Active Fabric Controller (AFC) User Guide
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2013 Dell Inc.
Contents 1 Introduction ...............................................................................................................7 Supported Platforms..............................................................................................................................7 How the Active Fabric Works................................................................................................................ 7 Advantages of Active Fabric Deployment................................................
Standard LACP Feature ................................................................................................................ 26 LACP ..............................................................................................................................................27 NIC Teaming .................................................................................................................................27 Traffic Optimization over LACP and NIC Teaming..................................
FDB Entry Objects......................................................................................................................... 48 Cluster Node Objects................................................................................................................... 48 Uplink Objects............................................................................................................................... 48 Host Port Objects.....................................................................
Upgrading Dual-Server Deployments.................................................................................................71 7 Active Fabric Controller User Interface.............................................................73 Supported Browsers............................................................................................................................ 73 Components.....................................................................................................................
Introduction 1 This document describes the Active Fabric Controller (AFC) and its role in the active fabric solution. The controller automatically discovers the physical topology of the fabric and uses a topology-specific forwarding scheme to provide multi-path support and forwarding between endpoints using the shortest path. AFC manages the switching nodes within the fabric to provide loop-free forwarding and high resiliency.
• Internal local area network (LAN) or virtual networks • Internal storage networks • External uplink networks and association with internal networks The controller, which connects the end-point controller software components to other domains, is a key element of the active fabric that is responsible for workload management, network service provisioning, and fabric configuration using external applications.
End Point • A point of attachment to a software-managed network. • Can be a VM running on a host or host network interface controller (NIC) cards. • End points represented by a VM on a host are called VM end points. • End points represented by host network card interfaces are called host end points. External Providers • A provider creates one or more tenants, networks, and policies.
• A tenant is assigned an ID by the provider when it is created that identifies both the tenant and the provider. The ID must be unique for each tenant managed by the provider, but a provider can use a tenant ID also used by a different provider. The combination of the tenant ID and the provider ID creates a unique identification. • • The tenant creates networks and policies and connects endpoints to networks.
• ingress port • virtual local area network (VLAN) ID • VLAN priority (vlan-pri) • destination MAC address (DMAC) • source MAC address (SMAC) • EtherType • session initiation protocol (SIP) • dynamic IP (DIP) • type of service (TOS) • protocol • transport source-port (transport sport) • transport destination-port (transport dport) The software forwards the match results out of one or more network ports, with the option to modify the packet headers.
Active Fabric Features 2 Active Fabric Resiliency Active fabric provides link and node resiliency, as well as the ability to converge at comparable time with legacy networks. Active fabric provides more robust link and switch failure resiliency when compared with legacy networks. Link Resiliency If a link goes down in the active fabric physical network, the controller is notified of the port status change by the switches in the fabric.
After you enable OF on a port, all packets received on the port that do not match ingress forwarding criteria (unknown packets) are sent to the controller. The controller processes these packets using OF and programs the forwarding database (FDB) entries using the flow configuration messages. Each packet received is processed by the controller in stages, where each stage performs a different function. This is referred to as the “ingress pipeline.
• Port mirroring (RSPAN/SPAN) • Legacy using WAN ports • Middlebox • Filter – Permit – Deny – Redirect (to a middlebox, mirror, uplink, IP address, or VLAN) • Service class (Platinum, Gold, or Silver) You can associate these policy types with resources such as a network, endpoint, host port, or WAN port. Policy Association Associate policies with a resource, such as a tenant, network, or endpoint using the GUI or REST APIs.
Middlebox Policy A middlebox (also known as a network appliance) is a networking device that changes, inspects, filters, or otherwise processes traffic for purposes other than packet forwarding. Some examples of middleboxes include firewalls that filter unwanted or malicious traffic and network address translators that modify the source and destination addresses of packets.
Information Type Description SDNC node counters Displays statistics for the SDNC node, which is specified by the SDNC node ID. SDNC cluster counters Displays the statistics for the SDNC node cluster. Provider counters Displays counter statistics, including information for resources such as hosts, networks, endpoints, policies, and flows, for each provider. Each provider is identified by a unique provider ID.
protocols secure Telnet or secure shell (SSH) access and are used in representational state transfer (REST) requests. Remote Authentication Dial In User Service (RADIUS) RADIUS is a networking protocol that provides centralized authentication, authorization, and accounting management for computers to connect to and use a network device. RADIUS is a client-server protocol that runs in the application layer, using the user datagram protocol (UDP) as transport.
