The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Virtual Machine Tracker auto-config is a feature that automatically configures a tenant for provisioning.
The Virtual Machine Tracker auto-config feature retrieves information about a tenant from the database (LDAP) and issues the necessary configuration commands for the provisioning.
The commands required for provisioning the tenant are stored in the form of a configuration profile. A configuration profile is a set of commands that will be required for provisioning a particular tenant, except the required parameters are written as variables instead of actual values in a command.
The information about the tenant includes:
The values for the variables of a configuration profile.
The actual configuration profile that a tenant uses.
Orchestrators, such as the Cisco Virtual Topology System (VTS) or the Cisco UCS Director (UCSD), are used to populate the tenant information.
Note | Virtual Machine Tracker auto-config is only supported on Cisco Nexus 9300 Series switches. |
Note | Virtual Machine Tracker auto-config supports Cisco Nexus 9300 Series switches in FEX configurations. |
A configuration profile for auto-config is a collection of commands used to instantiate a specific configuration. Based on appropriate end-host triggers (VM Tracker trigger), configuration profiles are grouped to allow flexible and extensible options to instantiate tenant-related configurations on a leaf node.
The commands are entered using variables for certain parameters instead of entering the actual value. The switch fills in the actual values to derive the completed command. When the required parameters for a particular configuration profile are available, the profile can be instantiated to create a configuration set. The switch applies this configuration set to complete the command execution belonging to the configuration set.
The commands that are supported in a configuration profile are called config-profile-aware commands. Most of the commands for a switch can be used in the configuration profile.
Various sets of configuration profiles can be created and stored in the network database using LDAP, and each network can use a different configuration profile. The configuration profiles from the network are used to configure the leaf whenever required. Configuration profiles can also be designed with VRFs. An "include profile any" in the configuration profile can indicate that a particular profile needs to be instantiated for the VRF. The network database for the VRF carries the name to be used for the included profile.
A configuration profile refresh involves updating and/or removing profile parameters (arguments or variables) without disrupting network traffic. When the network database is modified for parameters of a network profile, the changes are pulled down to the switch by issuing a refresh command. When using Cisco DCNM for auto-config, Cisco Prime DCNM executes the fabric database refresh vni/dot1q/vrf command on the fabric switches when network parameters are modified for a particular entry in the network database.
A network database is stored in an external LDAP server as multiple tables. There are three different tables:
All the parameters for a host network are stored in this table in the LDAP. This includes, segment ID, VLAN, Gateway, and VRF information.
fabric database type network server protocol ldap host dcnm721_39.cisco.com vrf management db-table ou=networks,dc=cisco,dc=com key-type 1 db-security user cn=reader,dc=cisco,dc=com password cisco123
All parameters that are required to provision a VRF on the switch are stored in the partition table. A network table entry specifies which VRF it uses. The VRF partition table specifies the parameters that are required for this VRF, including the profile that the VRF partition uses.
fabric database type partition server protocol ldap host dcnm721_39.cisco.com vrf management db-table ou=partitions,dc=cisco,dc=com db-security user cn=reader,dc=cisco,dc=com password cisco123
The profile table stores the configuration profiles that are required to instantiate a particular network. Each network/partition table specifies which profile it uses. The profile table holds the configuration profile itself.
fabric database type profile server protocol ldap host dcnm721_39.cisco.com vrf management db-table ou=profilesIPFabric,dc=cisco,dc=com db-security user cn=reader,dc=cisco,dc=com password cisco123
The following are examples of configuration profiles that can be used for network host and VRF provisioning.
The defaultNetworkEVPNProfile profile can be attached to a network table entry to provision VLAN, segment, gateway IP, and VTEP related information for workloads attached to a switch.
config profile defaultNetworkEVPNProfile vlan $vlanId vn-segment $segmentId interface vlan $vlanId vrf member $vrfName ip address $gatewayIpAddress/$netMaskLength tag 12345 ipv6 address $gatewayIpv6Address/$prefixLength tag 12345 fabric forwarding mode anycast-gateway no shutdown interface nve $nveId member vni $segmentId mcast-group $mcastGroupIpAddress evpn vni $segmentId l2 rd auto route-target import auto route-target export auto include profile any end
The vrf-common-evpn profile can be used to provision corresponding Layer 3 VRF information.
configure profile vrf-common-evpn vrf context $vrfName vni $include_vrfSegmentId rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn router bgp $asn vrf $vrfName address-family ipv4 unicast advertise l2vpn evpn redistribute direct route-map FABRIC-RMAP-REDIST-SUBNET address-family ipv6 unicast advertise l2vpn evpn redistribute direct route-map FABRIC-RMAP-REDIST-SUBNET interface nve $nveId member vni $include_vrfSegmentId associate-vrf End
In certain scenarios, you might be required to manually provision a network based on the LDAP database. You can perform this from DCNM using the deploy option or directly from a switch.
