AmpCon-DC Management Platform User Guide V2.5.0

2026年4月15日 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

AmpCon-DC Management Platform User Guide V2.4.0

2026年4月13日 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

AmpCon-DC Management Platform Release Notes

2026年4月10日 - AmpCon-DC Management Platform Release Notes Before you install AmpCon-DC 2.5.0 or upgrade AmpCon-DC to 2.5.0, read this topic to get a quick overview of what is added, improved, or changed in AmpCon-DC 2.5.0. AmpCon-DC 2.5.0 New Features The following features are added to AmpCon-DC 2.5.0: Tenant Management AmpCon-DC provides the tenant management feature to manage logical networks. Tenants are logical resource units used to deploy logical networks for overlay service provisioning. You can add and manage tenants in the AmpCon-DC UI. VLAN Template–Based ZTP and RoCE Deployment The simplified ZTP process now introduces VLAN templates, allowing you to deploy VLAN‑type networks automatically. You can configure a RoCE policy within the VLAN template, and then AmpCon-DC will push the RoCE policy configurations (PFC, ECN, and QoS) to switches, enabling Zero Touch Provisioning (ZTP) for RoCE networks. This feature streamlines the deployment of both traditional VLANs and high‑performance RoCE networks. Improvements The following improvements are added to AmpCon-DC 2.5.0: License Management From 15 days before a standard AmpCon-DC license expires until after the license expires, notification messages are displayed when you log in to the AmpCon-DC UI to remind you to renew the license. Logical Network The logical network deployment process is improved. When you create a logical network, you must designate the tenant who owns the logical network. You also need to assign Virtual Private Clouds (VPCs) in Point of Delivery (PoD) to the tenant so that the virtual networks of the VPCs can be added to the logical network. Lossless Network The following improvements are added to the lossless network feature: On the “RoCE Policies” page, the process of creating a RoCE policy is improved to be consistent with the RoCE configurations in ZTP templates. The RoCE EasyDeploy and Easy ECN functions are combined to the “Easy Deploy” page. Point of Delivery (PoD) In the PoD tab of the “Resource Interconnection” page, you can allocate VPCs to tenants and then add virtual networks of these VPCs to logical networks, achieving flexible and scalable network resource allocation. You can also unbind VPCs from tenants or search for VPCs. Third-Party Device Management The following improvements are added to the third-party device management feature: On the Device Discovery tab of the “Hosts” page, the Sysname field is renamed to Device Alias. When you add a new device, you can specify the device alias to better differentiate devices. On the Inventory tab of the “Hosts” page, the Device Alias, Status, Device Name, and Manufacturer columns are added. User Access Management The following new features are added to the user access management feature: You can now create custom roles, assign page and tab access permissions to these custom roles, and then assign these custom roles to users. The users will have the permissions of these roles. You can assign tenants to users for logical network management. After a tenant is assigned to a user, the user can deploy and manage the logical networks belonging to the tenant. AmpCon-DC supports user group management. To assign the same roles and tenants to multiple users, add these users to a user group and then assign built-in or custom roles and tenants to the user group, instead of authorizing each user one by one, ensuring consistent access control and improved operational efficiency. New Changes The following changes are added to AmpCon-DC 2.5.0: Supported Switch List and PicOS Versions The supported switch list and the recommended PicOS versions are updated. AmpCon-DC 2.4.0 New Features The following features are added to AmpCon-DC 2.4.0: Buffer Visualization AmpCon-DC supports monitoring buffer-related metrics for switch port queues, such as guaranteed buffer usage and headroom buffer usage. Based on these metrics, you can quickly identify issues such as buffer overflow and packet loss, helping optimize network performance. Lossless Network Configuration You can configure lossless networks on switches, including configurations of RoCE EasyDeploy, Priority Flow Control (PFC), Easy ECN and standard ECN (ECN), Quality of Service (QoS), and Dynamic Load Balancing (DLB). Node Uplink You can configure and manage uplink configurations of node devices, eliminating manual node-by-node or switch-by-switch configurations. The node uplink feature is used for overlay service provisioning. After you connect virtual networks of PoD with logical switches, node devices in the virtual networks can be connected to uplink switches based on node uplink configurations. Overlay Service Provisioning You can provision overlay services through designing logical network elements, including logical networks, logical routers, logical switches, and virtual networks. Queue Congestion Visualization AmpCon-DC supports congestion visualization of switch ports. You can analyze congestion details and optimize your network for better performance. Simplified ZTP Deployment Simplified ZTP is a ZTP method used to onboard switches and deploy physical networks in one go. By using simplified ZTP, you don’t need to deploy each switch one by one. All switches can be deployed in batches, and a physical network can be deployed automatically. Splunk Integration AmpCon-DC supports integrating with Splunk to give you deeper insights into your networks and devices through powerful data visualization and analysis capabilities of Splunk. You can do the following operations to meet your needs: Access the Splunk UI from the AmpCon-DC UI, enabling a fluid platform switching workflow. Send alerts from AmpCon-DC to Splunk, and view these alerts in the Splunk UI. Send AmpCon-DC system logs to Splunk, and view these logs in the Splunk UI. VNI Pools You can add VNI pools for automatic assignment of L2 VNIs and L3 VNIs during overlay service provisioning. Improvements The following improvements are added to AmpCon-DC 2.4.0: Alerting The following functions are added to the alerting feature: On the “Alert List” page, you can filter alerts by using the filter icon in the Last Time, Switch SN, or Type column. You can mark multiple or all unread alerts as read by using the Mark Selected as Read button. The following alert types are added to the alerting feature: Host Alert: AmpCon-DC now supports monitoring imported third-party devices. Alerts will be triggered when the CPU, memory, or storage utilization reaches a certain threshold. License Alert: Alerts will be triggered 15 days before the AmpCon-DC license expires and after the AmpCon-DC license expires. AI Monitoring Alert: Alerts will be triggered when the RoCE telemetry data of switches reaches a certain threshold. Bare Metal PoD Bare metal Point of Delivery (PoD) now supports displaying VPC and network related resources for visualization. Fabric Management The following improvements are added to the fabric design and management feature: The fabric design process is simplified by moving VLAN Domain and node uplink configurations to separate user interfaces. The fabric deletion process contains more prerequisites for resource consistency. After you remove switches from any other fabrics, these switches are added to the default fabric automatically. Help Document Embedding To make the AmpCon-DC UI easier to use, you can refer to the help documents embedded to the AmpCon-DC UI. On a specific page in the AmpCon-DC UI, click the ? icon. Then, you can see the related help document in the pop-up window. License Management The following functions are added to the AmpCon-DC license management feature: You can automatically import AmpCon-DC licenses for quick switch activation, eliminating the need for complex manual processes. You can convert a trial license to one or multiple standard licenses automatically. The SN/Service Tag column is added in the License Information section of the “License View” page and the All Licenses section of the “License Management” page. Switch Management The following functions are added to the switch management feature: On the “Switches” page, you can modify switch hostnames manually. The “Switches” page contains a new column, VPN IP, which means the IP address of the VPN tunnel established between the switch and the AmpCon-DC server. Third-Party Device Management The following functions are added to the third-party device management feature: You can power up, power down, and reload added Linux servers, log in to Baseboard Management Controller (BMC), and connect to a device from the AmpCon-DC UI by creating an SSH session. You can add devices to AmpCon-DC in bulk. You can configure RDMA over Converged Ethernet (RoCE) on NICs through deployment forms. New Changes The following changes are added to AmpCon-DC 2.4.0: AZ to PoD Available Zones (AZ) are renamed to Point of Delivery (PoD). Deploying Switches The process of deploying switches through normal ZTP is changed. After you provision new switches with normal ZTP and before you stage new switches, you must import AmpCon-DC licenses into AmpCon-DC to ensure each switch can be managed。 Navigation Bar The layout and wording of the AmpCon-DC navigation bar are optimized. Supported Switch list The supported switch list is updated. Supported PicOS versions The recommended PicOS version for supported switches is PicOS 4.7.0E or later. AmpCon-DC 2.2.0 New Features The following features are added to AmpCon-DC 2.2.0: Supports designing and managing physical networks with EVPN VXLAN to simplify the deployment of data center physical networks and reduce operational costs. Supports adding Available Zones (AZ) resources (vSphere, OpenStack, bare metal) to AmpCon-DC and viewing VPC, network, and VM resources of these added AZ. Supports managing third-party devices, Network Interface Cards (NICs), RDMA over Converged Ethernet (RoCE), and connected optical modules. Supports viewing load balancing related metrics to optimize your network for better performance. Supports receiving immediate alarm notifications through emails when issues arise. Improvements The following improvements are added to AmpCon-DC 2.2.0: The supported switch list is updated with more supported switch models. When you click a switch in a topology, the Host Info tab is displayed, where you can see metrics of Linux servers connected to the switch. The following telemetry metrics are added to the “Telemetry Dashboard” page. CPU usage Memory usage Fan In Bits Rate Out Bits Rate Out Pkts Rate In Pkts Rate The following telemetry metrics are added to the detail page of each managed switch. Added Version (means PicOS version) in the Device Information tab Added In Bits Rate, Out Bits Rate, Out Pkts Rate, In Pkts Rate, Usage, and Fan in the Switch Overview tab Added In Bandwidth Utilization, Out Bandwidth Utilization, Out Bits Rate, In Bits Rate, Out Pkts Rate, and In Pkts Rate in the Port Overview tab Added a Device Overview tab with Redundant Power Supply Unit (RPSUs) and fans related metrics Added an ARP tab with ARP-related metrics Added a MAC tab with MAC-related metrics Added an OSPF tab with OSPF-related metrics Added a BGP tab with BGP-related metrics Added an IP Route tab with IP Route related metrics Relocated AI-related metrics to the RoCE Counters section of the navigation bar The following resource usage related alarms are supported. The CPU usage is over 85% The memory usage is over 85% The input bandwidth usage is over 85% The output bandwidth usage is over 85% The switch is offline The switch is powered down The proportion of the fan's Pulse Width Modulation (PWM) to the total width is over 85% New Changes The recommended PicOS version for supported switches is PicOS 4.6.0E or later. Importing the AmpCon-DC license is no longer required during initial UI login. You can log in to the AmpCon-DC UI first and then import the license. AmpCon-DC 2.1.0 New Features The following features are added to AmpCon-DC 2.1.0: Supports automatic discovery of topology Supports telemetry to display real-time data from modules (optical or electrical) and switches including port status, port packet stats, and classification information of port packets Supports event alarming Supports monitoring of Intelligent Lossless Network, Priority-based Flow Control (PFC), and Explicit Congestion Notification (ECN) Supports importing PicOS-V switches to AmpCon-DC Improvements The following improvements are added to AmpCon-DC 2.1.0: The following improvements are added for automation with Ansible playbooks: Supports pre-testing of Ansible playbooks Supports importing third-party devices with a host name and a port number and SSH key validation Supports connectivity test of devices Adds descriptions to Ansible playbook functions in the AmpCon-DC UI Previously, Zero Touch Provisioning (ZTP) supports only deploying white-box switches. Now ZTP also supports deploying integrated hardware and software switches.

