Documentazione
PicOS® Data Center Switch
AmpCon-DC Management Platform User Guide V2.2.0
Aggiornato il: 01 dic. 2025 11:08
AmpCon-DC Management Platform
A powerful management platform for PicOS® data center switches, offering automated Zero Touch Provisioning (ZTP), real-time telemetry monitoring, topology auto-discovery, automated lifecycle mangement, physical network design, flexible Ansible extensions, and terminal device management.
Key Topics
Day 0 | Day 1 | Day 2+ |
Planning Deploying AmpCon-DC Deploying or Importing Switches Designing Physical Networks Managing Switches Managing Devices Checking RoCE Configuring RoCE | Configuring Switches Running Ansible Playbooks for Automation | Monitoring Switches Monitoring RoCE Monitoring NICs Monitoring Modules Managing Groups and Licenses Accessing Switches through SSH Sessions Administering AmpCon-DC |
Before you install or upgrade AmpCon-DC, read this topic to get a quick overview of what is added, changed, improved, or deprecated in each release.
AmpCon-DC 2.2.0
New Features
The following features are added to AmpCon-DC 2.2.0:
Improvements
The following improvements are added to AmpCon-DC 2.2.0:
New Changes
AmpCon-DC, a management platform designed for PicOS® data center switches and NICs, automates and validates the design, deployment, and operation of data center networks from Day 0 through Day 2+. It empowers you to efficiently automate and manage your highly available HPC and data center networks at scale.
AmpCon-DC accelerates VXLAN network deployment with automated underlay configurations and ZTP. It uses real-time telemetry for performance monitoring, supports automatic topology discovery, and offers end-to-end RoCE deployment for unified network interface card and switch management, backed by 1, 3, or 5 years of comprehensive support covering installation, configuration, troubleshooting, and updates.
Deployed as a software appliance on a virtual machine (VM) or Docker, AmpCon-DC operates seamlessly in data center or cloud environments.
Highlights
How AmpCon-DC Can Help
AmpCon-DC is highly scalable and includes only the features that you truly need. You can use it to build small, medium, and large data center networks.
Designing a modern 3-stage fabric with AmpCon-DC simplifies the deployment and operation of next‑generation data center networks, leads to a more stable data center fabric, and reduces operational costs.
You can manage these devices and monitor their Network Interface Cards (NICs) and optical modules. In addition, you can check or configure RoCE in one click and monitor RoCE-related telemetry data for performance tuning.
AmpCon-DC helps you to configure, monitor, and manage switches in data centers. By using AmpCon-DC, you can maintain the High-Performance Network (HPN) architecture more efficiently, prevent and eliminate issues, and thus increase the resource utilization rate and decrease the operation costs.
AmpCon-DC supports using ZTP to automatically deploy switches in a data center.
AmpCon-DC supports telemetry to capture rich information about real-time network telemetry information, application workload usage, and system configurations.
AmpCon-DC supports automatic discovery of topology to provide the network view of switches in all locations. You can simplify the network management by checking switch stats and port-level running status.
AmpCon-DC supports using Ansible playbooks to automate daily network operations and decrease the operation cost.
AmpCon-DC provides multiple deployment solutions, including Docker, KVM, VMware, and Nutanix AHV.
AmpCon-DC makes it easy to deploy, configure, and manage a large number of remote switches. You can use AmpCon-DC to deploy, configure, or manage switches at scale.
AmpCon-DC provides a powerful feature set, including deploying, configuring, monitoring, and managing switches, designing and managing physical networks, and managing terminal devices.
For more information, see the following key features:
2.1.1 Physical Network Design
In data center networks, east-west traffic dominates the business traffic. Therefore, data centers have a high demand for horizontal scalability. To meet the evolving business requirements in data centers, including cloud scenarios, container scenarios, and AI computing scenarios, the 3-stage fabric architecture (leaf-spine-leaf) is introduced to AmpCon-DC as the networking solution, leading to a more stable data center fabric, and reducing operational costs.
AmpCon-DC automates underlay configurations with intuitive point-and-click user interfaces and workflow-driven deployment. Network administrators can select predefined templates and push configurations step by step, eliminating manual, device-by-device setups. This accelerates VXLAN deployment, reduces vendor-specific CLI learning curves, and ensures consistent, efficient network operations.
AmpCon-DC offers the 3-stage Spine-Leaf architecture network design feature, supporting MLAG networking, drag-and-drop visual modeling, and custom physical network topology design, and provides two types of network configuration templates from which users can choose based on their needs to achieve template-based rapid replication, generating N physical networks from a single template.
You can follow steps to complete VLAN domain entry, physical device mapping, configuration confirmation, topology check, node addition, and fabric management. Ultimately, AmpCon-DC can push networking configurations to switches in batches, allowing them to build a VXLAN network while eliminating manual configurations.
2.1.2 Zero Touch Provisioning
Zero Touch Provisioning (ZTP) is a technology for automated deployment and configuration of network devices. When large numbers of switches need to be deployed or upgraded, you can use ZTP to reduce labor costs and improve deployment efficiency. ZTP can help you to implement fast, accurate, and reliable switch deployments.
In scenarios like the construction or expansion of data centers, a large number of switches are required. If these switches are configured manually, improper configurations might lead to errors, and it’s difficult to troubleshoot issues.
AmpCon-DC provides ZTP, which improves the efficiency of switch deployment, daily maintenance, and fault handling, while reducing labor costs.
After you plug in the switch, the DHCP server automatically provides the switch with an IP address and the address of a provision script that is obtained from AmpCon-DC server. The switch automatically runs the script to register with the AmpCon-DC server, install PicOS® (for white-box switches only), configure the switch based on system configurations and switch configurations, and install a valid license on the switch.
By using AmpCon-DC, no experienced network personnel are required at the remote site; anyone who can put the switch in the right place and plug it in will do.
After switches are deployed through ZTP, they can be automatically added to fabrics and managed by AmpCon-DC.
In traditional solutions, such tasks are manually performed by network administrators. The AmpCon-DC ZTP solution, however, frees administrators from these tasks, allowing them to focus on the orchestration of core overlay services.
2.1.3 Centralized Resource Management
AmpCon-DC provides centralized resource management, including Available Zones (AZ) and resource pools (IP pools and ASN pools).
AZ Resources
In the AmpCon-DC UI, you can view VPC, network, and VM resources of the vSphere or OpenStack AZ that you added. Currently, you can't view resource information of the bare metal AZ.
Resource Pools
IP pools (IPv4) and ASN pools are used by AmpCon-DC to assign Router ID, VTEP interfaces, L3 peer-link interfaces, direct access IP addresses, and BGP ASN during the fabric design process.
2.1.4 Automatic Topology Discovery
AmpCon-DC supports automatic discovery of topologies for automated identification and visualization of the network structure. It provides a map view to display all the locations. You can use the map view to pull up any location and drill down into an individual switch, right to the port level, to check port stats and overall health of the switch. In this way, network management and maintenance can be simplified.
Planning Topologies
AmpCon-DC supports automatic discovery of neighboring information to generate a topology map after switches are added. You can manually plan the topology and customize the network structure layout according to actual needs.
Viewing Real-time Topologies
AmpCon-DC dynamically shows the current network status, which reflects changes such as device online status and link faults in real time. By clicking a device or a link, you can see detailed stats information.
Viewing Historical Topologies
By selecting a timeline, you can see the network topologies and device link status at different time. You can analyze the historical topologies to trace problems.
Viewing Switch Details, Ports, and Linux Severs
When you click a switch in a topology, you can view real-time or historical information about the switch, switch ports, and Linux servers connected to the switch.
2.1.5 Real-Time Telemetry Monitoring
AmpCon-DC uses the telemetry technology to automatically collect real-time or historical metric data from managed devices.
Comprehensive Data Collection
AmpCon-DC collects real-time data from managed switches, including routing neighbors, switch utilization, and port stats. The data can help network administrators gain insights for quick decisions and network adjustments. You can view the telemetry data of all managed switches on the “Telemetry Dashboard” page.
Real-time Performance Monitoring
AmpCon-DC uses telemetry to track performance metrics of each managed switch in real time, such as port traffic, bandwidth utilization, and packet loss rate. With telemetry information, you can identify bottlenecks, optimize configurations, and ensure efficient resource usage on a switch.
You can view the telemetry data of a specific switch on the detail page of the switch.
Telemetry Data of DLB
You can visualize Dynamic Load Balancing (DLB) related telemetry metrics to optimize your network for better performance.
Telemetry Data of NICs
After you add devices to AmpCon-DC with the monitor function enabled, AmpCon-DC automatically collects performance-related telemetry metrics of NICs on these devices.
You can gain real-time or historical insights into network traffic conditions on each NIC, identify traffic peaks, and pinpoint bottlenecks.
Telemetry Data of RoCE
You can monitor RDMA over Converged Ethernet (RoCE) data on the Network Interface Card (NIC) side and on the switch side.
Automatic Alerting after Detecting Anomalies
AmpCon-DC uses telemetry data to issue immediate alerts on a visual interface when a device failure or a performance shift is detected, to help the network administrators diagnose the root cause and resolve problems quickly.
If you can't access the AmpCon-DC UI to view alarms but need immediate alerts when issues arise, use the alarm notification feature to receive real-time email notifications. In this way, you can promptly find problems and prevent incident escalation.
2.1.6 Flexible Ansible Extensions
Ansible is an open-source tool to automate configuration management, application deployment, and task automation. Ansible uses simple, declarative language written in YAML, which is called playbooks, to automate your tasks. You declare the desired state of a local or remote system in your playbook. Ansible ensures that the system remains in that state. For more information about Ansible, see Getting started with Ansible and Using Ansible playbooks.
AmpCon-DC integrates with Ansible to automate and simplify network management, such as configuring interfaces, VLANs, and security settings.
By using Ansible to automate network management, you can reduce errors, save time, and ensure consistency across your network. Then, you can focus on more strategic tasks.
Automation with Ansible
AmpCon-DC provides commonly used features that your network administrators need for day-to-day operations. You can also use AmpCon-DC to add capabilities that you might require by writing Ansible playbooks.
If a network management task follows a certain routine regularly, build an Ansible playbook to automate the task.
Pre-Built Playbooks
AmpCon-DC offers a series of Ansible playbooks, which are templates for automating the following routines:
Customized Playbooks
If the pre-built Ansible playbooks can’t meet your needs, you can customize an automation workflow by writing a playbook on AmpCon-DC or importing a local playbook to AmpCon-DC.
Playbook Run
AmpCon-DC supports the following schedule types of playbook run:
Ansible Jobs
An Ansible job is a single execution of an Ansible playbook. AmpCon-DC displays the list of Ansible jobs, the list of switches with Ansible jobs, the execution results, and the output of these jobs.
Linux Server Support
In addition to running Ansible playbooks on managed switches, AmpCon-DC supports running Ansible playbooks on the Linux servers that you added.
2.1.7 Terminal Device Management
AmpCon-DC makes third-party device management more efficient and smarter.
One-Click Integration and Full-Stack Control
You can easily integrate third-party devices into AmpCon-DC, manage these devices, and track the status of Network Interface Cards (NICs) and optical modules, achieving transparent operation and maintenance experience.
RoCE Intelligent Optimization
With several clicks in the AmpCon-DC UI, you can complete RoCE protocol status detection and configurations. You can push RoCE configurations to multiple device NICs in batches by using built-in templates to simplify complex operations.
Comprehensive Monitoring and Fault Diagnosis
AmpCon-DC collects performance metrics of NICs and optical modules in real-time, combined with end-to-end RoCE telemetry data, to accurately assess network quality, quickly diagnose bottlenecks, and ensure zero business interruption.
Automated Operations and Maintenance
AmpCon-DC supports automatic device inventory, real-time or historical topology visualization, and seamless integration with Ansible playbooks for automated operations, improving operational efficiency.
2.1.8 Switch Lifecycle Management
AmpCon-DC simplifies the management of switches, including configuration management, switch inventory, software updates, and more.
Configuration Management
AmpCon-DC includes native configuration management capabilities, which you can use to push an update to a single switch or to an entire group of switches. By using AmpCon-DC, you don’t need to edit and push switch configurations one by one. In this way, the likelihood of errors can be reduced, the switch configuration process can be simplified, and you don’t need to deal with the added expense or headache of a third-party tool.
In practice, the configuration management feature can greatly simplify the job of updating switches to deal with a new class of devices, such as connected servers. Your network administrators can detail how the network needs to treat the security devices (such as putting them on your own VLAN), and detail where traffic from devices is allowed to go. By adding only one configuration in the AmpCon-DC UI, you can push the update to appropriate switches.
AmpCon-DC greatly simplifies the job of detailing network access level and priority each class of devices need to get and pushing the update to all relevant switches.
Configuration Backup, Compliance, and Rollback
Once the desired configurations are set and the network is stable, you might want to make sure that accidental changes don’t disrupt operations. When you make a configuration change such as adding devices or a VLAN, it is important to back up your configuration.
AmpCon-DC makes configuration backup easy by automating and scheduling configuration backup on a specified date and time and saving the last N backups as you need. You can use the backup configuration to recover quickly from a crash or corruption of a switch. In addition, you can mark a specific backup instance as the Golden Config. The Golden Config will never be deleted and is used by default as the configuration to roll back a switch to a stable configuration when the switch operation is compromised. You can also use the Golden Config as the basis to run an automated compliance check to verify whether the network is operating as designed.
Switch Inventory
AmpCon-DC also supports the switch inventory feature, providing detailed inventory of all switches, including switch hardware details, software versions, configurations, and more.
Though third-party tools also support this capability, these tools add expense to your company. In addition, such tools typically run on a Windows Server Enterprise Edition machine, which also adds additional server licensing costs.
In contrast, AmpCon-DC can be deployed in minutes on a virtual machine.
License Updates
AmpCon-DC automates the process of checking and updating switch licenses with the latest support entitlements. A License Audit task checks whether a group of specified switches has valid licenses and creates a report of the license status including the support expiration date and other details.
The License Action task automatically updates the license keys on all switches whose support is due to expire in the next 30 days and logs the result to a report, which you can examine or download.
RMA Replacements
AmpCon-DC incorporates a unique workflow to enable return merchandise authorization (RMA) replacements. When hardware of a switch fails and is replaced with new switch hardware, the RMA feature takes the configurations from the failed switch hardware, updates the serial number of the new switch, and pushes the configurations to the new switch to bring it up seamlessly in the network.
Simplified Software and Switch Upgrade
The nature of PicOS® itself makes it simpler to manage switches compared to other legacy network operating system (NOS) of switches or routers. Because PicOS® is Linux-based and compartmentalized, you can update or change one component or aspect without affecting other components. For example, if you’re pushing a security patch, it affects only the security component of the NOS; you don’t need to replace the entire software or firmware image.
Additional Features
AmpCon-DC is built on Ubuntu Linux and incorporates a web GUI and a MySQL database with Python codes built on top of an Ansible engine. Switches and AmpCon-DC communicate with the SSH protocol. AmpCon-DC gets switch stats through gNMI.
Zero Touch Provisioning (ZTP) Workflow
White-Box Switches
Figure 1. ZTP Workflow of White-Box Switches
1. After a switch is powered on, the switch sends DHCP Discover to get an IP address, and the DHCP server provides the switch with an IP address.
2. The switch sends a request to the DHCP server, and the DHCP server sends a response including the HTTP server address.
3. The switch sends an HTTP request to the HTTP server to get the shell script, and the HTTP server sends an HTTP response with the shell script.
4. The switch executes the shell script to complete the ZTP deployment, including downloading a PicOS image, installing PicOS and its license, registering with the AmpCon-DC server, updating switch configurations, and rebooting the switch.
Integrated Hardware and Software Switches
Figure 2. ZTP Workflow of Integrated Hardware and Software Switches
1. After a switch is powered on, the switch sends DHCP Discover to get an IP address, and the DHCP server provides the switch with an IP address.
2. The switch sends a DHCP request to the DHCP server, and the DHCP server sends a DHCP response including the TFTP server address.
3. The switch sends a TFTP request to the TFTP server to get the shell script, and the TFTP server sends a TFTP response with the shell script.
4. The switch executes the shell script to complete the ZTP deployment, including registering with the AmpCon-DC server, installing a PicOS license on the switch, updating switch configurations, and rebooting the switch.
Switch Configuration Workflow
1. The AmpCon-DC server includes a component called Configuration Manager, which is used to create a standard configuration to configure switches. All configurations are tied to specific switches by the switch serial number (or Service Tag) and are stored in the AmpCon-DC database.
2. After you use the AmpCon-DC UI to push configurations to switches, each switch then downloads its appropriate configurations. At the same time, the switch accesses another AmpCon-DC server component, License Manager, which accesses the customer’s account on the License Portal to generate a license key and install the license on the switch.
3. The switch runs a shell script to automatically apply and validate the new configurations, update its status in the AmpCon-DC database, and join the network. From your perspective, all these switch configurations happen with the touch of a button in the AmpCon-DC UI. You can use the AmpCon-DC UI to deploy dozens or hundreds of switches to far-flung sites while your network team stays at home and monitors the process centrally.
Before you install AmpCon-DC, you must check supported information, installation requirements, and prepare the AmpCon-DC license.
For detailed information, see the following child topics:
Before you deploy AmpCon-DC, check the supported AmpCon-DC deployments and supported switches.
Supported Deployments
AmpCon-DC supports the following deployments:
Table 1. Supported Deployment Information
Indicator | Support information |
Deployment method | VMware ESXi 6.7, 7.0, 8.0, QEMU / KVM for Ubuntu 22.04 LTS, Oracle VirtualBox for lab only, physical machine based on Ubuntu 22.04 TLS with Docker |
Maximum number of switches supported | 1000 |
Maximum number of registered users | 1000 |
Maximum number of online users | 100 |
Storage duration of system logs | 2 months |
Storage duration of operation logs | 2 months |
Maximum storage of current alerts | Unlimited |
Maximum storage of historical alerts | 2 months |
Supported Switches
AmpCon-DC supports FS, Edgecore, DELL, Delta, and HPE switches. For detailed support lists, see the following part.
3.1.1 Supported Switches for 2.2.0
AmpCon-DC 2.2.0 supports managing the following switches:
NOTE
FS Hardware
Table 1. Supported FS Switches
Category | Model | Port Configuration | Switch ASIC | CPU |
10G Switch Portfolio | N5850-48S6Q | 48 x 10G, 6 x 40G | Trident2+ | Intel x86 |
10G Switch Portfolio | N5850-48X6C | 48 x 10G-T, 6 x 100G | Trident3-X5 | Intel x86 |
25G Switch Portfolio | N8550-48B8C | 48 x 25G, 8 x 100G | Trident3-X7 | Intel x86 |
100G Switch Portfolio | N8550-32C | 32 x 100G | Trident3-X7 | Intel x86 |
100G Switch Portfolio | N8560-32C | 32 x 100G QSPF28 | Trident3 | Intel x86 |
100G Switch Portfolio | N8550-64C | 64 x 100G | Tomahawk2 | Intel x86 |
400G Switch Portfolio | N9550-32D | 32 x 400G | Tomahawk3 | Intel x86 |
Edgecore Hardware
Table 2. Supported Edgecore Switches
Category | Model | Port Configuration | Switch ASIC | CPU |
1G Switch Portfolio | AS4610-30P | 24 x 1G PoE, 4 x 10G | Helix4 | ARM Cortex A9 |
1G Switch Portfolio | AS4610-30T | 24 x 1G-T, 4 x 10G | Helix4 | ARM Cortex A9 |
1G Switch Portfolio | AS4610-54P | 48 x 1G PoE, 4 x 10G | Helix4 | ARM Cortex A9 |
1G Switch Portfolio | AS4610-54T(B) | 48 x 1G-T, 4 x 10G | Helix4 | ARM Cortex A9 |
1G Switch Portfolio | AS4625-54P | 48 x 1G PoE, 6 x 10G | Trident3-X2 | Intel x86 |
1G Switch Portfolio | AS4625-54T | 48 x 1G-T, 6 x 10G | Trident3-X2 | Intel x86 |
1G Switch Portfolio | AS4630-54PE (EPS202) | 48 x 1G PoE, 4 x 25G | Trident3 | Intel x86 |
1G Switch Portfolio | AS4630-54TE (EPS201) | 48 x 1G, 4 x 25G | Trident3 | Intel x86 |
Multi- Gig SwitchPortfolio | AS4630-54NPE (EPS203) | 36 x 1/2.5G PoE,12 x 1/2.5/5/10G PoE | Trident3 | Intel x86 |
10G Switch Portfolio | AS5712-54X | 48 x 10G, 6 x 40G | Trident2 | Intel x86 |
10G Switch Portfolio | AS5812-54T | 48 x 10G-T, 6 x 40G | Trident2+ | Intel x86 |
10G Switch Portfolio | AS5812-54X | 48 x 10G, 6 x 40G | Trident2+ | Intel x86 |
10G Switch Portfolio | AS5835-54T (DCS209) | 48 x 10G-T, 6 x 100G | Trident3 | Intel x86 |
10G Switch Portfolio | AS5835-54X (DCS208) | 48 x 10G, 6 x 100G | Trident3 | Intel x86 |
25G Switch Portfolio | AS7326-56X (DCS203) | 48 x 25G, 8 x 100G | Trident3-X7 | Intel x86 |
40G Switch Portfolio | AS6812-32X | 32 x 40G | Trident2+ | Intel x86 |
100G Switch Portfolio | AS7712-32X (DCS501) | 32 x 100G | Tomahawk | Intel x86 |
100G Switch Portfolio | AS7726-32X (DCS204) | 32 x 100G | Trident3-X7 | Intel x86 |
100G Switch Portfolio | AS7816-64X (DCS500) | 64 x 100G | Tomahawk2 | Intel x86 |
25G Switch Portfolio | AS7312-54X (S) | 48 x 25G, 6 x 100G | Tomahawk+ | Intel x86 |
DELL Hardware
Table 3. Supported DELL Switches
Category | Model | Port Configuration | Switch ASIC | CPU |
1G Switch Portfolio | N3024EP-ON | 24 x 1G PoE, 4 x 10G | Helix4 | ARM Cortex A9 |
1G Switch Portfolio | N3024ET-ON | 24 x 1G, 4 x 10G | Helix4 | ARM Cortex A9 |
1G Switch Portfolio | N3048ET-ON | 48 x 1G, 4 x 10G | Helix4 | ARM Cortex A9 |
1G Switch Portfolio | N3224F-ON | 24 x 1G SFP, 4 x 10G | Trident3-X3 | Intel x86 |
1G Switch Portfolio | N3224P-ON | 24 x 1G 30W PoE, 4 x 10G | Trident3-X3 | Intel x86 |
1G Switch Portfolio | N3224T-ON | 24 x 1G, 4 x 10G | Trident3-X3 | Intel x86 |
1G Switch Portfolio | N3248P-ON | 48 x 1G 30W PoE, 4 x 10G | Trident3-X3 | Intel x86 |
1G Switch Portfolio | N3248TE-ON | 48 x 1G, 4 x 10G | Trident3-X3 | Intel x86 |
Multi-Gig Switch Portfolio | N2224PX-ON | 24 x 1G/2.5G 30W/60W PoE, 4 x 25G | Hurricane3-MG | Intel x86 |
Multi-Gig Switch Portfolio | N2224X-ON | 24 x 1G/2.5G, 4 x 25G | Hurricane3-MG | Intel x86 |
Multi-Gig Switch Portfolio | N2248PX-ON | 48 x 1G/2.5G 30W/60W PoE, 4 x 25G | Hurricane3-MG | Intel x86 |
Multi-Gig Switch Portfolio | N2248X-ON | 48 x 1G/ 2.5G, 4 x 25G | Hurricane3-MG | Intel x86 |
Multi-Gig Switch Portfolio | N3132PX-ON | 24 x 1G PoE, 8 x 1/2.5/5G PoE, 4 x 10G | Firebolt 4 FS | ARM Cortex A9 |
Multi-Gig Switch Portfolio | N3208PX-ON | 4 x 1/2.5/5G PoE, 4 x 1G PoE, 2 x 10G SFP+ | Hurricane3-MG | Intel x86 |
Multi-Gig Switch Portfolio | N3224PX-ON | 24 x 1/2.5/5/10G 90W PoE,4 x 25 G | Trident3-X3 | Intel x86 |
Multi-Gig Switch Portfolio | N3248PXE-ON | 48 x 1/2.5/5/10G 90W PoE,4 x 25 G | Trident3-X5 | Intel x86 |
Multi-Gig Switch Portfolio | N3248X-ON | 48 x 1/2.5/5/10G, 4 x 25G | Trident3-X5 | Intel x86 |
10G Switch Portfolio | S4048-ON | 48 x 10G, 6 x 40G | Trident2 | Intel x86 |
10G Switch Portfolio | S4128F-ON | 28 x 10G, 2 x 100G | Maverick | Intel x86 |
10G Switch Portfolio | S4128T-ON | 28 x 10G, 2 x 100G | Maverick | Intel x86 |
10G Switch Portfolio | S4148F-ON | 48 x 10G SFP, 2 x 40G,4 x 100G | Maverick | Intel x86 |
10G Switch Portfolio | S4148T-ON | 48 x 10G BASE-T, 2 x 40G,4 x 100G | Maverick | Intel x86 |
25G Switch Portfolio | S5212F-ON | 12 x 25G, 3 x 100G | Trident3-X5 | Intel x86 |
25G Switch Portfolio | S5224F-ON | 24 x 25G, 4 x 100G | Trident3-X5 | Intel x86 |
25G Switch Portfolio | S5248F-ON | 48 x 25G, 8 x 100G | Trident3-X7 | Intel x86 |
25G Switch Portfolio | S5296F-ON | 96 x 25G, 8 x 100G | Trident3-X7 | Intel x86 |
100G Switch Portfolio | Z9100-ON | 32 x 100G | Tomahawk | Intel x86 |
100G Switch Portfolio | Z9264F-ON | 64 x 100G | Tomahawk2 | Intel x86 |
100G Switch Portfolio | S5232F-ON | 32 x 100G | Trident3-X7 | Intel x86 |
Delta Hardware
Table 4. Supported Delta Switches
Category | Model | Port Configuration | Switch ASIC | CPU |
10G Switch Portfolio | AG7648 | 48 x 10G | Trident2 | Intel x86 |
25G Switch Portfolio | AG5648 v1-R | 48 x 25G | Tomahawk+ | Intel x86 |
100G Switch Portfolio | AG9032v1 | 32 x 100G | Tomahawk | Intel x86 |
HPE Hardware
Table 5. Supported HPE Switches
Category | Model | Port Configuration | Switch ASIC | CPU |
10G Switch Portfolio | HPE AL 6921-54T | 48 x 10G-T, 6 x 40G | Trident2+ | Intel x86 |
10G Switch Portfolio | HPE AL 6921-54X | 48 x 10G-T, 6 x 40G | Trident2+ | Intel x86 |
Before you deploy AmpCon-DC, check the following requirements:
Server Requirements
Before you install the AmpCon-DC server, ensure that the server machine meets the following requirements:
Table 1. Server Requirement Details
Indicators | Requirements | |
CPU | Clock speed | 2.0 GHz or faster |
Number of cores | 4 CPU cores | |
Memory | 16 GB | |
Hard disk | 512 GB | |
Operating systems | Ubuntu 22.04 X86 architecture | |
Network Requirements
Before you install AmpCon-DC, set the firewall and proxy properly to allow the following network access.
