Architecture II - Dedicated Data Center Two-Tier
This workflow provisions a VSX pair of switches acting as a centralized collapsed Data Center core as well as VSX pairs of access switches based on the validated reference design.
Workflow Prerequisites
- All prerequisites defined above in Prerequisites
- Ensure the provided Ansible inventory file has been modified to suit your environment, according to the instructions in Inventory Setup:
- YAML Inventory File : inventory_2tier_dedicated_dc.yml
- Excel Template File : dedicated_two_tier_DCN_Settings.xlsx
- Example inventory using aoscx_dcn_plugin: dynamic_2tier_dedicated_dc_inventory.yml
- DC Core switches = 2 AOS-CX switches (8xxx series, using the latest available firmware if possible)
- DC Core switches should be in a VSX pair
- Access switches = 4 or more AOS-CX switches (8xxx series, using the latest available firmware if possible)
- Access switches should be in VSX pairs
- Out-of-Band Management (OOBM) connections to the management ports on AOS-CX switches
- Ansible control machine should be reachable via each device's OOBM
Files Used
- Playbook : deploy_2tier_dedicated_datacenter.yml
- Inventory :
- YAML Inventory File : inventory_2tier_dedicated_dc.yml
- Excel Template File : dedicated_two_tier_DCN_Settings.xlsx
- Example inventory using aoscx_dcn_plugin : dynamic_2tier_dedicated_dc_inventory.yml
- Jinja2 Templates :
Workflow Walkthrough
Prior to executing the Ansible playbook, the environment must be in this initial state:
- Zone1-Core<1a/1b> + Zone1-Rack<1/3>-Access<1/2/3/4> - These devices each have a default configuration with an IP address (DHCP/Static) assigned to the management interface. This IP address should match the value of
ansible_host
for each device in the inventory. - Zone1-Rack1-Access<1/2> - These devices are in a VSX pair with their physical links matching the values defined in the inventory
- Zone1-Rack3-Access<3/4> - These devices are in a VSX pair with their physical links matching the values defined in the inventory
- Zone1-Core<1a/1b> - These devices are in a VSX pair with their physical links matching the values defined in the inventory
The playbook will perform the following actions on every device in the inventory file inventory_2tier_dedicated_dc.yml using SSH:
- Generate a configuration based on the template file templates/2Tier/core.j2 or templates/2Tier/access.j2 and values defined in the inventory
- Push the generated configuration to the device using the AOS-CX Ansible SSH module
aoscx_config
- Enable 10g speed interface groups (if defined in the inventory) using the AOS-CX Ansible SSH module
aoscx_config
The playbook will perform the following actions on every core
device in the inventory file
using REST API:
- Create VSX Keepalive L3 Interface
- Create VSX Inter-switch link
- Configure VSX attributes on the switch and specify VSX role as outlined in the inventory
- Create all VLANs defined as
server_vlans
in the inventory - Create SVIs for all VLANs defined as
core_vlan_interfaces
in the inventory - Configure the multi-chassis LAGs that connect to each access switch and trunk the VLANs in
trunk_vlans
.- Note:
vsx_pair_mclags
is a list of VSX Pair (rack# grouping) information for the core devices to use for configuring downlink interfaces. You should modify these values appropriately to match your environment.
- Note:
- Configure BGP neighbor for iBGP peering between the core switches
The playbook will perform the following actions on every access
device in the inventory file using REST API:
- Create VSX Keepalive L3 Interface
- Create VSX Inter-switch link
- Configure VSX attributes on the switch and specify VSX role as outlined in the inventory
- Create all VLANs defined as
server_vlans
in the inventory - Configure the multi-chassis LAG that connects to each core switch and trunk the
server_vlans
Because of path requirements, you must run this workflow from the root level of the cloned repository:
ansible-playbook deploy_2tier_dedicated_datacenter.yml -i inventory_2tier_dedicated_dc.yml
ansible-playbook deploy_2tier_dedicated_datacenter.yml -i dynamic_2tier_dedicated_dc_inventory.yml
Final Sample Configs
!
!Version ArubaOS-CX GL.10.04.0040
!export-password: default
hostname Zone1-Core1a
user admin group administrators password ciphertext AQBapeeuZ6Nw+Phok7vJbD6r75PivsY6o/r0QfxdpH1h3fQYYgAAACrisdLluFaTV+Fj1JfL0WsZPS8LBYsoE/N6qohz8bziNZQvKts2XD+d+Hgx+qrd64f4Htq7A/1mAvqetP90ljtfIOX27j/ZvVwqV6ewUQyQ7V7rFCe8BIXyVCXZD5QhqRdg
!
!
!
ssh server vrf mgmt
!
!
!
!
!
router ospf 1
router-id 192.168.1.11
area 0.0.0.0
vlan 1
vlan 11
name VLAN 11
vlan 4000
spanning-tree
spanning-tree priority 1
spanning-tree config-name Zone1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 11
interface mgmt
no shutdown
ip static 10.10.10.54/24
default-gateway 10.10.10.254
interface lag 1
no shutdown
description VSX ISL
no routing
vlan trunk native 1 tag
vlan trunk allowed all
lacp mode active
interface lag 11 multi-chassis
no shutdown
description Zone1-Rack1-Access1/2
no routing
vlan trunk native 1 tag
vlan trunk allowed 11
lacp mode active
interface lag 12 multi-chassis
no shutdown
description Zone1-Rack3-Access3/4
no routing
vlan trunk native 1 tag
vlan trunk allowed 11
lacp mode active
interface 1/1/23
no shutdown
mtu 9198
description Zone1-Rack3-Access3/4
lag 12
interface 1/1/24
no shutdown
mtu 9198
description Zone1-Rack3-Access3/4
lag 12
interface 1/1/27
no shutdown
mtu 9198
description Zone1-Rack1-Access1/2
lag 11
interface 1/1/28
no shutdown
mtu 9198
description Zone1-Rack1-Access1/2
lag 11
interface 1/1/31
no shutdown
description VSX KA
ip address 192.168.1.100/31
interface 1/1/32
no shutdown
mtu 9198
description VSX ISL
lag 1
interface loopback 0
ip address 192.168.1.11/32
ip ospf 1 area 0.0.0.0
interface vlan11
ip address 11.1.1.3/24
active-gateway ip mac 00:00:00:00:01:01
active-gateway ip 11.1.1.1
interface vlan4000
description IBGP transit
ip mtu 9198
ip address 10.1.2.2/31
ip ospf 1 area 0.0.0.0
ip ospf network point-to-point
vsx
system-mac 00:00:00:00:01:01
inter-switch-link lag 1
role primary
keepalive peer 192.168.1.101 source 192.168.1.100
router bgp 65101
bgp router-id 192.168.1.11
neighbor 192.168.1.12 remote-as 65101
neighbor 192.168.1.12 update-source loopback 0
address-family ipv4 unicast
neighbor 192.168.1.12 activate
neighbor 192.168.1.12 next-hop-self
network 11.1.1.0/24
exit-address-family
!
https-server rest access-mode read-write
https-server vrf mgmt
!
!Version ArubaOS-CX GL.10.04.0040
!export-password: default
hostname Zone1-Core1b
user admin group administrators password ciphertext AQBapW41EEHA+zskBXcBrm9Rr+euZNH+d4Q5BiGgeNrIvw1gYgAAANRxoQcfTTV7tma79JXNUOqrhv2y0xM21jrQxXeufK4O4aCwIfhuPJA7SPvno9iqnFJ9ehwrWSd5HdcyT1eb80glx6No9vqdDGKvOUfi6IOlDg6rcdaJcQWJ+tO7bZYVz5uz
!
!
!
ssh server vrf mgmt
!
!
!
!
!
router ospf 1
router-id 192.168.1.12
area 0.0.0.0
vlan 1
vlan 11
name VLAN 11
vlan 4000
spanning-tree
spanning-tree priority 1
spanning-tree config-name Zone1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 11
interface mgmt
no shutdown
ip static 10.10.10.55/24
default-gateway 10.10.10.254
interface lag 1
no shutdown
description VSX ISL
no routing
vlan trunk native 1 tag
vlan trunk allowed all
lacp mode active
interface lag 11 multi-chassis
no shutdown
description Zone1-Rack1-Access1/2
no routing
vlan trunk native 1 tag
vlan trunk allowed 11
lacp mode active
interface lag 12 multi-chassis
no shutdown
description Zone1-Rack3-Access3/4
no routing
vlan trunk native 1 tag
vlan trunk allowed 11
lacp mode active
interface 1/1/23
no shutdown
mtu 9198
description Zone1-Rack3-Access3/4
lag 12
interface 1/1/24
no shutdown
mtu 9198
description Zone1-Rack3-Access3/4
lag 12
interface 1/1/27
no shutdown
mtu 9198
description Zone1-Rack1-Access1/2
lag 11
interface 1/1/28
no shutdown
mtu 9198
description Zone1-Rack1-Access1/2
lag 11
interface 1/1/31
no shutdown
description VSX KA
ip address 192.168.1.101/31
interface 1/1/32
no shutdown
mtu 9198
description VSX ISL
lag 1
interface loopback 0
ip address 192.168.1.12/32
ip ospf 1 area 0.0.0.0
interface vlan11
ip address 11.1.1.4/24
active-gateway ip mac 00:00:00:00:01:01
active-gateway ip 11.1.1.1
interface vlan4000
description IBGP transit
ip mtu 9198
ip address 10.1.2.3/31
ip ospf 1 area 0.0.0.0
ip ospf network point-to-point
vsx
system-mac 00:00:00:00:01:01
inter-switch-link lag 1
role secondary
keepalive peer 192.168.1.100 source 192.168.1.101
router bgp 65101
bgp router-id 192.168.1.12
neighbor 192.168.1.11 remote-as 65101
neighbor 192.168.1.11 update-source loopback 0
address-family ipv4 unicast
neighbor 192.168.1.11 activate
neighbor 192.168.1.11 next-hop-self
network 11.1.1.0/24
exit-address-family
!
https-server rest access-mode read-write
https-server vrf mgmt
!
!Version ArubaOS-CX GL.10.04.0020
!export-password: default
hostname Zone1-Rack1-Access1
user admin group administrators password ciphertext AQBapZ4yCW+QbkkvhYYoSS0WaqDVKw88SZxmgXHIxwMipV9EYgAAAMAuiAnGsQwvlI3bNifJth6elIQWykn7bGlAq+byxaItlAZQiZom10jqCFTailvy80jwvoNQdgLf6Ie6XIqed9Jzxk3X14GujvBxfL4XFHit14RQIALWT12Cj1o9TE55wRck
!
!
!
ssh server vrf mgmt
!
!
!
!
!
vlan 1
vlan 11
name VLAN 11
spanning-tree
spanning-tree config-name Zone1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 11
interface mgmt
no shutdown
ip static 10.10.10.56/24
default-gateway 10.10.10.254
system interface-group 1 speed 10g
!interface group 1 contains ports 1/1/1-1/1/12
system interface-group 3 speed 10g
!interface group 3 contains ports 1/1/25-1/1/36
interface lag 1
no shutdown
description VSX ISL
no routing
vlan trunk native 1 tag
vlan trunk allowed all
lacp mode active
interface lag 11 multi-chassis
no shutdown
description Zone1-Cores
no routing
vlan trunk native 1 tag
vlan trunk allowed 11
lacp mode active
interface 1/1/31
no shutdown
description VSX KA
ip address 192.168.1.110/31
interface 1/1/32
no shutdown
mtu 9198
description VSX ISL
lag 1
interface 1/1/49
no shutdown
mtu 9198
description Zone1-Cores
lag 11
interface 1/1/50
no shutdown
mtu 9198
description Zone1-Cores
lag 11
vsx
system-mac 00:00:00:00:01:11
inter-switch-link lag 1
role primary
keepalive peer 192.168.1.111 source 192.168.1.110
https-server rest access-mode read-write
https-server vrf mgmt
!
!Version ArubaOS-CX GL.10.04.0020
!export-password: default
hostname Zone1-Rack1-Access2
user admin group administrators password ciphertext AQBapd3Qg7OPKcjRayIQyuxOPabPIbT8bvU05pOk8sc+vAXyYgAAAGtM+A5APROROs6l56dpUdXic8SskYkcBHqp0rxFPtTqgmXoEzI21Mk5T3CR023fONvCpIZGpS4WUmReFVaiMR2XKnitYUhfkJLCK19Kl9uBL85jHFsthncP+X7/1q0bs/RG
!
!
!
ssh server vrf mgmt
!
!
!
!
!
vlan 1
vlan 11
name VLAN 11
spanning-tree
spanning-tree config-name Zone1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 11
interface mgmt
no shutdown
ip static 10.10.10.57/24
default-gateway 10.10.10.254
system interface-group 1 speed 10g
!interface group 1 contains ports 1/1/1-1/1/12
system interface-group 3 speed 10g
!interface group 3 contains ports 1/1/25-1/1/36
system interface-group 4 speed 10g
!interface group 4 contains ports 1/1/37-1/1/48
interface lag 1
no shutdown
description VSX ISL
no routing
vlan trunk native 1 tag
vlan trunk allowed all
lacp mode active
interface lag 11 multi-chassis
no shutdown
description Zone1-Cores
no routing
vlan trunk native 1 tag
vlan trunk allowed 11
lacp mode active
interface 1/1/31
no shutdown
description VSX KA
ip address 192.168.1.111/31
interface 1/1/32
no shutdown
mtu 9198
description VSX ISL
lag 1
interface 1/1/49
no shutdown
mtu 9198
description Zone1-Cores
lag 11
interface 1/1/50
no shutdown
mtu 9198
description Zone1-Cores
lag 11
vsx
system-mac 00:00:00:00:01:11
inter-switch-link lag 1
role secondary
keepalive peer 192.168.1.110 source 192.168.1.111
https-server rest access-mode read-write
https-server vrf mgmt
!