Software Upgrade Package for AmpCon-DC V2.5.0

2026年4月8日 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

AmpCon-DC for VMWare ESXi 2.5.0 Software

2026年4月8日 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

AmpCon-DC for VirtualBox 2.5.0 Software

2026年4月8日 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

AmpCon-DC for Ubuntu Docker 2.5.0 Software

2026年4月8日 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

AmpCon-DC for QEMU/KVM 2.5.0 Software

2026年4月8日 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

AmpCon-DC Quick Deployment Guide V2.4.0

2026年4月2日 - AmpCon-DC Quick Deployment Guide V2.4.0 The following topics provide quick start guides for AmpCon-DC, detailing the workflows of AmpCon-DC server installation, PicOS switch onboarding, template-based switch configuration, network deployment (physical and logical), and Ansible Automation. Platform Installation Workflow To use powerful features of AmpCon-DC, you need to install the AmpCon-DC server on either a virtual machine or a physical machine. This guide provides a comprehensive overview of AmpCon-DC server installation procedures. Prerequisites If you want to install the AmpCon-DC server on a physical machine, ensure that the physical machine meets the following requirements: NOTE To install the AmpCon-DC server on a virtual machine, ensure that the hypervisor has the following resources (CPU, memory, and hard disk) to be allocated when you import the AmpCon-DC server image to the hypervisor. Table 1. Machine Requirements Resource Requirement CPU Clock speed: 2.0 GHz or faster Number of cores: At least 4 CPU cores Memory At least 16 GB Hard Disk At least 512 GB Operating System Ubuntu 22.04 LTS (X86 architecture) with Docker Whether you want to install the AmpCon-DC server on a physical machine or virtual machine, if a firewall is used, configure the firewall properly to allow the following network access: Table 2. Network Requirements TCP/UDP Port Protocol TCP 80 HTTP TCP 443 HTTPS UDP 69 TFTP UDP 80 OpenVPN NOTE On AmpCon-DC, each managed switch has two IP addresses: Mgmt IP and VPN IP. Mgmt IP is the management IP address of a switch. Mgmt IP is used to connect to the AmpCon-DC server during the switch onboarding process. However, Mgmt IP might be changed. To ensure uninterrupted connection between the AmpCon-DC server and a switch after Mgmt IP is changed, OpenVPN is introduced to AmpCon-DC. OpenVPN is an open-source virtual private network (VPN) solution designed to create secure, encrypted communication tunnels over networks. After a switch is onboarded to AmpCon-DC successfully, a VPN tunnel between the AmpCon-DC server and the switch is established, and a VPN IP, the IP address of the VPN tunnel, is assigned to the switch. Later, the AmpCon-DC server and the switch will communicate through the VPN tunnel. The AmpCon-DC server also functions as the OpenVPN server, and its OpenVPN IP address is 10.8.0.1. The default subnet for OpenVPN is 10.8.0.0/20. If the default subnet has conflicts with your network, AmpCon-DC can’t work well. Contact the FS support team to resolve this issue. Installing on a Virtual Machine To install the AmpCon-DC server on a virtual machine, complete the following tasks: Table 3. Tasks for Installation on Virtual Machines Task Description Preparing a Hypervisor Prepare the hypervisor used to create the virtual machine. The following hypervisors are supported: VMware ESXi 6.7, 7.0, or 8.0 QEMU for Ubuntu 22.04 LTS KVM for Ubuntu 22.04 LTS Oracle VirtualBox NOTE The AmpCon-DC server installed on Oracle VirtualBox can be used for lab purposes only. Downloading the AmpCon-DC Server Image 1. Download the compressed AmpCon-DC server image by going to the FS AmpCon-DC website and locating the image related to the hypervisor and the AmpCon-DC version. 2. Put the compressed AmpCon-DC server image to the machine where the hypervisor exists, and then unzip the image. Importing the AmpCon-DC Server Image 1. Import the unzipped AmpCon-DC server image to the hypervisor. For different hypervisors, the steps of importing the AmpCon-DC server image are different. To check detailed importing steps on each hypervisor, see Installing on VMware ESXi, Installing on QEMU or KVM, and Installing on VirtualBox for Lab Only. 2. Wait for the importing process to finish. Once completed, the virtual machine is successfully created, and the AmpCon-DC server is installed. The AmpCon-DC server is installed in the /usr/share/automation/server directory. Currently, you can’t customize the installation directory. 3. Wait for the importing process to finish. Once completed, the virtual machine is successfully created, and the AmpCon-DC server is installed. Modifying the Network Interface Configuration 1. Start the virtual machine. 2. Log in to the virtual machine with the default username (pica8) and password (pica8). 3. Open the file named 00-installer-config.yaml by running the sudo vi /etc/netplan/00-installer-config.yaml command. 