Supported Technologies and Protocols 3 AFC uses legacy switch technologies and protocols for installation and operation.
spanning tree protocols (STPs) used by legacy networks. Unlike STP, there are no blocked ports in DLF protocols and all ports in the network are used for packet forwarding. The single shared tree is used only by the broadcast, unknown unicast, and multicast (BUM) packets. The known unicast traffic always uses the shortest path between two end points. DLF prevents data loops because all DLF traffic can only go through the nodes connected by the shared tree.
Figure 2. DLF Topology High Availability (HA) The active fabric controller (AFC) provides resiliency with minimal or no impact to data traffic using the high availability (HA) feature. With an HA redundancy model, two controllers (one active, one backup) work together to ensure data is maintained if a controller is unavailable. The AFC role determination logic follows the OF specification for switches using multiple controllers.
HA and SDN The HA protocol provides redundancy and hitless failover for the AFC during upgrades or failure. Dell Networking recommends using at least two controller servers configured for HA (one active, one standby) to enable this feature. To enable this feature on a single controller server, you can temporarily assign another server as a standby server, then initialize failover by disabling the current active server. When the upgrade completes, you can remove or reassign the server.
Design HA involves the following four components: • Role determination logic • Messaging and transport infrastructure for checkpoints • Initial snapshot and ongoing event synchronization for checkpoints • Reconciliation during role transition from standby to active When implementing this feature, be aware of the following design principles: • The active controller determines the action to take and the standby server relies on the active controller.
Checkpoints Data originating from configurations or dynamic operations in the active controller is included in the checkpoint data. • Configuration through REST APIs — The data resides on the active controller and in the database. The standby controller reads data from the database to build its own local data copy as part of the role transition process. • Dynamic — The data is computed by the controller or learned through OF communication with switches.
each switch. The reconciliation process ensures resiliency and minimal traffic disruption by verifying and synchronizing the controller’s information with each switch in the active fabric. In case of traffic loss, the controller resolves the data discrepancies on the switches by adding or removing flows.
optimization to the external LACP node or NIC teaming by syncing the MAC addresses learned over member ports in the same LAG to all member ports in the LAG. Standard LACP Feature To create LAGs with the active links and synchronize LAG port forwarding status over the active links, LACP allows two nodes to exchange handshake information for each link in the LACP-enabled links.
LACP The current LACP standard supports dynamic LAG formation between two LACP-enabled nodes (one-toone). The software’s LACP allows multiple nodes in the active fabric network to form a single logical LACP group. To achieve this, the external LACP node configures the links to the active fabric network as a LAG with direct reachability among the multi-nodes in the active fabric that forms the logical LACP group.
• Egress port blocking for links with direct reachability is implemented to prevent duplicate packets and loops. In DLF topologies, you cannot configure the ingress blocking port over a direct link between LACP nodes. If DLF uses ingress blocking on the link between LACP nodes, the failure is handled as a link failure between the nodes forming the multi-node LACP. • If the direct link between the active fabric nodes forming the LACP group is lost, the group is split into two groups.
Figure 3.
Figure 4. OpenStack Use Case: Per-Tenant Routers The following illustration depicts a typical OpenStack configuration, where there is a management traffic interface for each node and GRE tunnels are used for traffic.
Figure 5. OpenStack Configuration To separate traffic for each tenant, the tenants use unique VLAN ID tags. This example configuration includes OpenStack in a dual-server configuration and uses the Neutron plug-in for VLAN tagging and creation by OpenFlow-enabled Dell Networking switches. The Neutron plug-in also allows you to create and manage virtual networks, with each virtual network containing one or more ports. You can attach a port on a virtual network to a network interface.
• POST/networks/{networkID}/ports/{portID} • GET/networks/{networkID}/ports/{portID} • UPDATE/networks/{networkID}/ports/{portID} • DELETE/networks/{networkID}/ports/{portID} • POST/networks/{networkID}/ports/{portID} • GET/networks/{networkID}/ports/{portID} • UPDATE/networks/{networkID}/ports/{portID} • DELETE/networks/{networkID}/ports/{portID} NOTE: You cannot use APIs to request information about routers and subnets.
