Installing and Upgrading the DMF Service Node

This chapter describes how to install the DANZ Monitoring Fabric DMF Service Node.

Overview

The DANZ Monitoring Fabric (DMF) Service Node provides advanced packet matching and modification capabilities for monitored traffic. The DMF Service Node is an optional component in the DANZ Monitoring Fabric, providing advanced features. The DMF Service Node offers the following services:
  • Deduplication
  • Header stripping
  • IPFIX generation
  • Packet masking
  • NetFlow
  • Pattern dropping
  • Pattern matching
  • Packet slicing
  • Timestamping
  • UDP replication
Figure 1. DMF Service Node

After the basic installation, the DMF Controller automatically detects each connected DMF Service Node, and the Controller starts managing the DMF Service Node Appliance along with the connected fabric switches.

For information about configuring and using the DMF Service Node, refer to the DANZ Monitoring Fabric 8.4 User Guide.

Connecting the Service Node

Connect the DMF Service Node to a core interface on a DMF switch, which provides access to filter interfaces, where traffic is received for the DMF Service Node, and to delivery interfaces, where traffic is delivered after it is processed. The service node can be connected in two ways:
  • Using the management interface (1 GbE) connected to the management switch. Using the management interface limits throughput to 1 GbE and shares the bandwidth with management traffic to the DMF Controller.
  • Using the 10 GbE Service Node interfaces (SNI) connected to the DMF switches. Connecting to this interface supports up to 10 GbE throughput.
Note: Arista recommends having an iDRAC connection to the DMF Controller, DMF Service Node, Arista Analytics Node, and DMF Recorder Node appliances. This connection helps in easy troubleshooting of issues. For more details, refer to the chapter on Using iDRAC later in this guide.
The figure below shows the interfaces provided on the 4-port DMF Service Node Appliance.
Figure 2. DMF Service Node (4-Port Appliance)
1 Service Interfaces (10G)
2 Service Node Management Port 1 (1000 Mb/s) - Connect to the management switch.
3 Serial Connector
Figure 3. DMF Service Node BL (16-Port Appliance)
1 Service interfaces SNI13 10 Service interfaces SNI10
2 Service interfaces SNI15 11 Service interfaces SNI9
3 Service interfaces SNI16 12 Service interfaces SNI5
4 Service interfaces SNI14 13 Service interfaces SNI4
5 Service interfaces SNI8 14 Service interfaces SNI3
6 Service interfaces SNI12 15 Service interfaces SNI2
7 Service interfaces SNI11 16 Service interfaces SNI1
8 Service interfaces SNI17 17 Ethernet Connector 1 Service Node Management Port 1 (10/100/1000 Mb/s)
9 Service interfaces SNI6 18 Serial Connector

Service Node Setup and Initial Configuration

This section describes how to perform the initial setup and configuration on a new DANZ Monitoring Fabric (DMF) Service Node appliance.
Note: Disable hyperthreading on the hardware appliance before installing the Service Node software to avoid performance issues. When disabling hyperthreading after installing the Service Node software, performance will be affected, and reinstalling the software will be required to resolve the issue.

Complete the following steps to run the first boot setup, which performs the initial configuration required for a new DMF Service Node.