4. In the 00-installer-config.yaml file, modify the IP address with the real IP address of the virtual machine as follows: image.png The Network Interface Card (NIC) name in the 00-installer-config.yaml file might not match the real NIC name of the virtual machine. Therefore, you must check the real NIC name of the virtual machine first by using the command ip addr show and then update the NIC name in the 00-installer-config.yaml file. 5. Apply the network interface configuration by running the sudo netplan apply command. Starting the AmpCon-DC Server 1. Go to the AmpCon-DC installation directory by running the cd /usr/share/automation/server command. 2. Start the AmpCon-DC server by running the sudo ./start.sh command. Installing on a Physical Machine To install the AmpCon-DC server on a physical machine, complete the following tasks: Table 4. Tasks for Installation on Physical Machines Task Description Preparing a Physical Machine Prepare a physical machine based on Ubuntu 22.04 LTS with Docker installed. Downloading and Unzipping the AmpCon-DC Server Installation Package 1. Download the compressed AmpCon-DC server installation package by going to the FS AmpCon-DC website and locating the package related to the AmpCon-DC version. 2. Put the package to the physical machine, and then unzip the package by running the tar -zxvf command. Replace with the name of the compressed AmpCon-DC server installation package. Modifying the Network Interface Configuration 1. Open the file named 00-installer-config.yaml by running the sudo vi /etc/netplan/00-installer-config.yaml command. 2. In the 00-installer-config.yaml file, modify the IP address with the real IP address of the physical machine. 3. Apply the network interface configuration by running the sudo netplan apply command. Starting the AmpCon-DC Server 1. Go to the directory where the unzipped AmpCon-DC server installation files exist. 2. Install the AmpCon-DC server by running the sudo ./install_or_upgrade.sh command. 3. Wait for the installation process to finish. Once completed, the AmpCon-DC server is installed and started. The AmpCon-DC server is installed in the /usr/share/automation/server directory. Currently, you can’t customize the installation directory. What to Do Next After you install the AmpCon-DC server, check the following tasks. These tasks are not mandatory and can be used only when needed. Table 5. Post-Installation Tasks Task Description Configuring for Multi-NIC Deployment If multiple NICs are added to the virtual machine or physical machine, you must specify the NIC IP address used by the AmpCon-DC server to establish connections with managed switches, in the configuration file (/usr/share/automation/server/.env). Otherwise, the connections between the AmpCon-DC server and managed switches might fail. For more information, see Multi-NIC Deployment for Switch Connectivity Stopping the AmpCon-DC Server To stop the AmpCon-DC server, follow the steps: 1. Go to the AmpCon-DC installation directory by running the cd /usr/share/automation/server command. 2. Stop the AmpCon-DC server by running the sudo ./stop.sh command. Uninstalling the AmpCon-DC Server To uninstall the AmpCon-DC server, follow the steps: 1. Go to the AmpCon-DC installation directory by running the cd /usr/share/automation/server command. 2. Stop the AmpCon-DC server by running the sudo ./stop.sh command. 3. Clear the files in the server directory by running the sudo rm -rf /usr/share/automation/server command. Logging In to the AmpCon-DC UI The first time you log in to the AmpCon-DC UI, use the default username admin and password admin. For more information, see Deployment for Switch Connectivity. NOTEs The user admin is a built-in account of the SuperAdmin role. It has all operation permissions on AmpCon-DC. For security purposes, change the password upon the first login, update it periodically, and keep it secure. For how to update the password, see User Self-Management. You can add other user accounts and enable limited access for the personnel who are working with you. For more information, see Managing User Access. PicOS Switch Onboarding Workflow Onboard PicOS switches to bring them under AmpCon-DC management. Once successfully onboarded, the PicOS switches are classified as managed devices of AmpCon-DC. This guide provides a comprehensive overview of the procedures for onboarding PicOS switches to AmpCon-DC. Guidelines To onboard PicOS switches, three options are provided: switch import, normal Zero Touch Provisioning (ZTP), and simplified ZTP. If the switches have PicOS installed, you can onboard these switches by importing them to AmpCon-DC directly. If the switches don’t have PicOS installed, or though the switches have PicOS installed but you want to onboard these switches through normal ZTP, you can use AmpCon-DC to deploy these switches through normal ZTP. If you want to onboard switches and deploy physical networks in one go, use simplified ZTP. This topic doesn’t contain the workflow of simplified ZTP deployment. For simplified ZTP procedures, see Physical Network Deployment Workflow - Using Simplified ZTP. NOTEs Importing switches is not a ZTP method, which means that you still need to connect to the switches and do some operations on the switch side, such as obtaining IP addresses from the switches. The importing switch process doesn’t push switch configurations. Deploying switches through normal ZTP is a ZTP method used for automated