Installing DMF Switches
This chapter describes installing DANZ Monitoring Fabric (DMF) switches and performing initial setup and configuration.
DMF supports secure HTTPS connectivity for Controller-hosted URLs using ZTP.
Before DMF version 8.4, the Controller used HTTP to access ZTP install scripts and software images. HTTP does not provide the security required in today’s network environments, so the need for HTTPS support arose in those customer environments where all port 80 traffic (HTTP) is blocked. Blocking HTTP access makes the DHCP-based installation of Switch Light and other required software impossible. This new feature allows access to ZTP install scripts and software images via secure HTTPS.
HTTPS Support for Controller Hosted URLs using ZTP
DANZ Monitoring Fabric (DMF) supports secure HTTPS connectivity for Controller-hosted URLs using ZTP.
Before DMF version 8.4, the Controller used HTTP to access ZTP install scripts and software images. HTTP does not provide the security required in today’s network environments, so the need for HTTPS support arose in those customer environments where all port 80 traffic (HTTP) is blocked. Blocking HTTP access makes the DHCP-based installation of Switch Light and other required software impossible. This new feature allows access to ZTP install scripts and software images via secure HTTPS.
This feature does not require any special configuration.
Use the CLI show switch-image url
command to display the URLs for the ZTP install script and images.
The output contains HTTP and HTTPS URLs for the script and each available image, as shown in the following example.
C1> show switch-image url
# FileUrlAlternative Url
-|-------------------------|------------------------------------------------------------|---------------|
1 arista-ztp-install-script http://<controller IP>/switchlight/arista-ztp-install-script
2 arista-ztp-install-script https://<controller IP>/switchlight/arista-ztp-install-script
3 install-amd64 http://<controller IP>/switchlight/install-amd64
4 install-amd64 https://<controller IP>/switchlight/install-amd64
5 update-amd64http://<controller IP>/switchlight/amd64
6 update-amd64https://<controller IP>/switchlight/amd64
7 update-aristaeoshttp://<controller IP>/eos/x86_64
8 update-aristaeoshttps://<controller IP>/eos/x86_64
Zero Touch Fabric Provisioning Modes
- Layer 2 Zero Touch Fabric (L2ZTF, Auto-discovery switch provisioning mode): In this mode (which was the default up to DMF release 8.4), the switch ONIE software automatically discovers the Controller via IPv6 local link addresses and downloads and installs the appropriate Switch Light OS image from the Controller. This installation method requires all the fabric switches and the DMF Controller to be in the same Layer 2 network (IP subnet). If the fabric switches need IPv4 addresses to communicate with SNMP or other external services, configure IPAM, which provides the Controller with a range of IPv4 addresses to allocate to the fabric switches.
- Layer 3 Zero Touch Fabric (L3ZTF, Pre-configured switch provisioning mode): In this mode, which is the default starting from DMF release 8.5, when fabric switches are in a different Layer 2 network from the Controller, log in to each switch individually to configure network information and download the ZTF installer. Subsequently, the switch automatically downloads Switch Light OS from the Controller. This mode requires communication between the Controller and the fabric switches to occur using IPv4 addresses, and no IPAM configuration is required.
controller-1(config)# switch <name>
controller-1(config-switch)# mac <mac-address>
The following table summarizes the requirements for installation using each mode:
Requirements | Layer 2 mode | Layer 3 mode |
---|---|---|
Any switch in a different subnet from the Controller? | No | Yes |
IPAM configuration for SNMP and other IPv4 services? | Yes | No |
IP address assignment | IPv4 or IPv6 | IPv4-only |
Refer to this section | Using L2 ZTF (Auto-Discovery) Provisioning Mode | Changing to Layer 3 (Pre-Configured) Switch Provisioning Mode |
Install all the fabric switches in a single fabric using the same mode. If there are any fabric switches in a different IP subnet than the Controller, DANZ Monitoring Fabric (DMF) requires using Layer 3 mode to install all the switches, even those in the same Layer 2 network as the Controller. Installing switches in mixed mode, with some switches using ZTF in the same Layer 2 network as the Controller, while other switches in a different subnet are installed manually or using DHCP is unsupported.
