H3C SeerEngine-DC Скачать руководство пользователя страница 27 | Manualshive

Страница: 27 / 30

H3C SeerEngine-DC Скачать руководство пользователя страница 27

23

Parameter

Description

•

ANY

—Traffic to the external network is directly forwarded by

the gateway to the external network.

•

OFF

—Traffic to the external network is forwarded by the

gateway to the firewall and then to the external network.

•

SUFFIX

—Traffic that matches the vRouter name suffix is

forwarded by the gateway to the firewall and then to the
external network.

directly_external_suffix

vRouter name suffix (DMZ for example). This parameter is
available only when you set the value of the

directly_external

parameter to

SUFFIX

.

When you change the vRouter name, make sure you understand
the impact on this parameter.

Only the Pike, Queens, and Rocky plug-ins support this
parameter.

sec_agent_enable

Whether to enable the h3c-sec-agent process. The default value
is

True

.

This parameter is used and takes effect only for security plug-in
upgrade.

Value change of this parameter does not take effect immediately.
After you set the value to

True

, you must install the security

plug-in and execute the

h3c-secplugin controller

install

command to enable the process.

lb_resource_mode

Resource pool mode of LB service resources.

•

SP

—All gateways share the same LB resource pool.

•

MP

—Each gateway uses an LB resource pool.

The default value is

SP

.

enable_lb_xff

Whether to enable XFF transparent transmission for LB listeners.

•

True

—Enable.

•

False

—Disable.

When the value is

True

and the listener protocol is

HTTP

or

TERMINATED_HTTPS

, a newly created listener is enabled with

XFF transparent transmission by default, and the client's IP
address is transparently transmitted to the server encapsulated in
the

X-Forward-For

field of the HTTP header.

Only the Pike plug-ins support this parameter.

Upgrading the SeerEngine-DC Neutron security plug-in

To upgrade the SeerEngine-DC Neutron security plug-in, first remove the old version and then install
the new version. For more information, see "Installing the security plug-in on the controller node."

CAUTION:

Service might be interrupted during the upgrade. Before performing an upgrade, be sure you fully
understand its impact on services.

IMPORTANT:

The default parameter settings vary depending on the version of SeerEngine-DC Neutron security
plug-in. Modify the default parameter settings for SeerEngine-DC Neutron security plug-in to ensure
that the plug-ins have the same parameter settings before and after the upgrade.

«
...
25
26
27
28
29
...
»

Содержание SeerEngine-DC

Страница 1: ...H3C SeerEngine DC Controller Converged OpenStack Plug Ins Installation Guide New H3C Technologies Co Ltd http www h3c com Document version 5W701 20210702 ...

Страница 2: ...w H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice All contents in this document including statements information and recommendations are believed to be accurate but they are presented without warranty of any kind express or implied H3C shall not be l...

Страница 3: ...re in Boldface For example the New User window opens click OK Multi level menus are separated by angle brackets For example File Create Folder Symbols Convention Description WARNING An alert that calls attention to important information that if not understood or followed can result in personal injury CAUTION An alert that calls attention to important information that if not understood or followed ...

Страница 4: ...lling the SeerEngine DC Neutron plug ins on the OpenStack control node 6 Parameters and fields 9 Upgrading the SeerEngine DC Neutron plug ins 13 Installing the SeerEngine DC Neutron security plug in on OpenStack 13 Installing the security plug in on the controller node 13 Upgrading the SeerEngine DC Neutron security plug in 23 Optional Configuring the metadata service for network nodes 24 FAQ 25 T...

Страница 5: ...he OpenStack framework The SeerEngine DC Neutron plug ins allow deployment of the network configuration obtained from OpenStack through REST APIs on the SeerEngine DC controller including tenants networks subnets routers and ports CAUTION To avoid service interruptions do not modify the settings issued by the cloud platform on the controller such as the virtual link layer network vRouter and vSubn...

Страница 6: ...Stack Stein IMPORTANT Before you install the OpenStack plug ins make sure the following requirements are met Your system has a reliable Internet connection OpenStack has been deployed correctly Verify that the etc hosts file on all nodes has the host name IP address mappings and the OpenStack Neutron extension services Neutron FWaas Neutron VPNaas or Neutron LBaas have been deployed For the deploy...