deployment of switches. After you reboot the switches, AmpCon-DC will deploy the switches automatically. During the normal ZTP process, AmpCon-DC will push pre-configured configurations to the switches. Integrated hardware and software switches have PicOS installed. To onboard these switches, you can import these switches to AmpCon-DC directly, or you can deploy these switches through normal ZTP. Simplified ZTP is not only used to onboard switches but also used to deploy physical networks. If you don’t need to deploy physical networks, or if you want to design physical networks manually, do not use simplified ZTP. Simplified ZTP can be used only for switches with PicOS installed. For example, white-box switches with PicOS installed and integrated hardware and software PicOS switches. Prerequisites Before you onboard PicOS switches, ensure that the following prerequisite tasks have been completed: Table 1. Prerequisite Tasks and Links Category Task Reference Link Platform Requirement Install the AmpCon-DC server successfully. Platform Installation Workflow Log in to the AmpCon-DC UI with an account of the SuperAdmin role. Working with the User Interface Switch Requirement Ensure that the switches to be onboarded are supported by AmpCon-DC. Supported Switches for 2.4.0 For switches that have PicOS installed, ensure that the Secure Shell (SSH) protocol is enabled on these switches. SSH is enabled on PicOS switches by default. No Reference Link Network Requirement Ensure that the switches are able to connect to the AmpCon-DC server. No Reference Link If a firewall is configured between the AmpCon-DC server and the switches, allow outbound access on the following ports to the management port of each switch. TCP: 22 TCP: 9339 TCP: 830 No Reference Link Importing a PicOS Switch To onboard a PicOS switch by importing it to AmpCon-DC, complete the following tasks: Table 2. Switch Import Tasks and Links Category Task Reference Link License Import Obtain an AmpCon-DC license (containing hardware IDs of the switches to be onboarded) from the FS sale team. Then, import the AmpCon-DC license to AmpCon-DC. Importing Licenses for Imported Switches System Configuration Click Device > Device Profiles from the navigation bar of the AmpCon-DC UI. Click the System Configuration tab. In this tab, configure the global system configuration. If the global system configuration doesn’t match with the switch, create a non-global system configuration. Adding System Configurations Switch Import If you have obtained the IP address of the switch, you can use the automatic import method. Automatically Importing a Switch If you haven’t obtained the IP address of the switch, you can use the manual import method. Manually Importing a Switch Switch Import Result Click Device > Switches from the navigation bar. On the “Switches” page, check whether the switch is displayed in Imported status. Checking Importing Results Deploying a Switch through Normal ZTP Deploying a White-Box Switch To onboard a white-box switch by deploying it through normal ZTP, complete the following tasks: Table 3. White-Box Switch Deployment Tasks and Links Category Task Reference Link System Configuration Click Device > Device Profiles from the navigation bar of the AmpCon-DC UI. Click the System Configuration tab. In this tab, configure the global system configuration. If the global system configuration doesn’t match with the switch, create a non-global system configuration. Adding System Configurations Switch Model Click the Switch Model tab. In this tab, configure the switch model related to the switch. Configuring Switch Models Global Configuration Click the Global Configuration tab. In this tab, prepare the global configuration to be pushed to the switch. Configuring Global Configurations Configuration Template Click Device > Config Templates from the navigation bar. Click the New Template tab. In this tab, prepare a configuration template. Adding Configuration Templates Switch Configuration Click Device > Device Profiles from the navigation bar. Click the Switch Configuration tab. In this tab, add a switch configuration for the switch. Adding Switch Configurations DHCP Server Configure a DHCP server. If the DHCP server is not configured correctly, the switch deployment will fail. Configuring a DHCP Server Switch Provisioning through Normal ZTP Provision the switch through normal ZTP to complete the switch deployment. Provisioning a White-Box Switch NOTE Pay attention to the following points. Or else, the switch will fail to be deployed. These points are also applicable to integrated hardware and software switch deployment. Be careful when you configure system configurations: Ensure that the entered Device Default Login User and Device Default Password are correct and can be used to log in to the switch. If the switch doesn’t use the Device Default Login User and Device Default Password in the global system configuration, create a non-global system configuration for the switch, and ensure the Device Default Login User and Device Default Password match with the switch. Ensure that the AmpCon-DC server can connect with the License Portal through the entered License Portal URL, License Portal User, and License