HomeGuidesAPI Reference
GuidesAPI ReferenceGitHubAirheads Developer CommunityLog In
GuidesAPI ReferenceGitHubAirheads Developer Community

Architecture II - Dedicated Data Center Two-Tier

Suggest Edits

This workflow provisions a VSX pair of switches acting as a centralized collapsed Data Center core as well as VSX pairs of access switches based on the validated reference design.

Workflow Prerequisites

  • All prerequisites defined above in Prerequisites
  • Ensure the provided Ansible inventory file has been modified to suit your environment, according to the instructions in Inventory Setup:
  • DC Core switches = 2 AOS-CX switches (8xxx series, using the latest available firmware if possible)
    • DC Core switches should be in a VSX pair
  • Access switches = 4 or more AOS-CX switches (8xxx series, using the latest available firmware if possible)
    • Access switches should be in VSX pairs
  • Out-of-Band Management (OOBM) connections to the management ports on AOS-CX switches
    • Ansible control machine should be reachable via each device's OOBM

Files Used

Workflow Walkthrough

Prior to executing the Ansible playbook, the environment must be in this initial state:

  • Zone1-Core<1a/1b> + Zone1-Rack<1/3>-Access<1/2/3/4> - These devices each have a default configuration with an IP address (DHCP/Static) assigned to the management interface. This IP address should match the value of ansible_host for each device in the inventory.
  • Zone1-Rack1-Access<1/2> - These devices are in a VSX pair with their physical links matching the values defined in the inventory
  • Zone1-Rack3-Access<3/4> - These devices are in a VSX pair with their physical links matching the values defined in the inventory
  • Zone1-Core<1a/1b> - These devices are in a VSX pair with their physical links matching the values defined in the inventory

The playbook will perform the following actions on every device in the inventory file inventory_2tier_dedicated_dc.yml using SSH:

  1. Generate a configuration based on the template file templates/2Tier/core.j2 or templates/2Tier/access.j2 and values defined in the inventory
  • Push the generated configuration to the device using the AOS-CX Ansible SSH module aoscx_config
  • Enable 10g speed interface groups (if defined in the inventory) using the AOS-CX Ansible SSH module aoscx_config

The playbook will perform the following actions on every core device in the inventory file
using SSH:

  1. Create VSX Keepalive L3 Interface
  • Create VSX Inter-switch link
  • Configure VSX attributes on the switch and specify VSX role as outlined in the inventory
  • Create all VLANs defined as server_vlans in the inventory
  • Create SVIs for all VLANs defined as core_vlan_interfaces in the inventory
  • Configure the multi-chassis LAGs that connect to each access switch and trunk the VLANs in trunk_vlans.
    • Note: vsx_pair_mclags is a list of VSX Pair (rack# grouping) information for the core devices to use for configuring downlink interfaces. You should modify these values appropriately to match your environment.
  • Configure BGP neighbor for iBGP peering between the core switches

The playbook will perform the following actions on every access device in the inventory file using SSH:

  1. Create VSX Keepalive L3 Interface

Because of path requirements, you must run this workflow from the root level of the cloned repository: 

ansible-playbook deploy_2tier_dedicated_datacenter.yml -i inventory_2tier_dedicated_dc.yml

ansible-playbook deploy_2tier_dedicated_datacenter.yml -i dynamic_2tier_dedicated_dc_inventory.yml