Страница 7: ...ing Kolla Ansible Before installing the plug ins deploy OpenStack by using Kolla Ansible first For the OpenStack deployment procedure see the installation guide for the specific OpenStack version on the OpenStack official website ...

Страница 8: ...nventory VNID Pools VXLANs Provision Inventory VNID Pools VLAN VXLAN Mappings Add access devices and border devices to a fabric Provision Network Design Fabrics L4 L7 device physical resource pool and template Provision Inventory Devices L4 L7 Device Provision Inventory Devices L4 L7 Physical Resource Pools Border gateway Tenants Common Network Settings Gateway Domains and hosts Provision Network ...

Страница 9: ...n all root localhost yum makecache root localhost yum install y python pip python setuptools 2 Install runlike root localhost pip install runlike 3 Log in to the controller node and edit the etc hosts file Add the following information to the file IP and name mappings of all hosts in this OpenStack environment To obtain this information access the SeerEngine DC controller and select Provision Doma...

Страница 10: ...lla neutron server neutron conf b Press I to switch to the insert mode and modify the configuration file For information about the parameters see neutron conf DEFAULT core_plugin ml2 service_plugins h3c_l3_router qos h3c_vpc_connection h3c_port_forwarding service_providers service_provider VPC_CONNECTION H3C networking_h3c vpc_connection h3c_vpc_conn ection_driver H3CVpcConnectionDriver default qo...

Страница 11: ...olla neutron server fwaas_driver ini file to networking_h3c fw h3c_fwplugin_driver H3CfwaasDriver 3 Modify the ml2_conf ini configuration file a Use the vi editor to open the ml2_conf ini configuration file root localhost vi etc kolla neutron server ml2_conf ini b Press I to switch to the insert mode and set the parameters in the ml2_conf ini configuration file For information about the parameters...

Страница 12: ...o True perform the following tasks Delete the username password and domain parameters in the ml2_conf_h3c ini configuration file Add an authentication free user to the controller Enter the IP address of the host where the Neutron server resides Specify the role as Admin 6 If you have set the use_neutron_credential parameter to True perform the following steps a Modify the neutron conf configuratio...

Страница 13: ...ocalhost docker rmi kolla neutron server h3c 10 Copy the neutron server configuration to the h3c agent directory and modify the configuration root localhost cp pR etc kolla neutron server etc kolla h3c agent root localhost sed i s neutron server h3c agent g etc kolla h3c agent config json 11 Start the neutron server container root localhost source docker neutron server sh 12 View the startup statu...

Страница 14: ...tworks to which the tenants belong vxlan must be specified as the first driver type For intranet only vxlan is available For extranet only vlan is available mechanism_drivers ml2_h3c Name of the ml2 driver To create SR IOV instances for VLAN networks set this parameter to sriovnicswitch ml2_h3c To create hierarchy supported instances set this parameter to ml2_h3c openvswitch extension_drivers ml2_...

Страница 15: ...he vhostuser_mode parameter when the value of this parameter is vhostuser Only the Pike plug in supports this parameter vhostuser_mode Default DPDK vHost user mode server client The default value is server This setting takes effect only when the value of the vif_type parameter is vhostuser white_list Whether to enable or disable the authentication free user feature on OpenStack True Enable False D...

Страница 16: ...ice save the CA certificate in the usr share neutron directory Only the Pike plug in supports this parameter neutron_plugin_cert_file Save location for the Cert certificate of the controller As a best practice save the Cert certificate in the usr share neutron directory Only the Pike plug in supports this parameter neutron_plugin_key_file Save location for the Key certificate of the controller As ...

Страница 17: ...nt Before an upgrade back up the settings in the etc kolla neutron server neutron conf and etc kolla neutron server ml2_conf ini configuration files After the upgrade modify the parameter settings according to the configuration files to ensure configuration consistency before and after the upgrade To upgrade the SeerEngine DC Neutron plug ins just install the new version of the plug ins For inform...

Страница 18: ... FIREWALL H3C networking_sec_h3c fw h3c_fwplugin_driver H3CFwa asDriver default service_provider LOADBALANCERV2 H3C networking_sec_h3c lb h3c_lbplugin_driver_ v2 H3CLbaasv2PluginDriver default service_provider VPN H3C networking_sec_h3c vpn h3c_vpnplugin_driver H3CVpnPlu ginDriver default IMPORTANT For the Pike plug ins when the load balancer supports multiple resource pools of the Context type yo...

