配置指导:CX-N的ZTP功能验证-以MC-LAG场景为例
1 介绍
零配置部署ZTP(Zero Touch Provisioning)是指新出厂或者空配置设备(要求设备的/host/ztp/ztp_data.json不存在以及/etc/sonic/config_db.json没有被改动还是默认配置状态)上电时自动加载开局文件(配置文件、升级文件)的功能,实现设备的免现场配置和部署,从而降低人力成本,提升部署效率(需要提前编辑好设备配置文件)。本文旨在指导使用ZTP方式自动化完成CX-N设备的MC-LAG场景的配置工作。
2 工作原理
设备使用基于DHCP协议实现的ZTP功能,通过DHCP协议Option字段附带配置文件、升级文件的地址和路径信息,实现相关开局文件的自动化获取和加载任务。本质上就是从FTP获取config_db.json文件替换交换机中的/etc/sonic/config_db.json文件,从而实现配置的自动下发。
以设备出厂状态为例:
- 首先ZTP服务会检查自身设备的/etc/sonic/config_db.json文件相对于默认配置有无改动以及检查/host/ztp/ztp_data.json存在——当ztp成功执行的时候会以此文件来记录操作过程。
- 检测到设备没有进行配置后,通过DHCP服务来获取存放ZTP配置的FTP服务器信息,正常DHCP服务器应当配置option bootfile-name ftp://ftpserver:test@10.230.1.11/ztp.json 字段。
- 通过获取FTP服务器的ztp.json中的配置信息,到FTP对应路径下获得与设备序列号相同文件名的配置文件。
- 将FTP中获取的config_db.json文件覆盖本身的config_db.json文件,重启服务器信息。
至此,整个ZTP零配置部署流程完成。
3 具体配置
3.1 MC-LAG场景准备
3.1.1 物理拓扑
3.1.2设备接口信息
3.1.3文件导出
完成MC-LAG场景配置后需要导出所有交换机的/etc/sonic/config_db.json文件,并将config_db.json文件改名为设备序列号。以Spine1为例,其序列号如图所示,因此需要将config_db.json改名F018716A006.json。
五台交换机的配置文件如下所示:
3.1.4恢复设备出场设置
各交换机以此执行如下命令:
admin@Spine1:~$ sudo sonic-cli
Spine1# delete startup-config3.1.5启动ZTP服务
以Spine1为例,所有交换机按如下方式开启ZTP服务:
admin@Spine1:~$ sudo config ztp enable
admin@Spine1:~$ sudo config ztp run3.2 DHCP配置
首先准备好FTP服务器(验证使用10.230.1.11,FTP账号密码为ftpuser/ftpuser),修改DHCP服务器的配置文件/etc/dhcp/dhcpd.conf,再对应网段添加option bootfile-nameftp://ftpuser:ftpuser@10.230.1.11/ztp.json。配置完成后重启dhcp服务。
root@adminserver:/etc/dhcp# vi dhcpd.conf
subnet 10.230.1.0 netmask 255.255.255.0 {
range 10.230.1.100 10.230.1.240;
option routers 10.230.1.1;
option broadcast-address 10.230.1.255;
default-lease-time 21600;
max-lease-time 43200;
allow leasequery;
option domain-name-servers 223.5.5.5,114.114.114.114;
option bootfile-name "ftp://ftpuser:ftpuser@10.230.1.11/ztp.json";
}3.3 配置文件上传FTP
在ftp的根目录下上传ztp.json文件,文件中要配置好ZTP的操作内容。config_db.json指定配置文件所在目录,identifier字段为使用序列号serial-number作为配置识别参数。
{
"ztp": {
"configdb-json": {
"dynamic-url": {
"source": {
"prefix": "ftp://ftpuser:ftpuser@10.230.1.11/ZTP_CFG/",
"identifier": "serial-number",
"suffix": ".json"
},
"destination": "/etc/sonic/config_db.json"
}
},
"reboot-on-success": true
}
}上传config_db.json配置文件到FTP的ZTP_CFG目录下。
重启设备,启动后设备将打印ZTP输出结果。打印成功后,可以开始进行配置验证工作。
4 验证
4.1 配置验证
4.1.1 Spine1
Spine1# show running-config
!
interface ethernet 0/0
fec rs
ip address 10.0.10.2/30
mtu 9216
speed 100000
exit
!
interface ethernet 0/4
fec rs
ip address 10.0.20.2/30
mtu 9216
speed 100000
exit
!
interface ethernet 0/8
fec rs
ip address 10.0.30.2/30
mtu 9216
speed 100000
exit
!
interface ethernet 0/12
fec rs
ip address 10.0.40.2/30
mtu 9216
speed 100000
exit
!
interface loopback 0
ip address 10.10.25.1/32
exit
!
hostname Spine1
!
interface mgmt 0
ip address 10.230.1.7/24 gw 10.230.1.1
exit
!
