location <old-hostid> new-location <new-hostname>

 

The above command executes a bulk migration of all service objects (vRouters, VNET managers, OVSDB Interfaces) and sub-objects

RMA Process for Version 2.6.0 and Later

Netvisor OS fabric creates objects such as vRouters, VLAGs, clusters, and others on a switch in the fabric. Netvisor OS tracks the switch using a location field, currently the host ID of the switch where the fabric objects are configured.

This presents various issues when replacing a faulty switch with a new switch and a new host ID. Fabric-wide configurations that reference the old host ID requires updating to the new host ID. These updates require a few manual extra steps and are either confusing, or it isn’t clear what commands need execution.

Netvisor changes the location from a host ID to a fabric-specific location id assigned to each switch as the switch joins the fabric. Netvisor OS keeps the same ID during the RMA process and reduces the RMA process to a single command.

Netvisor supports a new parameter, location-id, unique among the fabric nodes. Each node that joins the fabric is    assigned a new location ID when it joins. All configurations require a location tied to the location ID instead of the host ID. When Netvisor OS executes the command, switch-config-import, the location ID inherits the ID from the imported configuration. Therefore, no updates required across the fabric because all configurations refer to the correct location ID.

The following commands no longer restore an imported configuration on a new switch:

 

A new parameter, location-id, added to the commands, node-info and fabric-node-show output. This displays the location of the node.

A new command, fabric-node-location-mappings, displays the current fabric host ID to the location ID mappings. The location uses the input for the command, switch-config-import, when importing configurations from earlier versions of software.

If you import a configuration from an earlier version of software, use the following syntax:

switch-config-import upgrade-location-mappings

 

If the imported configuration already has location IDs, Netvisor ignores the parameter.

 

Support for Local Loopback IP Addresses

 

Netvisor uses the loopback interface as an always up and available virtual interface, and you can assign it a unique IPv4 or IPv6 address. Netvisor uses a loopback interface as a termination address for some routing protocols, because of the availability of the interface. Netvisor OS allows you to configure a loopback address for a global zone.

Netvisor deploys the loopback IP address as persistent in the configuration and not affected by a reboot or reset of Netvisor.

To add a loopback IPv4 or IPv6 address or both to an existing configuration, use the following syntax:

switch-setup-modify loopback-ip ip-address loopback-ipv6 ipv6-address

 

For example, to add the IPv4 address, 12.1.1.1, and the IPv6 address, 1212::1, use the following syntax:

switch-setup-modify loopback-ip 12.1.1.1 loopback-ip6 1212::1

 

switch-setup-show format in-band-ip,in-band-ip6,loopback-ip,loopback-ip6, layout horizontal

 

in-band-ip   in-band-ip6 loopback-ip loopback-ip6

------------ ----------- ----------- ------------

150.1.1.1/24 2001::1/96  12.1.1.1    1212::1

150.1.1.2/24 2001::2/96  12.1.1.2    1212::2

 

After configuring the loopback address, you can SSH to the switch over the management, in-band, or loopback interface using the following syntax:

ssh network-admin@<mgmt/inband/loopback ip-address>

 

Then from CLI, execute the shell command to access the switch shell:

network-admin@Spine1:~$