Switched Port Analyzer (SPAN) and Remote Switched Port Analyzer (RSPAN) When you enable SPAN or RSPAN, port traffic is copied and sent to the specified uplink port that hosts the monitoring appliance. If you enable RSPAN, monitored traffic is also tagged with the specified VLAN ID. If you enable SPAN, no tags are added to the monitored traffic. The controller advertises all external ports as potential edge ports. You can configure any potential edge port as a mirrorTo port or a monitor port.
If the VLT port is an internal port in the fabric, FDB entries are not learned on VLT ports, because a flow traveling through the VLT pair would have multiple paths between the VLT pair switches. The forwarding entries are programmed in both of the VLT pair switches based on the multiple paths between the endpoints. VLT Link Failure VLT link failures are handled based on the link type and the location of the VLT nodes (inside or outside the fabric).
Multi-domain VLT (mVLT) NOTE: Host NIC teaming from servers or LACP from external uplink switches in the same VLT pair is supported, but LACP or teaming connectivity across VLT pairs is not supported. mVLT is a subset of VLT that you can use in a full square mesh network with higher resiliency for link and node failures and better link utilization. Unlike VLT, mVLT builds two VLT pairs, with each pair hosting two directly connected switches.
REST APIs 4 Representational state transfer (REST) functionality is supported using the Restlet framework for the Java platform. The RESTful web API is implemented using HTTP and REST principles and is a collection of resources, including the following requirements: • The base URI for the web service (for example, http://example.
Resources The following section describes the resources used by the software and their categories. Resource Category Description Tenant Virtual managed object Any client of the software’s services. A tenant is associated with a unique ID during configuration. A set of resources (such as networks, hosts, endpoints, network connections, or policies) is associated with each tenant. Provider Virtual managed object A client that acts as an administrator for the network infrastructure and its tenants.
Resource Category Description SDNC node System An SDN controller node and its attributes. DB cluster System A cluster of database nodes and any cluster-level attributes. Can be one or two nodes. DB node System A database server node and its attributes. OFC cluster System A cluster of OpenFlow controller nodes and any cluster-level attributes. Can be one or two nodes. OFC node System An OpenFlow controller node and its attributes.
Resource Category Description Tenant topology Graph The devices and links between devices used by a specified tenant. Link Graph The links between switches. Counter Counter Statistics for resources managed by the software. Counters are always dynamic and return records in a specified format: label (string) or counter (integer). Log Log A record of state information (such as configuration actions or events) for resources managed by the software that you can retrieve for later review.
Table 3. Tenant Objects and Attributes Attribute Type Mandatory for POST request? Description tenantId String Yes Tenant ID assigned by the orchestration tool providerId String Yes Provider ID tenantName String No Name of tenant tenantDescription String No Description of tenant Network Objects Table 4.
Attribute Type Mandatory for POST request? Description hostname String No Name of the host hostIPAddress Array: String Yes IP address configured on the host hostEndPoints Array: Object No Endpoints associated with the host Endpoint Objects Table 6.
Attribute Type Mandatory for POST request? Description policyType String Yes Identifies the policy type (for example, mac-auth or instream-firewall) policyRuleList Array: Rule Yes (must contain at least one rule) Displays list of rules Rule Objects Table 8.
Attribute Type Mandatory for POST request? Description networkTypeOfService Number No TOS or DSCP values Table 10. ruleActions Sub-objects and Attributes Attribute Type Mandatory for POST request? Description Type Number Yes (if specified) Type of action Length Number Yes Length of action Port Number No Output port VlanID Number No VLAN TAG ID for adding VLAN tag Network Policy Objects Table 11.
Table 12.
Attribute Type Mandatory for POST request? Description applications configured on a network. The priority of a policy or application is relevant only to the associated resource. A single policy can be the highest priority for one network, but it may be the lowest priority for another network or host. Network Endpoint Policy Objects Table 14.
Network Connection Objects Network connections objects are read-only. Table 15. Network Connection Objects and Attributes Attribute Type Description networkId String Network ID endpointId String Endpoint ID tenantId String Tenant ID providerId String Provider ID switchId String Switch IP portId Number Policy ID Network Endpoint Objects Table 16.
Table 18. Switch Port Network Objects and Attributes Attribute Type Description portId Number Port ID SwitchId String Switch data path ID networkId String Network ID tenantId String Tenant ID providerId String Provider ID FDB Entry Objects FDB entry objects are read-only. Table 19.