router bgp 65201
bgp router-id 10.10.25.1
no bgp ebgp-requires-policy
neighbor PEER_V4_EBGP peer-group
neighbor PEER_V4_EBGP bfd
neighbor 10.0.10.1 remote-as 65101
neighbor 10.0.10.1 peer-group PEER_V4_EBGP
neighbor 10.0.20.1 remote-as 65101
neighbor 10.0.20.1 peer-group PEER_V4_EBGP
neighbor 10.0.30.1 remote-as 65102
neighbor 10.0.30.1 peer-group PEER_V4_EBGP
neighbor 10.0.40.1 remote-as 65102
neighbor 10.0.40.1 peer-group PEER_V4_EBGP
!
address-family ipv4 unicast
network 10.10.25.1/32
exit-address-family
!
address-family l2vpn evpn
neighbor PEER_V4_EBGP activate
advertise-all-vni
exit-address-family
exit
!
end4.1.2 Leaf1
Leaf1# show running-config
!
interface vxlan 0
source 10.10.25.3
exit
!
vrf 100
mac 60:eb:5a:00:86:20
vni 1000 vxlan 0
exit-vrf
!
vlan 100
vni 10
!
vlan 300
!
interface link-aggregation 1
description server1
switchport access vlan 100
exit
!
interface link-aggregation 2
switchport trunk vlan 100
switchport trunk vlan 300
exit
!
interface ethernet 0/0
mtu 9216
no fec
speed 10000
link-aggregation-group 1
exit
!
interface ethernet 0/48
fec rs
ip address 10.0.10.1/30
mtu 9216
speed 100000
exit
!
interface ethernet 0/52
fec rs
mtu 9216
speed 100000
exit
!
interface ethernet 0/56
fec rs
mtu 9216
speed 100000
link-aggregation-group 2
exit
!
interface ethernet 0/60
fec rs
mtu 9216
speed 100000
link-aggregation-group 2
exit
!
interface ethernet 0/64
fec rs
mtu 9216
speed 100000
exit
!
interface ethernet 0/68
fec rs
mtu 9216
speed 100000
exit
!
interface ethernet 0/72
fec rs
mtu 9216
speed 100000
exit
!
interface ethernet 0/76
fec rs
mtu 9216
speed 100000
exit
!
interface loopback 0
ip address 10.10.25.3/32
exit
!
interface vlan 100
ip address 100.0.10.1/24
mac-address 18:17:25:37:64:40
vrf 100
exit
!
interface vlan 300
ip address 10.0.0.3/24
exit
!
hostname Leaf1
!
interface mgmt 0
ip address 10.230.1.18/24 gw 10.230.1.1
exit
!
mclag domain 1
local-address 10.0.0.3
peer-address 10.0.0.4
peer-link link-aggregation 2
commit
member lag 1
!
router bgp 65101
bgp router-id 10.10.25.3
no bgp ebgp-requires-policy
neighbor 10.0.10.2 remote-as 65201
neighbor 10.0.10.2 bfd
!
address-family ipv4 unicast
network 10.10.25.3/32
network 10.0.10.1/30
exit-address-family
!
address-family l2vpn evpn
neighbor 10.0.10.2 activate
advertise-all-vni
exit-address-family
exit
!
end4.1.3 Leaf2
Leaf2# show running-config
!
interface vxlan 0
source 10.10.25.3
exit
!
vrf 100
mac 60:eb:5a:00:86:20
vni 1000 vxlan 0
exit-vrf
!
vlan 100
vni 10
!
vlan 300
!
interface link-aggregation 1
switchport access vlan 100
exit
!
interface link-aggregation 2
switchport trunk vlan 100
switchport trunk vlan 300
exit
!
interface ethernet 0/0
mtu 9216
no fec
speed 10000
link-aggregation-group 1
exit
!
interface ethernet 0/48
fec rs
ip address 10.0.20.1/30
mtu 9216
speed 100000
exit
!
interface ethernet 0/56
fec rs
mtu 9216
speed 100000
link-aggregation-group 2
exit
!
interface ethernet 0/60
fec rs
mtu 9216
speed 100000
link-aggregation-group 2
exit
!
interface loopback 0
ip address 10.10.25.3/32
exit
!
interface vlan 100
ip address 100.0.10.1/24
mac-address 18:17:25:37:64:40
vrf 100
exit
!
interface vlan 300
ip address 10.0.0.4/24
exit
!
hostname Leaf2
!
interface mgmt 0
ip address 10.230.1.19/24 gw 10.230.1.1
exit
!
mclag domain 1
local-address 10.0.0.4
peer-address 10.0.0.3
peer-link link-aggregation 2
commit
member lag 1
!
router bgp 65101
bgp router-id 10.10.25.3
no bgp ebgp-requires-policy
neighbor 10.0.20.2 remote-as 65201
neighbor 10.0.20.2 bfd
!