Portal Password. For more information, see Checking License Portal Connectivity. Ensure that the uploaded Security Config File and Parking Security Config File don’t contain wrong configurations or underlay/overlay related configurations. If you configure the DHCP server before adding a switch configuration, the switch will go to the AmpCon-DC parking lot. For more information, see Managing the Parking Lot. To continue deploying the switches in the parking lot, follow these steps: a. In the AmpCon-DC UI, click Device > Switches from the navigation bar. b. On the “Switches” page, click Parking Lot. c. Locate the switch to be deployed, and then click Create Config to add a switch configuration. After you add the switch configuration, the switch will be listed on the “Switches” page with the Configured status. d. Continue to provision the switch through normal ZTP to complete the switch deployment. Deploying an Integrated Hardware and Software Switch To onboard an integrated hardware and software switch by deploying it through normal ZTP, complete the following tasks: Table 4. Integrated Hardware and Software Switch Deployment Tasks and Links through Normal ZTP Category Task Reference Link System Configuration Click Device > Device Profiles from the navigation bar of the AmpCon-DC UI. Click the System Configuration tab. In this tab, configure the global system configuration. If the global system configuration doesn’t match with the switch, create a non-global system configuration. Adding System Configurations Global Configuration Click the Global Configuration tab. In this tab, prepare the global configuration to be pushed to the switch. Configuring Global Configurations Configuration Template Click Device > Config Templates from the navigation bar. Click the New Template tab. In this tab, prepare a configuration template. Adding Configuration Templates Switch Configuration Click Device > Device Profiles from the navigation bar. Click the Switch Configuration tab. In this tab, add a switch configuration for the switch. Adding Switch Configurations DHCP Server Configure a DHCP server. If the DHCP server is not configured correctly, the switch deployment will fail. Configuring a DHCP Server Switch Provisioning through Normal ZTP Provision the switch through normal ZTP to complete the switch deployment. Provisioning an Integrated Hardware and Software Switch What to Do Next After you onboard PicOS switches, check the following tasks. These tasks are not mandatory and can be used only when needed. Table 5. Post-Onboarding Tasks and Links Category Task Reference Link Physical Network Design and deploy physical networks with PicOS switches. Physical Network Deployment Workflow Configuring PicOS Switches Use configuration templates to push specific configurations to PicOS switches. Configuring Switches Managing PicOS Switches Manage the lifecycle of PicOS switches to reduce the complexity and workload of switch management while improving efficiency: Check the switch inventory and telemetry data of each switch. Upgrade PicOS on a single switch or on multiple switches at scale. Use Returning Merchandise Authorization (RMA) to replace a switch with another switch of the same switch model. Decommission (DECOM) a deployed switch to clear the configurations pushed by AmpCon-DC from the switch. Remove a switch from the AmpCon-DC database and the AmpCon-DC UI. Check or update PicOS licenses with the latest support entitlements. Managing Switches Managing PicOS Licenses Monitoring PicOS Switches Monitor PicOS switches as follows: Monitor metrics and topologies of PicOS switches. Monitor added Linux servers, such as NICs and connected optical modules. View different levels and types of alerts in the AmpCon-DC UI. Receive real-time email alert notifications if you need to be notified immediately. View and analyze alerts in the Splunk UI to get more detailed insights. Monitoring and Alerting Accessing Devices through SSH Sessions Connect to PicOS switches from the AmpCon-DC UI by creating SSH sessions. Accessing Devices through SSH Sessions PicOS Switch Configuration Workflow AmpCon-DC simplifies switch configuration through the template-based configuration model, and allows you to apply consistent and standardized configurations across PicOS switches in one or multiple sites, making the configuration process more efficient and streamlined. This guide provides a comprehensive overview of PicOS switch configuration procedures. Guidelines To push configurations to PicOS switches, AmpCon-DC provides two options: Table 1. Switch Configuration Options Option Description RoCE Configurations Use RoCE dashboards to push RoCE configurations to switches, achieving high-throughput and low-latency data transmission over Ethernet. General Configurations Use configuration templates to push general configurations. AmpCon-DC provides pre-built CLI commands in a hierarchical way in the user interface. You can create configuration templates with different CLI commands. When pushing configurations to PicOS switches, select the configuration templates containing the required CLI commands, and select the switches to be configured. Then, these CLI commands will be run on the selected PicOS