Attribute Type Mandatory for POST request? Description uplinkIp String No IP address of the device that connects to the uplink uplinkMac String No MAC address of the device that connects to the uplink providerId String Yes Provider ID Host Port Objects Host port objects are read-only. NOTE: Include the provider ID in the string. The provider ID identifies the provider associated with the object. Table 22.
Attribute Type Mandatory for POST request? Description WanPortIp String No IP address of the device connected to the WAN port WanPortMac String No MAC address of the device connected to the WAN port providerId String Yes Provider ID Port Monitoring Objects Port monitoring objects are read-only. NOTE: Include the provider ID in the string. The provider ID identifies the provider associated with the object. Table 24.
Table 25.
Filtering Results REST APIs support result filtering. The software supports filters for regular expressions, offset/limit pagination, and selected fields. The REST API retrieves all available information, then applies the filter to the results. To filter results, use the URI format /*?. You can combine filters. In each query, you can only use each filter once.
Table 26. System Resources and URIs System Resource URI Description SDNC Cluster GET: sdnc/v1/system/ sdnccluster Displays summary for each node in the SDNC cluster. DB Cluster GET: sdnc/v1/system/ dbcluster Displays summary for each node in the database cluster. Controller cluster GET: sdnc/v1/system/ controllercluster Displays summary for each node in the controller cluster (applies to Primary/Backup mode only).
System Resource URI Description NOTE: By default, debug and trace is disabled for components at all sublevels. Debug and trace log level status are set independently. Log status is applicable to all sublevels (for example, if you disable debug logging for sublevel 3, debug logging is also disabled for sublevels 1 and 2. PUT: sdnc/v1/system/log/ level/{DEBUG|TRACE}/ sublevel/{sublevel}{ON| OFF} Enables or disables the specified log level (debug or trace), including all sub-levels.
System Resource URI Description DB Document GET: sdnc/v1/system/db/ table/{tableName} Displays information about the specified table. Provider Resources and URIs Table 27. Provider Resources and URIs Provider Resource URI Description Providers GET: sdnc/v1/providers/* Displays information about each configured provider. GET, POST, DELETE: sdnc/v1/providers/ {providerID} Displays information about, creates, or deletes the specified provider.
Provider Resource URI Description Provider host endpoints GET: sdnc/v1/hosts/ {hostID}/endpoints/ *@{providerID} Displays information about each endpoint on the specified host associated with the specified provider. GET, POST, DELETE: sdnc/v1/hosts/{hostID}/ endpoints/ {endpointID}@{providerID} Displays information about, creates, or deletes the specified endpoint on the specified host associated with the specified provider.
Tenant Resource URI Description Tenant endpoints GET: sdnc/v1/ endpoints/ *@{tenantID}@{providerID} Displays an array with an element for each endpoint associated with the specified tenant and provider. GET, POST, DELETE: sdnc/v1/endpoints/ {endpointID}@{tenantID}@{ providerID} Displays information about, creates, or deletes the specified endpoint.
Table 29. Policy Resources and URIs Switch Resource URI Description Policy rule GET, POST, DELETE: sdnc/v1/rules/ {ruleID}@{policyID}@{prov iderID} Displays information about, creates, or deletes the specified rule in the specified policy associated with the specified provider.
Switch Resource URI Description Policy associations GET: sdnc/v1/policies/ associations/{policyID}/ {providerID} Displays information about all associations for the specified policy associated with the specified provider. GET: sdnc/v1/policies/ associations/ {policyID}@{tenantID}@{pr oviderID} Displays information about all associations for the specified policy associated with the specified tenant associated with the specified provider. Switch Resources and URIs Table 30.
Switch Resource Switch links Switch port endpoints Switch local-area group (LAG) ports URI Description GET:sdnc/v1/switches/ {switchID}/endpoints/ *@{tenantID}@{providerID} Displays information about each endpoint on the specified switch associated with the specified tenant associated with the specified provider. GET: sdnc/v1/switches/ {switchID}/endpoints/ {endpointID}@{providerID} Displays information about the specified endpoint on the specified switch associated with the specified provider.
Topology Resource URI Description VMs, and endpoints, including adjacency information. GET: sdnc/v1/topology Displays all switch links in the topology. GET: sdnc/v1/topology/ fabric/node/{nodeID} Displays information about the specified node. GET: sdnc/v1/topology/ logical Displays the logical topology, identifying relationships between switches, switch groups, and domains.