Using L2 ZTF (Auto-Discovery) Provisioning Mode
Requirements
- The DANZ Monitoring Fabric 8.5 Hardware Compatibility List lists the supported fabric switches.
- Connect the management Ethernet interface of each physical switch to the management network and power it up.
- Connect the DANZ Monitoring Fabric (DMF) Controller appliance management interface to the same Layer 2 management network as the management Ethernet interface of every physical switch.
- When upgrading switches from a previous deployment, ensure the Switch Light OS image is compatible with your Controller version.
- Designate a range of IPv4 addresses to be assigned using IPAM when switches must communicate with SNMP, NTP, syslog, or other IPv4 services.
Switch Installation Procedure
As shown in the illustration, services can be provided by the DMF Service Node Appliance or a third-party Network Packet Broker (NPB).
To use ZTF to bring up a DMF switch in this deployment, complete the following steps:
Arista Switch Installation Procedure for 7050X Series and 7260X Series
The initial installation of Switch Light OS on the Arista platforms is accomplished by dropping it into the Aboot shell interface at boot time and telling it to boot the Switch Light switch image. This operation will install Switch Light on the system. This is a one-time extra step needed during the first installation of Switch Light OS in DMF. The boxes will subsequently boot as expected under Switch Light.
This procedure is also required for any Arista switches currently running EOS. Perform the following steps for the Arista switch to boot from the DMF Controller:
Allocating IPv4 Addresses to Fabric Switches
When using L2 ZTF, the DANZ Monitoring Fabric (DMF) Controllers and fabric switches use link-local IPv6 for communication. To enable switches to communicate with external (IPv4) services, configure IP address management (IPAM), which assigns IPv4 addresses to the switches in the fabric from a configured pool of addresses. This configuration enables a fabric switch in L2-ZTN mode to communicate with external services such as NTP, SNMP, and Syslog.
No IPv4 address is required for the switch to interact with the Controller for time synchronization (NTP) and logging (syslog).
Static IP Addresses
Static IPv4 addresses can be configured on switches in a fabric managed by IPAM.When IPAM is enabled, IPAM will automatically assign IPv4 addresses to switches on which a static IPv4 address has not been configured as long as there are allocated IP addresses available. DMF preserves both automatically and statically allocated IP addresses in the event of a reboot or Controller failure.
Using the GUI to Allocate IPv4 Addresses
Using the CLI to Allocate IPv4 Addresses with IPAM
Assigning Static IPv4 Addresses
If needed, a static IPv4 address can be assigned to a switch in a fabric managed by IPAM. Removing the assigned address will return the switch to IPAM address management, and an IPv4 address will be assigned to it from the allocated pool if one is available.
Using the GUI to Assign a Static IPv4 Address
Using the CLI to Assign a Static IPv4 Address
auto
as shown below:
controller-1(config)# show running-config switch core1
! switch
switch core1
ip-address auto 10.0.0.2
mac 00:53:00:57:c9:3b
Static Address Assignment Troubleshooting and Limitations
Syslog Messages and Tracing
There are no syslog messages associated with this feature. To gain insight into the IPAM IP allocation process, enable tracing logs.
controller-1(config)#logging level org.projectfloodlight.core.ipalloc trace
controller-1(config)#logging level org.projectfloodlight.zerotouch.startupconfig trace
controller-1(config)#show logging controller | grep Ipam
Locate relevant log output in the floodlight syslog at /var/log/floodlight/floodlight.log.
Troubleshooting
When troubleshooting, be sure to use the show ipam switch command to display actual IP address allocations instead of the show running-config ipam switch command, which only displays the configuration and last used auto
IP addresses of the switches.
- IPAM is enabled.
- Make sure that the
allocate
field is present in the IPAM configuration. If not, configure the deployment mode as shown below:controller-1(config)#ipam switch controller-1(config-ipam-switch)#allocate
- Make sure that the ZTN deployment mode is set to
auto-discovery
.If not, configure the deployment mode as shown below:controller-1(config)deployment-mode auto-discovery
- Make sure that the
- For a configured s IP address, make sure that the address is in the defined IPAM subnet.
