Underlay Network
Aruba Central NetConductor can automate deployment of the underlay network using a wizard-based deployment. Users also can use the MultiEdit option to provision the underlay network for greenfield deployment and for brownfield deployments that require different network configurations and topologies.
Aruba Central Connectivity
All switches supported for use with NetConductor have dedicated management network ports, which is the preferred solution for data centers, when possible. In-band Management also is supported and most often is required for Campus networks where multiple buildings and closets make Out-Of-Band-Management (OOBM) impractical.
Using in-band management presents challenges since connectivity to the Internet/Central is required both before and after configuration of the underlay network using NetConductor as well as name resolution. Typically, this is accomplished using the default VLAN (1) initially because the connected ports use this by default. Extra care is required for VSX pairs, since the default route used for initial Central connectivity will remain active due to the ISL connection and the default administrative distance for this route is lower than the default OSPF route distance. As a result, the initial default route should be assigned a higher administrative distance (such as 120) to ensure that the OSPF default route prevails after completion of the underlay wizard.
In some cases, manual configuration of port speed or breakout settings for transceivers or DAC cables may be required.
Wizard Deployment
The NetConductor “Underlay Networks” workflow automates deployment of the underlay network, including configuration of point-to-point routed connections between switches in the fabric and single area OSPF configuration. Currently, the wizard only supports OSPF.
The following prerequisites must be satisfied before using the Underlay Wizard:
All Aruba CX switches must run AOS-CX 10.10.1020 or later.
VSF stacks must be pre-configured
Move all devices and switches that are on-boarded in Aruba Central into the same UI group.
All physical cabling between the switches must be setup and running, including VSX ISL/LAG and keep-alive links. Links are discovered using LLDP, so this is critical.
LLDP must be enabled on all devices and ports. This is default behavior for CX switches.
Ensure that all previously existing underlay network configurations are removed from the switches.
In-band or out-of-band management, including DNS resolution, must be configured.
If in-band management is used, take care to ensure that connection to Central will not be lost when inter-switch connections are reconfigured to routed ports/connections. One option is to configure a management VLAN with static SVI and nameserver defined. As best practice, DNS servers should be configured at the group level to ensure that connectivity to Central is maintained after the underlay wizard is completed, especially if the initial DNS assignment uses DHCP.
Modifying configurations of the Underlay Wizard using UI config or MultiEdit is not supported. This causes traffic losses and devices can go out of sync.
Manual Deployment
When using an existing underlay network or when the underlay network is manually configured using CLI, templates or using MultiEdit, the following prerequisites must be satisfied:
All Aruba CX switches must be on firmware version 10.10.1020 and above.
All switches and the required Aruba devices must be on-boarded in Aruba Central and added to the same UI group.
The underlay network must be setup before attempting to add overlays to the network.
At least two loopback (loopback 0 and loopback 1) interfaces are configured on all devices of the overlay fabric.
All loopback addresses must be /32 IP addresses.
The IP addresses of the loopback interfaces are unique on each device of the overlay fabric except on the VSX pair (VSX pair has at least one loopback interface (loopback 1) whose IP address is the same on both primary and secondary).
Loopback 0 is used for the OSPF and BGP EVPN Router ID.
Loopback 1 is used as the source interface for DHCP relay and VXLAN data plane tunnel. Loopback 1 is optional for switches participating in the underlay only.
At least one instance of OSPF or iBGP should be configured on all devices of the underlay fabric.
- OSPF or iBGP must be configured on at least two loopback interfaces (one is used for OSPF or iBGP underlay, and the other for the VXLAN source IP for the overlay).
- All devices participating in the overlay must have loopback reachability using OSPF or iBGP.
Fabric configuration referenced outside the fabric context can cause undesirable outcomes (such as devices going out of sync) when the fabric configurations are modified by the Fabric Wizard.
If the device has VSX configuration, the following validations must be performed:
- The VSX pair should have minimum one loopback interface with the same IP address (used as VXLAN source IP).
- Keep alive is configured.
- ISL link – LAG interface with member ports is configured.