Final Sample Configs

!
!Version ArubaOS-CX GL.10.04.0040
!export-password: default
hostname Zone1-Core1a
user admin group administrators password ciphertext AQBapeeuZ6Nw+Phok7vJbD6r75PivsY6o/r0QfxdpH1h3fQYYgAAACrisdLluFaTV+Fj1JfL0WsZPS8LBYsoE/N6qohz8bziNZQvKts2XD+d+Hgx+qrd64f4Htq7A/1mAvqetP90ljtfIOX27j/ZvVwqV6ewUQyQ7V7rFCe8BIXyVCXZD5QhqRdg
!
!
!
ssh server vrf mgmt
!
!
!
!
!
router ospf 1
    router-id 192.168.1.11
    area 0.0.0.0
vlan 1
vlan 11
    name VLAN 11
vlan 4000
spanning-tree
spanning-tree priority 1
spanning-tree config-name Zone1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 11
interface mgmt
    no shutdown
    ip static 10.10.10.54/24
    default-gateway 10.10.10.254
interface lag 1
    no shutdown
    description VSX ISL
    no routing
    vlan trunk native 1 tag
    vlan trunk allowed all
    lacp mode active
interface lag 11 multi-chassis
    no shutdown
    description Zone1-Rack1-Access1/2
    no routing
    vlan trunk native 1 tag
    vlan trunk allowed 11
    lacp mode active
interface lag 12 multi-chassis
    no shutdown
    description Zone1-Rack3-Access3/4
    no routing
    vlan trunk native 1 tag
    vlan trunk allowed 11
    lacp mode active
interface 1/1/23 
    no shutdown
    mtu 9198
    description Zone1-Rack3-Access3/4
    lag 12
interface 1/1/24 
    no shutdown
    mtu 9198
    description Zone1-Rack3-Access3/4
    lag 12
interface 1/1/27 
    no shutdown
    mtu 9198
    description Zone1-Rack1-Access1/2
    lag 11
interface 1/1/28 
    no shutdown
    mtu 9198
    description Zone1-Rack1-Access1/2
    lag 11
interface 1/1/31 
    no shutdown
    description VSX KA
    ip address 192.168.1.100/31
interface 1/1/32 
    no shutdown
    mtu 9198
    description VSX ISL
    lag 1
interface loopback 0
    ip address 192.168.1.11/32
    ip ospf 1 area 0.0.0.0
interface vlan11 
    ip address 11.1.1.3/24
    active-gateway ip mac 00:00:00:00:01:01
    active-gateway ip 11.1.1.1
interface vlan4000 
    description IBGP transit
    ip mtu 9198
    ip address 10.1.2.2/31
    ip ospf 1 area 0.0.0.0
    ip ospf network point-to-point
vsx
    system-mac 00:00:00:00:01:01
    inter-switch-link lag 1
    role primary
    keepalive peer 192.168.1.101 source 192.168.1.100
router bgp 65101
    bgp router-id 192.168.1.11
    neighbor 192.168.1.12 remote-as 65101
    neighbor 192.168.1.12 update-source loopback 0
    address-family ipv4 unicast
        neighbor 192.168.1.12 activate
        neighbor 192.168.1.12 next-hop-self
        network 11.1.1.0/24
    exit-address-family
!
https-server rest access-mode read-write
https-server vrf mgmt

!
!Version ArubaOS-CX GL.10.04.0040
!export-password: default
hostname Zone1-Core1b
user admin group administrators password ciphertext AQBapW41EEHA+zskBXcBrm9Rr+euZNH+d4Q5BiGgeNrIvw1gYgAAANRxoQcfTTV7tma79JXNUOqrhv2y0xM21jrQxXeufK4O4aCwIfhuPJA7SPvno9iqnFJ9ehwrWSd5HdcyT1eb80glx6No9vqdDGKvOUfi6IOlDg6rcdaJcQWJ+tO7bZYVz5uz
!
!
!
ssh server vrf mgmt
!
!
!
!
!
router ospf 1
    router-id 192.168.1.12
    area 0.0.0.0
vlan 1
vlan 11
    name VLAN 11
vlan 4000
spanning-tree
spanning-tree priority 1
spanning-tree config-name Zone1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 11
interface mgmt
    no shutdown
    ip static 10.10.10.55/24
    default-gateway 10.10.10.254
interface lag 1
    no shutdown
    description VSX ISL
    no routing
    vlan trunk native 1 tag
    vlan trunk allowed all
    lacp mode active
interface lag 11 multi-chassis
    no shutdown
    description Zone1-Rack1-Access1/2
    no routing
    vlan trunk native 1 tag
    vlan trunk allowed 11
    lacp mode active
interface lag 12 multi-chassis
    no shutdown
    description Zone1-Rack3-Access3/4
    no routing
    vlan trunk native 1 tag
    vlan trunk allowed 11
    lacp mode active
interface 1/1/23 
    no shutdown
    mtu 9198
    description Zone1-Rack3-Access3/4
    lag 12
interface 1/1/24 
    no shutdown
    mtu 9198
    description Zone1-Rack3-Access3/4
    lag 12
interface 1/1/27 
    no shutdown
    mtu 9198
    description Zone1-Rack1-Access1/2
    lag 11
interface 1/1/28 
    no shutdown
    mtu 9198
    description Zone1-Rack1-Access1/2
    lag 11
interface 1/1/31 
    no shutdown
    description VSX KA
    ip address 192.168.1.101/31
interface 1/1/32 
    no shutdown
    mtu 9198
    description VSX ISL
    lag 1
interface loopback 0
    ip address 192.168.1.12/32
    ip ospf 1 area 0.0.0.0
interface vlan11 
    ip address 11.1.1.4/24
    active-gateway ip mac 00:00:00:00:01:01
    active-gateway ip 11.1.1.1
interface vlan4000 
    description IBGP transit
    ip mtu 9198
    ip address 10.1.2.3/31
    ip ospf 1 area 0.0.0.0
    ip ospf network point-to-point
vsx
    system-mac 00:00:00:00:01:01
    inter-switch-link lag 1
    role secondary
    keepalive peer 192.168.1.100 source 192.168.1.101
router bgp 65101
    bgp router-id 192.168.1.12
    neighbor 192.168.1.11 remote-as 65101
    neighbor 192.168.1.11 update-source loopback 0
    address-family ipv4 unicast
        neighbor 192.168.1.11 activate
        neighbor 192.168.1.11 next-hop-self
        network 11.1.1.0/24
    exit-address-family
!
https-server rest access-mode read-write
https-server vrf mgmt