- For an
auto
IP address, make sure that there are enough IP addresses in the defined IP address ranges for all switches.Note: Anauto
IP address in a switch configuration does not necessarily result in an actual IP address assignment and stays there even if the allocated IP address is unavailable, e.g., if IPAM is disabled or the corresponding IP address range is removed. If a configuration change (such as enabling IPAM or adding an IP address range that includes the allocated address), the switch will get this IP address, which was the last automatically allocated IP address, to promote IP stability. - You may cross-check the applied IP address on the running configuration of the switch as shown below:
controller-1#show switch core1 running-config | grep ip-address swl interface ip-address 10.0.0.3 prefix 21
- An alternative way to cross-check the IP address of the switch is to connect to it and then execute the ifconfig command to view the IP address of the interface:
> connect switch core1 Switch Light OS SWL-OS-DMF-8.5.x(0), 2023-12-01.02:24-4be6844 Linux core1 4.19.296-OpenNetworkLinux #1 SMP Fri Dec 1 02:35:57 UTC 2023 x86_64 SwitchLight ZTN Manual Configuration. Type help or ? to list commands. (ztn-config) debug bash *****************************WARNING****************************** Any/All activities within bash mode are UNSUPPORTED This is intended ONLY for additional debugging ONLY by Arista TAC. Please type "exit" or Ctrl-D to return to the CLI *****************************WARNING****************************** root@core1:~# ifconfig -a eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu 1500 inet6 2001:0DB8:0:1:5054:ff:fe59:b9b6prefixlen 64scopeid 0x20<link> ... ma1: flags=5187<UP,BROADCAST,RUNNING,MASTER,MULTICAST>mtu 1500 inet 10.0.0.2netmask 255.255.248.0broadcast 0.0.0.0 ...
Limitations
- Note that the show switch command does not display IPv4 addresses. To cross-check the assigned IPv4 number, examine the running config of the switch. (See Troubleshooting section.)
- In order to enable IPAM, ZTN deployment mode must be configured as
auto-discovery
. - IPAM can only manage switch IP addresses in a single subnet, but multiple IP address ranges can be defined in that subnet.
Using L3 ZTN (Pre-Configured) Switch Provisioning Mode
deployment-mode pre-configured
command is entered on the DMF Controller to enable Layer 3 ZTF.
Installing a Switch Using L3 ZTF (Preconfigured) Provisioning Mode
Installing Arista 7050X and 7260X Series Switch Using L3 ZTF (Preconfigured) Provisioning Mode
Procedure
Installing Arista 7280R Series Switch Using L3 ZTF (Preconfigured) Provisioning Mode
This is a one-time setup needed to load the DMF-compatible EOS image. When set up, the next Controller upgrade will also automatically upgrade the switches.
Perform these steps on the 7280R Series switch to boot from the DMF Controller.
Installing Arista 7800R3 Series Switch Using L3 ZTF (Preconfigured) Provisioning Mode
A chassis can have one or more line cards. From a Controller's perspective, a chassis-based switch with multiple line cards, each with its own application-specific integrated circuit (ASIC), is treated as a single switch. When connected, a chassis works like any other switch and requires no user intervention for this support to work. The Controller automatically recognizes the chassis, initiates a handshake, and reacts to any chassis events like line card addition and removal.
Show commands display the modules in each chassis slot, whether line cards or supervisors, display line card properties, and what redundancy mode is active.
-
DCS-7804-CH
-
DCS-7808-CH
-
DCS-7812-CH
-
DCS-7816-CH
-
The maximum number of flows supported by the chassis is 8188 (in total for the entire system).
-
The SSO redundancy protocol is not supported.
This is a one-time setup needed to load the DMF-compatible EOS image. When set up, the next Controller upgrade will also automatically upgrade the switches.
Perform these steps on a 7800R3 Series switch to boot from the DMF Controller:
Configuring the Switch Static IP and Controller IP in Interactive ZTF Mode
zcsh
CLI, complete the following steps:Installing Arista 7050X and 7260X Series using DHCP with bootfile-name option
The Arista ZTP boot script is served to the Arista switch using DHCP’s bootfile-name option (option #67). The Arista switch downloads and executes this Arista ZTP boot script during its ZTP (Zero Touch Provisioning) phase following boot. The Arista ZTP boot script copies the Switch Light OS files from the DMF Controller and configures the appropriate boot settings on the Arista switch.
