The VPU (VLAN Per User) module allows each server to be placed in a separate broadcast domain. Using broadcast domains helps to:

  • reduce the amount of broadcast traffic;
  • reduce the number of conflicts;
  • prevent network attacks such as IP spoofing.

In the current version, the module is available for the following switches:

  • Juniper QFX.

You can create your own handler for the module to work with other equipment. Read more in the article Creating a VPU handler.

Work logic


To place the server in a broadcast domain, the module:

  1. Creates a VPU network for the server. To create the network, the module uses the pool of IP addresses defined in the settings.
  2. Adds the VPU network to the switch or router settings. For this purpose, the equipment management service:
    1. Creates a VLAN on the device to which the VPU network belongs.
    2. Creates an IRB interface for this VLAN.
    3. Configures the dhcp-relay option.
  3. Assigns the server one of the IP addresses of the VPU network as the primary address.
  4. Assigns the VPU network gateway to the IRB interface of the switch.
  5. If necessary, assigns additional IP addresses to the server from the pool defined in the module settings. The BGP protocol and the bird service are used to route these addresses.
  6. Before performing the operation on the server:
    1. Creates a VPU network for the server’s BMC, if needed. To create the network, the module uses the pool of IP addresses defined in the settings.
    2. Changes BMC network settings - the address, default gateway and network.
    3. Moves the server to the VLAN to which the VPU network belongs.

When configuring the DCImanager module, it installs and configures the bird service on the location. The service is used to transmit information about BGP routes. When configuring the bird service, the platform:

  1. Adds the data from the module settings to the bird configuration file template.
  2. Sends the configuration file to the location and checks it with the birdc utility.
  3. If no errors are found in the configuration file, it replaces the current configuration and restarts bird. If errors are found, it cancels the task to configure bird.

If successfully configured, the bird service will start route synchronization on the network equipment. After synchronization of routes, it will be possible to create VPU-networks in the platform.

To improve stability, the bird platform creates a backup file with static routes. After restart, the bird platform restores the network routes from this file.

Preparing to install the module


Before installation:

  1. Create pools of IPv4 addresses and physical networks:
    1. For servers in broadcast domains.
    2. For server BMCs.
    3. For additional IP addresses.
  2. Configure the BGP protocol on the switch or router.

Example of BGP configuration on a Juniper QFX router

  1. Set the autonomous BGP system number:
    1. Open the configuration mode.
    2. Enter the routing-options settings:

      {master:0}[edit]
      root# edit routing-options
      CODE
    3. Set the autonomous system number. For example, 121:

      {master:0}[edit routing-options]
      root# set autonomous-system 121
      CODE
    4. Check the configuration. The autonomous system number is in the autonomous-system parameter.

      {master:0}[edit routing-options]
      root# show
      CODE

      Example of response

      static {
          route 0.0.0.0/0 next-hop 10.99.0.1;
      }
      autonomous-system 121;
      CODE
    5. Save the changes:

      {master:0}[edit routing-options]
      root# commit
      CODE
  2. Set up connections to the "neighbors" of the autonomous system:
    1. Enter the protocol editing settings:

      {master:0}[edit]
      root# edit protocols bgp
      CODE
    2. Specify the settings for the device group and the IP address of the participant:

      {master:0}[edit protocols bgp]
      root# set group internal type internal neighbor 10.99.0.11
      CODE

      internal — the device group uses iBGP. If eBGP is used for routing, specify external.

      10.99.0.11 — IP address of the participant

    3. Set the local address of the router:

      {master:0}[edit protocols bgp]
      root# set group internal local-address 10.0.0.1
      CODE

      10.0.0.1 — local address of the router

    4. Check the configuration:

      {master:0}[edit protocols bgp]
      root# show
      CODE

      Example of response

      traceoptions {
          file bgp.log size 1m files 50;
      }
      advertise-inactive;
      log-updown;
      damping;
      local-as 121;
      group internal {
          type internal;
          local-address 10.0.0.1;
          neighbor 10.99.0.11;
      }
      CODE
    5. Save the changes:

      {master:0}[edit protocols bgp]
      root# commit
      CODE
  3. Check the configuration:

    show bgp summary
    CODE

    When successfully configured, the status of the protocol in the State column should be Active.

    Threading mode: BGP I/O
    Groups: 1 Peers: 1 Down peers: 1
    Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
    inet.0
                           0          0          0          0          0          0
    Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
    10.99.0.150             121          0          0       0       0 4w2d 1:02:35 Active
    CODE

Installing the module


To install the module, enter ModulesVPU (Vlan per user)Install.