Table 2. Network Requirement for the AmpCon-DC Server Machine
TCP/UDP | Port | Protocol |
TCP | 80 | HTTP |
TCP | 443 | HTTPS |
UDP | 69 | TFTP |
UDP | 80 | OpenVPN |
NOTE
Table 3. Network Requirement for Switches
TCP/UDP | Port | Protocol |
TCP | 22 | SSH |
TCP | 9339 | gRPC/gNMI |
Browser Requirements
When you use a browser to log in to the AmpCon-DC UI, use Chrome 98, Edge 98, Firefox 94, or higher versions.
To deploy AmpCon-DC, see the following instructions:
You can install the AmpCon-DC server on a virtual machine or a physical machine by using one of the following methods:
If multiple NICs are added to the virtual machine or physical machine, you must specify one NIC IP address, which is used by AmpCon-DC server to establish connections with the switches to be managed, in the configuration file (/usr/share/automation/server/.env). Otherwise, the connections between the AmpCon-DC server and the switches to be managed might fail.
For more information, see "4.1.5 Multi-NIC Deployment for Switch Connectivity".
4.1.1 Installing on VirtualBox for Lab Only
You can install the AmpCon-DC server on VirtualBox for lab purposes only. Production environments require a proper enterprise-scale virtualization solution as described in "3.1 Supported Deployments". For how to use VirtualBox in general, see the Oracle VirtualBox documentation.
Prerequisites
Installation Procedure
1. Open the VirtualBox console, and then click File > Import Appliance.
2. Select Local File System, and then select the AmpCon-DC server .ova image file.
3. Confirm the settings for the .ova file, and then click Finish.
Wait for the importing process to finish. Once completed, the virtual machine is successfully imported, and the AmpCon-DC server is installed.
NOTE
4. Check the settings of the imported virtual machine.
5. Start the imported virtual machine by clicking the virtual machine and then clicking Start.
6. Modify the network interface configuration.
a. Log in to the virtual machine with the default username (pica8) and password (pica8).
b. Modify the IP address with the real IP address of the virtual machine.
sudo vi /etc/netplan/00-installer-config.yaml
c. Apply the network interface configuration by running the following command:
sudo netplan apply7. Start the AmpCon-DC server:
a. Go to the AmpCon-DC installation directory by running the following command:
cd /usr/share/automation/serverb. Start the AmpCon-DC server by running the following command:
sudo ./start.shNow the AmpCon-DC server is installed and started.
What to Do Next
For more information, see "4.1.5 Multi-NIC Deployment for Switch Connectivity".
4.1.2 Installing on VMware ESXi
You can install the AmpCon-DC server on VMware ESXi 6.7, 7.0, 8.0. For how to use VMware ESXi in general, see the VMware ESXi documentation.
Prerequisites
Installation Procedure
1. Open the VMware ESXi console, and then click Create / Register VM.
2. Select Deploy a virtual machine from an OVF or OVA file, and then click Next.
3. Enter the virtual machine name, upload the AmpCon-DC server .ovf and .vmdk files, and then click Next.
4. Confirm the storage type and datastore, and then click Next.
5. In the Network mappings drop-down list of the Deployment Options window, select the network adapter to which the virtual machine is connected, and then click Next.
6. Click Finish.
Wait for the importing process to finish. Once completed, the virtual machine is successfully imported, and the AmpCon-DC server is installed.
NOTE
7. On the VMware ESXi console, click the new virtual machine name that you specified in step 3.
8. Click Console to open the virtual machine console.
9. Modify the network interface configuration.
a. Log in to the virtual machine with the default username (pica8) and password (pica8).
b. Modify the IP address with the real IP address of the virtual machine.
sudo vi /etc/netplan/00-installer-config.yaml
c. Apply the network interface configuration by running the following command:
sudo netplan apply10. Start the AmpCon-DC server:
a. Go to the AmpCon-DC installation directory by running the following command:
cd /usr/share/automation/serverb. Start the AmpCon-DC server by running the following command:
sudo ./start.shNow the AmpCon-DC server is installed and started.
What to Do Next
4.1.3 Installing on QEMU or KVM
You can install the AmpCon-DC server on QEMU or KVM. For how to use QEMU or KVM in general, see the KVM documentation and QEMU documentation.
In this topic, KVM virt-manager is used to demonstrate the AmpCon-DC server installation steps.
Prerequisites
Installation Procedure
1. Open the virt-manager console by running the following command:
virt-manager2. Click the following button to start the importing process.
3. Select Import existing disk image, and then click Forward.
4. Click Browse to select the AmpCon-DC server .qcow2 image file.
5. Click Browse Local to add a local location.
6. Find the location of the AmpCon-DC server .qcow2 image file, and then click Open.
7. Select Ubuntu 22.04 LTS, and then click Forward.
NOTE
8. Adjust the memory and CPU settings as needed, and then click Forward.
NOTE
The memory and CPU settings need to meet the "3.2 Server Requirements".
9. In the Network selection section, select Macvtap device, and enter the device name. Then, click Finish.
Wait for the importing process to finish. Once completed, the virtual machine is successfully imported, and the AmpCon-DC server is installed.
NOTE
10. Modify the network interface configuration.
a. Log in to the virtual machine with the default username (pica8) and password (pica8).
b. Modify the IP address with the real IP address of the virtual machine.
sudo vi /etc/netplan/00-installer-config.yaml
c. Apply the network interface configuration by running the following command:
sudo netplan apply11. Start the AmpCon-DC server:
a. Go to the AmpCon-DC installation directory by running the following command:
cd /usr/share/automation/serverb. Start the AmpCon-DC server by running the following command:
sudo ./start.shNow the AmpCon-DC server is installed and started.
What to Do Next
4.1.4 Installing on Physical Machines (Ubuntu Docker)
You can install the AmpCon-DC server on a physical machine based on Ubuntu 22.04 with Docker installed.
Prerequisites
Installation Procedure
1. Unzip the AmpCon-DC server installation package by running the following command:
tar -zxvf <AmpCon-DC server installation package name>Replace
2. Modify the network interface configuration.
a. Modify the IP address with the real IP address of the physical machine.
sudo vi /etc/netplan/00-installer-config.yaml
b. Apply the network interface configuration by running the following command:
sudo netplan apply3. Go to the directory where the unzipped AmpCon-DC server installation files exist.
cd <AmpCon-DC installation directory>Replace
4. Install the AmpCon-DC server by running the following command:
sudo ./install_or_upgrade.shWait for the installation process to finish. Once completed, the AmpCon-DC server is installed and started.
NOTE
What to Do Next
4.1.5 Multi-NIC Deployment for Switch Connectivity
As described in "4.1 Installing the AmpCon-DC Server", you need to import the image file into a virtual machine or unzip the installation package on a physical machine to install the AmpCon-DC server.
Otherwise, the connections between AmpCon-DC and switches to be managed might fail.
NOTEs
Prerequisite
Ensure that the AmpCon-DC server is installed on a virtual machine or a physical machine.
Procedure
1. Log in to the virtual machine or the physical machine, and then open the /usr/share/automation/server/.env file.
sudo vim /usr/share/automation/server/.env2. Locate the line containing PROD_IP= in the file, and add the NIC IP address of the AmpCon-DC server machine, which is used to connect to the switches to be managed.
3. Restart the AmpCon-DC server by the following commands:
cd /usr/share/automation/server/sudo ./start.shBefore you deploy, configure, and manage switches with AmpCon-DC, you must configure system configurations in the AmpCon-DC UI.
System Configurations
System configurations contain the following two types:
The first time you log in to AmpCon-DC, you must add information to the global system configuration, The global system configuration can’t be removed.
If the default username and password of switches to be managed are different, you can add multiple non-global system configurations. You can remove the non-global system configuration if it is not needed.
A system configuration contains the following information:
Adding a Global System Configuration
The first time you log in to AmpCon-DC, the global system configuration is blank. You must configure the global system configuration:
1. Log in to the AmpCon-DC UI with the URL of the AmpCon-DC server in the format of "https://
The default AmpCon-DC UI username and password is admin/admin.
2. On the “System Config” page, input the following information:
NOTEs
3. Click Save.
The global system configuration is configured now. If you don’t add non-global system configurations, the global system configuration will be used to deploy switches.
Adding a Non-global System Configuration
To add a non-global system configuration, follow these steps:
1. Log in to the AmpCon-DC UI, and click Service > System Configuration.
2. Click the + icon. The “Add New System Config” page opens.
3. Input the following information:
4. Click Add.
After you add the non-global system configuration, you can do the following actions:
NOTE
Checking License Portal Connectivity
To check whether AmpCon-DC can connect with the License Portal, follow these steps:
1. Log in to the AmpCon-DC UI, and click Service > System Config.
2. In the global system configuration, add the License Portal information, which is used by AmpCon-DC to connect with the License Portal.
3. Check the connectivity by clicking the connect icon as follows.
AmpCon-DC is the control center for all switch licensing. It tracks the current switch entitlement and allows the appropriate number of switches to be managed by AmpCon-DC. AmpCon-DC needs a valid license with active support to perform its functions.
The following license types are provided:
To manage switches with AmpCon-DC, you need to add the Hardware IDs of the switches to an AmpCon-DC license and then import the license to AmpCon-DC.
Prerequisite
Obtain the Hardware ID of each switch that you want to manage by running the following commands in each switch:
run start shell shsudo license -s
4.3.1 Creating an AmpCon-DC License
To create an AmpCon-DC license, follow these steps:
1. Log in to the License Portal, and then click AmpCon Licenses > New AmpCon License.
NOTE
2. Input the following information:
3. In the Addition Method section, select either of the following ways:
4. Click Add AmpCon License.
4.3.2 Importing an AmpCon-DC License
To import an AmpCon-DC license, follow these steps:
1. Get the updated or new license from the License Portal.
a. Log in to the License Portal, and then click AmpCon Licenses.
b. Click Copy to copy the license string or click Download to download the .lic license file.
2. In the AmpCon-DC UI, click System > Software License > License Management.
3. On the “License Management” page, click Import.
4. Select either of the following ways to import licenses:
5. Click Apply.
After you import the new license, the All Licenses table is refreshed.
Optional: Editing an AmpCon-DC License
After you create an AmpCon-DC license, if you want to manage new switches with AmpCon-DC, you can edit the license. Follow these steps:
1. Log in to the License Portal, and click AmpCon Licenses.
2. Locate the license that you want to edit, and click the edit icon in the Total hw-ids column.
3. Click the Add Device icon, enter the Hardware ID of each new switch that you want to manage, and select the expiration date.
NOTE
After the AmpCon-DC server is installed, you can upgrade the server to a later version.
To upgrade the AmpCon-DC server, follow these steps:
Procedure
1. Download the AmpCon-DC server upgrade package by going to the FS AmpCon-DC website and then clicking Software Upgrade Package for AmpCon-DC V2.2.0 in the Resources section.
2. Go to the package directory, and run the following upgrade command:
sudo ./install_or_upgrade.sh
3. Wait for the upgrade process to complete. Once you see a success message, the upgrade is finished.
4. Log in to the AmpCon-DC UI to see whether the server is upgraded to the new version.
After the AmpCon-DC server is installed, you can uninstall the server if it is not needed.
To uninstall the AmpCon-DC server, follow these steps:
Procedure
1. Go to the root directory of the AmpCon-DC server, and run the stop script with sudo privileges:
cd /usr/share/automation/serversudo ./stop.sh2. Clear the files in the server directory with sudo privileges:
sudo rm -rf /usr/share/automation/serverYou can administer AmpCon-DC by using the user interface. For more information, see the following child topics:
After you deploy AmpCon-DC, you can manage user access so that users are assigned with appropriate permissions.
NOTE
Role-Based Access Control
Role-Based Access Control (RBAC) is used to permit individual users to perform specific actions and get visibility to an access scope. Each user can be assigned to a specific role with associated permissions.
AmpCon-DC supports the following user roles. The permission levels are as follows: SuperAdmin > Admin > Operator > Readonly.
User Self-Management
All AmpCon-DC users can change their own passwords and email addresses. Follow these steps:
1. In the AmpCon-DC UI, click the username, and then click User Management.
2. To change the user password, enter a new password in the New Password field, and then enter the password again in the Confirm Password field.
3. To change the email address associated with the AmpCon-DC user, enter a new email address in the Email field.
Managing All Added Users
Adding a Global User or a Group User
When you add a user, you need to select a user role for the user and specify the user type (a group user or a global user). A group user means that the user is a member of a specific group. A global user means that the user is not limited to a group.
To add a user, follow these steps:
1. Log in to the AmpCon-DC UI with a user of the SuperAdmin role.
2. Click System > User management from the navigation bar.
3. Click Add User, and input the following information:
4. If you select Group as the user type, select a group name from the Group Name drop-down list.
To assign the user to a new group that hasn’t been created, create a group as described in Adding or Deleting a Group.
5. Click OK.
Editing Users
To edit an added user, follow these steps:
1. Log in to the AmpCon-DC UI with a user of the SuperAdmin role.
2. Click System > User management from the navigation bar.
3. On the “User Management” page, locate a user, and then click Edit.
NOTE
4. Modify user information as needed.
5. Click OK.
Deleting Users
To delete an added AmpCon-DC user, follow these steps:
1. Log in to the AmpCon-DC UI with a user of the SuperAdmin role.
2. Click System > User management from the navigation bar.
3. On the ”User Management” page, locate a user, and then click Delete.
NOTE
Setting Login Restrictions for AmpCon-DC Users
You can lock an added user so that the user can’t be used to log in to the AmpCon-DC UI. Or you can unlock an added user to enable the login again.
NOTE
1. Log in to the AmpCon-DC UI with a user of the SuperAdmin role.
2. Click System > User management from the navigation bar.
3. On the ”User Management” page, locate a user, and then click Lock.
4. In the pop-up window, click Yes to confirm the lock operation.
1. Log in to the AmpCon-DC UI with a user of the SuperAdmin role.
2. Click System > User management from the navigation bar.
3. On the ”User Management” page, locate the locked user, and then click Unlock.
4. In the pop-up window, click Yes to confirm the unlock operation.
Now you can log in to the AmpCon-DC UI with the user again.
User Permissions on Menu Pages
For menu pages in the AmpCon-DC UI, different user roles have different permissions. For more information, see the User Permission Table topic.
Table 1. Menu Permissions
First-level menu | Second-level menu | Third-level menu | Fourth-level menu | SuperAdmin | Admin | Operator | Readonly |
Dashboard | Global View | √ | √ | √ | √ | ||
Switch View | √ | √ | √ | √ | |||
Telemetry Dashboard | √ | √ | √ | √ | |||
Physical Network | Topology | √ | √ | √ | √ | ||
Design | Units | √ | √ | √ | × | ||
DC Templates | √ | √ | √ | × | |||
Fabric Management | √ | √ | √ | × | |||
Resource | AZ | √ | √ | √ | × | ||
Upgrade Management | √ | √ | √ | × | |||
Authority Management | Device License Management | License Audit | √ | √ | √ | × | |
License Action | √ | √ | √ | × | |||
Local License | √ | √ | √ | × | |||
Group Management | √ | × | × | × | |||
Pools | IP Pools | √ | √ | √ | × | ||
ASN Pools | √ | √ | √ | × | |||
Service | Switch | √ | √ | √ | √ | ||
Hosts | Device Discovery | √ | √ | √ | × | ||
Inventory | √ | √ | √ | √ | |||
NICs | Inventory | √ | √ | √ | √ | ||
Modules Overview | √ | √ | √ | √ | |||
Monitoring | √ | √ | √ | √ | |||
RoCE Configuration | √ | √ | √ | × | |||
Global Configuration | √ | √ | √ | × | |||
Switch Configuration | √ | √ | √ | × | |||
Config Files View | √ | √ | √ | √ | |||
Switch Model | √ | × | × | × | |||
System Configuration | √ | × | × | × | |||
Config Template | New Template | √ | √ | √ | × | ||
Template List | √ | √ | √ | × | |||
Push Config | √ | √ | √ | × | |||
Template Verify | √ | √ | √ | √ | |||
Config Snapshot Diff | √ | √ | √ | √ | |||
Config Backup | √ | √ | √ | × | |||
Monitor | Alarm | Alarms | √ | √ | √ | √ | |
Alarm Notification Rules | √ | √ | √ | √ Readonly users can only read notification rules. | |||
Historical Alarm Email Logs | √ | √ | √ | √ | |||
Network | DLB | √ | √ | √ | √ | ||
RoCE Counters | Switch | √ | √ | √ | √ | ||
NICs | √ | √ | √ | √ | |||
Event Log | AI Event | √ | √ | √ | √ | ||
Maintain | Automation | Playbooks | √ | √ | √ | × | |
Ansible Jobs List | √ | √ | √ | × | |||
Schedule | √ | √ | √ | × | |||
System Backup | √ | √ | √ | × | |||
CLI Configuration | √ | √ | √ | √ | |||
System | User Management | √ | × | × | × | ||
Email Setting | √ | √ | √ | × | |||
Software License | License View | √ | √ | × | × | ||
License Management | √ | √ | × | × | |||
License Log | √ | √ | × | × |
Configuring TACACS+ Authentication and Authorization
AmpCon-DC supports integrating with the Access Controller Access Control System (TACACS+) server to do authentication and authorization for the AmpCon-DC login users.
In addition to using local users (global users or group users), you can also enable the TACACS+ integration to manage user access.
Before You Begin
Before you enable the TACACS+ integration, read the following notes:
For how to configure authorization levels on the TACACS+ server, see the Sample Configuration of Authorization Level on TACACS+ Server (Linux tac_plus) section.
Procedure
To enable the TACACS+ integration, follow these steps:
1. In the AmpCon-DC UI, click System > User management.
2. Click TACACS+ Settings.
3. Click Enable to activate the TACACS+ service. The TACACS+ Settings pop-up window is displayed.
4. Enter the following information:
Parameter | Description |
Enable | Enable or disable TACACS+ authentication and authorization. |
Primary Server IP | The IP address of the primary TACACS+ server. |
Secondary Server IP | Optional. The IP address of the backup TACACS+ server. |
Server Key | The shared key of TACACS+. NOTE The value of the Server Key field needs to be the same as the shared keys of the primary and secondary TACACS+ servers. The shared keys on both TACACS+ servers need to be the same |
Session Timeout | The TACACS+ connection timeout in seconds. |
Auth Protocol | The authentication protocol type of TACACS+ including ASCII, PAP, or CHAP. |
TACACS+ User Level Mapping | The mapping ranges for TACACS+ authorization. The configuration page displays the default mapping values. You can configure a custom range for mapping values. The values are integers that range from 0 to15. NOTE Don’t overlap any range with other ranges among different user levels.If the priv-lvl configuration of a user on the TACACS+ server is not found in the level-mapping configuration on AmpCon-DC, the user role level is mapped to Readonly. |
5. Click OK.
Sample Configuration of Authorization Level on TACACS+ Server (Linux tac_plus)
For how to configure authorization levels on the TACACS+ server, see the following example:
user = leontest {
global = cleartext "abc"
service = AmpCon {
default attribute = permit
priv-lvl = 15
}
}
user = automation1 {
global = cleartext "automation"
service = AmpCon {
default attribute = permit
priv-lvl = 10
}
}
user = testtest {
global = cleartext "testtest"
service = AmpCon {
default attribute = permit
priv-lvl = 5
}
}
user = testpica8 {
global = cleartext "testpica8"
service = AmpCon {
default attribute = permit
priv-lvl = 1
}
}After you deploy AmpCon-DC, a default encrypt key is generated to encrypt sensitive data in the AmpCon-DC database. In this way, plain text like password and sensitive TACACS+ keys is not shown in the AmpCon-DC UI. You can update the encrypt key as you need.
Procedure
To update the encrypt key, follow these steps:
1. Log in to the AmpCon-Ampus UI, and click Service > System Configuration.
2. On the “Global System Config” page, click Update Encrypt Key.
3. Enter the original key and the new key. The default encrypt key is pica8pica8
To forward AmpCon-DC logs to other external Syslog servers, configure as follows:
Prerequisite
Ensure that the Syslog service of the target server is enabled.
Procedure
To update the encrypt key, follow these steps:
1. Log in to the AmpCon-DC UI, and click Service > System Configuration.
2. On the “Global System Config” page, click Syslog Config.
3. Input the following information:
For example, if the ERROR level is specified, the Syslog server receives logs with a warning level or higher from Ampcon-DC.
4. Click Add.
Verifying Syslog Forwarding
To verify whether AmpCon-DC logs can be forwarded to the Syslog server, follow these steps:
1. Log in to the AmpCon-DC UI, and click Service > System Configuration.
2. In the License Portal User field, enter an incorrect username, and click Save.
3. Access the AmpCon-DC server by using MobaXterm for verification.
You can back up and restore the AmpCon-DC database securely for disaster recovery.
Prerequisite
The allowed maximum number of database backups is set based on the DB Backup Number field on the “System Config” page.
Before you create a database backup, ensure that the current backup number doesn’t reach the allowed maximum number. You can remove a database backup if it is not needed.