Страница 19: ... port_security ml2_type_vlan network_vlan_ranges physicnet1 1000 2999 ml2_type_vxlan vni_ranges 1 500 c Press Esc to quit insert mode and enter wq to exit the vi editor and save the file 4 Edit the neutron conf configuration file a Use the vi editor to open the neutron conf configuration file root localhost vi etc kolla neutron server neutron conf b Press I to switch to the insert mode and then ed...

Страница 20: ... the role as Admin 6 If you have set the use_neutron_credential parameter to True perform the following steps a Modify the neutron conf configuration file Use the vi editor to open the neutron conf configuration file Press I to switch to insert mode and add the following configuration For information about the parameters see neutron conf keystone_authtoken admin_user neutron admin_password 123456 ...

Страница 21: ...sec agent services root localhost source docker neutron server sh root localhost source docker h3c sec agent sh 12 Verify the status of the services root localhost docker ps filter name neutron_server CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 289e4e132a9b kolla centos source neutron server ocata dumb init single 1 minutes ago Up 1 minutes neutron_server root localhost docker ps filter ...

Страница 22: ...is parameter to ml2_h3c openvswitch extension_drivers Names of the ml2 extension drivers Available names include ml2_extension_h3c qos and port_security If the QoS feature is not enabled on OpenStack you do not need to specify the value qos for this parameter To not enable port security on OpenStack you do not need to specify the port_security value for this parameter The Kilo 2015 1 Liberty 2015 ...

Страница 23: ...l type is available only when the value of the resource_mode parameter is CORE_GATEWAY fw_share_by_tenant Whether to enable exclusive use of a gateway service type firewall context by a single tenant and allow the context to be shared by service resources of the tenant when the firewall type is CGSR_SHARE lb_type Type of the load balancers created on the controller CGSR Gateway service type load b...

Страница 24: ...be shared auto_create_resource Whether to enable or disable the automatic resources creation feature True Enable False Disable nfv_ha Whether the NFV and NFV_SHARE resources support stack True Support False Do not support use_neutron_credential Whether to use the OpenStack Neutron username and password to communicate with the SeerEngine DC controller True Use False Do not use firewall_force_audit ...

Страница 25: ...share neutron directory Only the Pike plug ins support this parameter cgsr_fw_context_limit Context threshold for context based gateway service type firewalls The value is an integer When the threshold is reached all the context based gateway service type firewalls use the same context This parameter takes effect only when the value of the firewall_type parameter is CGSR_SHARE_BY_COUNT Only the Pi...

Страница 26: ...the controller s gateway name for the network_vlan_ranges parameter Only the Pike plug ins support this parameter tenant_gateway_name Name of the gateway to which the tenant is bound The default value is None When the value of the tenant_gw_selection_strategy parameter is match_gateway_name You must specify the name of an existing gateway on the controller side Only the Pike Queens and Rocky plug ...

Страница 27: ...de Resource pool mode of LB service resources SP All gateways share the same LB resource pool MP Each gateway uses an LB resource pool The default value is SP enable_lb_xff Whether to enable XFF transparent transmission for LB listeners True Enable False Disable When the value is True and the listener protocol is HTTP or TERMINATED_HTTPS a newly created listener is enabled with XFF transparent tra...

Страница 28: ... the network nodes to provide metadata service through DHCP a Use the vi editor to open configuration file dhcp_agent ini root network vi etc kolla neutron dhcp agent dhcp_agent ini b Press I to switch to the insert mode and modify configuration file dhcp_agent ini as follows DEFAULT force_metadata True Set the value to True for the force_metadata parameter to force the network nodes to provide me...

Страница 29: ...username username proxy_password password Table 4 describes the arguments in HTTP proxy information Table 4 Arguments in HTTP proxy information Field Description username Username for logging in to the proxy server for example sdn password Password for logging in to the proxy server for example 123456 yourproxyaddress IP address of the proxy server for example 172 25 1 1 proxyport Port number of t...

Страница 30: ...26 3 If the issue persists contact after sales engineers ...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды