Manual Chapter : Network Settings

Applies To:

Show Versions Show Versions

F5OS

  • 1.0.0
Manual Chapter

Network Settings

Network configuration for the system controllers

The chassis administrator can perform general networking tasks for the system controllers. You can configure management interfaces for the system controllers, enable DHCP, and set up DNS for the VELOS platform. You perform these tasks by logging in to the system controller typically using the floating IP address from a secure webUI with HTTPS on port 443, or the CLI with SSH on port 22.

Configure management interfaces from the webUI

You can configure management interfaces, prefix length (netmask), and gateway for the VELOS system at the chassis level.
  1. Log in to the system controller webUI using an account with admin access.
  2. On the left, click
    NETWORK SETTINGS
    Management Interfaces
    .
  3. If the management port is getting addresses from DHCP, enable
    DHCP
    .
  4. The management IP addresses for both system controllers and the floating IP address are typically set during initial configuration. You can review or change them, if necessary.
  5. For
    Prefix Length
    , type a number from 1-32 for the length of the prefix.
  6. For
    Gateway
    , type the IP address for the gateway.
  7. To enable aggregation for the management ports between the system controllers and an outside switch, for
    Interface Aggregation
    select
    Enable
    .
    Interface aggregation increases the bandwidth between peers by load balancing traffic across the ports.
  8. Click
    Save
    .

Why use link aggregation on management ports

Forwarding is enabled for both management ports when link aggregation is used. If one port of the aggregation goes down, traffic is seamlessly handled by the remaining management port. A health-driven HA switchover need not occur to activate the alternate management port as it does when the management ports are operating independently.
There is also a gain in overall management port throughput. Specifically, total management port bandwidth doubles to 20 Gbps when aggregated. When not aggregated, only one management link is active at a time and total bandwidth is limited to 10 Gbps.
The downside of using management port aggregation is that the ports to which the management ports connect must also be aggregated.
There’s no difference in IP configuration between aggregated and independent modes of operation. That’s because aggregation (an L2 feature) is applied to the physical switch ports that physically connect to the management network, and IP addresses are applied to host interfaces at L3 connecting to entirely different physical switch ports.

Configure DNS from the webUI

You can configure DNS for the VELOS system at the chassis level. This is used for name resolution when setting up the system.
  1. Log in to the system controller webUI using an account with admin access.
  2. On the left, click
    NETWORK SETTINGS
    DNS
    .
  3. Under
    DNS Lookup Servers
    , specify the name servers that the system uses to validate DNS lookups, and resolve host names. For each name server you want to add:
    1. Click
      Add
      .
    2. Type the IP address of the name server that you want to add to the list.
    3. Click
      Save & Close
      .
  4. Under
    DNS Search Domains
    , specify the domains that the system searches for local domain lookups and to resolve local host names. For each domain you want to add:
    1. Click
      Add
      .
    2. Type the domain name of the name server that you want to add to the list. For example, DNSsearch.com
    3. Click
      Save & Close
      .
DNS lookup servers and search domains are specified for the VELOS system.

Network configuration for the partition

Much of the L2 network configuration on VELOS systems is performed at the chassis partition level by the chassis partition administrator. The administrator logs into the partition to view or configure port groups, interfaces, VLANs, and create LAGs for that partition. Configuration can be done from the webUI, or using the CLI or REST APIs.
The chassis partition administrator performs these network configuration tasks:
  • Create and manage VLANs
  • Create and manage LAGs
  • Manage interfaces
  • Manage port groups, as needed

Manage port groups from the webUI

The front-panel ports on VELOS blades support
port group
functionality. This enables you to specify configuration options for these QSFP28 ports. Until configured, the VELOS system uses 100G for the port speeds. You can change them based on what optical transceiver module type you are using.
This task describes how to use the webUI to configure the port groups to use a specific mode depending on how you are connecting your blades to an upstream switch.
Changing the port group mode impacts the view of physical interfaces published by the system. The stale interfaces that correspond to the previous port group mode are deleted, and new ones are created. All configuration under the stale interfaces is lost.
  1. Log in to the chassis partition webUI using an account with admin access.
  2. On the left, click
    NETWORK SETTINGS
    Port Groups
    .
  3. For a specific blade, select a
    Mode
    from the list.
    You can choose from these modes:
    Mode
    Description
    100GbE
    Creates one interface at 100G speed
    40GbE
    Creates one interface at 40G speed
    4 x 25GbE
    Creates four interfaces at 25G speed (requires the use of a breakout cable)
    4 x 10GbE
    Creates four interfaces at 10G speed (requires the use of a breakout cable)
  4. Click
    Save
    .
When you change the port group mode on all ports for a specific blade, the blade reboots. The "stale" interfaces are deleted, and the associated (underlying) configuration is also lost.