Creating a Database Backup
To create a database backup, follow these steps:
1. Log in to the AmpCon-DC UI, and click Maintain > System Backup.
2. Click Backup. The Create Backup Config pop-up window opens.
3. Enter the following information:
4. Click OK.
Restoring from a Database Backup
To restore from a database backup, follow these steps:
NOTE
1. Log in to the AmpCon-DC UI, and click Maintain > System Backup.
2. Locate the backup, and click Restore on the right.
3. In the Restore Backup Config pop-up window, input the following information:
4. Click OK.
Optional: Editing a Database Backup
To edit a database backup, follow these steps:
1. Log in to the AmpCon-DC UI, and click Maintain > System Backup.
2. Locate the backup, and click Edit on the right.
3. In the Edit Backup Config pop-up window, modify the backup name or AmpCon-DC version as you need.
4. Click OK.
Optional: Removing a Database Backup
To remove a database backup, follow these steps:
1. Log in to the AmpCon-DC UI, and click Maintain > System Backup.
2. Select the backup, and click Remove on the right.
3. Click Yes to confirm the removal.
In data center networks, east-west traffic dominates the business traffic. Therefore, data centers have a high demand for horizontal scalability. To meet the evolving business requirements in data centers, including cloud scenarios, container scenarios, and AI computing scenarios, the 3-stage fabric model (leaf-spine-leaf) is introduced to AmpCon-DC.
This document offers comprehensive guidance on using AmpCon-DC to design a modern 3-stage fabric.
Benefits
AmpCon-DC provides an easy‑to‑deploy and highly validated fabric design solution, which solves the deployment and operational complexity of next‑generation data center networks, leads to a more stable data center fabric, and reduces operational costs.
By using AmpCon-DC templates, you can use the interactive canvas to visually design and model a physical network that fits your needs.
Though only the 3-stage network architecture is supported currently, more network architectures will be supported in later versions.
A template can be instantiated to one or multiple fabrics representing actual physical networks. You can use one template to build multiple fabrics, or you can copy a template and customize it to build a new fabric.
For configurations of which you don’t care about the values, you can add related pools and designate the resource pools to be used in the unit and template.
When you deploy the fabric, the required resources are automatically pulled and assigned by AmpCon-DC automatically.
You can leverage the simple and powerful lifecycle management features of AmpCon-DC to manage switches in your network.
Networking Elements
In AmpCon-DC, the following elements are used to complete the network design and deployment:
The centralized collection of resources that are managed and allocated dynamically. AmpCon-DC automatically pulls and assigns IP addresses and Autonomous system numbers (ASN) from the resource pools that you specified.
The resources in available zones of a data center, including three types: bare metal resources, vSphere resources, and OpenStack resources. In AmpCon-DC, each AZ contains only one type of resources.
The minimum networking unit for creating a fabric. A unit includes one or multiple leaf switches.
In a unit, you can specify details like leaf switch counts and whether to use the MLAG leaf strategy.
The abstraction of network design that defines the relationship of leaf switches and spine switches and underlay and overlay protocols, without defining any vendor-specific information. A template contains one or multiple units.
In a template, you can specify the spine switch count, included units and their counts, and underlay and overlay protocol related configurations.
The logistic representation of an actual physical network. You can deploy a physical network by designing a fabric in the AmpCon-DC UI. A fabric is based on a template. A template contains one or multiple units.
In a fabric, you can specify which managed switches serve as leaf and spine switches, and you can add terminal device nodes connected to leaf switches.
Network Architecture
The architecture of 3-stage fabrics in AmpCon-DC is as follows:
Figure 1. Fabric Architecture with OSPF
Figure 2. Fabric Architecture with BGP
Prerequisites
Designing Procedure
To design and deploy a physical network, follow the steps:
1. Add a fabric in the AmpCon-DC UI. See "6.3 Adding Fabrics".
2. Prepare IP pools, ASN pools, and AZ resources for fabric design. See "6.4 Adding Resources".
3. Add units to be used in the template. See "6.5 Designing Units".
4. Add a template to be imported to the fabric. See "6.6 Designing Templates".
5. Add managed switches to the fabric. See "6.7 Adding Switches to Fabrics".
6. Design and deploy the fabric. See "6.8 Designing and Deploying Fabrics".
After the deployment status becomes SUCCEED, the physical network is deployed successfully.
What to Do Next
After you complete the fabric deployment, you can use AmpCon-DC to manage the fabric and configure, manage, or monitor switches in the fabric. See the following topics:
Before you design a physical network, you need to understand the following concepts:
Autonomous System (AS)
A collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain, which presents a common and clearly defined routing policy to the Internet. Each AS is assigned an autonomous system number (ASN), for use in Border Gateway Protocol (BGP) routing.
An AS is a collection of routers and networks under a single technical administration, using an interior routing protocol and common metrics to determine how to route packets within the AS, and using an exterior routing protocol to determine how to route packets to other AS.
Border Gateway Protocol (BGP)
A routing protocol used to connect independent systems on the Internet. It is designed by the Internet Engineering Task Force (IETF) as a robust, scalable, and well-defined protocol for exchanging routing information among BGP routers within a single AS (IBGP) or among different AS (EBGP).
External Border Gateway Protocol (EBGP)
A routing protocol used to exchange routing information among different AS.
Internal Border Gateway Protocol (IBGP)
A routing protocol that operates within a single AS to distribute routing information among the BGP routers within that AS.
Bare Metal (BM)
The servers without operating systems, applications, or virtual machines installed.
Bridge Domain (BD)
The Layer 2 broadcast domain in which data packets are forwarded on a VXLAN network. BD is also called large Layer 2 domain.
In a traditional network, VLANs are identified by VLAN ID. Similarly, in a VXLAN network, BDs are identified by VXLAN Network Identifiers (VNIs).
Leaf Switch
An access node on a VXLAN fabric network, which connects various network devices to the VXLAN network.
MP-BGP EVPN
Ethernet Virtual Private Network (EVPN) based on Multi-protocol Extensions for Border Gateway Protocol (MP-BGP).
EVPN is a next-generation VPN solution that introduces a control plane to better control the MAC address learning process. MP-BGP is leveraged to distribute MAC information. MP-BGP EVPN facilitates efficient MAC address learning and synchronization across the network.
Multi-Chassis Link Aggregation (MLAG)
Implements link aggregation among multiple devices. AmpCon-DC networking solution supports using MLAG on leaf switches.
Two leaf switches set up MLAG through peer links. The two switches are displayed as a logical device on the forwarding plane and as two independent switches on the management control plane. Upgrading and replacing devices are carried out independently, achieving simple maintenance and high running reliability.
OpenStack
An open-source cloud computing management platform that provides diverse components for computing, storage, networking, mirroring, and other services. OpenStack supports almost all types of cloud environments and provides a cloud computing management platform that supports easy implementation, large-scale expansion, and unified standards.
OpenStack uses various components to control and manage resources, virtualize computing, network, storage, and pool resources. OpenStack also uses components to implement resource collaboration.
OSPF
A dynamic interior gateway protocol that uses link-state information to build and maintain a complete and consistent map of the network topology within an AS. It employs the Dijkstra algorithm to calculate the shortest path tree from each router to all other routers in the AS, based on which routing tables are built.
Spine Switch
The core node on a VXLAN fabric network, which provides high-speed IP forwarding and connects to leaf switches through high-speed interfaces.
Virtual Routing and Forwarding (VRF)
The technology that allows multiple instances of a routing table to coexist within the same router at the same time. It enables logical isolation between different networks on the same physical device. By using VRF, different instances can use the same IP address without conflicts.
VLAN Domain
The VLAN ID ranges of node devices connected to leaf switches. A VLAN Domain includes the Bridge Domain (BD) range and VRF VLAN range.
Virtual Extensible Local Area Network (VXLAN)
The overlay network virtualization technology that enables the creation of virtual Layer 2 networks across Layer 3 network boundaries by encapsulating Layer 2 frames within Layer 3 UDP packets.
VXLAN extends traditional VLAN technology, addresses the limitations of VLANs, such as the 4096-network limit, and meets the needs of large-scale, virtualized data centers with multi-tenant capabilities.
VXLAN Tunnel End Point (VTEP)
The network entity that serves as the termination point for VXLAN tunnels. It is responsible for encapsulating Layer 2 frames into VXLAN packets for transmission over a Layer 3 network and for decapsulating VXLAN packets back into Layer 2 frames upon receipt.
vSphere, ESXi, and vCenter
vSphere is a virtualization platform released by VMware. ESXi and vCenter are important components of vSphere.
The network design feature supports only switches with PicOS 4.6.0E or later installed.
Before designing your fabric, refer to the following recommended solutions:
Solution 1
The solution is recommended for most networks:
Table 1. Recommended Solution 1
Role | Application Scenario | Device Model | Port Configuration | Switch ASIC |
Spine | 100G Interconnect | N8550-32C | 32×100G, 2×10G | Trident3 |
Spine | 100G Interconnect | N8560-32C | 32×100G | Trident3 |
Spine | 100G Interconnect | N8550-64C | 64×100G | Tomahawk2 |
Leaf | 10G Access | N5850-48X6C | 48×10G, 6×100G | Trident3 |
Leaf | 25G Access | N8550-48B8C | 48×25G, 8×100G, 2×10G | Trident3 |
Solution 2
If you need a higher-speed network, use the following solution:
Table 2. Recommended Solution 2
Role | Application Scenario | Device Model | Port Configuration | Switch ASIC |
Spine | 400G Interconnect | N9550-32D | 32×400G | Tomahawk3 |
Spine | 100G Interconnect | N8550-64C | 64×100G | Tomahawk2 |
Leaf/Spine | 100G Access | N8550-32C | 32×100G, 2×10G | Trident3 |
Leaf/Spine | 100G Access | N8560-32C | 32×100G | Trident3 |
NOTEs
If you choose other switches in Supported Switches for 2.2.0 as spine and leaf switches, pay attention to the following considerations:
To view the EVPN and VXLAN support information, see PICOS Supported Features.
A fabric is an interconnected mesh of network devices, such as leaf and spine switches and connected nodes. You can use the built-in fabric default in the AmpCon-DC UI to design a physical network, or you can add a new fabric manually.
Procedure
To add a fabric manually, follow these steps:
1. In the AmpCon-DC UI, click Physical Network > Fabric Management from the navigation bar.
2. Click + Fabric.
3. In the pop-up window, enter the fabric name and description (optional).
4. Click OK.
Before you design a physical network, prepare IP pools, ASN pools, and AZ resources for fabric design.
6.4.1 Adding Resource Pools
You need to add IP pools (IPv4) and ASN pools. These pools are used by AmpCon-DC to assign Router ID, VTEP interfaces, L3 peer-link interfaces, direct access IP addresses, and BGP ASN during the fabric design process.
In some cases, it doesn't matter what the actual values are; you just care that some values are assigned. For example, all you care about is that the switch has a Router ID, VTEP address, and ASN assigned no matter what these values are.
You can add IP pools and ASN pools as needed. When you're ready to assign IP addresses or ASN resources, just tell AmpCon-DC which resource pools to use. The required resources are automatically pulled and assigned by AmpCon-DC.
In this way, you can save the time spent on configuring IP addresses and ASN. If you find yourself short on resources while you're assigning them, you can create additional resource pools to meet your needs.
For details about assignment rules of resource pools, see "6.8 Resource Pool Assignment Rules".
For more information, see the following child topics:
6.4.1.1 Adding ASN Pools
Autonomous system number (ASN) is used to support BGP in the underlay network. To design a physical network with AmpCon-DC, you need to add ASN pools so that you can designate ASN pools in the later Designing Templates process. AmpCon-DC automatically assigns ASN to switches based on the specified ASN pools.
Adding ASN Pools
To add an ASN pool, follow these steps:
1. In the AmpCon-DC UI, click Resource > Pools > ASN Pools from the navigation bar.
2. Click + ASN Pool.
3. In the Pool Name field, enter the pool name.
4. In the Range field, specify the ASN range of the ASN pool.
5. lick Save.
Optional: Viewing ASN Pools
On the “ASN Pool” page, you can see the following ASN statistics and usage information:
Table 1. ASN Pool Metrics
Metric | Description |
Pool Name | A unique name to identify the resource pool |
Used ASN Nums | The number of ASN in use in the pool |
ASN Nums | The total number of ASN in the pool |
Usage | The percentage of ASN in use for all ASN ranges in the pool |
Status | Whether the pool is in use |
Click + before a pool name. You can see the ASN ranges assigned to this ASN pool.
NOTE
Table 2. ASN Range Metrics
Metric | Description |
ASN Range | The ASN included in the range |
Used ASN Range Nums | The number of ASN in use in the ASN range |
ASN Range Nums | The total number of ASN included in the ASN range |
ASN Range Usage | The percentage of ASN in use in this range for all ASN in this ASN range |
Status | Whether the ASN range is in use |
Optional: Editing ASN Pools
To edit an ASN pool, locate the ASN pool on the “ASN Pool” page, and then click Edit.
Optional: Copying ASN Pools
To copy an ASN pool, locate the ASN pool on the “ASN Pool” page, and then click Copy.
Optional: Deleting ASN Pools
To delete an ASN pool, locate the ASN pool on the “ASN Pool” page, and then click Delete.
NOTE
6.4.1.2 Adding IP Pools
To design a physical network with AmpCon-DC, you need to add IP pools so that you can designate IP pools in the later Designing Units and Designing Templates processes. AmpCon-DC automatically assigns IP addresses to switches based on the specified IP pools.
Currently, only IPv4 is supported.
Adding IP Pools
To add an IP pool, follow these steps:
1. In the AmpCon-DC UI, click Resource > Pools > IP Pools from the navigation bar.
2. Click + IP Pool.
3. In the Pool Name field, enter the name of the IP pool.
4. In the Subnet field, enter a subnet. To add multiple subnets, click +.
5. Click Save.
Optional: Viewing IP Pools
On the “IP Pool” page, you can see the following IP address statistics and usage information:
Table 1. IP Pool Metrics
Metric | Description |
Pool Name | A unique name to identify the resource pool |
Used IP Nums | The number of IP addresses in use in the pool |
IP Nums | The total number of IP addresses in the pool |
Usage | The percentage of IP addresses in use for all IP addresses in the pool |
Status | Whether the pool is in use |
Click + before a pool name. You can see the IP ranges assigned to this IP pool.
NOTE
Table 2. IP Range Metrics
Metric | Description |
Subnet | The IP addresses included in the subnet |
Used IP Range Nums | The number of IP addresses in use in the subnet |
IP Range Nums | The total number of IP addresses included in the subnet |
IP Range Usage | The percentage of IP addresses in use in this subnet for all IP addresses in this subnet |
Status | Whether the subnet is in use |
Optional: Editing IP Pools
To edit an IP pool, locate the IP pool on the “IP Pool” page, and then click Edit.
Optional: Copying IP Pools
To copy an IP pool, locate the IP pool on the “IP Pool” page, and then click Copy.
Optional: Deleting IP Pools
To delete an IP pool, locate the IP pool on the “IP Pool” page, and then click Delete.
NOTE
6.4.2 Adding AZ
You can add AZ resources as needed, including bare metal AZ, vSphere ESXi AZ, and OpenStack AZ. Then, you can view these AS resources or connect nodes in these AZ to leaf switches during the fabric design process.
As described in Add Nodes in the fabric design process, you can add node devices from added Available Zones (AZ) to connect to leaf switches. So before you design a fabric, add AZ if you want to add node devices in these AZ to the fabric.
In the AmpCon-DC UI, you can view VPC, network, and VM resources of the vSphere or OpenStack AZ that you added. Currently, you can’t view resource information of the bare metal AZ.
For more information, see the following child topics:
6.4.2.1 Adding a vSphere AZ
To view VPC, Network, and VM related resources in VMware vSphere, add a vSphere AZ to AmpCon-DC. You can use the node devices in the vSphere AZ to design a fabric.
AmpCon-DC supports only VMware vSphere 8.0 currently.
Adding a vSphere AZ
To add a vSphere AZ, follow these steps:
1. In the AmpCon-DC UI, click Resource > AZ from the navigation bar.
2. Click + AZ.
3. Input the following information:
The VLAN assignment function is not available in AmpCon-DC 2.2. It will be available in the future versions.
For more information, see vSphere Automation API.
4. Click OK.
Viewing a vSphere AZ
On the “AZ” page, you can see all the AZ that you created.
To view detailed resources in a specific vSphere AZ, click the name of the AZ. You can see the following tabs.
VPC Tab
In the VPC tab, you can see the following information related to VPC in vSphere:
Table 1. VPC Metrics
Metric | Description |
VPC ID | The ID assigned by AmpCon-DC based on the datacenter name |
VPC Name | The datacenter name in vSphere |
User | It is blank currently. |
Fabric | The fabric to which the VPC belongs |
AZ | The AZ to which the VPC belongs |
Resource Create Time | The time when you created the AZ |
Network Tab
In the Network tab, you can see the following information related to networks in vSphere:
Table 2. Network Metrics
Metric | Description |
Name | The Port Group name in vSphere |
VPC | The datacenter name in vSphere |
Fabric | The fabric to which the network belongs |
AZ | The AZ that the network belongs |
VM Count | The count of VMs in vSphere |
Host Count | The count of physical machines in vSphere |
Resource Create Time | The time when you created the AZ |
VM Tab
In the VM tab, you can see the following information related to VMs in vSphere:
Table 3. VM Metrics
Metric | Description |
Name | The VM name |
VM IP Address | The IP address of the VM |
Host IP Address | The IP address of the physical machine |
Network | The name of the network to which the VM belongs |
Fabric | The fabric to which the VM belongs |
AZ | The AZ to which the VM belongs |
VPC | The data center to which the VM belongs |
Status | The status of the VM |
Optional: Editing a vSphere AZ
To edit a vSphere AZ, locate it on the “AZ” page, and then click Edit.
Optional: Deleting a vSphere AZ
To delete a vSphere AZ, locate it on the “AZ” page, and then click Delete.
Adding a Bare Metal AZ
You can add a bare metal AZ to AmpCon-DC, and then use the node devices in the bare metal AZ to design a fabric.
6.4.2.2 Adding a Bare Metal AZ
To add a bare metal AZ, follow these steps:
1. In the AmpCon-DC UI, click Resource > AZ from the navigation bar.
2. Click + AZ.
3. Input the following information:
The VLAN assignment function is not available in AmpCon-DC 2.2. It will be available in the future versions.
4. Click OK.
Viewing a Bare Metal AZ
On the “AZ” page, you can see all the AZ that you have created.
Click the name of the AZ. You can see the VPC and Network tabs.
For AmpCon-DC 2.2, no data is displayed in the VPC and Network tabs of the bare metal AZ. The data can be viewed in later versions.
Optional: Editing a Bare Metal AZ
To edit a bare metal AZ, locate it on the “AZ” page, and then click Edit.
Optional: Deleting a Bare Metal AZ
To delete a bare metal AZ, locate it on the “AZ” page, and then click Delete.
6.4.2.3 Adding an OpenStack AZ
To view VPC, Network, and VM related resources in OpenStack, add an OpenStack AZ to AmpCon-DC. You can use the node devices in the OpenStack AZ to design a fabric.
To add an OpenStack AZ, follow these steps:
1. In the AmpCon-DC UI, click Resource > AZ from the navigation bar.
2. Click + AZ.
3. Input the following information:
The VLAN assignment function is not available in AmpCon-DC 2.2. It will be available in the future versions.
NOTE
For more information, see OpenStack Docs: Authentication.
4. Click OK.
Viewing an OpenStack AZ
On the “AZ” page, you can find all the AZ you have created.
To view detailed resources in a specific OpenStack AZ, click the name of the AZ. You can see the following tabs.
VPC Tab
In the VPC tab, you can see the following information related to VPC in OpenStack:
Table 1. VPC Metrics
Metric | Description |
VPC ID | The ID assigned by AmpCon-DC based on the project name |
VPC Name | The project name in OpenStack |
User | It is blank currently. |
Fabric | The fabric to which VPC belongs |
AZ | The AZ to which VPC belongs |
Resource Create Time | The time when you create the AZ |
Network Tab
In the Network tab, you can see the following information related to networks in OpenStack:
Table 2. Network Metrics
Metric | Description |
Name | The network name in OpenStack |
VPC | The project in OpenStack |
Fabric | The fabric to which Network belongs |
AZ | The AZ to which Network belongs |
VM Count | The count of VMs in OpenStack |
Host Count | The count of physical machines in OpenStack |
Resource Create Time | The time when you create the AZ |
VM Tab
In the VM tab, you can see the following information related to VMs in OpenStack:
Table 3. VM Metrics
Metric | Description |
Name | The VM name |
VM IP Address | The IP address of VM |
Host IP Address | The IP address of physical machine |
Network | The name of the network to which VM belongs |
Fabric | The fabric to which VM belongs |
AZ | The AZ to which VM belongs |
VPC | The project to which the VM belongs |
Status | The status of the VM |
Optional: Editing an OpenStack AZ
To edit an OpenStack AZ, locate it on the “AZ” page, and then click Edit.
Optional: Deleting an OpenStack AZ
To delete an OpenStack AZ, locate it on the “AZ” page, and then click Delete.
A unit means the minimum networking unit for creating a fabric. A unit includes one or multiple leaf switches. To design a physical network with AmpCon-DC, you need to add units as needed, which can be combined in the designing templates.
Prerequisites
You have added IP pools as described in Adding IP Pools.
Adding Units
You can add one or multiple leaf switches to the unit. To add a unit, follow these steps:
1. In the AmpCon-DC UI, click Physical Network > Design > Units from the navigation bar.
2. Click + Unit.
3. In the Basic Info section, enter the unit name and description (optional).
4. In the Leaf section, enter the following information:
Table 1. Leaf Information
Configuration | Description |
Leaf Name | The name to distinguish the leaf switch. |
Leaf Strategy | Select MLAG or None. The default value is MLAG. MLAG: Link Aggregation Group (MLAG) is used among two leaf switches. None: A non-MLAG leaf switch is used. |
MLAG Peer-Link VLAN ID | The Virtual Local Area Network (VLAN) identifier assigned to the MLAG peer link. The value is 3966 and can’t be changed. NOTE This configuration is available only when you selected MLAG as the leaf strategy. |
L3 Peer-Link Interface | The network interface used to establish a peer-to-peer connection between two MLAG peer leaf switches. Select from an IP pool. You can also click + Add Pool to add a new IP pool as needed. NOTE This configuration is available only when you selected MLAG as the leaf strategy. |
5. To add another leaf switch, click + Add, and then input information as described in the last step.
6. lick Save to complete the unit design.
Optional: Viewing Units
On the “Units” page, you can see the following information:
Table 2. Unit Metrics
Metric | Description |
Unit Name | The name that you specified for the unit |
Description | The description of the unit |
Leaf Count | The total number of leaf switches in the unit |
MLAG Count | The total number of MLAG in the unit |
To see more information about the unit, locate the unit, and then click View.
Optional: Editing Units
To edit a unit, locate the unit on the “Units” page, and then click Edit.
NOTE
Optional: Copying Units
To copy a unit, locate the unit on the “Units” page, and then click Copy.
Optional: Deleting Units
To delete a unit, locate the unit on the “Units” page, and then click Delete.
NOTE
Templates are abstractions of network designs that define the structure and protocols of networks, without defining any vendor-specific information.
To design a physical network with AmpCon-DC, you need to add a template, which can be used to design a fabric.
Prerequisites
Adding Templates
You can add one or multiple units to a template. To add a template, follow these steps:
1. In the AmpCon-DC UI, click Physical Network > Design > DC Templates from the navigation bar.
2. Click + Template.
3. In the Basic Info section, enter the template name and description (optional).
Currently, AmpCon-DC supports only the 3-stage network architecture. So here 3-Stage is selected automatically.
4. In the Spine Layer section, specify the count of spine switches in this template.
NOTE
5. In the Unit section, select a unit from the drop-down list, and specify its count.
To add more units, click +.