address-family ipv4 unicast
network 10.10.25.3/32
network 10.0.20.1/30
exit-address-family
!
address-family l2vpn evpn
neighbor 10.0.20.2 activate
advertise-all-vni
exit-address-family
exit
!
end4.1.4 Leaf3
Leaf3# show running-config
!
interface vxlan 0
source 10.10.25.4
exit
!
vrf 200
mac 60:eb:5a:00:86:22
vni 1000 vxlan 0
exit-vrf
!
vlan 200
vni 20
!
vlan 300
!
interface link-aggregation 1
switchport access vlan 200
exit
!
interface link-aggregation 2
switchport trunk vlan 200
switchport trunk vlan 300
exit
!
interface ethernet 0/0
mtu 9216
no fec
speed 10000
link-aggregation-group 1
exit
!
interface ethernet 0/48
fec rs
ip address 10.0.30.1/30
mtu 9216
speed 100000
exit
!
interface ethernet 0/56
fec rs
mtu 9216
speed 100000
link-aggregation-group 2
exit
!
interface ethernet 0/60
fec rs
mtu 9216
speed 100000
link-aggregation-group 2
exit
!
interface loopback 0
ip address 10.10.25.4/32
exit
!
interface vlan 200
ip address 100.0.20.1/24
mac-address 18:17:25:37:64:32
vrf 200
exit
!
interface vlan 300
ip address 10.0.0.5/24
exit
!
hostname Leaf3
!
interface mgmt 0
ip address 10.230.1.20/24 gw 10.230.1.1
exit
!
mclag domain 1
local-address 10.0.0.5
peer-address 10.0.0.6
peer-link link-aggregation 2
commit
member lag 1
!
router bgp 65102
bgp router-id 10.10.25.4
no bgp ebgp-requires-policy
neighbor 10.0.30.2 remote-as 65201
neighbor 10.0.30.2 bfd
!
address-family ipv4 unicast
network 10.10.25.4/32
network 10.0.30.1/30
exit-address-family
!
address-family l2vpn evpn
neighbor 10.0.30.2 activate
advertise-all-vni
exit-address-family
exit
!
end4.1.5 Leaf4
Leaf4# show running-config
!
interface vxlan 0
source 10.10.25.4
exit
!
vrf 200
mac 60:eb:5a:00:86:22
vni 1000 vxlan 0
exit-vrf
!
vlan 200
vni 20
!
vlan 300
!
interface link-aggregation 1
switchport access vlan 200
exit
!
interface link-aggregation 2
switchport trunk vlan 200
switchport trunk vlan 300
exit
!
interface ethernet 0/0
mtu 9216
no fec
speed 10000
link-aggregation-group 1
exit
!
interface ethernet 0/48
fec rs
ip address 10.0.40.1/30
mtu 9216
speed 100000
exit
!
interface ethernet 0/56
fec rs
mtu 9216
speed 100000
link-aggregation-group 2
exit
!
interface ethernet 0/60
fec rs
mtu 9216
speed 100000
link-aggregation-group 2
exit
!
interface loopback 0
ip address 10.10.25.4/32
exit
!
interface vlan 200
ip address 100.0.20.1/24
mac-address 18:17:25:37:64:32
vrf 200
exit
!
interface vlan 300
ip address 10.0.0.6/24
exit
!
hostname Leaf4
!
interface mgmt 0
ip address 10.230.1.21/24 gw 10.230.1.1
exit
!
mclag domain 1
local-address 10.0.0.6
peer-address 10.0.0.5
peer-link link-aggregation 2
commit
member lag 1
!
router bgp 65102
bgp router-id 10.10.25.4
no bgp ebgp-requires-policy
neighbor 10.0.40.2 remote-as 65201
neighbor 10.0.40.2 bfd
!
address-family ipv4 unicast
network 10.10.25.4/32
network 10.0.40.1/30
exit-address-family
!
address-family l2vpn evpn
neighbor 10.0.40.2 activate
advertise-all-vni
exit-address-family
exit
!
end4.2 服务器连通性验证
4.2.1 服务器配置
Server1:
网卡配置
路由添加
[root@server1 ~]# route add -net 100.0.20.0 netmask 255.255.255.0 gw 100.0.10.1 dev bond0
Server2:
网卡配置
路由添加
[root@server2 ~]# route add -net 100.0.10.0 netmask 255.255.255.0 gw 100.0.20.1 dev bond0
4.2.2 服务器互相访问
Server1:
Server2:
4.3 交换机功能验证
4.3.1 BGP
Spine1:
Leaf1:
Leaf2:
Leaf3:
Leaf4:
4.3.2 MC-LAG
Leaf1:
Leaf2:
Leaf3:
Leaf4:
4.3.3 VXLAN EVPN
Leaf1:
Leaf2:
Leaf3:
Leaf4:
4.3.4 路由
Leaf1:
Leaf2:
Leaf3:
Leaf4:
