Configuring Dedicated Interfaces for ASM Communication on an Existing Avi Service Engine

Background

Dedicated sideband interfaces on Avi Service Engines use the following configuration parameters. For existing SEs, these parameters can be populated in the /etc/ovf_config file.
Note: All parameters in this file are comma-separated and the file format is slightly different from the YML file used for spinning up new Service Engines. However, the parameters and their respective formats are exactly the same as they are for new Service Engines.

YAML parameters

  1. avi.asm-ip.SE
    Description: This is the IP address of the dedicated sideband interface on the SE (this is NOT the self IP or virtual service IP of the ASM device).
    Format: IP-address/subnet-mask.
    Example: avi.asm-ip.SE: 10.160.103.227/24

  2. avi.asm-static-routes.SE
    Description: These are comma-separated, static routes to reach the sideband ASM virtual service IPs. Even /32 routes can be provided. The gateway will be the self IP of the ASM device.
    Note: If there is a single static route, provide the same and ensure the square brackets are matched. Also, if the ASM virtual service IPs are in the same subnet as the dedicated interfaces, provide the gateway as the default gateway for the subnet.
    Format: [ asm-vip-network1/mask1 via gateway1, asm-vip-network2/mask2 via gateway2 ] or [ asm-vip-network1/mask1 via gateway1 ]
    Example: avi.asm-static-routes.SE: [169.254.1.0/24 via 10.160.102.1, 169.254.2.0/24 via 10.160.102.2]

  3. avi.hsm-vnic-id.SE
    Description: This is the ID of the dedicated ASM vNIC and is typically 3 on CSP (vNIC0 is management interface, vNIC1 is data-in interface, and vNIC2 is data-out interface)
    Format: ‘numeric vNIC ID’.
    Example: avi.asm-vnic-id.SE: ‘3’

    YAML Parameter Description Format Example
    avi.asm-ip.SE IP address of the dedicated ASM vNIC on the SE (this is NOT the IP address of the ASM) IP-address/subnet-mask avi.asm-ip.SE: 10.160.103.227/24
    avi.hsm-static-routes.SE Comma-separated, static routes to reach the ASM devices. Even /32 routes can be provided [ asm-vip-network1/mask1 via gateway1, asm-vip-network2/mask2 via gateway2 ] or [ asm-vip-network1/mask1 via gateway1 ] avi.asm-static-routes.SE: [169.254.1.0/24 via 10.160.102.1, 169.254.2.0/24 via 10.160.102.2]
    avi.asm-vnic-id.SE ID of the dedicated ASM vNIC and is typically 3 on CSP (vNIC0 is management interface, vNIC1 is data-in interface, and vNIC2 is data-out interface) numeric vNIC ID avi.asm-vnic-id.SE: '3'

Instructions

Follow the below-mentioned steps to add a dedicated ASM vNIC on an existing SE CSP service. In this example, vNIC 3 is used which is actually the fourth NIC on the CSP service.

Configuration on Cisco CSP

  1. Navigate to Configuration > Services > Action > Power Off to power off the SE service on Cisco CSP.
  2. To add a new vNIC to the SE with desired parameters, navigate to Configuration > Services > Action > Service Edit , click on Add vNIC and provide VLAN id, VLAN type, VLAN tagged, network Name, Model etc., and click Submit.
  3. Navigate to Configuration > Services > Action and select Power On to power on the SE service on Cisco CSP.

Configuration on Avi Service Engine

Perform the following steps on the Service Engine using bash shell.

  • SSH to Avi SE IP and perform the following steps.

 ssh admin@<SE-MGMT-IP>
 bash#
 bash# sudo su
 bash# /opt/avi/scripts/stop_se.sh
 bash# mv /var/run/avi/ovf_properties.saved /home/admin

Note: Move; do not copy this file. Edit it to provide the three comma-separated ASM-dedicated NIC related parameters. The file looks like the following:


  bash# cat /home/admin/ovf_properties.saved

 AVICNTRL: 10.128.2.18, AVICNTRL_AUTHTOKEN: 1403771c-	fc59-4d76-89b2-b3c35682b342,
 avi.default-gw.SE: 10.128.2.1,
 avi.asm-ip.SE: 10.160.102.227/24,
 avi.asm-static-routes.SE: [169.254.1.0/24 via 10.160.102.1, 169.254.2.0/24 via 10.160.102.2],
 avi.asm-vnic-id.SE: '3',
 avi.mgmt-ip.SE: 10.128.2.27, ovf_source: CSP,
 uuid: FCE9B12D-A1B0-4EF3-B922-BDC2A5F8AA11}

 bash# cp /home/admin/ovf_properties.saved /etc/ovf_config
 bash# /opt/avi/scripts/start_se.sh
  • Verify that the dedicated vNIC information is applied correctly and the ASM virtual service IPs are reachable via this interface. In this case, the interface eth3 is dedicated ASM interface and it is configured with IP 10.160.102.227/24.

 bash# ssh admin@<SE-MGMT-IP>
 bash# ifconfig eth3
 eth3      Link encap:Ethernet  HWaddr 02:6a:80:02:11:05  
          inet addr:10.160.102.227  Bcast:10.160.102.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4454601 errors:0 dropped:1987 overruns:0 frame:0
          TX packets:4510346 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:672683711 (672.6 MB)  TX bytes:875329395 (875.3 MB)
 bash# ip route
 default via 10.128.2.1 dev eth0 
 10.128.2.0/24 dev eth0  proto kernel  scope link  src 10.128.2.27 
 10.160.102.0/24 dev eth4  proto kernel  scope link  src 10.160.102.227 
 169.254.1.0/24 via 10.160.102.1 dev eth3 
 169.254.2.0/24 via 10.160.102.2 dev eth3
 bash# ping -I eth3 <ASM-VIP>
 ping -I eth3 169.254.1.10
 PING 169.254.1.10 (169.254.1.10) from 10.160.102.227 eth3: 56(84) bytes of data.
 64 bytes from 169.254.1.10: icmp_seq=1 ttl=62 time=0.229 ms
 

Additional Information

For different types of supported configuration for HSM and ASM communication on Avi Vantage, refer to How to configure dedicated interfaces for HSM and ASM communication on Cisco CSP.