Table 32. Uplink Resources and URIs Uplink Resource URI Description Uplinks GET: sdnc/v1/uplinks/ *@{providerID} Displays an array with an element for each uplink associated with the specified provider. GET, POST, DELETE: sdnc/v1/uplinks/ {uplinkID}@{providerID} Displays information about, creates, or deletes the specified uplink associated with the specified provider.
Host Port Resources and URIs Table 35. Host Port Resources and URIs Resource URI Description Host ports GET: sdnc/v1/ hostports/*@{providerID} Displays an array with an element for each host port associated with the specified provider. GET, POST, DELETE: sdnc/v1/hostports/ {HostPortID}@{providerID} Displays information about, creates, or deletes the specified host port associated with the specified provider. Middlebox Port Resources and URIs Table 36.
Counter Resources and URIs Table 38. Counter Resources and URIs Counter Resource URI Description System counter statistics GET: sdnc/v1/counters/ system Displays counter information for switches and providers. Switch aggregate statistics GET: sdnc/v1/counters/ switches/* Displays an array containing aggregate packet, byte, and flow statistics for each switch in the infrastructure.
Counter Resource Flow counters Switch queue statistics URI Description GET: sdnc/v1/counters/ tenants/ {tenantID}@{providerID} Displays tenant statistics for the specified tenant in the specified provider. GET, DELETE: sdnc/v1/ counters/flows/ srcendpoint/ {srcEndpointId} Displays or deletes flow information for the specified source endpoint. GET, DELETE: sdnc/v1/ counters/flows/ dstendpoint/ {dstEndpointId} Displays or deletes flow information for the specified destination endpoint.
Port Resource Port monitoring URI Description GET: sdnc/v1/ middleboxports/ {middleboxportID}@{provid erId} Displays information about the specified middlebox port. GET: sdnc/v1/ middleboxports/ {middleboxportID}@{provid erId} Displays information about the specified middlebox port. GET, POST, DELETE: sdnc/v1/middleboxports/ {middleboxportID}@{provid erId} Displays information about, creates, or deletes the specified middlebox port.
QoS Resources and URIs Table 44. QoS Resources and URIs QoS Resource URI Description Service class POST, DELETE: sdnc/v1/ serviceclass/ {serviceclass}/tenant/ {tenantID}@{providerID} Create or delete QoS information for the specified tenant associated with the specified provider. Resource URI Description LACP GET: sdnc/v1/lacp/ lacpbond Displays information about NIC teaming bonds.
Table 47.
Logging 5 The software uses different classes for logging, with each class providing different data depending on the message type and level. To configure the logging class, edit the log-properties.xml file. The log is saved as SDNC_VERBOSE.log, where each new version is appended with a number (for example, SDNC_VERBOSE_1.log. • TRACE — Logs TRACE messages only. Provides more detailed information than the DEBUG level. • DEBUG — Logs TRACE and DEBUG messages.
SDNC Database Logging All INFO, WARN, and ERROR log messages are sent to the database. To allocate up to 3 MB for this information, edit the logTableSizeMB=3 item in the config.properties file. Logs are time-stamped and organized in descending order, with the most recent information first. When the memory is full, the older information is removed and new information is automatically inserted. SDNC database logging is disabled by default. To enable SDNC database logging, configure logs2db=true in the config.
Upgrading RPM-Installed Software 6 When you start the controller, select the software version to install. If there is an existing installation, the software upgrades the existing version of the AFC software by updating the binary files and libraries, reconfiguring the running environment, and upgrading the existing configuration variables. Upgrading Single-Server Deployments For a single-server deployment without HA, you must schedule downtime for an upgrade. Single-server deployments are not hitless. 1.
5. Run the setup_afc.sh file. 6. Enter the IP address for the MongoDB server followed by a comma, then enter the IP address of the secondary server. 7. Enter true to enable HA. 8. Update the AFC values or press Enter to continue the installation. 9. Configure the AFC controller IP address and credentials in OpenStack. 10. Update the multicast values or press Enter to continue the installation.
Active Fabric Controller User Interface 7 Use the GUI to access the AFC for monitoring and debugging or to control the active fabric infrastructure. You can also access the active fabric infrastructure using the OpenStack Horizon dashboard. The software uses a web-based GUI to monitor the status of provisioned networks and to issue policies or other configuration data. The GUI uses Javascript, PHP, HTML, and CSS, and the web server uses Apache 2.