NOTE
6. In the Underlay section, select the underlay routing protocol, BGP or OSPF.
Table 1. BGP Information
Configuration | Description |
EBGP ASN | The unique identifier to distinguish an Autonomous System (AS) in EBGP. Select an ASN pool. You can also click + Add Pool to add a new ASN pool as needed. |
Router ID | The identifier used by the routing protocol BGP to uniquely identify the router. Select an IP pool. You can also click + Add Pool to add a new IP pool as needed. |
VTEP Interface | The interface on a VXLAN Tunnel End Point (VTEP) device, through which VXLAN packets are sent and received. Select an IP pool. You can also click + Add Pool to add a new IP pool as needed. For each leaf switch, the loopback0 address of the switch is used as the router ID, and the loopback1 address of the switch is used as the VTEP interface. The loopback0 addresses on both MLAG peer switches differ and the loopback1 addresses on both MLAG peer switches are the same. |
Overlay Control Protocol | MP-BGP-EVPN is selected automatically. Currently, only MP-BGP-EVPN is supported as the overlay control protocol. |
Table 2. OSPF Information
Configuration | Description |
Area ID | The identifier to distinguish different areas within an OSPF domain.The value is 0.0.0.0 and can’t be changed. |
Router ID | The identifier used by the routing protocol OSPF to uniquely identify the router.Select an IP pool. You can also click + Add Pool to add a new IP pool as needed. |
VTEP Interface | The interface on a VTEP device, through which VXLAN packets are sent and received.Select an IP pool. You can also click + Add Pool to add a new IP pool as needed.For each leaf switch, the loopback0 address of the switch is used as the router ID, and the loopback1 address of the switch is used as the VTEP interface. The loopback0 addresses on both MLAG peer switches differ and the loopback1 addresses on both MLAG peer switches are the same. |
Overlay IBGP ASN | The unique identifier to distinguish an AS in IBGP.Select an ASN pool. You can also click + Add Pool to add a new ASN pool as needed. |
Overlay Control Protocol | MP-BGP-EVPN is selected by default. Currently, only MP-BGP-EVPN is supported as the overlay control protocol. |
7. Click Save to complete the template design.
Optional: Viewing Templates
On the “DC Templates” page, you can see the following information:
Table 3. Template Metrics
Metric | Description |
Template Name | The name that you specified for the template |
Description | The description of the template |
Type | The type of the network architecture |
Underlay Routing Protocol | The routing protocol used in the underlay network |
Overlay Control Protocol | The protocol used in the overlay network |
To see more information about a template, locate the template, and then click View.
Optional: Editing Templates
To edit a template, locate the template on the “DC Templates” page, and then click Edit.
NOTE
Optional: Copying Templates
To copy a template, locate the template on the “DC Templates” page, and then click Copy.
Optional: Deleting Templates
To delete a template, locate the template on the “DC Templates” page, and then click Delete.
NOTE
A fabric is composed of multiple leaf and spine switches. When you design a fabric, you need to select which managed switches act as leaf switches or spine switches.
Before you design your fabric, you must add managed switches to the fabric.
Prerequisites
You must have imported or deployed the switches as described in Deploying or Importing Switches.
Adding Unassigned Switches
If the switches to be added haven’t been assigned as spine or leaf switches of any other fabrics, add the switch to the fabric directly. Follow these steps:
1. In the AmpCon-DC UI, click Physical Networks > Fabric Management from the navigation bar.
2. Locate the fabric, and then click Edit.
3. Select the switches to be added. You can filter switches by entering keywords in the search box.
4. Click Apply.
Adding Assigned Switches
If a switch has been assigned as a spine or leaf switch of another fabric, deallocate the switch from the fabric first, and then add the switch to the new fabric. Follow these steps:
1. Deallocate the switch from the fabric where the switch is assigned as a leaf or spine switch:
a. Deploy or import a new switch, and add the switch to the fabric.
b. Redeploy the fabric. In the Allocate Device process, assign the new switch as a leaf or spine switch to replace the switch to be added to the new fabric.
2. Add the switch to the new fabric:
a. Click Physical Networks > Fabric Management from the navigation bar.
b. Locate the new fabric, and then click Edit.
c. Select the switch. You can filter switches by entering keywords in the search box.
d. Click Apply.
Now you have added a fabric and added switches to this fabric, and you have added required resources and templates. It’s time to deploy a physical network by designing a fabric.
Import a template to a fabric, and then you can design the fabric. AmpCon-DC automatically configures related switches based on fabric configurations to complete the network deployment.
Prerequisites
Ensure that the following prerequisites are met:
Adding Fabrics
1. Log in to the AmpCon-DC UI with a user of the SuperAdmin, Admin, or Operator role.
NOTE
2. Click Physical Network > Fabric Management from the navigation bar.
3. Click the fabric that you want to design.
4. In the pop-up window, select a DC Template from the drop-down list.
5. Click Apply to import the template.
You are now redirected to the fabric design page. The fabric design includes the following processes:
1. Configuring VLAN Domain
The VLAN Domain restricts the allocation of VLAN IDs to a specific range for each node device connected to leaf switches. You must designate the Bridge Domain range and VRF VLAN range. Follow these steps:
1. Edit the VLAN Domain for all leaf switches.
2. In the Edit VLAN Domain section, input the following information:
The Bridge Domain range cannot be duplicated with the VRF VLAN range. The ranges in different VLAN Domains can be duplicated.
Tips
3. Click Continue to go to the Allocate Device process.
NOTEs
2. Allocating Devices
1. Click the Switch List tab. In the Physical Device drop-down list, select a physical switch for each logical leaf or spine switch.
NOTE
Tip
The following information is generated by AmpCon-DC automatically and can’t be changed:
2. Check the Mgmt IP column, and ensure that all switches are up and connected to the AmpCon-DC server. Or else, the deployment will fail.
3. In the IP Link Address tab, select an IP pool for AmpCon-DC to automatically assign a direct access IP address to each switch.
By using direct access IP addresses, devices can communicate directly with each other without going through an intermediary device such as a router.
NOTE
4. Click Continue to go to the Confirm Configuration process.
3. Confirming Configurations
1. Click the Spine and Leaf tabs, and confirm whether the switch configurations are correct.
NOTEs
Table 1. Leaf Information
Column | Description |
HostName | The hostname of the switch. |
Role | leaf or spine, which means a leaf switch or spine switch. |
Physical Device | The physical switch for each leaf and spine node. |
ASN | The unique identifier to represent an Autonomous System (AS). |
MLAG Peer | The counterpart device in a Multi-Chassis Link Aggregation (MLAG) setup. |
Router ID | The identifier used by routing protocols such as OSPF and BGP to uniquely identify the router. |
VTEP Interface | The interface on a VXLAN Tunnel End Point (VTEP) device, through which VXLAN packets are sent and received. |
MLAG Peer Links | The number of direct connections between the switches participating in a MLAG setup. |
MLAG Peer Link VLAN | The value is 3966 and can’t be changed. |
L3 Peer Link | The network link between two MLAG peers at Layer 3, which is used for synchronizing routing information, exchanging protocol messages, and potentially transmitting data traffic. |
Routing Protocol | The underlay routing protocol, BGP or OSPF. |
2. Click Continue to go to the Check Topo process.
Resource Pool Assignment Rules
You have specified the IP pools and ASN pools in the template and unit design processes. After you import the template to the fabric, AmpCon-DC assigns information based on specified IP pools and ASN pools for the following columns:
Table 2. Assignment Rules
Column | Assignment Rule |
Router ID | AmpCon-DC assigns router IDs (loopback0 address) for both spine and leaf switches from the specified Router ID IP pool in the related template. Each switch has a unique Router ID. |
VTEP Interface | AmpCon-DC assigns VTEP interfaces for only leaf switches from the specified VTEP Interface IP pool in the related template. Each non-MLAG switch has a unique VTEP interface. Both MLAG peer switches share the same VTEP interface. |
L3 Peer Link | AmpCon-DC assigns L3 peer links from the specified L3 Peer-link Interface IP pool in the related unit. Only MLAG peer leaf switches have L3 peer links. |
ASN | AmpCon-DC assigns ASN for both spine and leaf switches.If BGP is used as the routing protocol, ASN is assigned from the specified EBGP ASN pool in the related template.All spine switches share one ASN.Peer leaf switches in each MLAG setup share one ASN. Each non-MLAG leaf switch has a unique ASN.If OSPF is used as the routing protocol, ASN is assigned from the specified Overlay IBGP ASN pool in the related template. All spine and leaf switches share one ASN. |
4. Checking Links
1. Click the square before the Link Name column heading to select all links, and then click Auto Discovery to automatically discover connected switch interfaces in each link.
NOTE
2. Optional: To manually add connected switch interfaces for a link, follow these steps:
3. Click the square before the Link Name column heading to select all links, and then click Check to check each link status in the Status column.
NOTEs
4. Click Continue to go to the Add Node process.
NOTE
5. Optional: Adding Nodes
1. In the Add Node process, add node devices connected to leaf switches, including bare metal nodes and cloud platform nodes (vSphere or OpenStack).
2. Click + Node, and then enter the following information:
Table 3. Node Information
Input Entry | Description |
Node Name | The name of the node. |
Description | Optional. The description of the node device. |
IP | The IP address of the node. |
User | Optional. The name of the user to log in to the node device. |
Password | Optional. The password of the user to log in to the node device. |
AZ | Select the AZ to which the node device belongs. |
3. Click + Add In the Link section, and enter the connected leaf switch information:
Table 4. Link Information
Input Entry | Description |
Port Group Name | The name of the port group including the connected leaf switch. |
VLAN Domain | The name of the VLAN Domain assigned to the connected leaf switch. |
Switch | The leaf switch to which the node device connected. |
Access MLAG Mode | This field is available only when you selected an MLAG leaf in the VLAN Domain list. Select Single-Homed or Dual-Homed. Single-Homed: The node device connects to one peer leaf switch in the MLAG setup. Dual-Homed: The node device connects to both peer leaf switches in the MLAG setup. |
Peer Leaf | This field is available only when you selected an MLAG leaf in the VLAN Domain list and selected Single-Homed in the Access MLAG Mode section. Select the MLAG peer leaf switch to which the node device connected. |
Port Mode | The port mode used by the node device to connect to the leaf switch, Access or Trunk. |
Physical Link Count per Individual Switch | Select Single or Dual. Single: The node device connects to the leaf switch with one physical link. Dual: The node device connects to the leaf switch with two physical links. |
Ports | The ports connect to the leaf switch. If you selected an MLAG leaf in the VLAN Domain list and selected Single-Homed in the Access MLAG Mode section, you can see only one Ports field. If you selected an MLAG leaf in the VLAN Domain field and selected Dual-Homed in the Access MLAG Mode field, you can see two Ports fields. If you selected Single in the Physical Link Count per Individual Switch section, you need to enter one port in each Ports field. If you selected Dual in the Physical Link Count per Individual Switch section, you need to enter two ports in each Ports field. |
4. Click Apply.
5. Click Continue to go to the Deploy process.
6. Deploying the Fabric
1. In the the Deploy process, check the Mgmt IP column, and ensure that all switches are up and connected to the AmpCon-DC server. Or else, the deployment will fail.
2. Click Apply to deploy the fabric.
The configuration pushing process takes some time (depending on the number of switches in the fabric) to complete.
Verifying the Deployment
In the the Deploy process, check the Deployment Status column to see whether the status is SUCCEED.
Redeploying Fabrics
If fabric configurations are not pushed to switches due to some reasons, resolve the issues based on deployment logs, and then redeploy the fabric by following these steps:
1. Click Physical Network > Fabric Management from the navigation bar.
2. Locate the fabric, and then click the fabric name to enter the fabric design page.
After you complete the physical network design as described in Designing and Deploying Fabrics, you can manage the fabrics in the AmpCon-DC UI, such as re-designing the network, deleting the network, checking network statistics and status, and viewing fabric topologies.
Viewing All Fabrics
In the AmpCon-DC UI, click Physical Network > Fabric Management from the navigation bar. On the “Physical Network” page, you can see the list of all added fabrics.
Table 1. Fabric Metrics
Metric | Description |
Fabric Name | The name of the fabric. |
Description | The description that you added when you add the fabric. |
Switch | The number of switches added to the fabric. |
AZ | The number of AZ added to the fabric. |
Underlay Routing Protocol | The Routing protocol that you specified in the template of the fabric, OSPF or BGP. |
Last Modified Time | The last time when you modify the fabric. |
Status | The status of the fabric deployment. Deployed: You have deployed the fabric successfully. Deploying: After you click Apply in the Deploy section of the fabric design page fabric, the fabric is being deployed. Deploy Failed: After you click Apply in the Deploy section of the fabric design page fabric, the fabric fails to be deployed. Not Deployed: You haven’t clicked Apply in the Deploy section of the fabric design page. |
Redesigning Fabrics
To redesign a fabric, follow these steps:
1. On the “Physical Network” page, click the name of the fabric to enter the fabric design page.
2. Redesign the fabric as described in Designing and Deploying Fabrics.
To modify the unit and template configurations in the fabric, see Editing Units and Editing Templates.
Removing Switches from a Fabric
1. On the “Physical Network” page, locate the fabric, and then click Edit.
2. Unselect the switches to be removed. You can filter switches by entering keywords in the search box.
3. Click Apply.
1. Add new switches to the fabric as described in "6.7 Adding Switches to Fabrics".
2. Click Physical Network > Fabric Management from the navigation bar. Then, deallocate the switches to be removed as follows:
a. Locate the fabric, and click the fabric name to enter the fabric design page.
b. Click Continue to go to the Allocate Device process.
c. Assign new switches as leaf or spine switches to replace the switches to be removed.
d. Click Continue until going to the Deploy process.
e. Check whether all switches in the fabric are in online status, and then click Apply to redeploy the fabric.
3. Go back to the “Physical Network” page, locate the fabric, and then click Edit.
4. Unselect the switches to be removed. You can filter switches by entering keywords in the search box.
5. Click Apply.
Displaying the Topology Associated with a Fabric
To display the topology associated with a fabric, follow these steps:
1. In the AmpCon-DC UI, click Physical Network > Topology.
2. In the Fabric list, click the corresponding fabric name. Then, you can see the topology graph of switches that belong to this fabric. For more information, see "10.6 Topology".
Deleting a Fabric
To delete a fabric, follow these steps:
1. On the “Physical Network” page, locate the fabric, and then click Delete.
2. Click Yes to confirm the deletion.
NOTEs
To manage switches with AmpCon-DC, you need to deploy switches or import switches.
Importing Switches
For switches that are deployed but not deployed with AmpCon-DC, you can import these switches so that they can be managed by AmpCon-DC. For more information, see "7.8 Importing Switches".
Deploying Switches
For switches that are not deployed, you can deploy these switches with AmpCon-DC. Then, these switches can be managed by AmpCon-DC.
Deploying White-Box Switches
To deploy white-box switches, follow these steps:
1. Ensure that the system configuration for each switch contains the default username and password of the switch. For more information, see "4.2 Adding System Configurations".
2. Click Service > Switch Model in the AmpCon-DC UI, and check whether the PicOS image that you want to install for each switch model is listed in the Deployed ONIE Image drop-down list.
3. Configure each switch model that you want to manage with AmpCon-DC. For more information, see "7.2 Configuring Switch Models".
If not, the default port number ranges and built-in PicOS images are used to deploy switches with these switch models.
4. Prepare the global configurations that you want to push to each switch. For more information, see "7.3 Configuring Global Configurations".
5. Prepare the configuration templates that you want to use. For more information, see "7.4 Configuring Configuration Templates".
6. Add a switch configuration for each switch. For more information, see "7.5 Adding Switch Configurations".
After you add a switch configuration, the switch is listed on the “Switch” page with the Configured status.
OTE
7. Stage each switch to make them ready for Zero Touch Provisioning (ZTP). For more information, see "7.6 Staging Switches".
After you stage a switch, the switch is shown as Staged on the “Switch” page.
8. Provision new switches with ZTP to complete the PicOS installation and configuration without manual intervention. For more information, see "7.7 Provisioning New Switches with ZTP".
After you provision a switch, the switch is shown as Provisioning Success on the “Switch” page. On the “Switch View” page, it’s shown as Deployed.
Deploying Integrated Hardware and Software Switches
To deploy integrated hardware and software switches, follow these steps:
1.Ensure that the system configuration for each switch contains the default username and password of the switch to be deployed. For more information, see "4.2 Adding System Configurations".
2. Prepare the global configurations that you want to push to each switch. For more information, see "7.3 Configuring Global Configurations".
3. Prepare the configuration templates that you want to use. For more information, see "7.4 Configuring Configuration Templates".
4. Add a switch configuration for each switch. For more information, see "7.5 Adding Switch Configurations".
After you add a switch configuration, the switch is listed on the “Switch” page with the Configured status.
NOTE
5. Stage each switch to make them ready for Zero Touch Provisioning (ZTP) deployment. For more information, see "7.6 Staging Switches".
After you stage a switch, the switch is shown as Staged on the "Switch" page.
6. Provision new switches with ZTP to complete the PicOS installation and configuration without manual intervention. For more information, see "7.7 Provisioning New Switches with ZTP".
After you provision a switch, the switch is shown as Provisioning Success on the “Switch” page. On the "Switch View" page, it's shown as Deployed.
AmpCon-DC provides multiple built-in PicOS images, which you can use to deploy switches.
To deploy a switch with a PicOS image that is not built in AmpCon-DC, upload the image and its MD5 file first before you deploy the switch.
Uploading Images
To upload a PicOS image, follow these steps:
1. In the AmpCon-DC UI, click Resource > Upgrade Management.
2. Click Upload.
3. In the pop-up window, upload an image by using one of the following ways:
4. Click Upload.
Optional: Uploading MD5 Files
An MD5 file is used to verify the completeness of the corresponding PicOS image. If the MD5 file is not uploaded when you upload the PicOS image, AmpCon-DC will not verify the completeness of the PicOS image when it installs the PicOS image.
To upload an MD5 file for a PicOS image, follow these steps:
1. In the AmpCon-DC UI, click Resource > Upgrade Management.
2. In the Software list, locate the PicOS image, and then click Upload Md5.
3. Upload the MD5 file by using either of the following ways:
4. Click Upload.
Optional: Removing Images
1. In the AmpCon-DC UI, click Resource > Upgrade Management.
2. In the Software list, locate an image, and then click Delete.
3. Click Yes to confirm the deletion.
Optional: Pushing Images
You can push PicOS images to one or multiple switches. The pushed images are located in the /home/automation directory.
To push a PicOS image to a single switch, follow these steps:
1. In the AmpCon-DC UI, click Resource > Upgrade Management.
2. In the Software list, select the PicOS image that you want to push.
3. In the Switch list, locate the switch, and then click Push Image.
To push a PicOS image to multiple switches, follow these steps:
Before you deploy switches, configure each switch model that you want to manage with AmpCon-DC. If not, the default port number ranges and built-in PicOS images are used to deploy switches with these switch models.
Configuring a Switch Model
To configure a switch model, follow these steps:
1. In the AmpCon-DC UI, click Service > Switch Model.
2. To ensure the Switch Model drop-down list is the latest, click Update Switch Model, and then click Yes.
3. In the Switch Model drop-down list, select the switch model that you want to configure.
4. Configure the port number range for each speed.
5. In the Deployed ONIE Image drop-down list, select the PicOS image that you want to install for this switch model.
If the PicOS image to install is not listed here, upload the PicOS image and its MD5 file to AmpCon-DC. For more information, see "7.1 Uploading Images".
6. Click Save.
Optional: Resetting a Switch Model
To reset a switch model, follow these steps:
1. In the AmpCon-DC UI, click Service > Switch Model.
2. Click Reset.
3. Click Save.
After you reset a switch model, the port number range for each speed is set to zero, and the PicOS image in the Deployed ONIE Image drop-down list is reset to the built-in image.
Global configurations are configurations that you push to switches during the switch deployment process. When you add a switch configuration, you need to select a global configuration file.
Prepare the global configuration before you add a switch configuration.
Adding a Global Configuration
To add a global configuration, follow these steps:
1. In the AmpCon-DC UI, click Service > Global Configuration.
2. Input the following information:
3. Click Generate.
4. In the Admin Global Config Preview section, confirm or edit the configurations that are retrieved from the Generic Global File and the Security Global File.
5. Click Save.
Viewing a Global Configuration
In the Historical Configuration section, you can see all global configurations, which are grouped by switch models.
To search for a global configuration, enter the global configuration name in the search box (supports fuzzy matching).
Editing a Global Configuration
To edit a global configuration, follow these steps:
1. In the Historical Configuration section, locate the global configuration, and then click it.
2. In the Admin Global Config Preview section, click Edit.
3. Edit the configurations as needed.
4. Click Save.
AmpCon-DC provides powerful configuration templates to help you simplify the configuration writing process:
Prepare configuration templates before you add a switch configuration or push configurations to a switch.
Adding a Configuration Template
To add a configuration template, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the New Template tab, input the following information:
3. Optional: Click Update CLI Tree to refresh the CLI tree.
4. In the CLI Tree section, add one or multiple template configurations by clicking the plus icon. The selected template configurations appear on the right.
5. Click Save.
Viewing or Editing a Configuration Template
To view or edit a configuration template, follow these steps:
In the AmpCon-DC UI, click Service > Config Template. In the Template List tab, locate a switch, and then click View Template.
Optional: Removing a Configuration Template
To remove a configuration template, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Template List tab, locate a switch, and then click Remove Template.
3. Click Yes to confirm the deletion.
Optional: Viewing or Updating Pre-Built Templates
To view or update pre-built configuration templates, follow these steps:
In the AmpCon-DC UI, click Service > Config Template, and then click the Template List tab.
Optional: Copying a Configuration Template
To copy a configuration template, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Template List tab, locate a switch, and then click Copy.
3. Enter the name for the copied template and a description (optional).
4. Click Save.
Optional: Exporting a Configuration Template
To export a configuration template, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Template List tab, locate a switch, and then click Export.
Optional: Exporting All Configuration Template
To export all configuration templates, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Template List tab, click Export All Template.
Optional: Adding a Label to a Configuration Template
To add a label to a configuration template, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Template List tab, locate a switch, and then click Tag Management.
3. In the pop-up window, enter the name of the tag.
4. Click Add.
5. Click Save.
Optional: Uploading a Local Configuration Template
To upload a local configuration template, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Template List tab, click Upload Template.
3. In the pop-up window, enter the name of the configuration template and the template description (optional).
4. Click or drag a .txt template file to upload it.
5. Click Upload.
Before you provision a switch as described in Provisioning New Switches with ZTP, add a switch configuration. You can also add multiple switch configurations by using a JSON file.
Before You Begin
In the AmpCon-DC UI, click Service > Switch. On the “Switch” page, click Parking Lot, and then you can see all switches in Parking status. Locate a parking switch, and then click Create Config to add a switch configuration. After you add the switch configuration, the switch will be listed on the “Switch” page with the Configured status.
Adding a Switch Configuration
1. In the AmpCon-DC UI, click Service > Switch Configuration.
2. Input the following information:
3. Click Next. You can see an input section, which is related to the selected configuration template. Enter the relevant information.
4. Click Save.
5. In the Preview Config pop-up window, preview or edit the global configurations.
6. Click Save. The switch configuration is added now. On the “Switch List” page, you can see the switch status is shown as Configured.
7. Click System Config to select the system configuration that is applicable to the switch.
NOTE
8. Optional: Click Agent to edit the Pushing Agent Configuration information.
Adding Multiple Switch Configurations with a JSON file
You can add multiple switch configurations by uploading a JSON file. In this way, you don’t need to add each switch configuration one by one. Follow these steps:
1. Prepare a JSON file with switch configurations. See the following example:
{
"sn": [ "EC1631000063","EC1806001292","732656X2007017"],
"hardware_model": "ag5648",
"location": "Beijing",
"global_config_name": "2024-8-2-glob-ag5648-test1",
"site_template_name": ["test1"],
"agent_config": {
"enable": true,
"vpn_enable": true,
"server_domain": "http://pica8.com ",
"inband_native_vlan": "4094",
"server_vpn_host": "vpn.pica8.com",
"inband_vlan": "4094",
"server_hostname_prefix": "ac",
"inband_lacp": true,
"uplink_ports": "te-1/1/49,te-1/1/50",
"uplink_speed": "1000"
},
"vpn": true,
"retrieve_config": true,
"default_config_param": {
"test1": {
"vlan_id": "12",
"vlan_name": "23"
}
},
"unique_config_param": {
}
}2. In the AmpCon-DC UI, click Services > Switch Configuration.
3. Click Upload by JSON.
4. Click or drag a file to upload the JSON file.
5. Click Upload.
Viewing or Editing Switch Configurations
In the Historical Switch Config Edit section, you can see all the added switch configurations, which are grouped by switch models.
To edit a switch configuration, follow these steps:
1. Locate the global configuration, and then click it.
2. In the pop-up window, click Edit.
3. Edit the configurations as you need.
4. Click Save.
Optional: Checking the Switch Status
After you add a switch configuration, check whether the switch status is shown as Configured.