You can use one of the following to manually provision a network from a switch:
switch# fabric database auto-pull dot1q interface ethernet <id> switch# fabric database auto-pull vni interface ethernet <id> overwrite-vlan <vlan-id>
The following is a typical workflow to provision a tenant and provide an EVPN capable fabric connection to the tenant's workloads.
Note | All leaf switches in the network fabric are provisioned with the VM Tracker connections based on the set of hosts that are connected to the switch. |
Identify the VLAN that a tenant’s virtual machine needs to utilize.
Provision the required port-groups on the VMware vSphere Distributed Virtual Switch (DVS) or virtual switch.
(You can use an orchestrator such as Cisco UCS Director (UCSD) or provision directly on the VMware vCenter.)
Determine the configuration profile that needs to be associated with the tenant for provisioning the VRF. For example, associating the vrf-common-universal-evpn profile.
Collect the tenant's network information and provision the network database with an application that uses the documented DCNM REST APIs.
The network information includes:
Required configuration profile associated with the server-facing network that is being created.
All the network parameters required to provision the required configuration profile.
The mobility domain that is associated with the network.
Note | Only one mobility domain can be supported. |
At this point, the fabric is ready for auto provisioning the workloads at any switch which is configured with the suitable mobility domain and the VM Tracker connection.
When the workloads are powered on, VM Tracker detects the workload and pulls the appropriate network information from the LDAP database and provisions the network on the switch where the workload is connected.
When a workload is no longer necessary, powering the workload off ensures that the previously configured provisioning is removed.
VM Tracker has the following guidelines and limitations:
show commands with the internal keyword are not supported.
Enabling the VM Tracker auto-config feature is disruptive. A best practice is to disconnect all VM Tracker connections before enabling VM Tracker auto-config.
When VM Tracker auto-config is enabled after VM Tracker is already connected to VMware vCenter and has configured the switch, the existing VM Tracker configuration is removed and then VM Tracker auto-config is triggered.
When VM Tracker auto-config is disabled, the auto-config triggered configuration is removed and the VM Tracker reverts back to the configured VLAN that was initially created by VM Tracker.
switchport trunk allowed vlan vlan-list are configured on the host facing interface for both auto-config triggered configurations and initial VM Tracker configurations.
The VLAN is always created when the VM Tracker auto-config triggers the configuration. The autovlan enable command is ineffective and is not supported when VM Tracker auto-config is enabled.
allowed-vlan takes effect when VM Tracker auto-config is enabled.
VM Tracker and a vPC Configuration
VM Tracker should be configured on both switches of the vPC pair so that the host facing trunk port is configured.
In a vPC configuration when both the vPC primary and the vPC secondary are configured to connect to the VMware vCenter, VM Tracker on the vPC secondary will not trigger auto-config. The auto-config profile is synced from primary to standby by HMM. The purpose of this is not to overwhelm HMM with downloading and sync profiles from the vPC primary to the vPC secondary and from the vPC secondary to the vPC primary at the same time.
If the primary vPC interface is down, when vCenter detects the link being down, VM Tracker is updated, VM Tracker triggers the profile unapply request to HMM, and the host facing “trunk allowed vlan” configuration is removed. When the VM Tracker retry timer expires on the secondary, the “skipped” profile is inspected and VM Tracker triggers the auto-config from the standby side if it detects the primary vPC interface is down.
When the primary vPC interface is up again, VM Tracker on the primary triggers auto-config. At this time both switches trigger auto-config.
When migrating from VM Tracker to VM Tracker auto-config in a vPC setup, the following procedure is a best practice:
Disconnect all VM Tracker connections on the vPC primary and the vPC secondary switches.
Enable VM Tracker auto-config using the vmtracker fabric auto-config command on the vPC primary and the vPC secondary switches.
Connect the VM Tracker connection on the vPC primary switch.
Connect the VM Tracker connection on the vPC secondary switch.
Caution | Enabling the VM Tracker auto-config feature is disruptive. A best practice is to disconnect all VMTracker connections before enabling VM Tracker auto-config. |
VM Tracker feature is enabled.