Configure interfaces from the webUI

VELOS blades support two kinds of physical network interfaces: interfaces that correspond to the blade front-panel QSFP28 ports and link aggregation groups (LAGs).
You can configure settings or properties on front-panel interfaces:
  • To associate an interface with VLAN(s)
  • To associate a physical port interface with a LAG
  • To configure interface attributes
  • To enable or disable an interface
Before you begin, you need to have created the VLANs that you want to associate with the interface. But if you intend to create LAGs, you should wait to associate VLANs with interfaces because if associated with an interface, the interface cannot be used as a LAG member.
  1. Log in to the chassis partition webUI using an account with admin access.
  2. On the left, click
    NETWORK SETTINGS
    Interfaces
    .
  3. Click an interface name.
  4. For
    State
    , select whether the interface is
    Enabled
    , or
    Disabled
    .
  5. For
    MTU
    , the maximum transmissions unit (MTU) is set the default value of 9600 (read only).
    This is the largest size that the system allows for an IP datagram passing through a physical interface.
  6. Forward Error Correction
    is set to the default value of
    Auto
    (read only).
    Since this setting may be automatically enabled, your upstream switch must also support Forward Error Correction (FEC).
  7. RX Flow Control
    is
    Enabled
    , and cannot be changed.
    The interface processes received pause frames and suspends transmission, if required.
  8. For
    Native VLAN
    , select the VLAN ID used for untagged frames received on an interface.
    An interface (physical port or LAG) can be associated with only one native VLAN.
  9. For
    Trunk VLAN
    , select one or more VLAN IDs for the interface to carry when in trunk mode.
    A trunk VLAN or a native VLAN is required to pass traffic. If you do not select either a native VLAN or a trunk VLAN, the port will not carry any traffic.
  10. Click
    Save & Close
    to save your changes.

Create VLANs from the webUI

A VLAN is a logical subset of hosts on a local area network (LAN) that operates in the same IP address space. Grouping hosts together in a VLAN has distinct advantages. For example, with VLANs, you can:
  • Reduce the size of broadcast domains, thereby enhancing overall network performance.
  • Reduce system and network maintenance tasks substantially. Functionally related hosts do not need to physically reside together to achieve optimal network performance.
  • Enhance security on your network by segmenting hosts that must transmit sensitive data.
You can create a VLAN and associate physical interfaces or LAGs with that VLAN. In this way, any host that sends traffic to an interface is logically a member of the VLAN or VLANs to which that interface or LAG belongs.
  1. Log in to the chassis partition webUI using an account with admin access.
  2. On the left, click
    NETWORK SETTINGS
    VLANs
    .
    The screen shows VLANs that are configured for that chassis partition.
  3. Click
    Add
    .
  4. In the
    Name
    field, type a name for the VLAN.
  5. In the
    VLAN ID
    , type a number between 1-4094 for the VLAN.
    The VLAN ID identifies the traffic from hosts in the associated VLAN for an associated interface or LAG.
  6. Click
    Add VLAN
    to create the VLAN.
The VLAN is created and displayed in the VLAN list. You can use the VLANs when configuring interfaces and creating LAGs.

Spanning tree protocol

The VELOS system supports a set of industry-standard, Layer 2 protocols known as
spanning tree protocols
. A spanning tree is a logical tree-like depiction of the bridges on a network and the paths that connect them. Spanning tree protocols block redundant paths on a network, preventing bridging loops. If a blocked, redundant path is needed later because another path has failed, the spanning tree protocols clear the path again for traffic. The spanning tree protocols that the VELOS system supports are Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP). Only one protocol can be configured on a partition at a time.
Central to the way that spanning tree protocols work is the use of bridge protocol data units (BPDUs). When you enable spanning tree protocols on Layer 2 devices on a network, the devices send BPDUs to each other, for the purpose of learning the redundant paths and updating their L2 forwarding tables accordingly, electing a root bridge, building a spanning tree, and notifying each other about changes in interface status.
The term bridge refers to a Layer 2 device such as a switch, bridge, or hub.
When you configure spanning tree on a VELOS system, you must first decide which protocol, or mode, you want to enable. Because MSTP recognizes VLANs, using MSTP is preferable. However, all bridges in a network environment that you want to use spanning tree must run the same spanning tree protocol. If a legacy bridge running RSTP or STP is added to the network, the VELOS system must switch to that same protocol.