switches automatically. Prerequisites Before you configure PicOS switches, ensure that the following prerequisite tasks have been completed: Table 2. Prerequisite Tasks and Links Category Task Reference Link Platform Requirement Install the AmpCon-DC server successfully. Platform Installation Workflow Log in to the AmpCon-DC UI with an account of the SuperAdmin, Admin, or Operator role. Working with the User Interface Switch Requirement Onboard supported PicOS switches to bring them under AmpCon-DC management. PicOS Switch Onboarding Workflow Ensure that the PicOS switches are up and connected to the AmpCon-DC server. You can check the connectivity by clicking Device > Switches from the navigation bar and viewing the VPN IP column: ✓: The switch is up and connected to the AmpCon-DC server. x: The switch is down or not connected to the AmpCon-DC server. No Reference Link Pushing RoCE Configurations To push RoCE configurations to PicOS switches through RoCE dashboards, complete the following tasks: NOTEs Ensure that the related RoCE features are supported on the PicOS switches. For more information, see PICOS Supported Features. Pay attention to the guidelines and notes in each reference link. Or else, RoCE configurations might fail to be pushed. The following tasks are not mandatory and can be used only when needed. Table 3. RoCE Configuration Tasks and Links Category Task Reference Link RoCE EasyDeploy Click Physical Network > RoCE > RoCE EasyDeploy from the navigation bar. In the Deployment tab, click + Configuration to push RoCE EasyDeploy configurations to switches. Configuring RoCE EasyDeploy PFC Configuration Click Physical Network > RoCE > RoCE Policies from the navigation bar. In the PFC tab, create and push customized PFC configurations. Configuring PFC ECN Configuration In the ECN tab, create and push customized ECN configurations. Configuring ECN QoS Configuration In the Service Scheduling tab, create and push customized Quality of Service (QoS) configurations. Configuring QoS Scheduling DLB Configuration Click Physical Network > RoCE > Load Balancing from the navigation bar. In the Deployment tab, push Dynamic Load Balancing (DLB) configurations to switches. Configuring Dynamic Load Balancing Pushing General Configurations To push general configurations to PicOS switches through configuration templates, complete the following tasks: Table 4. Configuration Template Tasks and Links Category Task Reference Link Adding Configuration Templates Click Device > Config Templates from the navigation bar. In the New Template tab, create configuration templates with one or multiple required CLI commands. Adding Configuration Templates Creating a Configuration Node Click the Push Config tab. In this tab, create a configuration node, select the configuration templates containing the required CLI commands, enter variable values for the CLI commands, and select the switches to be configured. Pushing Configurations to Switches Verifying Configuration Pushing Verify the configuration pushing status and logs. Verifying the Pushing Status and Log What to Do Next After you configure PicOS switches, check the following tasks. These tasks are not mandatory and can be used only when needed. Table 5. Post-Configuration Tasks and Links Category Task Reference Link Managing Configuration Templates Manage the added configuration templates. Managing Configuration Templates Managing Configuration Nodes View, edit, or delete the added configuration nodes. Managing Configuration Nodes Comparing Configurations Compare running configurations with initial configurations on the same switch. Comparing Running Configurations with Initial Configurations Compare running configurations or backup configurations on one switch or on different switches. Comparing Running or Backup Configurations Backing Up and Restoring Configurations Back up and restore configurations for disaster recovery. Backing Up and Restoring Configurations Physical Network Deployment Workflow Underlay means the physical network infrastructure that serves as the foundational layer for data transmission. Physical networks are used for underlay provisioning. On AmpCon-DC, you can deploy physical networks by deploying fabrics. This guide provides a comprehensive overview of physical network (fabric) deployment procedures. NOTEs This guide lists only the workflow of physical network deployment. You need to check the reference links for detailed steps. Pay attention to the notes in each reference link. Or else, the deployment might fail. Guidelines AmpCon-DC offers flexible VXLAN physical network deployment options to meet different networking requirements of users. To deploy a physical network, you are provided with two options: Table 1. Deployment Options Option Description Simplified ZTP Use simplified ZTP to complete the switch onboarding and physical network deployment in one go. Applies to the scenario where you have no network plan but need to quickly deploy a physical network. Requires less configurations to complete the switch onboarding and physical network deployment. Used only for the supported switches with PicOS installed. Physical Network Design Onboard switches through switch import or normal ZTP