Procedure
Installing Arista 7280R Series using DHCP with bootfile-name option
Using DHCP with Default URL for Switch Installation in Preconfigured Provisioning Mode
Registering a Switch After Initial Deployment
To add a switch to the fabric after initial deployment, register the name and MAC address of the switch with the active DANZ Monitoring Fabric (DMF) Controller. The switch downloads a compatible Switch Light OS image and configuration from the Controller and uses the registered switch name to refer to the switch in the CLI output and GUI displays.
Using the GUI to Register a Switch
Using the CLI to Register a Switch
switch switch-name
command to enter the config-switch
submode, to associate the switch name with the MAC address of a physical switch. Replace switch-name with a unique alphanumeric text string. For example, the following commands assign the switch names core-sw-1, filter-sw-1, and delivery-sw-1 to three switches:
controller-1(config)# switch DMF-CORE-SWITCH-1
controller-1(config-switch)# mac 00:00:00:00:00:09
controller-1(config-switch)# switch DMF-FILTER-SWITCH-1
controller-1(config-switch)# mac 00:00:00:00:00:0b
controller-1(config-switch)# switch DMF-DELIVERY-SWITCH-1
controller-1(config-switch)# mac 00:00:00:00:00:0e
show
switch
command from any mode, as in the following example:
controller-1> show switch
# Switch NameIP Address StatePipeline Mode
- |--------------- |--------------------------- |--------- |---------------------
1 bigtap-switch-1fe80::ce37:abff:fe60:d474%2connectedbigtap-l3l4-push-vlan
2 bigtap-switch-2fe80::ce37:abff:fe60:cf8a%2connectedbigtap-l3l4-push-vlan
3 bigtap-switch-3fe80::ce37:abff:fea0:9071%2connectedbigtap-l3l4-push-vlan
The output shows the switch alias, IP address, state, and pipeline mode.
no switch
command.
controller-1(config)# no switch DMF-CORE-SWITCH-1
After removing the switch registration, perform a new switch registration using the new switch name.
Changing the ZTF Mode After Deployment
Changing to Layer 3 (Pre-Configured) Switch Provisioning Mode
ZTF cannot be used to install the switches when the switch management network connects the DANZ Monitoring Fabric (DMF) Controllers through a Layer 3 network. However, when a switch is in a different subnet than the Controller, manually configure the switches or use a DHCP server to download the Switch Light OS image to each fabric switch. To do this, change the switch provisioning mode to Pre-Configured.
If the switches and Controllers are in the same L2 broadcast domain, use the auto-discovery switch deployment mode for an L2-ZTF deployment. If the switches and Controllers are not in the same L2 broadcast domain, use the pre-configured provisioning mode to enable an L3-ZTF deployment. The entire fabric must be in a single provisioning mode; DMF only supports the auto-discovery provisioning mode if all the switches are in the same Layer 2 domain.
Using the GUI to Change the Switch Provisioning Mode
Procedure
Using the CLI to Change the Switch Provisioning Mode
Procedure
Changing to Layer 3 ZTF (Preconfigured) Mode
Procedure
Changing to Layer 2 ZTF (Auto-Discovery) Mode
Procedure
System Reinstall for an EOS Switch
Perform a system reinstall by removing the local startup-config/zerotouch-config on the switch so the DANZ Monitoring Fabric (DMF) Controller no longer manages it.
Rebooting the switch restarts the Arista-native ZTP process and requests a fresh image from the Controller.
Use the following command to perform a system reinstall:
C1# system reinstall switch eos-switch-name reboot
The following is an example where the switch name is core1
.
C1(config)# system reinstall switch core1 reboot
system switch reinstall: "deployment-mode pre-configured"
system switch reinstall: l3-ztn currently configured
system switch reinstall: l3-ztn implies switches are remote
system switch reinstall: l3-ztn and some switches may not rejoin
reinstall may cause service interruption
system switch reinstall ("y" or "yes" to continue): y
An optional parameter called reboot forces the switch to reboot and begin the re-installation process.