If not, locate the switch, and click Log to see more details.
Optional: Checking the Config View
After you add a switch configuration, you must stage the switch to make it ready for Zero Touch Provisioning (ZTP).
Procedure
1. In the AmpCon-DC UI, click Service > Switch.
2. In the Switch list, locate the switch, and then click Stage.
3. Check whether the switch status is shown as Staged.
Zero Touch Provisioning (ZTP) is a technology for automated deployment and configuration of network devices. AmpCon-DC supports using ZTP to provision new switches.
ZTP relies on the DHCP service, and thus you need to configure DHCP first. After you plug in and reboot a switch, DHCP automatically provides the switch with an IP address and the address of a provision shell script that is obtained from AmpCon-DC server. Then, the switch automatically runs the shell script to complete the ZTP deployment:
Prerequisites
Ensure that the following prerequisites are met:
The assigned IP address of the switch is “10.10.51.198“.
The IP address of the AmpCon-DC server is “10.56.20.184”.
NOTE
For integrated hardware and software switches, refer to the following configuration example:
The assigned IP address of the switch is “10.10.51.4“.
The IP address of the AmpCon-DC server is “10.56.20.180”.
NOTE
The following DHCP options are used:
Provisioning a White-Box Switch
1. Download and install MobaXterm.
2. Open MobaXterm, and then create a session to connect with the switch.
3. Reboot the switch by running the following command:
sudo reboot -f4. If you see the “Hit any key to stop autoboot” message, press the Enter key to exit the autoboot mode.
If you don’t see this message, go to step 5 directly.
5. Reboot the switch.
run onie bootcmdThen, the switch will be restarted and automatically register with the AmpCon-DC server.
6. Wait for the registration process to be completed.
7. In the AmpCon-DC UI, click Service > Switch. Check whether the switch status is shown as Provisioning Success.
Provisioning an Integrated Hardware and Software Switch
1. Download and install MobaXterm.
2. Open MobaXterm, and then create a session to connect with the switch.
3. Reboot the switch by running the following command.
sudo reboot
Then, the switch will be restarted and automatically register with the AmpCon-DC server.
4. Wait for the registration process to be completed.
5. In the AmpCon-DC UI, click Service > Switch. Check whether the switch status is shown as Provisioning Success.
For switches that are deployed but not deployed with AmpCon-DC, you can import these switches so that they can be managed by AmpCon-DC.
Prerequisites
Automatically Importing a Switch
1. Log in to the AmpCon-DC UI with a global user, and then click Service > Switch.
2. Click Import Actions, and then select Import.
3. In the IP field, enter the IP address of the switch.
4. In the System Config drop-down list, select the appropriate system configuration.
NOTE
5. In the Fabric drop-down list, select a fabric. To add a fabric, see "6.9 Managing Fabrics".
6. Click OK.
7. In the AmpCon-DC UI, click Service > Switch. Check whether the switch status is shown as Imported.
1. Log in to the AmpCon-DC UI with a group user, and then click Service > Switch.
2. Click Import Actions, and then select Import.
3. In the IP field, enter the IP address of the switch.
4. In the System Config drop-down list, select the appropriate system configuration.
NOTE
5. In the Fabric drop-down list, select a fabric. To add a fabric, see "6.9 Managing Fabrics".
6. In the Group drop-down list, select a group. To add a group, see "12.1 Managing Groups".
7. Click OK.
8. In the AmpCon-DC UI, click Service > Switch. Check whether the switch status is shown as Imported.
Manually Importing a Switch
1. Generate the tunnel keys based on the input serial number. These keys are used to ensure that the VPN tunnel between the switch and the AmpCon-DC server is encrypted.
a. Log in to the AmpCon-DC UI, and then click Service > Switch from the navigation bar.
b. Click Import Actions, and then select Adopt.
c. In the SN field, enter the serial number of the switch.
d. Click OK.
2. Download the VPN script and run it on the switch. The script will retrieve the tunnel keys and establish a VPN tunnel between the switch and the AmpCon-DC server.
a. Log in to the AmpCon-DC UI, and then click Service > Switch from the navigation bar.
b. Click Import Actions, and then select Download VPN Script. The VPN script is downloaded to your local machine.
c. Copy the script to the PicOS switch.
d. SSH log in to the switch, enter the Linux shell mode, and run the script using the command:
curl -o /opt/auto-deploy/auto-deploy.conf -k -v https://<ampcon-server-ip>/rma/file/agent/auto-deploy.confsudo ./enable_switch_vpn.sh <ampcon-server-ip>NOTEs
After you deploy or import a switch with AmpCon-DC, you can push configurations to the switch, manage configurations, back up and restore configurations for disaster recovery, or compare configurations for troubleshooting or auditing.
You can push configurations to one switch or a group of switches.
After switches are successfully deployed or imported with AmpCon-DC, you can push configurations to these switches as needed.
Prerequisite
Ensure that you have created the configuration templates to push to each switch. For more information, see “7.4 Configuring Configuration Templates”.
Procedure
To push configurations to one or multiple switches, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Push Config tab, select a folder, and then click Add Node. A node represents a configuration file.
3. Enter the node name and its description (optional).
4. Click OK to save the node.
5. Click the node that you just created, and click Edit.
6. Add configurations to push to switches by using either of the following ways:
a. Click Generate Config.
b. Select a configuration template file from the drop-down list.
c. Click Next, and enter the value for each variable.
d. Click Save.
7. Click Push Config, and then select the switches to apply these configurations.
You can select specific switches in the Config Switch tab or select a group in the Config Group tab. For how to add a group or manage switches in a group, see “12.1 Managing Groups”.
Optional: Verifying the Pushing Status and Log
To verify whether the configuration is pushed to each switch successfully, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Push Config tab, click Push Config Logs.
3. Click Task List, check whether the pushing status is success.
4. If the pushing status is not success, click Push Log to check more pushing details for troubleshooting.
On the “Config Files Views” page, you can manage all global configurations and site configurations. In the Push Config tab of the “Config Template” page, you can manage all general configurations.
Configurations that you created as described in "7.3 Adding a Global Configuration"
Configurations that you created as described in "7.5 Adding Switch Configurations"
Configurations that you pushed to switches as described in "8.1 Pushing Configurations to Switches"
Managing Global Configurations and Site Configurations
Viewing or Editing Global and Site Configuration Files
1. In the AmpCon-DC UI, click Service > Config Files View.
2. On the “Config Files Views” page, locate the configuration file, and then click View. You can see a pop-up window with detailed configurations.
3. To close the pop-up window, click the close icon.
4. To edit the configurations, click Edit, modify configurations, and then click Save.
Checking Switches Associated with a Configuration File
1. In the AmpCon-DC UI, click Service > Config Files View.
2. Locate the configuration file, and then click Associated. You can see the switches that are associated with the configuration file.
Deleting a Configuration File
NOTE
1. In the AmpCon-DC UI, click Service > Config Files Views.
2. Locate the configuration file, and then click Delete.
3. Click Yes to confirm the deletion.
Managing General Configurations
Viewing or Editing a General Configuration File
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Push Config tab of the “Config Template” page, click the node that you want to view. Each node represents a general configuration file.
3. To edit a configuration file, click Edit, modify configurations, and then click Save.
Deleting a General Configuration File
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Push Config tab, click the node that you want to delete.
3. Click Delete Node.
4. Click Yes to confirm the deletion.
You can manually back up switch configurations or automatically back up configurations at a specific interval. In addition, you can restore configurations based on a backup configuration file for disaster recovery.
Backing up Switch Configurations
Backing up Configurations for a Single Device
To back up configurations for a single switch, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Config Backup tab, locate a switch, and then click Backup Config.
3. Optional: Check whether the backup file is created successfully.
a. Locate a switch, and then click Snapshot List.
b. Check whether the backup file is in the snapshot list.
c. To see the configuration details, click Snapshot.
Backing up Configurations for a Group of Switches
To back up configurations for a group of switches, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Config Backup tab, select the group, and then click Backup Config.
3. Optional: Check whether the backup file for each switch is created successfully.
a. Locate a switch, and then click Snapshot List.
b. Check whether the backup file is in the snapshot list.
c. To see the configuration details, click Snapshot.
Backing up Configurations Automatically
To back up configurations periodically and automatically, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Config Backup tab, set the backup interval and time:
3. Click Save. Then, AmpCon-DC will automatically back up configurations at a specific interval.
Rolling Back Configurations
To restore configurations based on a backup configuration file, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Config Backup tab, locate a switch, and then click Snapshot List.
3. Locate the configuration to roll back, and then click Rollback Config.
4. Set the wait time in seconds. The default value is 10.
5. Click Save.
Optional: Viewing Backup Logs
To view configuration backup logs on a switch, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. n the Config Backup tab, locate a switch, and then click Log.
Optional: Viewing All Configurations on a Switch
To view detailed configurations on a switch, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Config Backup tab, locate a switch, and then click Config.
Optional: Viewing or Deleting Backup Configuration Files
To view or delete backup configuration files, follow these steps:
In the AmpCon-DC UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Snapshot List. You can see all available backup configuration files for the switch.
Optional: Uploading Local Configuration Files
You can upload a local switch configuration file to AmpCon-DC. After you upload the configuration file, the uploaded configurations can’t be pushed to the switch directly but can be pushed to the new switch during the Returning Merchandise Authorization (RMA) process.
To upload a local configuration file, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Config Backup tab, locate a switch, and then click Upload Config.
3. Select a .boot file with switch configurations and upload it.
4. Click Config. In the pop-up window, check whether the uploaded configurations are added.
Optional: Setting Golden Config
The backup file with Golden Config will never be deleted. When the switch operation is compromised, the backup file with Golden Config is used to roll back a switch. You can also check whether the switch is operating as designed by comparing running configurations with the backup configuration file with Golden Config.
To set Golden Config, follow these steps:
1. In the AmpCon-DC UI, click Service > Config Template.
2. In the Config Backup tab, locate a switch, and then click Snapshot List.
3. Locate a backup file, and then click Set Golden Config.
Optional: Adding or Deleting Configuration File Tags
You can add or delete tags for a backup configuration file. Follow these steps:
In the AmpCon-DC UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Snapshot List. Locate a backup snapshot, and then click Tag Management.
You can compare running configurations or backup configurations on one switch or on different switches.
Configurations that are currently running on a switch
Configuration files that were backed up as described in Backing up Switch Configurations.
Procedure
NOTE
Then, you can see configuration differences as follows:
You can compare running configurations with initial configurations on the same switch.
Configurations that you selected when you add a switch configuration, including the global configuration file and the configuration template
Configurations that are currently running on the switch
This feature doesn’t support the following scenarios:
Prerequisites
NOTE
This is because the new switch is configured by using the backup configuration file or uploaded configurations of the imported switch during the deployment process, instead of by creating a switch configuration.
Procedure
Then, you can see differences between the running configurations and the initial configurations on the switch.
After you deploy or import switches with AmpCon-DC, you can manage the lifecycle of these switches:
You can upgrade PicOS on a single switch or on multiple switches.
You can Return Merchandise Authorization (RMA) to replace a failed switch with a new switch of the same switch model.
You can decommission (DECOM) a deployed switch to revoke the license and configurations from the switch. The decommissioned switch will not be managed by AmpCon-DC.
Imported switches can’t be decommissioned but can be removed.
You can remove a deployed or imported switch from AmpCon-DC. The switch will be removed from the AmpCon-DC database and thus not be displayed in the AmpCon-DC UI.
Removing a switch doesn’t revoke the PicOS license and configurations from the switch.
By using AmpCon-DC, you can upgrade PicOS on a single switch or on multiple switches at scale.
Before You Upgrade
Before upgrading a switch to PicOS 4.6.0E or later, if both EVPN VXLAN and static VXLAN have been configured on the switch, you must manually delete the static VXLAN configuration.
Otherwise, the upgrade will fail and terminate with the following error message:
Error: The current version only supports EVPN VXLAN. Please delete the static VXLAN configuration before upgrading. Upgrade aborts.For more information, see Upgrading PICOS from Version 4.0.0 or Later Using Upgrade Command and Upgrading PICOS from Version 3.0 or Later Using Upgrade2.
Upgrading PicOS on a Single Switch
To upgrade PicOS on a single switch, follow these steps:
Upgrading PicOS on Multiple Switches
To upgrade PicOS on multiple switches, follow these steps:
Verifying the Upgrade
To verify the upgrade, follow these steps:
AmpCon-DC supports Returning Merchandise Authorization (RMA), which means replacing a switch with another switch of the same switch model.
When hardware of a switch fails and is replaced with a new switch, you can RMA to take the configurations from the failed switch, install or upgrade PicOS, update the serial number of the new switch, and push the configurations to the new switch to seamlessly manage it with AmpCon-DC.
During the RMA process, AmpCon-DC deploys PicOS on the new switch based on the Deployed ONIE Image setting on the “Switch Model” page and configure the new switch based on the backup configuration file or uploaded configurations of the replaced switch.
Prerequisites
Ensure that the following prerequisites are met:
Procedure
To RMA, follow these steps:
NOTE
You can decommission (DECOM) a deployed switch to revoke the PicOS license and configurations from the switch. The decommissioned switch will not be managed by AmpCon-DC.
NOTEs
Procedure
To DECOM a switch, follow these steps:
You can remove a deployed or imported switch from AmpCon-DC. The switch will be removed from the AmpCon-DC database and thus not be displayed in the AmpCon-DC UI.
NOTE
Procedure
To remove a switch, follow these steps:
After switches are deployed or imported with AmpCon-DC, you can monitor these switches easily:
You can check managed switches and the health of the AmpCon-DC server.
You can get a comprehensive overview of configurations, templates, switches, licenses, and tasks.
You can view the list of all managed switches and check information about devices, telemetry, ports, modules, and AI.
You can use the DLB page to visualize load-related metrics. Based on these metrics, you can optimize your network for better performance.
You can track performance metrics in real time from various network devices, such as port traffic, bandwidth utilization, and packet loss rate.
You can visualize your switches in all locations and drill down into an individual switch, right to the port level, to check the port stats and overall health of the switch.
In addition, you can view real-time or historical information about Linux servers connected to the switch.
You can check different types of alarms to take corrective actions before issues are escalated.
You can receive real-time alarm notifications through emails when issues arise.
In the AmpCon-DC UI, click Dashboard > Global View. On the “Global View” page, you can check the health of the AmpCon-DC server and managed switches.
In the AmpCon-DC UI, click Dashboard > Switch View. On the “Switch View” page, check the following information for managed switches:
Checking Configurations or Templates
In the Config/Templates section, you can see the total numbers for different types of switch configurations and templates.
Click the number for one specific type. You are redirected to the related page in the Service menu:
Checking Switches
Checking Lifecycle Workflow
In the Deployment and Lifecycle Work Flow section, you can see the lifecycle transition process of switches and the total number of each state.
Click Switch List. You can check all managed switches on the “Switch” page.
Checking the Proportions of Switches in Each Lifecycle State
In the Deployment section, you can see the proportion of switches in each lifecycle state.
Checking Switch Models
In the Hardware Models section, you can see the total numbers of switch models and their proportions.
Checking Licenses
Checking Available License Numbers
In the Available Licenses section, you can see the currently available license number.
Click Available Licenses, and then you are redirected to the License Portal, where you can see more details about available licenses.
Checking License Expiration Dates
In the License Expiration section, you can see the total number of devices that will expire in each month over the next six months.
Checking License Usage
In the License Usage section, you can see the license usage information.
Checking Tasks
Checking All Switch Activities
In the Deployment Tasks section, click Deployment. You can see activities for all switches and each activity progress.
In the pop-up window, you can do the following actions:
Checking System Tasks
In the System Tasks tab of the Deployment Tasks section, you can see the total numbers for different types of running tasks.
Checking Automation Jobs
In the Automation Jobs tab of the Deployment Tasks section, you can see the total numbers for different types of automation jobs.
Click the number for one specific type. You are redirected to the related page:
You can view the list of all managed switches and check detailed telemetry data related to each switch.
Viewing the Switch List
In the AmpCon-DC UI, click Service > Switch. On the “Switch” page, you can see the list of all managed switches.
Table 1. Switch Metrics
Metric | Description |
Sysname | The hostname of the switch. |
SN/Service Tag | The serial number or service tag of the switch. |
Model | The model of the switch. |
Version | The version of the switch. |
Status | The state of the switch. The following states are supported: Imported: The switch is imported to AmpCon-DC. Provisioning Success: The switch is deployed by using AmpCon-DC. Configured: After you add a switch configuration, the switch is in Configured status. Staged: After you stage a switch, the switch is in Staged status. Registered: The switch has registered with AmpCon-DC but hasn’t been deployed completely. Provisioning Failed: The switch fails to be deployed by using AmpCon-DC. DECOM: The deployed switch is decommissioned (DECOM) when it’s online. DECOM-Manual: The deployed switch is decommissioned (DECOM) when it’s offline. RMA: The switch is replaced with another switch of the same switch model by using Return Merchandise Authorization (RMA). |
Mgmt IP | The switch IP address used to connect to AmpCon-DC and the status icons ✓ and x. ✓: The switch is up and connected to AmpCon-DC. x: The switch is down or not connected to AmpCon-DC. |
In the Operation column, you can manage the switch as follows:
a. Click SSH.
b. Input the following information:
c. Click OK.
Viewing Telemetry Data of a Switch
Click a specific switch SN or service tag in the switch list. You can see detailed telemetry data related to the switch. For more information, see "10.5.2 Telemetry Data of a Switch".
Viewing the Parking Lot
If you provisioned a switch without adding a switch configuration beforehand, the switch will be in Parking status. The switch in Parking status is not listed on the “Switch” page and can’t be staged.
In the AmpCon-DC UI, click Service > Switch from the navigation bar. On the “Switch” page, click Parking Lot, and then you can see all switches in Parking status.
Table 2. Switch Metrics
Metric | Description |
SN | The serial number of the switch |
Hardware ID | The Hardware ID of the switch |
IP Address | The switch IP address used to connect to AmpCon-DC |
Model | The model of the switch |
Register Count | The number of times the switch initiates ZTP authentication with the AmpCon-DC server |
Time In | The time when the switch initiates the first ZTP authentication with the AmpCon-DC server |
Latest Time | The time when the switch initiates the last ZTP authentication with the AmpCon-DC server |
Flag | Indicates whether the switch has been investigated |
In the Operation column, you can manage the switch as follows:
To save all the switch information from the parking lot list to a local file, click Export in the top-left corner.
Updating the Switch Hostname
During the switch lifecycle, you might need to change their hostnames. To see the latest hostnames, follow these steps:
Updating the Switch Mgmt IP Address
During the switch lifecycle, you might need to change their Mgmt IP addresses, which are used to connect to AmpCon-DC. To see the latest Mgmt IP addresses, follow these steps:
3. Click Yes.
AmpCon-DC provides a DLB page to help you visualize load balancing related metrics. Based on these metrics, you can optimize your network for better performance.
To check the metrics for load balancing, click Monitor > Network > DLB in the AmpCon-DC UI, and then select the SN or service tag of a switch in the SN/Service Tag drop-down list.
This feature works for only online switches and ports. For offline switches and ports, no data is displayed on the “DLB” page.
Performance Trend
In the Performance Trend tab, you can see the following line charts:
Bandwidth Utilization (Output) and Bandwidth Utilization (Input)
These two metrics are used to measure how effectively the available bandwidth is being utilized.
The percentage of the total outbound bandwidth that is being used on each port of the selected switch
The percentage of the total inbound bandwidth that is being used on each port of the selected switch
How It Is Calculated
AmpCon-DC calculates Bandwidth Utilization (Output) and Bandwidth Utilization (Input) as follows:
For example, in the Port Overview tab of the switch detail page, the In Bits Rate metric, which means the rate at which bits are received by the switch port, is 376 bytes per second, and the Port Speed metric, which means the maximum data transfer rate that the port can support, is 1GB. So, the Bandwidth Utilization (Input) value is:
376 bit / 1GB × 100% = 0.0000376%
Packet Loss Rate (Input) and Packet Loss Rate (Output)
These two metrics are used to measure the reliability of the network and the switch port in delivering data packets.
The rate at which input data packets are discarded during transmission
The rate at which output data packets are discarded during transmission
How It Is Calculated
AmpCon-DC calculates Packet Loss Rate (Output) and Packet Loss Rate (Input) as follows:
For example, in the Port Overview tab of the switch detail page, the In Discards metric, which means discarded input packets, is 24356, and the In Pkts metric, which means all input packets, is 31004. So, the Packet Loss Rate (Input) value is:
24356 / 31004 × 100% = 78.557605%
Throughput (Output) and Throughput (Input)
These two metrics are used to measure the speed and efficiency of data transmission.
The rate of data packets sent from the network interface within a unit of time
The rate of data packets received by a network interface within a unit of time
How It Is Calculated
AmpCon-DC calculates Throughput (Output) and Throughput (Input) as follows:
Real-Time Statistics
In the Real-time Statistics tab, you can see the following table:
Metric | Description |
Port Name | The name of the switch port. |
5sec Input Rate | The rate of data packets received by a switch port within a unit of time. The same as the In-Pkts-Rate metric in the Port Overview tab of the switch detail page. |
5sec Output Rate | The rate of data packets sent from the switch port within a unit of time. The same as the Out Pkts Rate metric in the Port Overview tab of the switch detail page. |
Input Total Packets Without Errors | The total number of error-free data packets received by a switch port. |
Output Total Packets Without Errors | The total number of error-free data packets sent from a switch port. |
Input Total Packets With Errors | The total number of erroneous data packets received by a switch port. |
Output Total Packets With Errors | The total number of erroneous data packets sent from a switch port. |
NOTE
Filtering DLB data
To filter DLB data, use the following methods:
NOTE
To ensure that the network is healthy and devices are working well, you need to continuously monitor and validate the operational state of your network and devices.
AmpCon-DC uses the telemetry technology to automatically collect real-time or historical metric data from managed switches. In addition, AmpCon-DC analyzes the telemetry data to predict equipment failures and performance anomalies and then triggers immediate alarms.
By using AmpCon-DC, you can view multi-dimensional telemetry data of all managed switches in a centralized user interface, gain detailed insights into network performance and device health, and proactively troubleshoot and optimize your network performance.
Prerequisites
The telemetry data can be displayed in the AmpCon-DC UI only when the following prerequisites are met:
Use Cases
The following scenarios are examples of using the telemetry data:
You can have an overall understanding about the network running status by checking telemetry metrics like routing neighbors, switch resource utilization, port counts, and Layer 2 and Layer 3 forwarding tables.
You can monitor performance-related telemetry metrics for all managed switches, such as port traffic, bandwidth utilization, and packet loss rate.
You can better distribute the load based on the routing neighbor information, avoid excessive load on certain neighbors, and improve the overall network performance.
You can get early warnings of network failures, be notified when equipment failures and performance anomalies happen, and quickly troubleshoot and address network issues.
Viewing Global Telemetry Data
To view the telemetry data of all managed switches, click Dashboard > Telemetry Dashboard in the AmpCon-DC UI. For detailed information about each telemetry metric, see "10.5.1 Global Telemetry Data".
Viewing Telemetry Data of a Switch
To view the telemetry data of a specific switch, click Service > Switch in the AmpCon-DC UI, and then click the SN or service tag of the switch. For detailed information about each telemetry metric, see "10.5.1 Telemetry Data of a Switch".