!
!Version ArubaOS-CX GL.10.04.0020
!export-password: default
hostname Zone1-Rack1-Access1
user admin group administrators password ciphertext AQBapZ4yCW+QbkkvhYYoSS0WaqDVKw88SZxmgXHIxwMipV9EYgAAAMAuiAnGsQwvlI3bNifJth6elIQWykn7bGlAq+byxaItlAZQiZom10jqCFTailvy80jwvoNQdgLf6Ie6XIqed9Jzxk3X14GujvBxfL4XFHit14RQIALWT12Cj1o9TE55wRck
!
!
!
ssh server vrf mgmt
!
!
!
!
!
vlan 1
vlan 11
    name VLAN 11
spanning-tree
spanning-tree config-name Zone1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 11
interface mgmt
    no shutdown
    ip static 10.10.10.56/24
    default-gateway 10.10.10.254
system interface-group 1 speed 10g
    !interface group 1 contains ports 1/1/1-1/1/12
system interface-group 3 speed 10g
    !interface group 3 contains ports 1/1/25-1/1/36
interface lag 1
    no shutdown
    description VSX ISL
    no routing
    vlan trunk native 1 tag
    vlan trunk allowed all
    lacp mode active
interface lag 11 multi-chassis
    no shutdown
    description Zone1-Cores
    no routing
    vlan trunk native 1 tag
    vlan trunk allowed 11
    lacp mode active
interface 1/1/31 
    no shutdown
    description VSX KA
    ip address 192.168.1.110/31
interface 1/1/32 
    no shutdown
    mtu 9198
    description VSX ISL
    lag 1
interface 1/1/49 
    no shutdown
    mtu 9198
    description Zone1-Cores
    lag 11
interface 1/1/50 
    no shutdown
    mtu 9198
    description Zone1-Cores
    lag 11
vsx
    system-mac 00:00:00:00:01:11
    inter-switch-link lag 1
    role primary
    keepalive peer 192.168.1.111 source 192.168.1.110
https-server rest access-mode read-write
https-server vrf mgmt

!
!Version ArubaOS-CX GL.10.04.0020
!export-password: default
hostname Zone1-Rack1-Access2
user admin group administrators password ciphertext AQBapd3Qg7OPKcjRayIQyuxOPabPIbT8bvU05pOk8sc+vAXyYgAAAGtM+A5APROROs6l56dpUdXic8SskYkcBHqp0rxFPtTqgmXoEzI21Mk5T3CR023fONvCpIZGpS4WUmReFVaiMR2XKnitYUhfkJLCK19Kl9uBL85jHFsthncP+X7/1q0bs/RG
!
!
!
ssh server vrf mgmt
!
!
!
!
!
vlan 1
vlan 11
    name VLAN 11
spanning-tree
spanning-tree config-name Zone1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 11
interface mgmt
    no shutdown
    ip static 10.10.10.57/24
    default-gateway 10.10.10.254
system interface-group 1 speed 10g
    !interface group 1 contains ports 1/1/1-1/1/12
system interface-group 3 speed 10g
    !interface group 3 contains ports 1/1/25-1/1/36
system interface-group 4 speed 10g
    !interface group 4 contains ports 1/1/37-1/1/48
interface lag 1
    no shutdown
    description VSX ISL
    no routing
    vlan trunk native 1 tag
    vlan trunk allowed all
    lacp mode active
interface lag 11 multi-chassis
    no shutdown
    description Zone1-Cores
    no routing
    vlan trunk native 1 tag
    vlan trunk allowed 11
    lacp mode active
interface 1/1/31 
    no shutdown
    description VSX KA
    ip address 192.168.1.111/31
interface 1/1/32 
    no shutdown
    mtu 9198
    description VSX ISL
    lag 1
interface 1/1/49 
    no shutdown
    mtu 9198
    description Zone1-Cores
    lag 11
interface 1/1/50 
    no shutdown
    mtu 9198
    description Zone1-Cores
    lag 11
vsx
    system-mac 00:00:00:00:01:11
    inter-switch-link lag 1
    role secondary
    keepalive peer 192.168.1.110 source 192.168.1.111
https-server rest access-mode read-write
https-server vrf mgmt