HTTP and HTTPS Support The GUI supports both HTTP and HTTPS. The Apache server and PHP are used for HTTP and HTTPS communication between the GUI and the software. NOTE: Communication between the browser and the Apache server is independent of the communication between the Apache server and the software. Each communication type can use different protocols for support. Features The GUI supports the REST APIs used by the software and can perform GET, POST, and DELETE operations.
Help The help icon displays in several areas of the GUI. Click the relevant function or form. icon to read a brief description of the Main Screen The GUI viewing area is divided into three sections: • The left pane displays statistics for the connected system, such as the IP addresses, current status, and use of resources. • The center pane displays data results for a user query or request. • The right pane provides alternate methods to retrieve and display data. Figure 6.
Changing System Settings To configure settings for the following items, click the Change Settings link in the top banner. You can configure the following settings: • AFC server IP address and port number • Auto-refresh duration • Number of query results to display Figure 7. AFC GUI — Change Settings Window To direct all subsequent queries to the specified address, enter the controller’s IP address and port number in the form that is displayed.
Press Enter to submit the query or click the icon next to the text field. The GUI saves recently entered queries as browser cookies. You can view the list of recent queries by clicking the drop-down list for the entry field in the banner. Auto-filtering is also supported in the entry field. When you type in the entry field, the drop-down list is automatically populated with all recent queries containing the entered text. Use the mouse to select a query or use the down arrow and Enter keys.
Figure 9. AFC GUI — Save Query Submitting Saved Queries To submit a saved query, open the drop-down Saved Queries list in the right pane. If the right pane is not visible, click the Options link above the banner to open the pane. Saved queries are listed in the directory that you select when you save the query. Locate the query you want to use and select it to submit the query. The data is displayed using the viewing mode that was used when the query was saved. Figure 10.
Saving Query Results To save query results, click the icon in the center pane header and enter a name for the saved results. Saved query results are stored on the server running the web service and are available for all users using that server to launch the GUI. Displaying Saved Query Results To display saved query results, select the results from the drop-down Saved Query Results list. The results are retrieved from the controller and displayed in the center pane. Figure 11.
typing in the entry field to view a list of values containing the characters you entered. Select the appropriate listed value. To apply the filter and refresh the data results, click the icon. The GUI displays only the data that matches the selected filter criteria. This method is applicable only to query results containing multiple records. You can also retrieve data filtered by the server by providing filtering specifications as query parameters in the URI. For more information, refer to REST APIs.
Figure 13. AFC GUI — Topology Tooltip To drill down and view additional information, click a node or link in the topology display.
Figure 14. AFC GUI — Topology Node Data To view more information about a node or link, select a viewing mode from the drop-down Select View list and click the Go button. The available viewing mode options vary depending on the type of node or link. The following table lists the viewing options by type and a description for each type. Table 48.
Item of Interest Available Viewing Modes Description flows, and flow mods) for the selected switch in a Tile format. Endpoint Switch Counters Displays aggregate packet, byte, and error counts for the selected switch in a Tile format. Port Counters Displays detailed packet and byte counts for each port on the selected switch as a Bar Chart categorized by counter type.
• Providers • Tenants • Networks • Hosts • Endpoints Figure 15. Configure Menu NOTE: ID names support only alphanumeric characters, underscores ( _ ), hyphens ( — ), and periods ( . ). Configuring a Policy 1. 84 Click Policy in the Configure menu. The Configure Policy window displays.
Figure 16. Configure Policy Window 2. Select a provider from the drop-down Provider ID: list. 3. If the policy is tenant-specific, check the Tenant Policy checkbox. If you do not check this checkbox, the policy is provider-specific. 4. If applicable, select a tenant from the drop-down Tenant ID: list. 5. If you have already configured a policy, select it from the drop-down Policy ID: list and click Add to add the policy. If you have not configured a policy, continue to the next step. 6.
Figure 17. Configure Policy Association Window 2. Select a provider from the drop-down Provider ID: list. 3. If the policy is tenant-specific, check the Tenant Policy checkbox. If you do not check this checkbox, the policy is provider-specific. 4. If applicable, select a tenant from the drop-down Tenant ID: list. 5. Select a policy from the drop-down Policy ID: list. 6. Select the resource to associate with the policy: • 7.