Filtering Telemetry Data
To filter telemetry data as needed, use the following methods:
Note:
10.5.1 Global Telemetry Data
Click Dashboard > Telemetry Dashboard in the AmpCon-DC UI, and then you can see the following telemetry data of all managed switches:
CPU and Memory
Metric | Description |
CPU | The CPU usage of a switch in percentage. |
Memory | The memory usage of a switch in percentage. |
NOTE
Port Metrics
Metric | Description |
In Octets | The number of octets (8-bit bytes) received by a switch port. |
In Pkts | The number of incoming packets received by a switch port. |
In Discards | The number of incoming packets that a switch port intentionally discards (drops) during processing. |
In Errors | The number of incoming packets that contain errors and are dropped by a switch port. |
In Fcs Errors | The number of incoming packets that fail the Frame Check Sequence (FCS) validation. |
Out Octets | The number of octets (8-bit bytes) transmitted out of a switch port. |
Out Pkts | The number of outgoing packets transmitted by a switch port. |
Out Discards | The number of outgoing packets that a switch port intentionally discards (drops) before they are transmitted. |
Out Errors | The number of outgoing packets that a switch port fails to transmit successfully due to errors. |
Out Bits Rate | The rate at which bits are transmitted from a switch port. It’s measured in bits per second (bps). |
In Bits Rate | The rate at which bits are received by a switch port. It’s measured in bits per second (bps). |
Out Pkts Rate | The rate of data packets sent from a switch port. It’s measured in Packets Per Second (pps). |
In Pkts Rate | The rate of data packets received by a switch port. It’s measured in Packets Per Second (pps). |
Module Metrics
Metric | Description |
Output Power | The amount of optical power delivered by the optical module connected to the switch port. It’s measured in dBm. |
Input Power | The amount of optical power consumed by the optical module connected to the switch port. It’s measured in dBm. |
Laser Temperature | The temperature of the optical module connected to the switch port. It’s measured in Celsius (°C). |
Output Power - Input Power | The difference between the output power and the input power. |
10.5.2 Telemetry Data of a Switch
Click Service > Switch in the AmpCon-DC UI, and click a specific switch SN or service tag in the switch list. Then, you can see the following telemetry data related to the switch:
Device Information
In the Device Information section, you can see the following information:
Table 1. Device Information
Metric | Description |
Model | The model of the switch. |
SN | The serial number of the switch. |
Hardware-ID | The hardware ID of the switch. |
MAC Address | The MAC address of the switch. |
Sysname | The hostname of the switch. |
IP Address | The switch VPN IP address that is used to communicate with AmpCon-DC. |
Version | The PicOS version on the switch. |
Switch Overview
Click the Switch Overview tab. Then, you can see the following line charts:
NOTE
Table 2. Switch Overview Metrics
Metric | Description |
Usage | The CPU and memory usage of the switch. It’s measured in percentage. |
Fan | The proportion of the fan's PWM to the total width. |
In Octets | The number of octets (8-bit bytes) received by the switch port. |
In Pkts | The number of incoming packets received by the switch port. |
In Discards | The number of incoming packets that the switch port intentionally discards (drops) during processing. |
In Errors | The number of incoming packets that contain errors and are dropped by the switch port. |
In Fcs Errors | The number of incoming packets that fail the Frame Check Sequence (FCS) validation. |
Out Octets | The number of octets (8-bit bytes) transmitted out of the switch port. |
Out Pkts | The number of packets transmitted out of the switch port. |
Out Discards | The number of outgoing packets that the switch port intentionally discards (drops). |
Out Errors | The number of outgoing packets that the switch port fails to transmit successfully due to errors. |
Out Bits Rate | The rate at which bits are transmitted from the switch port. It’s measured in bits per second (bps). |
In Bits Rate | The rate at which bits are received by the switch port. It’s measured in bits per second (bps). |
Out Pkts Rate | The rate of data packets sent from the switch port. It’s measured in Packets Per Second (pps). |
In Pkts Rate | The rate of data packets received by the switch port. It’s measured in Packets Per Second (pps). |
Output Power | The amount of optical power delivered by the optical module connected to the switch port. It’s measured in dBm. |
Input Power | The amount of optical power consumed by the optical module connected to the switch port. It’s measured in dBm. |
Laser Temperature | The temperature of the optical module connected to the switch port. It’s measured in Celsius (°C). |
Output Power - Input Power | The difference between the output power and the input power. |
Device Overview
Click the Device Overview tab. Then, you can see the following tables:
Table 3. RPSU Metrics
Metric | Description |
PSU Index | The index of the Power Supply Unit (PSU). |
Power on | Whether the PSU is powered on. |
Enabled | Whether the PSU is activated or turned on. |
Present | Whether the PSU is properly plugged. |
Table 4. Fan Metrics
Metric | Description |
Position | The position of the fan. |
Direction | The direction of the wind, forward or back. |
PWM | The proportion of the fan's PWM to the total width. |
Speed | The fan speed. |
Port Overview
Click the Port Overview tab. Then, you can see the following table:
Table 5. Port Overview Metrics
Metric | Description |
Port Name | The name of the switch port. |
Port State | The state of the switch port. |
MTU | The largest size of a data packet that can be transmitted over a network without being fragmented. It’s measured in bytes. |
Loopback Mode | Whether the loopback mode is enabled on this port.In loopback mode, the switch port sends data packets that are then routed back to itself. You can enable this mode to verify whether data can be sent or received as expected without involving external networks. |
Port Speed | The maximum data transfer rate that the port can support. |
In Bandwidth Utilization | The percentage of the inbound bandwidth that is being used on the port. |
Out Bandwidth Utilization | The percentage of the outbound bandwidth that is being used on the port. |
Auto Negotiate | Whether the Auto Negotiate feature on the port is enabled.Auto Negotiate means the process to automatically negotiate and select the optimal operating parameters, such as the speed and duplex mode. |
Mac Addr | The MAC address of the switch port connecting to this switch port. |
Duplex Mode | Whether data can flow in one direction (half duplex) at a time or both directions (full duplex) simultaneously. |
In Broadcast Pkts | The number of broadcast packets received by the port. |
In Discards | The number of incoming packets that the switch port intentionally discards (drops) during processing. |
In Errors | The number of incoming packets that contain errors and are dropped by the switch port. |
In Fcs Errors | The number of incoming packets that fail the Frame Check Sequence (FCS) validation. |
In Multicast Pkts | The number of multicast packets received by the switch port. |
In Octets | The number of octets (8-bit bytes) received by the switch port. |
In Pkts | The number of incoming packets received by the switch port. |
In Unicast Pkts | The number of unknown unicast packets received by the switch port. |
Out Broadcast Pkts | The number of broadcast packets sent by the switch port. |
Out Discards | The number of outgoing packets that the switch port intentionally discards (drops). |
Out Errors | The number of outgoing packets that the switch port fails to transmit successfully due to errors. |
Out Multicast Pkts | The number of multicast packets sent by the switch port. |
Out Octets | The number of octets (8-bit bytes) transmitted out of the switch port. |
Out Pkts | The number of packets transmitted out of the switch port. |
Out Unicast Pkts | The number of unknown unicast packets sent by the switch port. |
In Oversize Frames | The number of oversize frames received by a switch port.Oversize frames mean frames that exceed the typical maximum transmission unit (MTU) size. |
In Undersize Frames | The number of undersize frames received by a switch port.Undersize frames mean frames with a length less than 64 bytes and a correct checksum. |
Out Bits Rate | The rate at which bits are transmitted from the switch port. It’s measured in bits per second (bps). |
In Bits Rate | The rate at which bits are received by the switch port. It’s measured in bits per second (bps). |
Out Pkts Rate | The rate of data packets sent from the switch port. It’s measured in Packets Per Second (pps). |
In Pkts Rate | The rate of data packets received by the switch port. It’s measured in Packets Per Second (pps). |
In Frames 64 Octets | The number of 64-byte frame packets received by the switch port. |
In Frames 65-127 Octets | The number of frame packets between 65 and 127 bytes received by the switch port. |
In Frames 128-255 Octets | The number of frame packets between 128 and 255 bytes received by the switch port. |
In Frames 256-511 Octets | The number of frame packets between 256 and 511 bytes received by the switch port. |
In Frames 512-1023 Octets | The number of frame packets between 512 and 1023 bytes received by the switch port. |
In Frames 1024-1518 Octets | The number of frame packets between 1024 and 1518 bytes received by the switch port. |
Modules Overview
Click the Modules Overview tab. Then, you can see the following table:
Table 6. Module Overview Metrics
Metric | Description |
Port Name | The name of the switch port connected with the optical module. |
Connector Type | The type of the connector used by the optical module. |
Form Factor | The physical size, shape, and interface specifications of the optical module. |
Vendor | The manufacturer of the optical module. |
Vendor Part | The model name of the optical module. |
Transmission Distance | The maximum distance over which an optical signal can be transmitted effectively through the module. |
Transmission Rate | The speed at which data can be transmitted through the module. It’s measured in gigabits per second (Gbps). |
WaveLength | The distance between two corresponding points on an optical wave, typically measured from crest to crest (or trough to trough). It’s measured in nanometers (nm). |
Tx Power | The amount of optical power consumed by the optical module. It’s measured in dBm. |
Rx Power | The amount of optical power delivered by the optical module. It’s measured in dBm. |
Power Budget | The difference between the output power and the input power. |
Temperature | The temperature of the optical module. It’s measured in Celsius (°C). |
BGP
Click the BGP tab. Then, you can see the following table:
Table 7. BGP Metrics
Metric | Description |
VRF Name | The name of the Virtual Routing and Forwarding (VRF) instance. |
BGP Version | The version of Border Gateway Protocol (BGP). |
Local AS | The Autonomous System Number (ASN) of the local switch. |
Local Router ID | The unique BGP identifier of the local switch. |
Remote AS | The ASN of the remote device. |
Remote Router ID | The unique BGP identifier of the remote device. |
BGP State | The state of the BGP session. |
Hold Time | The allowed maximum time between two BGP peers without receiving any messages. It’s measured in seconds. |
Keepalive Interval | The time interval for sending KEEPALIVE messages between BGP peers. It’s measured in seconds. |
OSPF
Click the OSPF tab. Then, you can see the following table:
Table 8. OSPF Metrics
Metric | Description |
VRF Name | The name of the VRF instance. |
Neighbor ID | The unique identifier to distinguish a neighboring device. |
Pri | The OSPF router priority, which is a parameter that influences the election process for the Designated Router (DR) and Backup Designated Router (BDR) within an OSPF network. |
State | The current status of the OSPF router. |
Dead Time | The amount of time that a router waits to receive a Hello packet from a neighboring router before it declares that neighbor as "dead" or unreachable. It’s measured in seconds. |
Address | The IP address of the neighbor. |
Interface | The interface on a router to establish the OSPF neighbor relationship. |
RXmtl | The total number of link state advertisements on the retransmission queue sent to neighbors. |
Rqstl | The total number of link state advertisements on the request messages queue sent to neighbors. |
DBsml | The total number of link state advertisements on the Database Description (DD) messages queue sent to neighbors. |
DR | The Designated Router, a special router elected within an OSPF area to handle the exchange of link-state information. |
BDR | Backup Designated Router, a backup to the DR in an OSPF network. |
MAC
Click the MAC tab. Then, you can see the following table:
Table 9. MAC Metrics
Metric | Description |
MAC address | The MAC address of the switch port connecting to this switch. |
Interface | The physical port associated with the MAC address. |
Vlan | Th identifier of the VLAN including this MAC address. |
Age | The duration during which the MAC address entry remains valid before it is deleted due to lack of updates. It’s measured in seconds. |
Type | The obtaining method of the MAC address, dynamic or static. |
ARP
Click the ARP tab. Then, you can see the following table:
Table 10. ARP Metrics
Metric | Description |
Address | The IP address of the neighboring switch. |
HW Address | The MAC address of the neighboring switch. |
Type | The types of the ARP entry, dynamic or static. |
Interface | The physical or logical port on the switch associated with the IP address and the MAC address. |
AI
Click the AI tab. Then, you can see the following table:
Table 11. AI Metrics
Metric | Description |
Interface Name | The interface of the switch |
ECN-Marked-Packets | The number of packets that have been marked with Explicit Congestion Notification (ECN). |
ECN-Marked-Packets-Rate | The number of packets per unit time that are marked with Explicit Congestion Notification (ECN) codes by the switch in response to detected congestion. |
Queue Name | The queue of PFC |
PFC-Deadlock-Monitor-Count | A counter used for monitoring and recording the number of Priority Flow Control (PFC) deadlock events. |
PFC-Deadlock-Recovery-Count | A counter used to track and record the number of recoveries from Priority Flow Control (PFC) deadlock states. |
Receive-PFC-Pause-Frames | The PAUSE frames received by the receiver end for flow control. |
Receive-PFC-Pause-Frames-Rate | The rate at which PFC (Priority-based Flow Control) PAUSE frames are received by the switch. |
Send-PFC-Pause-Frames | The PAUSE frames sent by the transmitting end for flow control. |
Send-PFC-Pause-Frames-Rate | The rate at which PFC (Priority-based Flow Control) PAUSE frames are sent. |
IP Route
Table 12. IP Route Metrics
Metric | Description |
Type | The protocol through which the route was learned or configured. DIRECTLY_CONNECTED: This is a directly connected network. STATIC: This is a static route. OSPF: This is a route learned through the OSPF protocol. BGP: This is a route learned through the BGP protocol. |
Destination Network | The address and subnet mask of the destination network. |
Route Metrics | The metric (or cost) of the route, which determines the priority of the route. For example, [110/2] indicates that the route uses the OSPF protocol, where 110 is the OSPF priority (cost) and 2 is the metric of the route. |
Next-Hop | The next hop IP address to which packets are forwarded. |
Outgoing Interface | The network interface from which packets are forwarded. |
Route Age | The elapsed time since the route was learned or configured. |
You can use the automatic discovery of topology feature to visualize your switches in all locations and drill down into an individual switch, right to the port level, to check port stats and overall health of the switch.
In addition, you can view real-time or historical information about Linux servers connected to the switch.
You can add, edit, or delete topologies by using the AmpCon-DC UI.
You can enter the topology edit mode to customize a topology based on your actual needs.
You can enter the real-time topology mode to view real-time network status such as switch status and link faults. By clicking a switch or a link, you can see detailed stats information.
You can enter the historical topology mode to view the network status at different time or analyze the historical topology to trace problems.
When you click a switch in a topology, you can view real-time or historical information about the switch, switch ports, and Linux servers connected to the switch.
10.6.1 Managing Topologies
Topologies can help you identify and visualize your network structure. You can add, edit, or delete topologies by using the AmpCon-DC UI.
NOTE
Adding a Topology
Editing a Topology
Deleting a Topology
Setting or Unsetting a Default Topology
When you click Physical Network > Topology, the default topology is displayed. To set a default topology, follow these steps:
To unset a default topology, click the default topology, and then click the “Set Default Topology” icon again.
10.6.2 Planning Topologies
You can enter the topology edit mode to customize a topology based on your actual needs.
Entering the Topology Edit Mode
Adding Switches to a Topology
To add switches to a topology, follow these steps:
Removing Switches from a Topology
To remove switches from a topology, follow these steps:
Click the topology, and then click the "Delete Node" icon.
Automatically Discovering Links
NOTE
Manually Adding Links
To add a link, follow these steps:
Click + on the right to add a new port connection, or click - to remove a port connection. If a selected port is already in use by another link, a warning is displayed.
After you add a link and save the topology, the link is displayed in red or green based on real connectivity status:
Editing Links
After a link is added, you can edit the link. Follow these steps:
Selecting a Topology Layout
In the topology edit mode, you can see the topology in the auto hierarchy layout by default. To select a topology layout, follow these steps:
Select a specific switch in the topology, and then click Auto Hierarchy Layout. You can see a tree layout with the switch as the root node.
The auto hierarchy layout cannot be applied when no switches are selected or no links exist among switches.
If no switches are selected, the grid layout automatically lays out all global elements.
If some switches are selected, the grid layout is applied only to the selected switches.
If no switches are selected, the circular layout automatically lays out all global elements.
If some devices are selected, the circular layout is applied only to the selected switches.
If some switches are selected, the elliptical layout is applied only to the selected switches.
Zooming in or out of a Topology
Undoing or Redoing Operations
In the topology edit mode, you can undo or redo operations.
If no undo or redo operations are available, these two buttons are grayed out and disabled.
Saving a Topology
Displaying or Hiding the Legend
Refreshing the Current Topology
In the topology edit mode, click the "Refresh" icon.
Exiting the Topology Edit Mode
To exit the topology edit mode, click the "Cancel Edit" icon in the topology edit mode.
10.6.3 Viewing Real-Time Topologies
You can enter the real-time topology mode to view real-time network status such as switch status and link faults. By clicking a switch or a link, you can see detailed stats information.
Entering the Real-Time Topology mode
NOTE
Refreshing the Topology
In the real-time topology mode, click the "Refresh" icon.
Zooming in or out of a Topology
Exporting a Topology
In the real-time topology mode, click the "Download Image" icon. You can view the exported topology in the download history of your browser.
10.6.4 Viewing Historical Topologies
You can enter the historical topology mode to view the network status at different time or analyze the historical topology to trace problems.
Viewing a Historical Topology
Then, you can see the historical topology as follows:
Zooming in or out of a Topology
Exporting a Topology
In the historical topology mode, click the "Download Image" icon. You can view the exported topology in the download history of your browser.
Returning to the Real-Time Topology Mode
In the historical topology mode, click the “Back To Real-Time Topology” icon to leave the historical mode.
10.6.5 Viewing Switch Details, Ports, and Linux Severs
When you click a switch in a topology, you can view real-time or historical information about the switch, switch ports, and Linux servers connected to the switch.
Prerequisites
To check the Linux servers connected to managed switches in a topology, ensure that the following prerequisites are met:
Viewing Real-time or Historical Data
To view real-time switch details, switch ports, and Linux servers, Enter the Real-Time Topology Mode, and then click the switch to be monitored.
To view historical switch details, switch ports, and Linux servers, Enter the Historical Topology Mode, and then click the switch to be monitored.
Then, you can see the following sections in the topology:
Device Info
In the Device Info section, you can see the following switch-related information:
Table 1. Device Info Metrics
Metric | Description |
Switch Name | The name of the switch. |
Switch SN | The SN of the switch. |
Model | The model of the switch. |
Version | The PicOS version of the switch. |
State | The state of the switch. For the topologies in the Fabric section, the following switch states are supported: Imported: The switch is imported to AmpCon-DC. Provisioning Success: The switch is deployed by using AmpCon-DC. Configured: After you add a switch configuration, the switch is in Configured status. Staged: After you stage a switch, the switch is in Staged status. Registered: The switch has registered with AmpCon-DC but hasn’t been deployed completely. Provisioning Failed: The switch fails to be deployed by using AmpCon-DC. DECOM: The deployed switch is decommissioned (DECOM) when it’s online. DECOM-Manual: The deployed switch is decommissioned when it’s offline. RMA: The switch is replaced with another switch of the same switch model by using Return Merchandise Authorization (RMA). For the topologies in the Topology section, the following switch states are supported: Imported: The switch is imported to AmpCon-DC. Provisioning Success: The switch is deployed by using AmpCon-DC. |
Mgmt IP | The management IP address (VPN IP address) of the switch. |
Port Info
In the Port Info section, you can see the following port-related metrics:
Table 2. Port Info Metrics
Metric | Description |
Port Name | The name of the switch port |
Port State | The state of the switch port, up or down |
Port Speed | The maximum data transfer rate that the port can support |
In Octets | The number of octets (8-bit bytes) received by the switch port |
In Pkts | The number of incoming packets received by the switch port |
In Discards | The number of incoming packets that the switch port intentionally discards (drops) during processing |
In Errors | The number of incoming packets that contain errors and are dropped by the switch port |
Out Octets | The number of octets (8-bit bytes) transmitted out of the switch port |
Out Pkts | The number of outgoing packets transmitted by the switch port |
Out Discards | The number of outgoing packets that the switch port intentionally discards (drops) before they are transmitted |
Out Errors | The number of outgoing packets that the switch port fails to transmit successfully due to errors |
Host Info
In the Host Info section, you can see the following metrics for Linux servers connected to the switch:
Table 3. Host Info Metrics
Metric | Description |
Port Name | The name of the switch port |
Port State | The state of the switch port, up or down |
MTU | The largest size (measured in bytes) of a packet or frame that can be sent in a single network transmission |
Vlan | The VLAN of the Linux server |
Host IP | The IP address of the Linux server |
NIC Name | The name to distinguish the network interface card (NIC) of the Linux server |
Interface | The Ethernet port to which the Linux server is connected |
Status | The status of the Ethernet port to which the Linux server is connected |
MAC Address | The MAC address of the Linux server |
AmpCon-DC uses monitoring data to predict equipment failures and performance anomalies and then trigger immediate alarms. By checking these alarms, you can take corrective actions before issues are escalated.
Supported Alarm Types and Levels
AmpCon-DC supports the following alarm levels:
AmpCon-DC supports the following alarm types:
For detailed alarms and related alarm levels, see "10.7.1 Alarm Types and Levels"
Viewing Alarms
Viewing All Unread Alarms
In the AmpCon-DC UI, click Monitor > Alarm. You can see all unread alarms.
Viewing All Alarms
Click All Messages, and then you can see all alarms.
Click Back to Alarms, and then you can see all unread alarms.
Viewing All Unread "Error" Alarms
Click the red flame icon, and then you can see all unread "error" alarms.
Viewing All Unread "Warn" Alarms
Click the orange warning icon, and then you can see all unread "warn" alarms.
Viewing All Unread "Info" Alarms
Click the blue bell icon, and then you can see all unread "info" alarms.
10.7.1 Alarm Types and Levels
To check supported alarm types and related alarm levels, see the following tables:
Packet Loss Alarms
Table 1. Packet Loss Alarms
Alarm Metric | Description | Triggering Condition | Alarm Level |
In Errors | The number of incoming packets that contain errors and are dropped by a switch port increase | The metric value changes two times in the last four sampling cycles. | Error |
Out Errors | The number of outgoing packets that a switch port fails to transmit successfully due to errors | The metric value changes two times in the last four sampling cycles. | Error |
In Discards | The number of incoming packets that a switch port intentionally discards (drops) during processing | The metric value changes two times in the last four sampling cycles. | Error |
Out Discards | The number of outgoing packets that a switch port intentionally discards (drops) before they are transmitted | The metric value changes two times in the last four sampling cycles. | Error |
In Fcs Errors | The number of incoming packets that fail the Frame Check Sequence (FCS) validation | The metric value changes two times in the last four sampling cycles. | Error |
Resource Usage Alarms
Table 2. Resource Usage Alarms
Alarm Metric | Description | Triggering Condition | Alarm Level |
CPU Usage | The CPU usage | The metric value exceeds 85%. | Warn |
Memory Usage | The memory usage | The metric value exceeds 85%. | Warn |
In Bindwidth Usage | The input bandwidth usage | The metric value exceeds 85%. | Warn |
Out Bindwidth Usage | The output bandwidth usage | The metric value exceeds 85%. | Warn |
Fan PWM Usage | The proportion of the fan's Pulse Width Modulation (PWM) to the total width | The metric value is over 85%. | Warn |
RPSU Power-on | Whether the Power Supply Unit (PSU) is powered on or off | The metric value changes. | Info |
Interface Monitoring Alarms
Table 3. Interface Monitoring Alarms
Alarm Metric | Description | Triggering Condition | Alarm Level |
Admin Status | The port status (Up or Down) manually configured by the network administrator, including Up and Down | The metric value changes. | Info |
Oper Status | The actual operational port status (Up or Down), which is detected by the switch | The metric value changes. | Warn |
MTU | The largest size of a data packet that can be transmitted over a network without being fragmented. It’s measured in bytes | The metric value changes. | Info |
Loopback Mode | Whether the loopback mode is enabled on this port | The metric value changes. | Info |
Duplex Mode | Whether data can flow in one direction (half duplex) at a time or both directions (full duplex) simultaneously | The metric value changes. | Warn |
Port Speed | The maximum data transfer rate that the port can support | The metric value changes. | Warn |
Optical Module Alarms
Table 4. Optical Module Alarms
Alarm Metric | Description | Triggering Condition | Alarm Level |
Laser Temperature | The temperature of the optical module connected to the switch port. It’s measured in Celsius (°C) | The metric value exceeds 90 °C. | Warn |
Tx Power | The amount of optical power delivered by the optical module connected to the switch port | The metric value is not in the output power range. See the next section, Tx Power and Rx Power Ranges | Warn |
Rx Power | The amount of optical power consumed by the optical module connected to the switch port | The metric value is not in the input power range. See the next section, Tx Power and Rx Power Ranges. | Warn |
Power Budget | The difference between the output power and the input power | The metric value changes. | Info |
Tx Power and Rx Power Ranges
Table 5. Tx Power and Rx Power Ranges
Optical Module Type | Input Power Range | Output Power Range |
CFP | Min: -10, Max: 0 | Min: -8, Max: 2 |
CFP2 | Min: -10, Max: 0 | Min: -8, Max: 2 |
CFP2_ACO | Min: -10, Max: 0 | Min: -5, Max: 5 |
CFP4 | Min: -10, Max: 0 | Min: -8, Max: 2 |
QSFP | Min: -10, Max: 0 | Min: -8, Max: 2 |
QSFP28 | Min: -10, Max: 0 | Min: -8, Max: 2 |
QSFP28_DD | Min: -10, Max: 0 | Min: -8, Max: 2 |
QSFP56 | Min: -10, Max: 0 | Min: -8, Max: 2 |
QSFP56_DD | Min: -10, Max: 0 | Min: -8, Max: 2 |
QSFP56_DD_TYPE1 | Min: -10, Max: 0 | Min: -8, Max: 2 |
QSFP56_DD_TYPE2 | Min: -10, Max: 0 | Min: -8, Max: 2 |
QSFP_PLUS | Min: -10, Max: 0 | Min: -8, Max: 2 |
SFP | Min: -17, Max: -1 | Min: -9, Max: -1 |
SFP_PLUS | Min: -17, Max: -1 | Min: -9, Max: -1 |
SFP28 | Min: -12, Max: -1 | Min: -8, Max: 4 |
SFP56 | Min: -12, Max: -1 | Min: -8, Max: 4 |
SFP_DD | Min: -12, Max: -1 | Min: -8, Max: 4 |
CPAK | Min: -10, Max: 0 | Min: -8, Max: 2 |
CSFP | Min: -17, Max: -1 | Min: -9, Max: -1 |
DSFP | Min: -12, Max: -1 | Min: -8, Max: 4 |
XFP | Min: -10, Max: 0 | Min: -8, Max: 2 |
X2 | Min: -10, Max: 0 | Min: -8, Max: 2 |
OSFP | Min: -10, Max: 0 | Min: -8, Max: 2 |
If you can't access the AmpCon-DC UI to view alarms but need immediate alerts when issues arise, use the alarm notification feature to receive real-time email notifications. In this way, you can promptly find problems and prevent incident escalation.