Procedure

  1. Rack the DMF Service Node Appliance.
    The appliance interfaces are on the back of the appliance, where the power cord connects. These include the following:
    • Four management interfaces (10/100/1000 Mb/s): You can connect either of the two lower left interfaces (Ethernet 1 or Ethernet 2) to the network management switch.
    • One serial interface (db9).
    • Four 10-GbE SFP ports on the R640 server and 16 10-GbE ports on the R740 server. Connect these ports to a DMF switch.
  2. Turn on the DMF Service Node server appliance.
  3. Log in via the serial port using the admin account name. The baud rate is 115200. When using a terminal server to connect, ensure the baud rate on the terminal server is 115200.
  4. When the first boot process begins, accept the End User License Agreement (EULA). 
    This product is governed by an End User License Agreement (EULA). You must accept this
EULA to continue using this product.
You can view this EULA by typing 'View', or from our website at. https://www.arista.com/en/eula
Do you accept the EULA for this product? (Yes/No/View) [Yes] > yes Running system pre-check
Finished system pre-check
Starting first-time setup
  5. Complete the local node configuration according to the requirements of your network environment.
    The following is only an example. Change for your specific deployment. 
    Local Node Configuration
------------------------
Emergency recovery user password >
Emergency recovery user password (retype to confirm) >
Hostname > DMF-Service-Node
Management network options:
[1] IPv4 only
[2] IPv6 only
[3] IPv4 and IPv6
>1
IPv4 address [0.0.0.0/0] > 10.8.39.200/18
IPv4 gateway (Optional) > 10.8.0.1
DNS server 1 (Optional) > 10.3.0.4
DNS server 2 (Optional) > 10.1.5.200
DNS search domain (Optional) > qa.arista.com
Administrator password >
Administrator password (retype to confirm) >
Controller address if deployment mode is preconfigured (L3 ZTN) (Optional) > 10.106.6.4
  6. If the DMF Service Node is connected to the DMF Controller by a Layer 3 device (such as a router) in preconfigured (L3 ZTN) mode, enter the active DMF Controller's IP address.
    Note: Starting with DMF Release 7.1.0, the DMF Service Node can be installed using Zero Touch Fabric (ZTF) even if it is in a different subnet than the DMF Controller.
  7. Identify the Network Time Protocol (NTP) servers. 
    System Time
-----------
Default NTP servers:
- 0.bigswitch.pool.ntp.org
- 1.bigswitch.pool.ntp.org
- 2.bigswitch.pool.ntp.org
- 3.bigswitch.pool.ntp.org
NTP server options:
[1] Use default NTP servers
[2] Use custom NTP servers
[1] > 1
  8. When prompted, type 1 to apply the selected options, or type any number on the menu that is displayed to change the current setting. 
    Please choose an option:
[ 1] Apply settings
[ 2] Reset and start over
[ 3] Update Recovery Password (*****)
[ 4] Update Hostname (R740)
[ 5] Update IP Option (IPv4 only)
[ 6] Update IPv4 Address (10.106.6.7/23)
[ 7] Update IPv4 Gateway (10.106.6.1)
[ 8] Update DNS Server 1 (10.108.200.200)
[ 9] Update DNS Server 2 (10.100.5.200)
[10] Update DNS Search Domain (qa.arista.com)
[11] Update Admin Password (*****)
[12] Update Controller IP (10.106.6.4)
[13] Update NTP Option (Use default NTP servers)
[1] > 1
  9. After first-time setup is complete, press Enter to continue. 
    [Stage 1] Initializing system
[Stage 2] Configuring local node
Waiting for network configuration IP address on bond0 is 10.8.39.200 Generating
cryptographic keys
[Stage 3] Configuring system time
Initializing the system time by polling the NTP servers:
0.bigswitch.pool.ntp.org
1.bigswitch.pool.ntp.org
2.bigswitch.pool.ntp.org
3.bigswitch.pool.ntp.org
[Stage 4] Configuring cluster Cluster configured successfully. Current node ID is 27521
All cluster nodes:
Node 27521: 10.8.39.200:6642
First-time setup is complete!
Press enter to continue >
DMF Service Node (dmf-8.0-service-node #1) Log in as 'admin' to configure
  10. Connect one or more of the 10 GbE SFPs on the appliance hardware to a DMF out-of-band switch.
    The DMF Controller automatically detects each connected DMF Service Node Appliance and integrates the service node into the monitoring fabric.
    Note: The DMF Controller will not establish a connection to the DMF Service Node Application if none of the 10 GbE SFPs on the appliance hardware are connected to a DMF out-of-band switch.
  11. Once connected to the DMF Controller, it can take several minutes for Service Node to update the software.
    Figure 4. Service Node software update
  12. Login to the DMF Controller.
  13. Add the following service node configuration with the Service Node management interface's MAC address. 
    controller-1> enable
controller-1# config
controller-1(config)# service-node device-name
controller-1(config-service-node)# mac service-node-management-int-mac-address
controller-1(config-service-node)#
    Note: Obtain the MAC address of the Service Node by logging into the service node via SSH and running the following command taking note of the bond0 MAC address: 