!
!Version ArubaOS-CX GL.10.04.0020
!export-password: default
hostname Zone1-Rack3-Access3
user admin group administrators password ciphertext AQBapd0lfpkb1JQ/PeM7VAdLaPTFpCWvep8Ky+FcXCXZQjzuYgAAABM81mz9TPm9mRgJCcs5jU94yotLIjlGFmqRd7CPrUe2I/hhn9STUUgq5O+A0aM94fIRyUcLkDyRzgAKnzk1HmDNlT1yWnxptSrdw2lh0C9wBxf/UpiQFZe+RU1NxIoXC18J
!
!
!
ssh server vrf mgmt
!
!
!
!
!
vlan 1
vlan 11
    name VLAN 11
spanning-tree
spanning-tree config-name Zone1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 11
interface mgmt
    no shutdown
    ip static 10.10.10.60/24
    default-gateway 10.10.10.254
system interface-group 1 speed 10g
    !interface group 1 contains ports 1/1/1-1/1/12
system interface-group 3 speed 10g
    !interface group 3 contains ports 1/1/25-1/1/36
system interface-group 4 speed 10g
    !interface group 4 contains ports 1/1/37-1/1/48
interface lag 1
    no shutdown
    description VSX ISL
    no routing
    vlan trunk native 1 tag
    vlan trunk allowed all
    lacp mode active
interface lag 12 multi-chassis
    no shutdown
    description Zone1-Cores
    no routing
    vlan trunk native 1 tag
    vlan trunk allowed 11
    lacp mode active
interface 1/1/31 
    no shutdown
    description VSX KA
    ip address 192.168.1.112/31
interface 1/1/32 
    no shutdown
    mtu 9198
    description VSX ISL
    lag 1
interface 1/1/49 
    no shutdown
    mtu 9198
    description Zone1-Cores
    lag 12
interface 1/1/50 
    no shutdown
    mtu 9198
    description Zone1-Cores
    lag 12
vsx
    system-mac 00:00:00:00:03:13
    inter-switch-link lag 1
    role primary
    keepalive peer 192.168.1.113 source 192.168.1.112
https-server rest access-mode read-write
https-server vrf mgmt

!
!Version ArubaOS-CX GL.10.04.0020
!export-password: default
hostname Zone1-Rack3-Access4
user admin group administrators password ciphertext AQBapaHRO1zdYAmv8jyi6BEy2EdGo7mXog4SaUdBnB6VBVmrYgAAAMswpUXLpjUGA0QadW9dCf7EgZkDyT6oT740N0z8ey2PTAAz8DT02vzpz1sAo27jMoqJ3YCXA0bW05qG+CWqweUfanbUEccqyrEu8SpcQjUoYdHYFZFHFtniXxA7d9wFijPV
!
!
!
ssh server vrf mgmt
!
!
!
!
!
vlan 1
vlan 11
    name VLAN 11
spanning-tree
spanning-tree config-name Zone1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 11
interface mgmt
    no shutdown
    ip static 10.10.10.61/24
    default-gateway 10.10.10.254
system interface-group 1 speed 10g
    !interface group 1 contains ports 1/1/1-1/1/12
system interface-group 3 speed 10g
    !interface group 3 contains ports 1/1/25-1/1/36
system interface-group 4 speed 10g
    !interface group 4 contains ports 1/1/37-1/1/48
interface lag 1
    no shutdown
    description VSX ISL
    no routing
    vlan trunk native 1 tag
    vlan trunk allowed all
    lacp mode active
interface lag 12 multi-chassis
    no shutdown
    description Zone1-Cores
    no routing
    vlan trunk native 1 tag
    vlan trunk allowed 11
    lacp mode active
interface 1/1/31 
    no shutdown
    description VSX KA
    ip address 192.168.1.113/31
interface 1/1/32 
    no shutdown
    mtu 9198
    description VSX ISL
    lag 1
interface 1/1/49 
    no shutdown
    mtu 9198
    description Zone1-Cores
    lag 12
interface 1/1/50 
    no shutdown
    mtu 9198
    description Zone1-Cores
    lag 12
vsx
    system-mac 00:00:00:00:03:13
    inter-switch-link lag 1
    role secondary
    keepalive peer 192.168.1.112 source 192.168.1.113
https-server rest access-mode read-write
https-server vrf mgmt

Updated 11 months ago