Configuring a Fabric Edge You can configure fabric edges, including a middlebox, mirror, uplink, WAN port, or debug port with the interfaces used in the fabric. 1. Click Fabric Edge in the Configure menu. The Fabric Edge window displays. Figure 18. Configure Fabric Edge Window 2. Select a switch from the Switch ID: list and click Get Interfaces to display a list of ports available on the selected switch. 3. Select the radio button of the port you want to configure.
Figure 19. Configure Fabric Edge Interface Window 4. Select a provider from the drop-down Provider ID list. 5. Select the resource type (Middlebox, Mirror, Uplink, WAN port, or debug port) for the interface from the drop-down Resource Type: list. 6. Enter a unique ID number in the Resource ID field. 7. (OPTIONAL) Enter a name in the Resource Name field and a description in the Resource Description field for the interface. 8.
Figure 20. AFC GUI — Bind Edge Interfaces Window 2. Select a provider from the drop-down Provider ID: list. 3. Select two or more uplinks to bind from the list of uplinks that displays. 4. Enter a unique ID for the bound links in the Bind Uplink ID: field. 5. Click Bind to bind the selected uplinks. Configuring Users and Resources To create and configure users or resources including providers, tenants, networks, hosts, or endpoints, click Users & Resources in the Configure menu.
Configuring Providers 1. Click the Configure menu, click Users & Resources, then click Provider. The Configure Provider window displays. Figure 21. AFC GUI — Configure Provider Window 2. Enter a unique ID in the Provider ID: field. 3. (OPTIONAL) Enter a name to identify the provider in the Provider Name: field. 4. Click Add to save the configured provider or click Close to close the window without saving changes.
Configuring Tenants 1. Click the Configure menu, click Users & Resources, then click Tenant. The Configure Tenant window displays. Figure 22. AFC GUI — Configure Tenant Window 2. Select the provider to associate with the tenant from the drop-down Provider ID: list. 3. Enter a unique ID in the Tenant ID: field. 4. (OPTIONAL) Enter a name to identify the tenant in the Tenant Name field and a description of the tenant in the Tenant Description field. 5.
Configuring Hosts 1. Click the Configure menu, click Users & Resources, then click Host. The Configure Host window displays. Figure 23. AFC GUI — Configure Hosts Window 2. Select the provider from the drop-down Provider ID: list. 3. To associate the host with a tenant, check the Tenant Host checkbox and select a tenant from the drop-down Tenant ID: list. 4. Enter a unique ID for the host in the Host ID: field. 5.
Configuring Networks 1. Click the Configure menu, click Users & Resources, then click Network. The Configure Network window displays. Figure 24. AFC GUI — Configure Network Window 2. Select the provider from the drop-down Provider ID: list. 3. To associate the network with a tenant, check the Tenant Network checkbox and select a tenant from the drop-down Tenant ID: list. 4. Enter a unique ID for the network in the Network ID: field. 5. Enter the VLAN ID for the network in the Network VLAN field.
Configuring Endpoints 1. Click the Configure menu, click Users & Resources, then click Endpoint. The Configure Endpoint window displays. 2. Select the provider from the Provider ID: drop-down list. 3. To associate the endpoint with a tenant, check the Tenant Endpoint checkbox and select the tenant from the drop-down Tenant ID: field. 4. Enter a unique ID for the endpoint in the Endpoint ID: field. 5. Select the type of endpoint to configure from the drop-down Endpoint Type list.
9. Click Add to save the configured endpoint or click Close to close the window without saving changes. NOTE: To delete an endpoint, select the provider and tenant, if applicable, from the drop-down lists. Select the endpoint to delete from the Endpoint ID list and click Delete. Query Builder To build a query, click the Build Query link in the banner. An API tree displays in the center pane. Figure 25. AFC GUI — Query Builder To view the APIs as a list, click the Switch to List View icon.
Figure 26. AFC GUI — Build Query Window Filtering Results The query input form allows you to enter specific criteria for filtering results. Enter a Key-Value pair to retrieve only records containing matches for the specified key or attribute. The value can be a regular expression. To retrieve data results starting with a specific number, enter the number in the Offset entry field. To specify the number of returned results, enter a number in the Limit entry field.
Figure 27. AFC GUI — System Summary Controller Summary A controller summary displays information about each configured controller. The controller summary includes the following information: • Node IP — Displays the IP address of the node running the software and the controller’s role (active or standby). The colored dots indicate the role as well — green for active or standalone and yellow for standby.
Figure 28.