CLI Show Commands
When the switch is rebooting, ZTN cannot communicate with the switch, so a Zerotouch state error hint
and Zerotouch
state error msg
appear when using the following show command:
(config)# show switch core1 zerotouch
Name : core1
Ip address : 10.243.254.25
Last update: 2023-06-02 07:18:35.749000 UTC
Zerotouch state: reloading
Zerotouch state error hint : Rest API Client problem
Zerotouch state error msg: Connect to 10.243.254.25:80 [/10.243.254.25] failed: Connection refused (Connection refused)
The error message changes after the switch has fully booted.
SM-InspiringPare-Broadwater-C1(config-crypto)# show switch core1 zerotouch
Name : core1
Ip address : 10.243.254.25
Last update: 2023-06-02 07:29:34.850000 UTC
Zerotouch state: reloading
Zerotouch state error hint : Rest API Client problem
Zerotouch state error msg: No route to host (Host unreachable)
At this point, the switch has booted up entirely. Still, the Controller cannot talk to the switch, as the necessary configuration is absent. Kick-start the DMF ZTN process on the switch again using the commands below:
(config)# management dmf
(config-mgmt-dmf)# controller address ip-address
(config-mgmt-dmf)# no disabled
Troubleshooting
Check the status using the command show switch switch-name zerotouch
.
After performing the steps above for reconnecting an EOS switch, and if the state remains stuck in reloading (and there is a Zerotouch state error hint
/ Zerotouch state error msg
output), please contact 이 이메일 주소가 스팸봇으로부터 보호됩니다. 확인하려면 자바스크립트 활성화가 필요합니다..
SKU Reporting for EOS Switches
Like SwitchLight (SWL) OS switches, EOS switches now report their SKUs to the DANZ Monitoring Fabric (DMF) Controller.
View the EOS switch SKU using the DMF Controller CLI or GUI.
Using the CLI to Configure SKU Reporting for EOS Switches
Run the show fabric inventory
command from the login mode
to view the switch SKUs from the DMF Controller CLI.
SKU
column indicates the SKU of each switch.
CONTROLLER-1> show fabric inventory
~~~~~~~~~~~~~~~~~ Controller Inventory ~~~~~~~~~~~~~~~~~
# Node Id Hostname SKUSerial Number
-|-------|-------------------|-----------|-------------|
1 29617 CONTROLLER-1DCA-DM-C450FF99R52
2 23262 CONTROLLER-2DCA-DM-C4503W9D3Y2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Switch Inventory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Switch SKU Serial Number ManufacturerAsic
-|--------------------|-----------------|-------------|---------------|------------|
1 dmf-arista-7280SR2-2 DCS-7280SR2-48YC6 JPE22123192 Arista Networks jericho-plus
2 dmf-arista-7280CR3-1 DCS-7280CR3-32P4JPE20383391 Arista Networks jericho2
3 dmf-arista-7280SR3-1 DCS-7280SR3-48YC8 JPE22191168 Arista Networks jericho2c
4 dmf-arista-7280CR3-2 DCS-7280CR3-32P4JPE20383398 Arista Networks jericho2
5 dmf-arista-7280SR-1DCS-7280SR-48C6 SGD20370893 Arista Networks jericho
6 dmf-arista-7280SR2-1 DCS-7280SR2-48YC6 JPE20476226 Arista Networks jericho-plus
~~~~~~~~~ Recorder Node Inventory~~~~~~~~~
# Recorder NodeSKUSerial Number
-|-----------------|----------|-------------|
1 DMF-RECORDER-NODE DCA-DM-RA3 FLC1RN3
~~~~~~~~ Service Node Inventory~~~~~~~~
# Service NodeSKUSerial Number
-|-----------------|----------|-------------|
1 DMF-SERVICE-NODEDCA-DM-SDL GS11RN3
Using the GUI to Configure SKU Reporting for EOS Switches
To view the switch SKUs from the DMF Controller GUI, hover the mouse over the Fabric menu bar and select Switches.
The Switches page loads.
The SKUs do not appear by default but display after enabling the SKU column. To enable the column, click the menu button in the table. In the menu, select Show/Hide Columns.
In the dialog box, select the SKU checkbox and click Save Preferences.
The SKU column appears in the Switches table and displays the SKU of each switch.