    SN-1(config)# show local-node interfaces bond0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interfaces ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interface Master Hardware address Permanent hardware address Operstate Carrier Bond mode Bond role
---------|------|------------------------|--------------------------|---------|-------|-------------|---------|
bond0 78:ac:44:05:65:b8 (Dell) up up active-backup

~~~~~~~~~~ Addresses of Interfaces ~~~~~~~~~~
# Interface Ip cidr
-|---------|---------------------------------|
1 bond0 10.240.130.26/25
2 bond0 fe80:0:0:0:7aac:44ff:fe05:65b8/64
  14. Verify that the DMF Service Node is connected by entering the following command: 
    controller-1(config-service-node)# show managed-service-device

    Enter this command in any CLI mode.

Creating Support Bundle on Service Node

The support bundle for the DANZ Monitoring Fabric (DMF) Service Node should be created from the DMF Controller (Creating a Support Bundle). But, if the DMF Service Node loses connectivity to the DMF Controller, a support bundle can be created by logging into the DMF Service Node.

The DMF Service Node CLI provides commands to automate the collecting, archiving, and uploading of critical data.

The following are the commands to configure Support Bundle auto-upload: 
LG-SN(config)# service
LG-SN(config-service)# support auto-upload
<cr>
LG-SN(config-service)# support auto-upload
Enabled diagnostic data bundle upload
Use "diagnose upload support" to verify upload server connectivity
LG-SN(config-service)#
To check if auto-upload is enabled or not: 
LG-SN(config-service)# show run service
! service
service
support auto-upload
LG-SN(config-service)#
The following is the command to generate the Support Bundle. After generating the support bundle, it uploads automatically. Please provide the support bundle ID to support personnel. 
LG-SN(config-service)# support
Generating diagnostic data bundle for technical support. This may take several minutes...
Support Bundle ID: SMFUG-BS5S2
Local cli collection completed after 32.9s. Collected 33 commands (0.14 MB)
Local rest collection completed after 0.0s. Collected 3 endpoints (0.17 MB)
Local bash collection completed after 93.3s. Collected 133 commands (6.73 MB)
Local file collection completed after 8.4s. Collected 42 paths (1851.13 MB)
Collection completed. Signing and compressing bundle...
Support bundle created successfully
00:03:16: Completed
Generated Support Bundle Information:
Name : anet-support--LG-SN--2022-04-13--07-46-01Z--SMFUG-BS5S2.tar.gz
Size : 490MB
File System Path : /var/lib/floodlight/support/anet-support--LG-SN--2022-04-13--07-46-01Z--
SMFUG-BS5S2.tar.gz
Url : https://10.240.130.8:8443/api/v1/support/anet-support--LG-SN--2022-04-
13--07-46-01Z--SMFUG-BS5S2.tar.gz
Bundle id : SMFUG-BS5S2
Auto-uploading support anet-support--LG-SN--2022-04-13--07-46-01Z--SMFUG-BS5S2.tar.gz
Transfer complete, finalizing upload
Please provide the bundle ID SMFUG-BS5S2 to your support representative.
00:01:03: Completed
LG-SN(config-service)#

The show support command shows the status of the automatic upload.

LG-SN(config-service)# show support
#Bundle Bundle idSize Last modified Upload status
- |------------------------------------------------------------------- |----------- |----- |------------------------------ |---------------- |
1anet-support--LG-SN--2022-04-13--07-46-01Z--SMFUG-BS5S2.tar.gz SMFUG-BS5S2490MB2022-04-13 07:49:20.157000 UTCupload-completed
2anet-support--LG-SN--2022-04-13--07-19-08Z--SI51T-BVJJB.tar.gz SI51T-BVJJB488MB2022-04-13 07:22:44.927000 UTC
3anet-support-component--LG-SN--2021-05-19--22-47-17Z_0kc7zxw.tar.gz 462MB2021-05-19 22:47:17.452000 UTC
LG-SN(config-service)#
Tip: Use the diagnose upload support command to check the reachability and health of the server before uploading the support bundle.
LG-SN(config-service)# diagnose upload support
Upload server version: diagus-master-76
Upload diagnostics completed successfully
00:00:04: Completed
Check : Resolving upload server hostname
Outcome : ok
Check : Communicating with upload server diagnostics endpoint
Outcome : ok
Check : Upload server healthcheck status
Outcome : ok
Check : Upload server trusts authority key
Outcome : ok
Check : Signature verification test
Outcome : ok
Check : Resolving objectstore-accelerate hostname
Outcome : ok
Check : Resolving objectstore-direct hostname
Outcome : ok
Check : Communicating with objectstore-accelerate
Outcome : ok
Check : Communicating with objectstore-direct
Outcome : ok
LG-SN(config-service)#

Upgrading Service Node Software From Release 7.x.x

Upgrading the DANZ Monitoring Fabric (DMF) Service Node, deployed in L2ZTN from DMF-7.0.0 to a later version, will be automatically completed through a zero-touch upgrade if you upgrade a DMF Release 7.0.x Controller.

Upgrade of DMF Service Node deployed in L3ZTN from DMF- 7.1.0 to a later version will be automatically completed through zero-touch when you upgrade a DMF Release 7.1.x Controller.

To verify that the Service Node is ready for the zero-touch upgrade, enter the following command from the CLI prompt on the active DMF Controller.

controller-1> show service-node sn-name zerotouch

Zerotouch status should be OK.