10.8.1 Configuring an SMTP Server
Simple Mail Transfer Protocol (SMTP) servers are specialized applications responsible for sending, relaying, and routing email messages between senders and recipients over the internet or a network.
To receive alarm notifications through emails, you need to configure an SMTP server first.
Supported Information
Adding an SMTP Server
To add an SMTP server, follow these steps:
NOTE
NOTEs
Optional: Editing an SMTP Server
To edit an SMTP server, modify the configurations on the “Email Setting” page as needed, and then click Apply.
NOTE
Optional: Resetting an SMTP Server
To reset SMTP server configurations, click Reset on the “Email Setting” page.
NOTE
10.8.2 Configuring Alarm Notification Rules
After you configure an SMTP server, configure alarm notification rules. In alarm notification rules, specify alarm types, alarm levels, and the fabrics to be monitored. You are informed of these specified alarms when they are triggered.
Adding Alarm Notification Rules
To add an alarm notification rule, follow these steps:
NOTE
To prevent email bombing, set the silent period to at least 30 minutes. If you set the silent period to a value less than 30, the silent period is changed to 30 automatically.
NOTEs
To disable the monitoring of specific alarm levels, select the alarm levels in the right cell, and then click <.
To disable the monitoring of specific alarm types, select the alarm types in the right cell, and then click <.
For supported alarm types and alarm levels, see "10.7.1 Alarm Types and Levels"
Viewing Alarm Notification Rules
On the “Alarm Notification Rules” page, you can see the following information:
Table 1. Alarm Notification Rule Metrics
Metric | Description |
Rule Name | The name of the rule |
Alarm Scope (Fabric) | The fabric to be monitored |
Alarm Level | The levels of alarms to be monitored, including Warning, Error, and Info |
Alarm Type | The types of alarms to be monitored |
Silent Period (Minutes) | The period (in minutes) during which the same alarm notification is not sent repeatedly |
Status | Whether alarm notifications can be sent to the receiver’s email address |
Create User | The AmpCon-DC user who created the alarm notification rule |
Optional: Editing Alarm Notification Rules
To edit an alarm notification rule, follow these steps:
Optional: Deleting Alarm Notification Rules
To delete an alarm notification rule, locate the rule on the “Alarm Notification Rules” page, and then click Delete.
10.8.3 Viewing Historical Alarm Notification Logs
You can view all alarm notifications sent in the last 30 days for root cause analysis, fault prevention, or auditing.
Checking Historical Alarm Notifications
To check historical alarm notifications, follow these steps:
1. Click Monitor > Alarm > Historical Alarm Email Logs in the AmpCon-DC UI.
On the “Historical Alarm Email Logs” page, you can see all the historical alarm notifications that are sent in the last 30 days.
Table 1. Historical Alarm Email Log Metrics
Metric | Description |
Rule Name | The name of the alarm notification rule |
Subject | The alarm levels and alarm types |
Receivers | The email addresses of the receivers to be notified |
Status | Whether the email is sent to the receivers successfully |
Send Time | The time when the alarm notification email is sent |
Deleting Historical Alarm Notifications
To delete a historical alarm notification, locate the alarm notification, and click Delete.
After you add third-party devices to AmpCon-DC with the monitor feature enabled, you can manage these devices and monitor their Network Interface Cards (NICs) and optical modules. In addition, you can check or configure RoCE in one click and monitor RoCE-related telemetry data for performance tuning.
After you add devices to AmpCon-DC with the monitor function enabled, you can keep the inventory of added devices, view device information in real-time or historical topologies, and run Ansible playbooks on these devices for automation.
Currently, this feature supports only managing Linux servers.
Adding a Device to AmpCon-DC
To add a device to AmpCon-DC, follow these steps:
NOTE
NOTE
Viewing the Device Inventory
To view the monitored device inventory, ensure that the following prerequisites are met:
Then, click Service > Hosts > Inventory in the AmpCon-DC UI. You can see the list of devices that are added with the monitor feature enabled and connected to the AmpCon-DC server:
Viewing Devices in a Real-Time or Historical Topology
Click Physical Network > Topology, enter the real-time topology mode or the historical topology mode, and then click the switch to be monitored. You can view information of Linux servers connected to the switch.
For more information, see "10.6.5 Viewing Switch Details, Ports, and Linux Severs"
Enabling the Monitoring Function
You might not have enabled the monitor function for a device. To enable the monitor function, locate the device on the “Device Discovery” page, and then click Enable Monitor.
Deleting a Device
To delete a device from AmpCon-DC, follow these steps:
NOTE
Testing Device Connectivity
To check whether all added devices can connect to AmpCon-DC or not, follow these steps:
You can view Network Interface Cards (NICs) to evaluate network performance, diagnose issues, and thus ensure optimal network performance.
This feature supports Nvidia and Broadcom NICs on Linux servers. For the list of supported NICs, see "11.2.1 Supported NICs"
Prerequisites
Ensure that the following prerequisites are met:
Viewing the Inventory of NICs
After you add devices to AmpCon-DC with the monitor feature enabled, AmpCon-DC automatically monitors all NICs on these devices. You can view basic information and running status of NICs, such as NIC interface name, NIC state, chip number, and MAC address.
For more information, see "11.2.2 Viewing the NIC Inventory".
Viewing the Telemetry Data of NICs
After you add devices to AmpCon-DC with the monitor feature enabled, AmpCon-DC automatically collects performance-related telemetry metrics of each NIC on these devices, such as the number of octets (8-bit bytes) and packets received by a NIC.
For more information, see "11.2.3 Viewing the Telemetry Data of NICs".
11.2.1 Supported NICs
The Network Interface Card (NIC) monitoring feature of AmpCon-DC supports the following NICs:
Broadcom NICs
Table 1. Supported Broadcom NICs
Series | Device Model | Chip |
Ethernet Network Adapters | P210P | BCM57412 |
P210TP | BCM57416 | |
P225P | BCM57414 | |
P425G | BCM57504 | |
P2100G | BCM57508 | |
P2200G | BCM57608 | |
P1400GD | BCM57608 | |
BCM5720-2P | BCM95720 | |
N1400GD | BCM57608 | |
N2200G | BCM57608 | |
N2100G | BCM57508 | |
N425G | BCM57504 | |
N225G | BCM57414 | |
N210TP | BCM57416 | |
N210P | BCM57412 |
Nvidia NICs
Table 2. Supported Nvidia NICs
Series | Device Model | Chip |
ConnectX-4 Lx EN | MCX4121A-ACAT | MT27710 Family |
MCX4111A-XCAT | ||
MCX4121A-XCAT | ||
MCX4121A-XCHT | ||
MCX4111A-ACAT | ||
MCX4111A-ACUT | ||
MCX4121A-ACUT | ||
MCX4121A-ACHT | ||
MCX4121A-ACST | ||
MCX4131A-BCAT | ||
MCX4131A-GCAT | ||
ConnectX-5 | MCX512A-ACAT | MT27620 Family |
MCX512A-ACUT | ||
MCX512F-ACAT | ||
MCX512F-ACHT | ||
MCX515A-GCAT | ||
MCX516A-GCAT | ||
MCX515A-CCAT | ||
MCX515A-CCUT | ||
MCX516A-CCHT | ||
MCX516A-CCAT | ||
NVIDIA ConnectX-6 | MCX653106A-HDAT | MT28908 Family and MT28908A0 Family |
MCX653105A-EFAT | ||
MCX653106A-EFAT | ||
MCX651105A-EDAT | ||
MCX653105A-ECAT | ||
MCX653106A-ECAT | ||
MCX654106A-HCAT | ||
MCX653105A-HDAL | ||
MCX653106A-HDAL | ||
MCX683105AN-HDAT | ||
MCX654106A-ECAT | ||
MCX654105A-HCAT | ||
ConnectX-7 PCIe x16 Stand-up Adapter Cards | MCX75310AAS-NEAT | MT2910 Family |
MCX75310AAC-NEAT | ||
MCX75310AAS-HEAT | ||
MCX713104AC-ADAT | ||
MCX713104AS-ADAT | ||
ConnectX-7 Socket Direct Ready Cards for Dual-Slot Servers | MCX755106AS-HEAT | MT2910 Family |
MCX715105AS-WEAT | ||
MCX75510AAS-NEAT | ||
MCX75510AAS-HEAT | ||
MCX755106AC-HEAT | ||
NVIDIA ConnectX-6 Dx | MCX623102AC-GDAT | MT28908A0 Family |
MCX621202AS-ADAT | ||
MCX621202AC-ADAT | ||
MCX623106AC-CDAT | ||
MCX623106AN-CDAT | ||
MCX623106AS-CDAT | ||
MCX623105AN-VDAT | ||
MCX623102AS-ADAT | ||
MCX623102AS-ADAT | ||
MCX621102AN-ADAT | ||
MCX621102AC-ADAT | ||
MCX623102AC-ADAT | ||
MCX623102AN-ADAT | ||
MCX621102AE-ADAT | ||
MCX623102AN-GDAT | ||
MCX623102AE-GDAT | ||
MCX623102AS-GDAT | ||
MCX623105AN-CDAT | ||
MCX623106PC-CDAT | ||
MCX623105AC-CDAT | ||
MCX623105AE-CDAT | ||
MCX623106AE-CDAT | ||
MCX623109AC-CDAT | ||
MCX623109AN-CDAT | ||
MCX623106GC-CDAT | ||
MCX623106TC-CDAT(a) | ||
MCX623106GN-CDAT | ||
MCX623106PC-CDAT | ||
MCX623106PE-CDAT | ||
MCX623106PN-CDAT | ||
MCX623106TN-CDAT | ||
MCX623105AE-VDAT | ||
MCX623105AS-VDAT | ||
MCX623105AC-VDAT(a) |
11.2.2 Viewing the Inventory of NICs
After you add devices to AmpCon-DC with the monitor function enabled, AmpCon-DC automatically monitors Network Interface Cards (NICs) on these devices.
You can have an overall understanding of NICs in your network, ensure NICs work well, and prevent network failures.
Prerequisites
Ensure that the prerequisites described in Monitoring NICs are met.
Viewing NIC Data
Click Service > NICs > Inventory in the AmpCon-DC UI. You can see the list of all monitored devices.
To check detailed NIC information of a specific device, click + before the device. Then, you can see the following metrics:
Table 1. NIC Metrics
Metric | Description |
Sysname | The name of a device or a NIC |
State | The state of the Ethernet port, up or down |
Interface | The name of the Ethernet port |
Chip Number | The chip number of the NIC |
Mac Address | The MAC address of the Ethernet port |
Host Port | The number of ports on the NIC interface |
Firmware Version | The firmware version of the NIC |
Type | The type of the item in the list, server or nics |
Exporting NIC Data
Refreshing the Inventory List
To refresh the inventory list, click Refresh.
11.2.3 Viewing the Telemetry Data of NICs
After you add devices to AmpCon-DC with the monitor function enabled, AmpCon-DC automatically collects performance-related telemetry metrics of NICs on these devices.
You can gain real-time or historical insights into network traffic conditions on each NIC, identify traffic peaks, and pinpoint bottlenecks.
Prerequisites
Ensure that the prerequisites described in Monitoring NICs are met.
Viewing Telemetry Data
Click Service > NICs > Monitoring in the AmpCon-DC UI. Then, you can see NIC-related telemetry data of all monitored devices.
Table 1. NIC Telemetry Data
Metric | Description |
In Octets | The number of octets (8-bit bytes) received by a NIC. By using the In-Octets metric, you can understand how much data the NIC has received and analyze the traffic and bandwidth usage. |
In Pkts | The number of incoming packets received by a NIC. By using the In-Pkts metric, you can understand the load on the NIC and diagnose network congestion or connection issues. |
In Discards | The number of incoming packets that a NIC intentionally discards (drops) during processing. High discarded incoming packets are possibly caused by buffer overflow, misconfiguration, or traffic control mechanisms. |
In Errors | The number of incoming packets that contain errors and are dropped by a NIC. High erroneous incoming packets are possibly caused by potential hardware failures, signal interference, or physical layer problems. |
Out Octets | The number of octets (8-bit bytes) transmitted out of a NIC. By using this metric, you can evaluate the total amount of outgoing data and analyze upstream bandwidth usage. |
Out Pkts | The number of outgoing packets transmitted by a NIC.By using this metric, you can understand the frequency of sending data packets, the packet transmission behavior, and traffic load of the network interface. |
Out Discards | The number of outgoing packets that a NIC intentionally discards (drops) before they are transmitted. High discarded outgoing packets are possibly caused by buffer overflow or flow control issues. |
Out Errors | The number of outgoing packets that a NIC fails to transmit successfully due to errors.High erroneous incoming packets are possibly caused by hardware failures or transmission line issues. |
Filtering Telemetry Data
NOTE
RDMA over Converged Ethernet (RoCE) leverages Remote Direct Memory Access (RDMA) to achieve high-throughput and low-latency data transfers between nodes in a network. For more information, see "11.3.1 RoCE Overview".
By using AmpCon-DC, you can check or configure RoCE in one click and monitor RoCE-related telemetry data for performance tuning.
Currently, this feature supports Nvidia and Broadcom NICs on Linux servers.
Prerequisites
Ensure that the following prerequisites are met:
Checking RoCE
Before you configure or monitor RoCE, check the RoCE status on the device first, including checking whether NIC drivers, RoCE drivers, and RDMA-related tools are installed, whether RoCE V2 and ECN are enabled, and whether QOS and PFC are configured as required.
For more information, see "11.3.2 Checking RoCE".
Configuring RoCE
You can customize RoCE configurations based on the built-in RoCE configuration template and push these configurations to one or multiple NICs in one go. The RoCE configuration process is greatly simplified by using AmpCon-DC.
For more information, see "11.3.3 Configuring RoCE".
Monitoring RoCE
You can monitor RoCE-related telemetry data on the network interface card (NIC) side. For more information, see "11.3.4 Monitoring RoCE".
To monitor PFC and ECN telemetry data on the switch side, see "10.5.1 Global Telemetry Data - AI Metrics".
11.3.1 RoCE Overview
RDMA over Converged Ethernet (RoCE) is a network protocol that enables high-throughput and low-latency data communication between nodes in a network.
Benefits of RoCE
RoCE helps reduce CPU workloads by providing direct memory access for applications that bypass the CPU. Because packet processing and memory access are handled by the network interface card (NIC) and network switch rather than the CPU, RoCE allows for higher throughput, lower latency, and reduced CPU utilization for both the sender and receiver, which is crucial for distributed storage, high-performance computing (HPC), and AI deep learning model training and big data analytics.
Versions of RoCE
RoCE has the following two versions. AmpCon-DC supports only checking and configuring RoCEv2.
Key Features of RoCE
AmpCon-DC supports configuring and monitoring the following features of RoCE:
Priority Flow Control (PFC)
Priority Flow Control (PFC) is a network protocol designed to manage congestion on Ethernet networks by allowing for the independent pausing of traffic based on priority levels. It is part of the IEEE 802.1Qbb standard and is particularly useful in data center environments where different types of traffic need to be handled with varying degrees of urgency.
PFC is a critical technology for managing congestion in Ethernet networks, particularly in data center environments. By enabling traffic differentiation and providing lossless transport for high-priority traffic, PFC helps maintain performance and reliability for critical applications.
Explicit Congestion Notification (ECN)
Explicit Congestion Notification (ECN) is an effective mechanism for managing network congestion by marking packets instead of dropping them. It is an extension of the IP and TCP protocols, enhancing the way congestion is managed by marking packets instead of discarding them. It helps improve network performance, reduce packet loss, and maintain high throughput, making it especially valuable in data centers and for real-time applications.
Quality of Service (QoS)
QoS is a network mechanism used to manage and ensure different levels of quality and performance for different types of traffic in a network. QoS aims to control the transmission priority of data packets through network devices, protocols, and mechanisms, thereby ensuring priority processing for critical tasks and reducing issues such as latency, packet loss, and jitter.
11.3.2 Checking RoCE
Before you configure or monitor RoCE, use AmpCon-DC to check the RoCE status on the device first to see whether NIC drivers, RoCE drivers, and RDMA-related tools are installed, whether RoCEv2 and ECN are enabled, and whether QOS and PFC are configured as required.
Prerequisites
Ensure that the prerequisites described in Managing RoCE are met.
Procedure
To check RoCE on one or multiple devices, follow these steps:
NOTEs
11.3.3 Configuring RoCE
You can customize RoCE configurations by using RoCE templates provided by AmpCon-DC and push these configurations to one or multiple NICs in one click. The RoCE configuration process is greatly simplified in this way.
Prerequisites
Ensure that the prerequisites described in Managing RoCE are met.
Procedure
To configure RoCE on one or multiple devices, follow these steps:
NOTE
Then, these RoCE configurations are pushed to the selected devices and NICs. To bring these configurations into effect, restart these devices.
Verifying RoCE Configurations
Verify whether the RoCE configurations are pushed to selected devices successfully. For more information, see "11.3.5 Verifying RoCE Configurations".
11.3.4 Monitoring RoCE
RoCE monitoring is valuable to identify key factors affecting network performance, ensure business continuity, and improve network management efficiency.
By using AmpCon-DC, you can monitor RoCE monitoring data on the Network Interface Card (NIC) side and on the switch side.
11.3.4.1 Monitoring RoCE on NICs
You can monitor RoCE data on the Network Interface Card (NIC) side.
By using AmpCon-DC, you can monitor RoCE data on the Network Interface Card (NIC) side.
Prerequisites
Ensure that the prerequisites described in Managing RoCE are met.
Procedure
a. In the PFC section, select the PFC data priority levels. For example, if you selected Prio3 and Prio5, only the PFC telemetry data with priority 3 and 5 are displayed.
NOTE
b. In the PFC section, select the PFC metrics to be monitored.
Table 1. PFC Metrics
Metric | Description |
prioX_rx_byte | Total incoming bytes with the selected priority level |
prioX_rx_packet | Total incoming frames received with the selected priority level |
prioX_rx_pause | Total incoming Pause Frames received with the selected priority level |
prioX_tx_byte | Total outgoing bytes with the selected priority level |
prioX_tx_packet | Total outgoing frames with the selected priority level |
prioX_tx_pause | Total outgoing Pause Frames with the selected priority level |
c. In the ECN section, select or unselect the ECN metric rx_ecn_marked_pkts, which means the count of incoming packets marked with ECN.
d. In the Device section, select the NIC vendor, Nvidia or Broadcom.
NOTE
e. In the Select Device section, click the filter icon, and then select the device and NICs to be monitored.
f. Click OK.
Then, the data during the selected time range is displayed.
Open image-20250519-074940.png
NOTE
Open image-20250519-075016.png
11.3.4.2 Monitoring RoCE on Switches
By using AmpCon-DC, you can monitor RoCE data on the switch side.
You can see PFC and ECN data for only Trident3 and Tomahawk3 switches that support PFC and ECN and have PFC and ECN enabled.
Prerequisites
Ensure that the prerequisites described in Managing RoCE are met.
Viewing the Trends Tab
Table 1. RoCE Telemetry Data
Metric | Description |
Ecn Marked Packets | The number of packets that have been marked with Explicit Congestion Notification (ECN) |
Send-Pfc-Pause-Frames | The PAUSE frames sent by the transmitting end for flow control |
Receive-Pfc-Pause-Frames | The PAUSE frames received by the receiver end for flow control |
Pfc-Deadlock-Monitor-Count | A counter used for monitoring and recording the number of Priority Flow Control (PFC) deadlock events |
Pfc-Deadlock-Recovery-Count | A counter used to track and record the number of recoveries from Priority Flow Control (PFC) deadlock states |
a. In the Fabric list, select one or multiple fabrics.
b. In the Device Role list, select leaf, spine, or both.
c. In the Sysname list, select the switches and NICs.
d. In the TopK list, select the count of NICs to be displayed, Top 5, Top 10, Top 25, or Total X (all selected NICs).
Top 5: The 5 NICs with the largest values. By default, Top 5 is selected.
Top 10: The 10 NICs with the largest values.
Top 25: The 25 NICs with the largest values.
NOTE
e. Click OK.
Viewing the Statistics Tab
Table 2. RoCE Metrics
Metric | Description |
Fabric | The fabric of the switch |
Sysname | The hostname of the switch |
Device Role | Spine switch or leaf switch |
Port Name | The port of the switch |
Queue Number | The queue number of PFC |
Send-PFC-Pause-Frames | The PAUSE frames sent by the transmitting end for flow control |
Receive-PFC-Pause-Frames | The PAUSE frames received by the receiver end for flow control |
PFC-Deadlock-Monitor-Count | A counter used for monitoring and recording the number of Priority Flow Control (PFC) deadlock events |
PFC-Deadlock-Recovery-Count | A counter used to track and record the number of recoveries from Priority Flow Control (PFC) deadlock states |
Send-PFC-Pause-Frames Rate | The rate at which PFC (Priority-based Flow Control) PAUSE frames are sent |
Receive-PFC-Pause-Frames Rate | The rate at which PFC (Priority-based Flow Control) PAUSE frames are received by the switch |
ECN Marking Number | The number of packets that have been marked with Explicit Congestion Notification (ECN) |
The Rate Of ECN Marked Packets | The number of packets per unit time that are marked with Explicit Congestion Notification (ECN) codes by the switch in response to detected congestion |
11.3.5 Verifying RoCE Configurations
To verify whether the RoCE configurations are pushed to selected devices successfully, follow these steps:
Procedure
After you add devices to AmpCon-DC with the monitor feature enabled, you can view detailed information of optical modules connected to the devices.
Prerequisites
Ensure that the following prerequisites are met:
Procedure
Table 1. Module Metrics
Metric | Description |
Sysname | The name of the device or the NIC |
Port | The Ethernet port connected to the optical module |
Status | The status of the module, Active or Inactive |
PN | The vendor part number to distinguish the type and model of the optical module |
SN | The serial number of the optical module |
Vendor | The supplier or manufacturer of the optical module |
Length | The maximum distance over which an optical signal can be transmitted effectively through the module |
Wavelength | The wavelength of the light used in the optical module |
Power Class | The power consumption or optical power output classification of the optical module |
Temperature | The operating temperature range of the optical module |
Voltage | The voltage level required to power the optical module |
TX BIAS | The bias current applied to the laser diode in the transmitter (Tx) section of the optical module |
TX | The transmitter section of the optical module |
RX | The receiver section of the optical module |
You can create a group and then add switches and users to the group so that these users can manage only the assigned switches in this group.
You can also designate the operation permissions for a group so that the users and switches in the group can only perform the allowed operations.
Adding a Group
Editing a Group
By editing a group, you can add switches to a group or remove switches from a group. In addition, you can modify the allowed operation permissions for the group.
