Installing the Controller

The following procedure describes how to install the SDN controller:

  • • Install the OS on the server and configure Redundant Array of Independent Drives (RAID).
  • • Download and configure the installation tool.
  • • Load the controller installation program to the installation tool, and complete the installation.

Apply for and activate a license after the installation is completed.

Best Practices of Cloud DCN Deployment ■ 345

For installation examples, visit the Huawei technical support website and search for related product documentation.

Commissioning Interconnections

After the SDN controller is installed, pre-configure the controller to prepare for service provisioning. To commission interconnections, perform the following operations:

TABLE 9.9 Key Steps of Basic Network Pre-configurations





Configuring basic device information

  • • Create a device name, which must be unique on the entire network
  • • Configure system time and NTP synchronization information on the device
  • • Configure a remote login management mode, user name, and password
  • • Configure an IP address for the device management interface and a route on the management plane






  • • Connect spine nodes and leaf nodes, including server leaf nodes, service leaf nodes, and border leaf nodes, through Layer 3 main interfaces
  • • Configure IP addresses for interconnections in preparation of configuring routing protocols on the underlay network


Configuring loopback and VTEP addresses

Create two virtual interfaces, LoopbackO and Loopbackl, on each leaf node (NVE node)

  • • LoopbackO address is used as the router ID, DFS group address of the M-LAG, and source interface for sending BGP packets during BGP EVPN peer establishment
  • • Loopbackl IP address is used as the VTEP IP address. Members in an active-active device group must use the same VTEP IP address


Configuring routing protocols on the underlay network

A routing protocol on the underlay network is used to configure underlay routes to establish VXLAN tunnels on the upper-layer overlay network. This ensures that VTEP IP addresses are mutually reachable at Layer 3. OSPF is recommended for small- and medium-sized networks, and EBGP for large-sized networks


Configuring an M-LAG

Configure a DFS group and peer-links to establish an active- active M-LAG

It is recommended that server leaf nodes, border leaf nodes, and service leaf nodes use two switches to form an M-LAG, which improves reliability and ensures service continuity even during a device upgrade


346 ■ Cloud Data Center Network Architectures and Technologies

TABLE 9.9 (Continued) Key Steps of Basic Network Pre-configurations





Configuring server access

In most cases, servers are connected to the server leaf work group using two uplinks. That is, servers are connected through two network interfaces to two server leaf nodes in the same M-LAG For servers connected in load balancing mode, configure an M-LAG on leaf nodes. For servers connected in active/standby mode, do not configure Eth-Trunk on leaf nodes If a server leaf node connects to a common service server, configure only M-LAG access. The SDN controller will automatically deliver other access configurations When a server leaf node is connected to the SDN controller or SecoManager server, the southbound gateway of the controller uses VLANIF and VRRP to connect to the server leaf node. In this case, you do not need to configure VPN for the southbound gateway. Instead, the routing protocol on the underlay network imports direct routes to implement Layer 3 interconnections between the SDN controller and its managed devices


Configuring BGP EVPN

On a DC VXLAN network

  • • Use BGP EVPN as the VXLAN control plane protocol
  • • Configure leaf nodes as BGP RR clients and spine nodes as BGP RRs
  • • Create EVPN IBGP peer relationships between the leaf nodes and spine nodes




Two firewalls work in active/standby mirroring mode, where the two firewalls synchronize configurations through an interconnected heartbeat link. If the active firewall fails, the standby firewall takes over. The active and standby firewalls have the same configurations, thereby ensuring service continuity

  • • Configure a service interface for connecting the firewall to a service leaf node
  • • Configure a management interface for connecting the firewall to the SecoManager
  • • Configure the active/standby mirroring mode for firewalls



parameters for interconnections between network devices and the controller

Configure the following protocols on switches and firewalls so that the SDN controller can manage the firewalls

  • • SNMPv3: used by the SDN controller to discover, add, and manage devices
  • • NETCONF: used by the SDN controller to deliver configurations to network devices
  • • Link Layer Discovery Protocol (LLDP): It automatically discovers neighbor relationships and reports them to the controller


Configuring the external management network

The configurations of out-of-band management network are similar to those for a legacy DCN and are not described here

  • • Discover switches on the SDN controller so that it can manage them.
  • • Discover links between devices and between devices and servers on the SDN controller, to prepare for service provisioning and topology management.
  • • Create a device group for the two switches that already have M-LAG deployed on the SDN controller.
  • • Create a fabric network on the SDN controller, and add it to switches. The fabric is similar to a network resource pool.
  • • Discover firewalls on the SecoManager, and create firewall device groups and firewall resource pools.
  • • Connect the SDN controller to the SecoManager and synchronize data between them.
  • • Set the firewall link type and associate the firewall resource pool with the fabric, so that the services on the fabric can use resources in the firewall resource pool on demand.
  • • Interconnect the SDN controller with the cloud platform or computing virtualization platform (VMM) and set interconnection parameters to prepare for inter-system association and automatic service provisioning.
< Prev   CONTENTS   Source   Next >