Configuring STP or RSTP on a partition from the CLI

STP is the original spanning tree protocol but is not recommended in VLAN-rich environments due to poor performance unless required by your configuration. RSTP is an enhancement to STP that improves spanning tree performance. Both STP and RSTP can create only one spanning tree (instance 0) for the entire network, and therefore cannot take VLANs into account when managing redundant paths.
You can use the VELOS command-line interface (CLI) to configure STP or RSTP on a partition. STP and RSTP configuration are the same except STP does not use interface edge-port and link-type.
  1. Log in to the command line interface (CLI) of the chassis partition using an account with admin access.
    When you log in to the system, you are in user mode.
  2. Change to config mode.
    config
    The CLI prompt changes to include
    (config)
    .
  3. Enable STP or RSTP.
    stp global config enabled-protocol [STP RSTP]
    The bridge-priority, forwarding-delay, hello-time, hold-count, and max-age have default values, which are recommended for use.
  4. Configure the bridge-priority to select/not select itself as the root bridge.
    [stp rstp] config bridge-priority integer
    # range 0 (highest) to 61440 (lowest) in increments of 4096 # default: 32768. # The priority is used together with the address as a bridge identifier. partition1# config partition1(config)# stp rstp config bridge-priority integer partition1# commit
  5. Configure interface cost and port priority as shown in the example.
    # Port Priority: range 0 (highest) to 240 (lowest) in increments of 16, # default 128. The priority is used as the port identifier together with # the slot/port numbers. # Port Path Cost: range 0 (lowest) to 20,000,000,000 in increments of 1. # The default port path cost is assigned dynamically: # cost = 20,000,000,000 / port speed in Kbits/s. partition1# config # Need to config all interfaces which will be included into STP partition1(config)# stp rstp interfaces interface 1/1.0 config cost 200 port-priority 128 partition1# commit
  6. RSTP/MSTP only: Configure interface edge-port and link-type as shown in the example.
    partition1# config # Need to config all interfaces that will be included in STP partition1(config)# partition1(config)# stp interfaces interface 1/2.0 config edge-port EDGE_AUTO link-type P2P partition1# commit

Configuring MSTP on a partition from the CLI

MSTP is an enhancement to RSTP and is the preferred spanning tree protocol for the VELOS system. MSTP is specifically designed to understand VLANs and VLAN tagging (specified in IEEE 802.1q). MSTP allows for multiple spanning tree instances. Each instance corresponds to a spanning tree, and can control one or more VLANs that you specify when you create the instance. Thus, for any VELOS system interface that you assigned to multiple VLANs, MSTP can block a path on one VLAN, while still keeping a path in another VLAN open for traffic.
You can use the VELOS command-line interface (CLI) to configure MSTP on a partition. The spanning tree algorithm automatically groups bridges into regions, based on the values you assign to the MSTP configuration name, revision number, instance numbers, and instance members.
  1. Log in to the command line interface (CLI) of the chassis partition using an account with admin access.
    When you log in to the system, you are in user mode.
  2. Change to config mode.
    config
    The CLI prompt changes to include
    (config)
    .
  3. Enable MSTP.
    partition1(config)# stp mstp config name <region-name> revision [0-65535] partition1# commit
    Where:
    • Region Name: string <= 32 characters, default: bridge MAC address
    • Revision: range 0-65535, default is 0
    These two parameters together form the common identifier of the BPDUs within the region. They must be identical on all bridges in the region.
    The forwarding-delay, hello-time, hold-count, max-age, and max-hop have default values, which are recommended for use.
  4. Create an MSTP instance.
    partition1(config)# stp mstp mst-instances mst-instance <integer> config mst-id <integer> partition1# commit
  5. Configure VLANs for the MSTP instance. The VLANs must already exist.
    # create vlan 300 and 301 partition1# config partition1(config)# vlans vlan 300 partition1(config-vlan-300)# vlans vlan 301 partition1(config-vlan-301)# commit Commit complete. partition1(config-vlan-301)# top # assign vlan 300 and 301 to mstp instance 1 partition1(config)# stp mstp mst-instances mst-instance 1 config vlan [ 300 3001 ] partition1(config-mst-instance-1)# commit Commit complete. partition1(config-mst-instance-1)# top
  6. Configure bridge priority for the MSTP instance. Each MSTP instance can have its own priority.
    # range 0 (highest) to 61440 (lowest) in increments of 4096 # default: 32768. # The priority is used together with the address as a bridge identifier. partition1# config partition1(config)# stp mstp mst-instances mst-instance 1 config bridge-priority <integer> partition1# commit partition1(config-mst-instance-1)# top
  7. Configure interface cost and port priority.
    # Port Priority: range 0 (highest) to 240 (lowest) in increments of 16, default 128. # The priority is used as the port identifier together with the slot/port numbers. # Port Path Cost: range 0 (lowest) to 20,000,000,000 in increments of 1. # The default port path cost is assigned dynamically: # cost = 20,000,000,000 / port speed in Kbits/s. partition1# config # Need to configure all interfaces that will be included in STP partition1(config)# stp mstp mst-instances mst-instance 1 interfaces interface 1/1.0 config cost 200 port-priority 128 partition1# commit
  8. Configure interface edge-port and link-type.
    # Need to configure all interfaces that will be included in STP partition1(config)# partition1(config)# stp interfaces interface 1/2.0 config edge-port EDGE_AUTO link-type P2P partition1# commit
    These settings speed up convergence time by eliminating the learning state on ports that do not receive BPDUs. This configuration is cancelled automatically upon reception of a BPDU.