1. switch# configure terminal
2.
switch(config)# [no]
vmtracker
fabric auto-config
3.
switch(config)# [no]
vmtracker
connection
connection-name
4.
switch(config-vmt-conn)#
[no]
remote
{ip address
ip_address |
port
port_number |
vrf}
5.
switch(config-vmt-conn)#
username
username
password
password
6.
switch(config-vmt-conn)#
[no]
connect
This example shows how to enable the VM Tracker auto-config trigger:
switch# configure terminal switch(config)# vmtracker fabric auto-config switch(config)# vmtracker connection v229 switch(config-vmt-conn)# remote ip address 172.29.21.29 port 80 vrf management switch(config-vmt-conn)# username user1 password abc1234 switch(config-vmt-conn)# connect
You can use the fabric database auto-pull dot1q interface ethernet id command or the fabric database auto-pull vni interface ethernet id overwrite-vlan vlan-id command to trigger VM Tracker auto-config to automatically configure a switch.
Note | When triggering an automatic configuration with auto-pull, subsequent VM Tracker auto-config requests are not supported and are rejected. |
Note | An auto-pull automatic configuration is not supported when the VM Tracker auto-vlan feature is enabled. |
Use the following command to display and verify VM Tracker auto-config configuration information:
Command |
Purpose |
---|---|
show vmtracker fabric auto-config |
Displays the VM Tracker auto-config information. |
switch# configure terminal switch(config)# feature vmtracker switch(config)# vmtracker fabric auto-config switch(config)# vmtracker connection v229 switch(config-vmt-conn)# remote ip address 172.29.21.29 port 80 vrf management switch(config-vmt-conn)# username root password Nbv!23 switch(config-vmt-conn)# connect
switch(config-vmt-conn)# show vmtracker fabric auto-config Fabric Auto Configuration is enabled Auto Configure Retry Time left: 107 seconds Switch Device: SAL1833YM0V ------------------------------------------------------------------------------ Port Port-Channel Vlan Status ------------------------------------------------------------------------------ Ethernet1/3 port-channel13 50 Pending Ethernet1/3 port-channel13 56 Pending
switch(config-vmt-conn)# show vmtracker fabric auto-config Fabric Auto Configuration is enabled Auto Configure Retry Time left: 100 seconds Switch Device: SAL1833YM0V ------------------------------------------------------------------------------ Port Port-Channel Vlan Status ------------------------------------------------------------------------------ Ethernet1/3 port-channel13 50 Success Ethernet1/3 port-channel13 56 Success
switch(config-vmt-conn)# show vmtracker fabric auto-config Fabric Auto Configuration is enabled Auto Configure Retry Time left: 82 seconds Switch Device: SAL1833YM64 ------------------------------------------------------------------------------ Port Port-Channel Vlan Status ------------------------------------------------------------------------------ Ethernet1/3 port-channel13 50 Skipped Ethernet1/3 port-channel13 56 Skipped
switch(config-vmt-conn)# show fabric database host Active Host Entries flags: L - Locally inserted, V - vPC+ inserted, R - Recovered, X - xlated Vlan VLAN VNI STATE FLAGS PROFILE(INSTANCE) 50 30001 Profile Active L defaultNetworkUniversalEvpnProfile-edcs(instance_def_50_1) 56 30056 Profile Active L defaultNetworkUniversalEVPNProfileNew(instance_def_56_1)
switch(config-vmt-conn)# show fabric database host Active Host Entries flags: L - Locally inserted, V - vPC+ inserted, R - Recovered, X - xlated Vlan VLAN VNI STATE FLAGS PROFILE(INSTANCE) 50 30001 Profile Active V defaultNetworkUniversalEvpnProfile-edcs(instance_def_50_1) 56 30056 Profile Active V defaultNetworkUniversalEVPNProfileNew(instance_def_56_1)
switch(config-vmt-conn)# show run vlan 50 expand-port-profile !Command: show running-config vlan 50 expand-port-profile !Time: Sat Aug 8 05:25:09 2015version 7.0(3)I2(1) vlan 50 vn-segment 30001
switch(config-vmt-conn)# show run interface vlan 50 expand-port-profile !Command: show running-config interface Vlan50 expand-port-profile !Time: Sat Aug 8 05:29:49 2015 version 7.0(3)I2(1) interface Vlan50 no shutdown vrf member Org1:vrfedcs ip address 50.50.50.15/24 tag 12345 fabric forwarding mode anycast-gateway