Adding Users to a Group
Displaying Users Associated with a Group
NOTE
Searching for Switches and Users
To search for specific switches, enter keywords in the search box of the Switch View tab.
To search for specific users, enter keywords in the search box of the User View tab.
Deleting a Group
To deploy and manage switches with AmpCon-DC, both AmpCon-DC licenses and PicOS licenses are needed:
To manage AmpCon-DC licenses or PicOS licenses, see the following child topics:
You can view all imported AmpCon-DC licenses, import a new or updated AmpCon-DC license to manage more switches, or invalidate the AmpCon-DC license on a switch to release the license.
In addition, you can check the operation logs and alarms related to AmpCon-DC licenses.
You can verify whether PicOS licenses are valid or not by using the License Audit feature. Or you can verify whether PicOS licenses are valid and extend PicOS licenses by using the License Action feature.
If the AmpCon-DC server can’t access the License Portal that you specified in the system configuration, you can add local PicOS licenses to AmpCon-DC so that AmpCon-DC can install PicOS licenses on corresponding switches.
12.2.1 Managing AmpCon-DC Licenses
You can view all imported AmpCon-DC licenses, import a new or updated AmpCon-DC license to manage more switches, or invalidate the AmpCon-DC license on a switch to release the license.
In addition, you can check the operation logs and alarms related to AmpCon-DC licenses.
Viewing AmpCon-DC Licenses
In the AmpCon-DC UI, click System > Software License > License View. You can see the AmpCon-DC licenses that are imported to AmpCon-DC. In addition, you can see the status and usage information of these AmpCon-DC licenses.
For more information, see "12.2.1.1 Viewing AmpCon-DC Licenses".
Importing an AmpCon-DC License
To manage a new switch with AmpCon-DC, you need to add the Hardware IDs of these new switches to an AmpCon-DC license by updating an existing AmpCon-DC license or creating a new AmpCon-DC license as described in Creating an AmpCon-DC License and Editing an AmpCon-DC License.
Then, import the updated or new license to AmpCon-DC.
For how to import an AmpCon-DC license, see "12.2.1.2 Importing a License".
Invalidating the AmpCon-DC License on a Switch
If you don’t need to deploy and manage a switch with AmpCon-DC, you can invalidate the AmpCon-DC license on the switch.
For how to invalidate an AmpCon-DC license, see "12.2.1.2 Invalidating a License".
Checking License Logs and Alarms
In the AmpCon-DC UI, click System > Software License > License Log. You can check the operation logs and alarms that are related to AmpCon-DC licenses.
For more information, see "12.2.1.3 Checking License Logs and Alarms".
Refreshing AmpCon-DC Licenses
To get the latest license information, click System > Software License > License management. On the “License Management” page, click Refresh.
Searching for AmpCon-DC Licenses
To search for specific licenses on the “License Management” page, enter keywords in the search box.
Except for the Operation column, other columns support both ascending and descending sorting.
12.2.1.1 Viewing AmpCon-DC Licenses
In the AmpCon-DC UI, click System > Software License > License View. You can see the AmpCon-DC licenses that are imported to AmpCon-DC.
In addition, you can see the status and usage information of these AmpCon-DC licenses.
License Status
In the License File Status section, you can see the numbers of “all“, “invalid“, and “expired“ AmpCon-DC licenses.
Indicates all licenses
Indicates that the license is invalid
Indicates that the license has expired
License Usage
In the License Usage section, you can see the numbers of normal, abnormal, and expired AmpCon-DC licenses.
Abnormal licenses include both invalid licenses and expired licenses.
License Details
In the License Information section, you can view the following columns. All columns support ascending and descending sorting.
You can filter licenses with the license status file keywords. In the License Information table, click the License File Status column, and select a status to view relevant licenses.
Fuzzy Search for License Information
In the search box of the License Information table, enter keywords to search for specific licenses.
12.2.1.2 Importing a License
To manage a new switch with AmpCon-DC, you need to add the Hardware IDs of these new switches to an AmpCon-DC license by updating an existing AmpCon-DC license or creating a new AmpCon-DC license as described in Creating an AmpCon-DC License and Editing an AmpCon-DC License.
Then, import the updated or new license to AmpCon-DC.
Procedure
To import an AmpCon-DC license, follow these steps:
After you import the new license, the All Licenses table is refreshed.
12.2.1.3 Invalidating a License
If you don’t need to deploy and manage a switch with AmpCon-DC, you can invalidate the AmpCon-DC license on the switch to release this license.
NOTEs
Procedure
You can see the invalid code is displayed in a pop-up window. The status of the license is changed to Invalid, and show invalid code in the Operation column is shown as clickable instead of grayed out.
If the license status is not displayed as Invalid, click Refresh to update the license status.
Open image-20250519-081133.png
- In the Addition Method section, select Form Input. In the Revoke Code field, paste the invalid code that you copied in step 4.
- In the Addition Method section, select File Upload. Click Blank template to download a template file. Open the template file, and enter the invalid code in the .xlsx template file. Then, upload the file.
12.2.1.4 Checking License Logs and Alarms
In the AmpCon-DC UI, click System > Software License > License Log. You can check the operation logs and alarms that are related to AmpCon-DC licenses.
Viewing License Operation Logs
On the “License Log” page, you can view license-related operation records (such as license import operations and license invalidation operations), the time of each operation, and the status of each operation.
Exporting License Operation Logs
To export license logs as a .csv file, select one or more entries, and then click Export in the License Log section.
Searching for License Operation Logs
To perform a fuzzy search for logs, enter keywords in the search box of the License Log section.
Checking License Alarms
To check license alarm information, check the License Alarm section.
Tips
Exporting License Alarms
To export alarms as a .csv file, select one or more alarm entries, and then click Export in the License Alarm section.
Searching for License Alarms
To perform a fuzzy search for alarms, enter keywords in the search box of the License Alarm section.
12.2.2 Managing PicOS Licenses
You can verify whether PicOS licenses are valid or not by using the License Audit feature. Or you can verify whether PicOS licenses are valid and extend PicOS licenses by using the License Action feature.
If the AmpCon-DC server can’t access the License Portal, you can add local PicOS licenses to AmpCon-DC so that AmpCon-DC can install PicOS licenses on corresponding switches.
Verifying License Validity
By using the License Audit feature, you can verify whether PicOS licenses are valid or not.
Verifying the PicOS License for a Switch
To check the PicOS license validity for a switch, follow these steps:
Verifying PicOS Licenses for a Group of Switches
To check the PicOS license validity for a group of switches, follow these steps:
NOTE
Verifying License Validity and Extending Licenses
By using the License Action feature, you can verify whether PicOS licenses are valid and extend PicOS licenses if these PicOS licenses are extended in the License Portal.
Verifying and Extending the PicOS License for a Switch
Verifying and Extending PicOS Licenses for a Group of Switches
NOTE
Adding Local PicOS Licenses
By default, when you deploy a switch with AmpCon-DC, AmpCon-DC installs the PicOS license based on License Portal URL, username, and password information in the system configuration.
But if the AmpCon-DC server can’t access the License Portal that you specified in the system configuration, for example in an air-gapped environment, you need to add local PicOS licenses to AmpCon-DC so that AmpCon-DC can install PicOS licenses on corresponding switches.
NOTEs
To add a local PicOS license, follow these steps:
Ansible is an open-source tool to automate configuration management, application deployment, and task automation. Ansible uses the simple, declarative language written in YAML, which is called playbook, to automate your tasks. You declare the desired state of a local or remote system in your playbook. Ansible ensures that the system remains in that state. For more information about Ansible, see Getting started with Ansible.
AmpCon-DC offers the picos_config Ansible module to interact with managed devices, making it easy to automate tasks such as configuring interfaces, VLANs, and managing security settings. The picos_config module is included in the AmpCon-DC server.
By using AmpCon-DC, you can write, run, and schedule Ansible playbooks on managed switches and added Linux servers, reducing manual work, eliminating configuration errors, and improving network management efficiency.
Use Cases and Benefits
Ansible helps you automate virtually any task. Check the common use cases of Ansible:
Ansible provides open-source automation that reduces complexity and runs everywhere. Check the benefits of Ansible:
Best Practices
Quick Start
To quickly get started with the Ansible automation feature, see "13.1 Quick Start Flow".
Playbook Examples
Before you run Ansible playbooks on managed switches, write playbooks based on the configuration examples. For more information, see "15.5 Examples for Ansible Playbooks".
Child Topics
On the “Playbooks” page, you can see the list of playbooks that are created. You can write or import a playbook, check syntax for a playbook, or run a playbook.
In addition, AmpCon-DC provides multiple playbook management functions including copying playbooks, using pre-built playbooks, editing, deleting, copying, or exporting playbooks, and adding tags to playbooks.
An Ansible job is a single execution of an Ansible playbook. On the “Ansible Jobs List” page, you can view the list of Ansible jobs and the list of switches with Ansible jobs. You can also check the execution results and output of these jobs.
On the “Schedule” page, you can view executed playbooks based on months, weeks, or days. You can also view executed playbooks in the list format.
If a playbook fails to be run on switches or Linux servers, check this topic for reasons and solutions.
Run Ansible playbooks on AmpCon-DC to automate routine operations in your network.
Prerequisites
Ensure that each switch to run Ansible playbooks is managed by AmpCon-DC. For more information, see "13. Prerequisites".
Step 1: Checking Pre-Built Playbooks
AmpCon-DC offers a series of pre-built Ansible playbooks for automating the following routines:
Click Maintain > Automation > Playbooks. On the “Playbooks” page, click the Show Pre-built Playbooks toggle. Check whether these pre-built Ansible playbooks meet your needs.
If yes, click Save AS on the “Playbooks” page to create a copy playbook, and then go to Step 4: Running Playbooks.
Step 2: Writing or Importing Playbooks
If the pre-built Ansible playbooks can’t meet your needs, you can create a customized workflow by writing a playbook on AmpCon-DC or importing a local playbook to AmpCon-DC.
Step 3: Checking Playbook Syntax
Before you run a playbook, check whether the playbook syntax is valid or not.
Step 4: Running Playbooks
Run a playbook to complete the automation operations. You can designate the schedule type of the playbook run.
Step 5: Checking Ansible Job Results and Output
After you run the Ansible playbook, you can check the execution result and output of the Ansible job.
On the “Playbooks” page, you can see the list of playbooks that are created. You can add or import a playbook, check syntax for a playbook, or run a playbook as needed.
In addition, AmpCon-DC provides multiple playbook management functions including copying playbooks, using pre-built playbooks, editing, deleting, copying, or exporting playbooks, and adding tags to playbooks.
Writing a Playbook on AmpCon-DC
For example, to load configurations from a configuration file to the playbook, click Add File to add a .conf file. For more information, see "15.5 Loading Configurations in a Configuration File".
Importing a Playbook
NOTE
Running a Playbook
NOTE
In the Choose Switches tab, select one or multiple switches.
In the Choose Groups tab, select one or multiple groups.
In the Choose Other Devices tab, select one or multiple devices that you added as described in "11.1 Adding a Device to AmpCon-DC".
Optional: Checking Syntax for a Playbook
On the “Playbooks” page, locate a playbook, and then click Check. A message pops up with the checking result.
Optional: Using Pre-built Playbooks
AmpCon-DC provides multiple pre-built playbooks, which are hidden by default.
NOTE
Optional: Editing a Playbook
On the “Playbooks” page, locate a playbook, and then click Edit. Modify the playbook contents as needed. You can also add or remove folders and files. Then, click Save All.
Optional: Deleting a Playbook
On the “Playbooks” page, locate a playbook, and then click Remove. Then, click Yes to confirm the deletion.
Optional: Copying a Playbook
On the “Playbooks” page, locate a playbook, and then click Save As. The new playbook has a default name, which you can modify as needed. Then, click Save.
Optional: Exporting a Playbook
On the “Playbooks” page, locate a playbook, and then click Export.
Optional: Adding or removing Playbook Tags
On the “Playbooks” page, locate a playbook, and then click Tag Management. Enter the tag name in the Tag Name field, and then click Add.
You can remove a tag by clicking the removal icon.
An Ansible job is a single execution of an Ansible playbook. On the “Ansible Jobs List” page, you can view the list of Ansible jobs and the list of switches with Ansible jobs. You can also check the execution results and output of these jobs.
Job View
Viewing Ansible Jobs
Click Maintain > Automation > Ansible Jobs List in the AmpCon-DC UI. In the Job View tab, you can see the list of playbook execution jobs.
The Schedule Type column including the following types:
Playbooks are executed with "Run Now".
Playbooks are executed with "One Time".
Playbooks are executed with "Scheduled".
The Status column includes the following status:
The playbook has not been executed. For example, after a playbook is created and before it’s executed, the status is IDLE.
NOTE
The playbook is currently running.
The playbook execution has been completed.
Checking Ansible Job Results and Output
Removing an Ansible Job
Switch View
Viewing Switches with Ansible Jobs
In the Switch View tab, you can see the list of switches that have playbook execution jobs.
Checking Ansible Job Results and Output
On the “Schedule” page, you can view executed playbooks based on months, weeks, or days. You can also view executed playbooks in the list format.
Procedure
Click < to view playbooks executed in the previous month. Click > to view playbooks executed in the next month.
Click < to view playbooks executed in the previous week. Click > to view playbooks executed in the next week.
Open 257.png
Click < to view playbooks executed on the previous day. Click > to view playbooks executed on the next day.
Click Today to view playbooks executed today.
Click < to view playbooks executed on the previous day. Click > to view playbooks executed on the next day.
Click Today to view playbooks executed today.
In the Result Table tab, you can see the playbook execution result. To view detailed result information, click Show Result.
In the Result Output tab, you can see the playbook execution output.
If the playbook fails to be run on switches or Linux servers, refer to the following reasons and solutions:
Playbook Syntax Issues
If the playbook syntax is wrong, the playbook can’t be run on specified devices.
Symptom
When you check the playbook execution result in the AmpCon-DC UI, you can see the error log as follows:
Solutions
Connection Issues
If the AmpCon-DC server fails to access the switches or added Linux servers, the playbook can’t be run on these devices.
Symptom
When checking the playbook execution result in the AmpCon-DC UI, you can see the error log as follows:
Solutions
Test the connectivity between the problematic switches (or Linux servers) and the AmpCon-DC server by running the following Ansible playbook:
---
- name: Test connectivity
hosts: all
tasks:
- name: Ping
ping: You can write and run the playbook in the AmpCon-DC UI. Follow these steps:
In this case, check whether the prerequisites for running playbooks are met.
You can connect to a device (such as a switch or terminal device) from the AmpCon-DC UI by creating an SSH session.
Procedure
When you configure switches, you can refer to the following examples:
See the following example global configurations including PoE, IP routing, VLAN, and inband configurations:
NOTE
set poe interface all enable true
set ip routing enable true
set vlans vlan-id 20 l3-interface vlan20
set l3-interface vlan-interface vlan20 address 192.168.20.10 prefix-length 24
set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 20
set system inband enable true
set protocols lldp enable true
set system services ssh idle-timeout 60
set protocols spanning-tree enable true
set protocols spanning-tree force-version 4See the following example security configurations:
NOTE
# TACACS+ configurations
set system aaa tacacs-plus disable false
set system aaa tacacs-plus key 12345678
set system aaa tacacs-plus server-ip 10.10.51.42
set system login user test authentication plain-text-password xxxxxx
set system login user test class super-user
# SNMP ACL configurations
set system snmp-acl network 192.168.1.0/24
set system snmp-acl network 10.8.0.0/24
# NAC configurations
# Provide the RADIUS server connection information
set protocols dot1x aaa radius authentication server-ip <Radius server IP> shared-key "<Key>"
# Configure the access profile
set protocols dot1x aaa radius nas-ip <switch management IP>
# Configure a RADIUS dynamic authorization client from which the switch accepts the Change of Authorization (CoA) messages
set protocols dot1x aaa radius dynamic-author client <Radius server IP> shared-key "<key>"
# Configure Server Priority
set protocols dot1x aaa radius authentication server-ip <Radius server IP> priority [1|2]
set protocols dot1x server-fail-vlan-id <vlan-id of guest or fallback, say: 20>See the following example configuration template for switch N3248PXE-ON, which includes the host name, Out of Band Management IP, and gateway:
NOTE
name: N3248PXE-ON-Nov20
description: N3248PXE-ON-Nov20
platform: N3248PXE-ON
content_start:
{#::::: For input Variable::::#}
set system hostname {{ Hostname }}
{% if Hostname %}
set protocols static route 0.0.0.0/0 next-hop {{ Default_gateway }}
{% endif %}
{#::::: Basic PoE config::::#}
set poe interface all enable true
{#::::: Basic VLAN config::::#}
set vlans vlan-id {{Data_VLAN_id}} vlan-name "DataVlan1"
set vlans vlan-id {{Data_VLAN_id}} l3-interface Vlan{{Data_VLAN_id}}
set l3-interface vlan-interface Vlan{{Data_VLAN_id}} address {{Data_VLAN_IP_Address_Mask.split('/')[0]}} prefix-length {{Data_VLAN_IP_Address_Mask.split('/')[1]}}
set vlans vlan-id {{Voice_VLAN_id}}
{#:::::For ports 1/1/1 through 1/1/24:data vlan 100 voice 101 ::::#}
{% for i in range(1,51) %}
set interface gigabit-ethernet te-1/1/{{ i }} family ethernet-switching port-mode "trunk"
{#::::: Inband port :::::#}
set interface gigabit-ethernet te-1/1/{{ i }} family ethernet-switching native-vlan-id {{Data_VLAN_id}}
set interface gigabit-ethernet te-1/1/{{ i }} voice-vlan vlan-id {{Voice_VLAN_id}}
{% endfor %}
{#::::: Outband port :::::#}
set system management-ethernet eth0 ip-address IPv4 {{Management_IP_Address_Mask.split('/')[0]}}/{{Management_IP_Address_Mask.split('/')[1]}}
set system management-ethernet eth0 ip-gateway IPv4 192.168.42.1
content_end$
param_start:
{
"Hostname": {
"param_default": "P8-Access-BR-1-SW-1",
"type": "text",
"required": "not required",
"description": "Configure the hostname",
"param_check": ""
},
"Management_IP_Address_Mask": {
"param_default": "192.168.42.169/24",
"type": "text",
"required": "required",
"description": "Configure management IP mask.e.g. 192.168.42.169/24",
"param_check": ""
},
"Default_gateway": {
"param_default": "192.168.42.1",
"type": "IPv4",
"required": "required",
"description": "Configure the default gateway e.g 192.168.42.1",
"param_check": ""
},
"Data_VLAN_id": {
"param_default": "10",
"type": "text",
"required": "required",
"description": "Configure Data VLAN id , e.g. 10",
"param_check": ""
},
"Data_VLAN_IP_Address_Mask": {
"param_default": "192.168.43.169/24",
"type": "text",
"required": "required",
"description": "Configure management IP mask.e.g. 192.168.43.169/24",
"param_check": ""
},
"Voice_VLAN_id": {
"param_default": "800",
"type": "text",
"required": "required",
"description": "Configure Voice VLAN id , e.g. 800",
"param_check": ""
}
}
param_end$See the following example JSON file for multiple switch configurations:
{
"sn": ["TEST-SN-1", "TEST-SN-2"],
"hardware_model": "as4610_54p",
"location": "Beijing",
"global_config_name": "2022-8-2-glob-as4610_54p-test",
"site_template_name": ["test-template-1", "test-template-2"],
"agent_config": {},
"vpn": true,
"retrieve_config": true,
"default_config_param": {
"test-template-1": {
"address": "1.1.1.1",
"interface": "1",
"prefix_length": "4",
"vif": "1"
},
"test-template-2": {
"classifier": "4"
}
},
"unique_config_param": {
"TEST-SN-2": {
"test-template-1": {
"address": "111.2.2.2"
},
"test-template-2": {
"classifier": "5"
}
}
}
}Ansible modules are code or binaries that Ansible copies to and executes on each managed device to accomplish the action defined in each Ansible task.
AmpCon-DC offers the picos_config Ansible module to interact with managed switches. The picos_config module, included in the AmpCon-DC server, makes it easy to automate tasks such as configuring interfaces, VLANs, and managing security settings.
Before you run Ansible playbooks on managed switches, write playbooks based on the following configuration examples, which are supported by the picos_config Ansible module.
NOTE
This topic only shows playbook examples for managed switches with PicOS installed.
Syntax Examples
Running Linux Shell Commands
To run Linux shell commands in managed switches, use the shell mode.
Playbook YAML Example:
---
- name: Shows uptime info for all switches
hosts: all
tasks:
- name: Shows uptime info for all switches
picos_config: mode='shell' cmd='uptime'
register: exec_result
- name: Show execution result
debug: var=exec_result.stdout_lines This playbook example runs the Linux shell command uptime under the Linux shell mode to show the current time, the time since the system and processes started, the number of logged-in users, and the average time of system load in the last 1 minute, 5 minutes, and 15 minutes.
Replace the command in the cmd field with any other Linux shell command to meet your needs.
After you run this playbook, check the playbook execution result in the AmpCon-DC UI. For how to check playbook execution results, see "13.3 Managing Ansible Jobs".
Showing Switch Configurations or Status
To show configurations or status of managed switches, use the cli_show mode.
Playbook YAML Example:
---
- name: Show Version info of all switches
hosts: all
tasks:
- name: Show version of switches
picos_config: mode='cli_show' cmd='show version'
register: exec_result
- name: Show execution result
debug: var=exec_result.stdout_linesQuesto Documento è Stato Utile?
Contatta FS
Apri un Caso di SupportoSu questa pagina
1.Release Notes
2.Overview
2.1 Key Features
2.2 Architecture
3.Planning
3.1 Supported Information
3.2 Installation Requirements
4.Deploying AmpCon-DC
4.1 Installing the AmpCon-DC Server
4.2 Adding System Configurations
4.3 Importing AmpCon-DC Licenses
4.4 Upgrading the AmpCon-DC Server
4.5 Uninstalling the AmpCon-DC Server
5.Administering AmpCon-DC
5.1 Managing User Access
5.2 Updating the Encrypt Key for Sensitive Data Encryption
5.3 Forwarding Logs to External Syslog Servers
5.4 Backing up and Restoring the AmpCon-DC Database
6.Designing Physical Networks
6.1 Key Concepts
6.2 Recommended Switches
6.3 Adding Fabrics
6.4 Adding Resources
6.5 Designing Units
6.6 Designing Templates
6.7 Adding Switches to Fabrics
6.8 Designing Fabrics
6.9 Managing Fabrics
7.Deploying or Importing Switches
7.1 Uploading and Pushing Images
7.2 Configuring Switch Models
7.3 Configuring Global Configurations
7.4 Configuring Configuration Templates
7.5 Adding Switch Configurations
7.6 Staging Switches
7.7 Provisioning New Switches with ZTP
7.8 Importing Switches
8.Configuring Switches
8.1 Pushing Configurations to Switches
8.2 Viewing, Editing, or Deleting Configurations
8.3 Backing up and Restoring Configurations
8.4 Comparing Running or Backup Configurations
8.5 Comparing Running Configurations with Initial Configurations
9.Managing Switches
9.1 Upgrading PicOS on Switches
9.2 Returning Merchandise Authorization for Switches
9.3 Decommissioning Switches
9.4 Removing Switches
10.Monitoring Switches
10.1 Global View
10.2 Switches View
10.3 Switches List and Details
10.4 Dynamic Load Balancing (DLB)
10.5 Telemetry
10.6 Topology
10.7 Alarms
10.8 Alarm Notifications
11.Managing Third-Party Devices
11.1 Managing Devices
11.2 Monitoring NICs
11.3 Managing RoCE
11.4 Monitoring Modules
12.Managing Authority
12.1 Managing Groups
12.2 Managing Licenses
13.Running Ansible Playbooks for Automation
13.1 Quick Start Flow
13.2 Running Playbooks
13.3 Managing Ansible Jobs
13.4 Viewing Playbook Scheduling
13.5 Troubleshooting
14.Accessing Devices through SSH Sessions
15.References
15.1 Example Global Configurations
15.2 Example Security Configurations
15.3 Example Configuration Template
15.4 Example JSON file for Multiple Switch Configurations
15.5 Examples for Ansible Playbooks
Questo Documento è Stato Utile?
Contatta FS
Apri un Caso di Supporto