Management Network User Guide

This documentation helps network administrators and support personnel install install and manage Aruba, Dell, and Mellanox network devices in a CSM install.

The HPE Cray recommended way of configuring the network is by using the CANU tool. Therefore this guide will not go into detail on how to configure each switch manually using the CLI. Instead, it will give helpful examples of how to configure/use features generated by CANU, in order to provide administrators easy ways to customize their installation.

Also included in this guide are the current documented and supported network scenarios.

NOTE Not every configuration option is covered here; for any configuration outside of the scope of this document, refer to the official Aruba, Dell, or Mellanox user manuals.

This document is intended for network administrators and support personnel.

NOTE The display and command lines illustrated in this document are examples and might not exactly match any particular environment. The switch and accessory drawings in this document are for illustration only, and may not exactly match installed products.

Contents

Adding switch admin password to Vault

If CSM has been installed and Vault is running, add the switch credentials into Vault. Certain tests, including goss-switch-bgp-neighbor-aruba-or-mellanox use these credentials to test the state of the switch. This step is not required to configure the management network. If Vault is unavailable, this step can be temporarily skipped. Any automated tests that depend on the switch credentials being in Vault will fail until they are added.

  1. (ncn-mw#) Write the switch admin password to the SW_ADMIN_PASSWORD variable if it is not already set.

    The use of read -s is a convention used throughout this documentation which allows for the user input of secrets without echoing them to the terminal or saving them in history.

    read -s SW_ADMIN_PASSWORD
    
  2. (ncn-mw#) Run the following commands to add the password to Vault.

    VAULT_PASSWD=$(kubectl -n vault get secrets cray-vault-unseal-keys -o json | jq -r '.data["vault-root"]' |  base64 -d)
    alias vault='kubectl -n vault exec -i cray-vault-0 -c vault -- env VAULT_TOKEN="$VAULT_PASSWD" VAULT_ADDR=http://127.0.0.1:8200 VAULT_FORMAT=json vault'
    vault kv put secret/net-creds/switch_admin admin=$SW_ADMIN_PASSWORD
    

Switch configuration states

To check the current state of the switches, see Upgrade.

  • 1.0 Config: Non-generated switch configurations
  • 1.2 Preconfig: CANU-generated configurations for CSM 1.0
  • 1.2 Config: CANU-generated configurations for CSM 1.2

Starting points

Situation Link
Upgrade CANU to the latest version Install/Upgrade CANU
Upgrade to CANU-generated configurations from non-CANU-generated configurations Upgrade
Current switch configurations are CANU-generated and need to go to 1.3 1.3 (Preconfig) to 1.3
Switches have no configuration on them Fresh Install
Reinstalling the same CSM version Re-install
New hardware was added to the system Added Hardware
Switch failed and needs to be replaced Replace Switch

User guides

The user guides contain information such as generic configuration examples, explanation of currently used technologies, topology maps, and a summary of the network design used in the CSM management network.

CANU

See CSM Automatic Network Utility (CANU).

Useful pages

Page Description
Collect data Input data needed to generate switch configurations
Cable Management Network Servers Shows how servers in CSM should be cabled
SHCD HMN Tab/HMN Connections Rules Shows how the HMN tab on the SHCD should be formatted
SHCD Connection Rules Shows how the all tabs on the SHCD should be formatted EXCEPT the HMN tab
Backup Custom Configuration Shows users how to backup configuration that is custom to their system; this includes site connections and credentials
Configuration Management Shows users how to save a running configuration to the switch for backup purposes or to switch between different switch configurations
Validate Switch Configuration Compares the configuration on a running system to what is generated
Wipe Management Switches Erase the switch configuration; this is useful for fresh installs
Generate Switch Configurations Generate configurations for all management switches
Manual Switch Configurations Some configuration needs to be done manually (authentication/SNMP)
Validate SHCD Validate the SHCD against the CSM network architecture

Products supported

This release applies to the following product models:

  • Aruba 8320 switch series
  • Aruba 8325 switch series
  • Aruba 8360 switch series
  • Aruba 6300 switch series
  • Mellanox SN2100 switch series
  • Mellanox SN2700 switch series
  • Dell S3048-ON switch series
  • Dell S4148T-ON switch series
  • Dell S4148F-ON switch series

Architecture and naming conventions

For architecture and naming convention information, see Cray Network Architecture model.

Minimum software version requirements

Changes

These sections list enhancements, fixes, and known issues for this version of the Shasta management network.

Enhancements

Software enhancements are listed in reverse-chronological order, with the newest on the top of the list.

Unless otherwise noted, each network version listed includes all enhancements added in earlier versions.

Spanning-tree

In the Shasta management network version 1.2, Spanning-tree configuration is changing from RPVST (RSTP) to MSTP, in order to allow for better vendor interoperability and simplified Spanning-tree configuration. The new default configuration is as follows:

  • Spanning-tree BPDU guard is removed from NCN LAG ports.
  • Spanning-tree BPDU filter is removed.
  • Spanning-tree admin-edge port settings are retained for allowing quicker PXE boot.
  • Spanning-tree instance is tied to default (no longer multiple instances or per VLAN).
  • Spanning-tree MSTP configuration name and revision in all configurations generated by CANU are set.
  • Add peering from MetalLB to customer edge router.

Fixes

Issues and workarounds

The following are known open issues with this branch of the software.

The Symptom statement describes what a user might experience if this is seen on the network. The Scenario statement provides additional environment details and trigger summaries. When available, the Workaround statement provides a workaround to the issue.

Known and fixed issue are listed in the CANU release notes. See CANU releases.

Security Bulletin subscription service

To initiate a subscription to receive future HPE Security Bulletin alerts via email, see the HPE Support Center.

A Security Bulletin is the published notification of security vulnerabilities and is the only communication vehicle for security vulnerabilities.

  • Fixes for security vulnerabilities are not documented in manuals, release notes, or other forms of product documentation.
  • A Security Bulletin is released when all vulnerable products still in support life have publicly available images that contain the fix for the security vulnerability.