!Version ArubaOS-CX GL.10.04.0020
!export-password: default
hostname Zone1-Rack3-Access3
user admin group administrators password ciphertext AQBapd0lfpkb1JQ/PeM7VAdLaPTFpCWvep8Ky+FcXCXZQjzuYgAAABM81mz9TPm9mRgJCcs5jU94yotLIjlGFmqRd7CPrUe2I/hhn9STUUgq5O+A0aM94fIRyUcLkDyRzgAKnzk1HmDNlT1yWnxptSrdw2lh0C9wBxf/UpiQFZe+RU1NxIoXC18J
!
!
!
ssh server vrf mgmt
!
!
!
!
!
vlan 1
vlan 11
name VLAN 11
spanning-tree
spanning-tree config-name Zone1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 11
interface mgmt
no shutdown
ip static 10.10.10.60/24
default-gateway 10.10.10.254
system interface-group 1 speed 10g
!interface group 1 contains ports 1/1/1-1/1/12
system interface-group 3 speed 10g
!interface group 3 contains ports 1/1/25-1/1/36
system interface-group 4 speed 10g
!interface group 4 contains ports 1/1/37-1/1/48
interface lag 1
no shutdown
description VSX ISL
no routing
vlan trunk native 1 tag
vlan trunk allowed all
lacp mode active
interface lag 12 multi-chassis
no shutdown
description Zone1-Cores
no routing
vlan trunk native 1 tag
vlan trunk allowed 11
lacp mode active
interface 1/1/31
no shutdown
description VSX KA
ip address 192.168.1.112/31
interface 1/1/32
no shutdown
mtu 9198
description VSX ISL
lag 1
interface 1/1/49
no shutdown
mtu 9198
description Zone1-Cores
lag 12
interface 1/1/50
no shutdown
mtu 9198
description Zone1-Cores
lag 12
vsx
system-mac 00:00:00:00:03:13
inter-switch-link lag 1
role primary
keepalive peer 192.168.1.113 source 192.168.1.112
https-server rest access-mode read-write
https-server vrf mgmt
!
!Version ArubaOS-CX GL.10.04.0020
!export-password: default
hostname Zone1-Rack3-Access4
user admin group administrators password ciphertext AQBapaHRO1zdYAmv8jyi6BEy2EdGo7mXog4SaUdBnB6VBVmrYgAAAMswpUXLpjUGA0QadW9dCf7EgZkDyT6oT740N0z8ey2PTAAz8DT02vzpz1sAo27jMoqJ3YCXA0bW05qG+CWqweUfanbUEccqyrEu8SpcQjUoYdHYFZFHFtniXxA7d9wFijPV
!
!
!
ssh server vrf mgmt
!
!
!
!
!
vlan 1
vlan 11
name VLAN 11
spanning-tree
spanning-tree config-name Zone1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 11
interface mgmt
no shutdown
ip static 10.10.10.61/24
default-gateway 10.10.10.254
system interface-group 1 speed 10g
!interface group 1 contains ports 1/1/1-1/1/12
system interface-group 3 speed 10g
!interface group 3 contains ports 1/1/25-1/1/36
system interface-group 4 speed 10g
!interface group 4 contains ports 1/1/37-1/1/48
interface lag 1
no shutdown
description VSX ISL
no routing
vlan trunk native 1 tag
vlan trunk allowed all
lacp mode active
interface lag 12 multi-chassis
no shutdown
description Zone1-Cores
no routing
vlan trunk native 1 tag
vlan trunk allowed 11
lacp mode active
interface 1/1/31
no shutdown
description VSX KA
ip address 192.168.1.113/31
interface 1/1/32
no shutdown
mtu 9198
description VSX ISL
lag 1
interface 1/1/49
no shutdown
mtu 9198
description Zone1-Cores
lag 12
interface 1/1/50
no shutdown
mtu 9198
description Zone1-Cores
lag 12
vsx
system-mac 00:00:00:00:03:13
inter-switch-link lag 1
role secondary
keepalive peer 192.168.1.112 source 192.168.1.113
https-server rest access-mode read-write
https-server vrf mgmt
Updated over 4 years ago