Kaspersky SD-WAN
2.1
English

Contents

Managing VIMs

Before deploying a

VNF
in a data center, you must add at least one
VIM
. Kaspersky SD-WAN uses the VIM of the OpenStack cloud platform that provides all of its key capabilities, such as network virtualization, virtual machine management, and load balancing.

In this section

Configuring VIMs

Viewing VIM usage

Editing a VIM

Deleting a VIM
Page top
[Topic 256074]

Configuring the VIM

Expand all | Collapse all

Deploying a VIM in the data center implies centralized management of the VNF lifecycle, while a VIM deployed on a uCPE device allows delivering VNFs to remote locations and managing these VNFs locally.

You can configure the VIM in the data center or in the

uCPE
template. When you edit VIM settings in the uCPE template, the settings are applied to all devices that use that template. To configure a VIM, use the following instructions:

  • Configuring a VIM in a data center.

    To configure a VIM in a data center:

    1. In the menu, go to the Infrastructure section.

      The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

    2. In the upper part of the page, click + VIM.
    3. This opens a window; in that window, in the Domain and Data center drop-down lists, select the domain and data center where the VIM is deployed.
    4. In the Name field, enter the name of the VIM.
    5. In the IP field, enter the IP address or domain name for connecting the orchestrator to the VIM.
    6. In the Port field, enter the port number for connecting the orchestrator to the VIM identification service. The default setting is 5,000.
    7. In the Protocol drop-down list, select the protocol for connecting the orchestrator to the VIM:
      • http (selected by default)
      • https
    8. In the Login and Password fields, enter the name and password of an OpenStack account with administrator privileges to authenticate the orchestrator in the OpenStack cloud platform. If authentication is successful, the orchestrator gains access to managing the virtual infrastructure that is available to the administrator.
    9. If necessary, change the advanced orchestrator authentication settings in the OpenStack cloud platform:
      1. In the Administrator project field, enter the name of the administrator project for orchestrator authentication in this project.
      2. In the Domain field, enter the OpenStack domain name for orchestrator authentication in this domain.
    10. In the Behind NAT drop-down list, select whether the VIM is behind NAT (Network Address Translation):
      • Enabled to indicate that the VIM is behind NAT and network address translation happens when it interacts with the SD-WAN instance.
      • Disabled to indicate that the VIM is not behind NAT. This is the default.
    11. If necessary, specify the overcommitment ratios for physical resources:
      1. In the CPU overcommitment field, enter the CPU core overcommitment ratio. The default setting is 1.
      2. In the RAM overcommitment field, enter the RAM overcommitment ratio. The default setting is 1.
      3. In the Disk overcommitment field, enter the disk space overcommitment ratio. The default setting is 1.

      Overcommitment ratios let you provision virtual machines with more virtual resources than physically present. This is possible because, as a rule, virtual machines do not simultaneously use all available physical resources to the maximum. For example, if you specify a disk space overcommitment factor of 3, the available virtual disk space can be three times as large as the disk space physically available on the host.

      When configuring overcommitment, consider how the capabilities of your hardware relate to the requirements of the virtual machines. If you specify a high overcommitment ratio for physical resources and virtual machines happen to use them up, this may lead to the network lagging and/or parts of network becoming completely unavailable.

    12. If necessary, in the Parallelism field, enter the maximum number of simultaneous operations between the orchestrator and the VIM. The default setting is 1. This setting lets you reduce the overall processing time for operations, but creates an additional load on the virtual infrastructure.

      We recommend not changing the default value unless the overall operation processing speed is critical for you.

    13. In the SDN cluster drop-down list, select the SDN cluster to which OpenStack is connected, or None if OpenStack is not connected to an SDN cluster.
    14. In the Maximum number of VLANs field, enter the maximum number of VLANs that you plan to use on the VIM. This setting lets the orchestrator keep track of the number of segments available for use. Range of values: 0 to 4,094.
    15. If the VIM supports SR-IOV, enter the physnet name in the SR-IOV physical network field. The orchestrator uses the SR-IOV physical network name to connect virtual machines with the SR-IOV interface type.
    16. If you are using a network with the VLAN segmentation type for management, in the VLAN physical network field, enter the VLAN ID.
    17. If you selected an SDN cluster in the SDN cluster drop-down list, configure the connection to that cluster:
      1. If you need to map the logical networks of the SD-WAN instance to a physical network, enter the physnet name in the OpenStack physical network field.
      2. In the Interface group drop-down list, select the port group through which all OpenStack nodes are connected to the SDN cluster.
      3. In the Control group drop-down list, select the port group through which the OpenStack control nodes are connected to the SDN cluster.
      4. If necessary, in the Compute group drop-down list, select the port group through which OpenStack compute nodes are connected to the SDN cluster.
    18. If in the SDN cluster drop-down list, you selected None, configure the network:
      1. If you need to map the flat networks of the SD-WAN instance to a physical network, enter the physnet name in the Flat physical network field.
      2. If you need to map the VXLAN of the SD-WAN instance to a physical network, enter the physnet name in the VXLAN physical network field.
      3. In the Control network segmentation drop-down list, select the type of segmentation that is used to isolate and secure
        control plane
        traffic in the SD-WAN structure:
        • VLAN
        • VXLAN
      4. In the Control segment ID field, enter the segment ID of the management network. The range of values depends on the value selected in the Control network segmentation drop-down list:
        • If you selected VLAN, the range of values is 0 to 4,095.
        • If you selected VXLAN, the range of values is 0 to 16,000,000.
      5. In the Port security drop-down list, select whether Port security is enabled or not. Port security enhances network security at the level of Ethernet ports of switches. This functionality prevents unauthorized access to the network by limiting the number of MAC addresses that can be associated with one physical port. When enabled, only trusted devices with predefined MAC addresses can connect to the network. You can select one of the following options:
        • Enabled
        • Disabled
      6. In the Permit CIDR field, enter the allowed subnet address for the control network.
    19. Click Create.