Configuring the module


To configure, enter Modules VPU (Vlan per user) Go to settings Configure:

  1. Select a Handler for the VPU.
  2. Specify Network settings:
    1. Select the Pool for VPU. Used for automatic operation of the VPU module from the billing system.
    2. Select the Pool for BMC. Used for automatic operation of the VPU module from the billing system.
    3. Select the Pool for additional IP addresses. The physical networks from this pool will automatically be placed in the Provider networks field.
      This pool is used for automatic operation of the VPU module from the billing system.
    4. Specify the Provider networks — IPv4 networks for additional server IP addresses. Additional server addresses that do not belong to any of the listed networks will not be passed to the router using BGP.
  3. Specify BGP session settings for IPv4:
    1. The number of the Local autonomous system.
    2. BGP community for IPv4 in the format: ASN[:VALUE][:VALUE]. Communities from 1:0:0 to 65534:65535:65535 are available for use.
    3. Neighbor IPv4.
    4. Neighbor autonomous system.

    5. Discretionary Bird note.
  4. Press Next.
  5. Specify the Routing configuration — data to connect to the switch:
    1. IP address. The default value is automatically filled in from the Neighbor IPv4 field.
    2. Port.

    3. SSH user.
    4. SSH password.
  6. Press Next.
  7. If you use your own handler, specify its settings:
    1. Press Add settings.
    2. Specify the Key and the Value of the setting.
  8. Press Configure VPU on location.

Example of configuration


To manage the module settings, enter ModulesVPU (Vlan per user) Go to settings.

To change the settings, press on the name of the corresponding location.

To delete the settings, press .

To configure the module for a different location, press Configure VPU on location .

Settings section interface

Configuring VPU networks


You can manage VPU networks under NetworkVirtual networks (VLANs) → select the VLAN → VPU networks.

To create a VPU network: 

  1. Press Add a VPU network .
  2. Select the network purpose:

    1. Specify the Network prefix from /25 to /31.
    2. Select the Pool .
    3. To have the VLAN use the VPU network as a local address for broadcast traffic, enable the Main IPv4 network option.
    4. Add a discretionary Note .
    5. Press Apply.
    1. Specify the Network prefix from /25 to /30.
    2. Select the Pool .
    3. Add a discretionary Note .
    4. Press Apply.

Through the menu, you can perform operations with VPU networks:

  • Note — specify an discretionary comment;
  • Main network;
  • Delete the VPU network.

Allocation of IP addresses for servers and BMC


To allocate an IP address for the server from the created VPU network:

  1. Enter Servers → select the server → SettingsNetwork.
  2. Press allocate.
    1. Select From VPU-network.
    2. Select the VLAN. The server will be placed in this VLAN when operations are performed.
    3. Specify the VPU network.
    4. Specify the Host.
  3. Click Allocate IP address. By default, the first allocated IP address will be the primary IPv4 address for the server.

Note

It is not possible to assign a primary address outside of the VPU network if the server has a VPU network address.

Allocating an IP address for BMC from the created VPU network is available on the BMC settings edit form:

  1. Enter Servers → select the server → BMCMenuSettings.
  2. Press edit IP Address.
    1. Select IP address allocation From VPU network.
    2. Select the VPU-network from the required VLAN. This is the VLAN in which the server's VPU network is located.
    3. Press Save.

Note

BILLmanager automatically allocates IP addresses for servers and BMC. We recommend that you configure the VLAN on closure of service so that when the service is closed in the billing system or the server is released manually, it will return to the default VLAN. Read more in Adding released servers to VLAN.

Deleting a module


To delete a module:

Step 1. Release the occupied IP addresses that belong to VPU networks:

To release an IP address allocated to the server:

  1. Enter NetworkVirtual networks (VLAN) → select the VLAN → VPU Networks → select the network → menuAllocated IP addresses.
  2. Press  to delete the IP address.

To release an IP address allocated to the BMC:

  1. Enter NetworkVirtual LANs (VLANs) → select the VLAN → VPU Networks → select the network → menu Allocated IP addresses.
  2. Click the BMC link → MenuSettingsedit the IP Address.
  3. Select Enter the existing and specify a new IP address.
  4. Press Save.

Step 2. Delete all VPU networks from all VLANs.

Enter NetworkVirtual networks (VLAN) → select the VLAN → VPU Networks → select the network → menu → Delete the VPU network. Repeat for all VLANs that have VPU networks configured.

Step 3. Delete VPU settings on all locations.

To do this:

  1. Enter Modules VPU (Vlan per user) Go to settings.
  2. Click on the required location → Delete VPU settings. Repeat for all locations that have VPU networks configured.

Step 4. Delete the VPU module.

To delete the module, enter ModulesVPU (Vlan per user) Delete Delete module.