    The VIM is added and displayed in the table on the Compute resources tab.

  • Configuring a VIM in a uCPE template.

    To configure a VIM in a uCPE template:

    1. In the menu, go to the SD-WAN → CPE templates subsection.

      A table of CPE templates is displayed.

    2. Click the CPE template.

      The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button .

    3. Select the VIM tab.

      The VIM settings are displayed.

    4. In the Port field, enter the port number for connecting the orchestrator to the VIM identification service. The default setting is 5,000.
    5. In the Protocol drop-down list, select the protocol for connecting the orchestrator to the VIM:
      • http (selected by default)
      • https
    6. In the Login and Password fields, enter the name and password of an OpenStack account with administrator privileges to authenticate the orchestrator in the OpenStack cloud platform. If authentication is successful, the orchestrator gains access to managing the virtual infrastructure that is available to the administrator.
    7. If necessary, specify advanced orchestrator authentication settings in the OpenStack cloud platform:
      1. In the Administrator project field, enter the name of the administrator project for orchestrator authentication in this project.
      2. In the Domain field, enter the OpenStack domain name for orchestrator authentication in this domain.
    8. If you are using a network with the VLAN segmentation type for management, in the VLAN physical network field, enter the VLAN ID.
    9. In the Behind NAT drop-down list, select whether the VIM is behind NAT (Network Address Translation):
      • Enabled to indicate that the VIM is behind NAT and network address translation happens when it interacts with the SD-WAN instance.
      • Disabled to indicate that the VIM is not behind NAT. This is the default.
    10. If necessary, specify the overcommitment ratios for physical resources:
      1. In the CPU overcommitment field, enter the CPU core overcommitment ratio. The default setting is 1.
      2. In the RAM overcommitment field, enter the RAM overcommitment ratio. The default setting is 1.
      3. In the Disk overcommitment field, enter the disk space overcommitment ratio. The default setting is 1.

      Overcommitment ratios let you provision virtual machines with more virtual resources than physically present. This is possible because, as a rule, virtual machines do not simultaneously use all available physical resources to the maximum. For example, if you specify a disk space overcommitment factor of 3, the available virtual disk space can be three times as large as the disk space physically available on the host.

      When configuring overcommitment, consider how the capabilities of your hardware relate to the requirements of the virtual machines. If you specify a high overcommitment ratio for physical resources and virtual machines happen to use them up, this may lead to the network lagging and/or parts of network becoming completely unavailable.

    11. In the Maximum number of VLANs field, enter the maximum number of VLANs that you plan to use on the VIM. This setting lets the orchestrator keep track of the number of segments available for use. Range of values: 0 to 4,094.
    12. In the upper part of the settings area, click Save to save the configuration of the CPE template.
Page top
[Topic 242217]

Viewing VIM usage

You can see which compute resources are being used by the VIM to more efficiently manage the network infrastructure and, if necessary, optimize its usage.

To view VIM usage:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Select the Compute resources tab.

    A table of VIMs is displayed.

  3. Click Management next to the VIM and in the drop-down list, select Show usage.

This opens a window with information about utilization of the following compute resources by the VIM:

  • CPU
  • RAM
  • Disk space
  • Network segments
Page top
[Topic 256077]

Editing a VIM

To edit a VIM:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Select the Compute resources tab.

    A table of VIMs is displayed.

  3. Click Management next to the VIM and in the drop-down list, select Edit.
  4. This opens a window; in that window, edit the settings that you want to change. For a description of the settings, see the instructions for adding a VIM.
  5. Click Save.
Page top
[Topic 256075]

Deleting a VIM

Deleted VIMs cannot be restored.

To delete a VIM:

  1. In the menu, go to the Infrastructure section.

    The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.

  2. Select the Compute resources tab.

    A table of VIMs is displayed.

  3. Click Management next to the VIM and in the drop-down list, select Delete.
  4. In the confirmation window, click Delete.

The VIM is deleted and is no longer displayed in the table.

Page top
[Topic 256076]