first, and then design a physical network with AmpCon-DC. Applies to the scenario where you have a network plan and want to customize the network. Requires more configurations to complete the switch onboarding and physical network design. Used for supported switches, regardless of whether PicOS is installed or not. Designing Physical Networks Prerequisites Before you design a physical network, ensure that the following prerequisite tasks have been completed: Table 2. Designing Prerequisite Tasks and Links Category Task Reference Link Platform Requirement Install the AmpCon-DC server successfully. Platform Installation Workflow Log in to the AmpCon-DC UI with an account of the SuperAdmin role. Working with the User Interface Fabric Requirement Create a fabric. A fabric is the logical representation of an actual physical network. Adding a Fabric Switch Requirement Ensure that the PicOS switches are supported for physical network deployment. Recommended Switches Onboard the PicOS switches through switch import or normal ZTP. Ensure that the switches are added to the fabric. PicOS Switch Onboarding Workflow Adding Switches to a Manual Fabric Ensure that Google Remote Procedure Call (gRPC) is enabled on the PicOS switches. By default, gRPC is enabled automatically. No Reference Link Ensure that the PicOS switches are up and connected to the AmpCon-DC server. You can check the connectivity by clicking Device > Switches from the navigation bar and viewing the VPN IP column on the “Switches” page: ✓: The switch is up and connected to the AmpCon-DC server. x: The switch is down or not connected to the AmpCon-DC server. No Reference Link Resource Requirement Prepare IP pools with enough available IP addresses, which will be used for unit and DC Template design. IP Pools Prepare ASN pools with enough available ASNs, which will be used for DC Template design. ASN Pools Learning Physical Network Overview Understand the architecture, networking elements, and key concepts of physical network deployment. Physical Network Overview Procedure To design a physical network, complete the following tasks: Table 3. Designing Tasks and Links Category Task Reference Link Designing Units Add one or multiple units used by the DC Template as follows: 1. Click Physical Network > Design > Units from the navigation bar. 2. On the “Units” page, click + Unit, and then design the unit. Designing Units Designing a DC Template Add the DC Template used to design a fabric as follows: 1. Click Physical Network > Design > DC Templates from the navigation bar. 2. On the “DC Templates” page, click + Template, and then design the DC Template. Designing DC Templates Designing a Fabric 1. Click Physical Network > Fabrics from the navigation bar. 2. On the “Fabrics” page, click the name of the fabric that you want to design, import a DC Template to the fabric, and then design the fabric. Designing Fabrics Checking Fabric Status Check whether the fabric is deployed successfully. 1. On the “Fabrics” page, locate the fabric. 2. In the Status column, check the fabric deployment status. The Deployed status means that the fabric is deployed successfully. Checking Fabric Status Using Simplified ZTP Prerequisites Before you use simplified ZTP to deploy a physical network, ensure that the following prerequisite tasks have been completed: Table 4. Simplified ZTP Prerequisite Tasks and Links Category Task Reference Link Platform Requirement Install the AmpCon-DC server successfully. Platform Installation Workflow Log in to the AmpCon-DC UI with an account of the SuperAdmin role. Working with the User Interface Switch Requirement Complete all the switch preparations. Preparing PicOS Switches DHCP Server Requirement Configure the DHCP server. Configuring a DHCP Server System Configuration Requirement Configure global or non-global system configurations matching the switches used for the network deployment. System configurations contain important information used for the simplified ZTP deployment. Adding System Configurations AmpCon-DC License Requirement Import AmpCon-DC licenses containing the switches to be deployed. AmpCon-DC licenses decide whether switches can be onboarded for AmpCon-DC management. Importing AmpCon-DC Licenses Resource Pool Requirement Prepare IP pools and ASN pools, and ensure these pools have enough available IP addresses and ASNs. IP pools and ASN pools are used for automatic assignment of IP addresses and ASNs during the simplified ZTP process. Preparing Resource Pools Learning Architecture Understand the architecture of simplified ZTP deployment. Simplified ZTP Architecture Procedure To deploy a physical network through simplified ZTP, complete the following tasks: Table 5. Simplified ZTP Tasks and Links Category Task Reference Link Adding a ZTP Template Add a ZTP template as follows: 1. Click Physical Network > Design > ZTP Templates from the navigation bar. 2. On the “ZTP Templates” page, click + Template, and enter information to complete the template creation. 3. After you create a ZTP template, you will be redirected to the fabric page. Adding ZTP Templates Completing Physical Connections Based on the ZTP template, AmpCon-DC automatically generates the topology, device information, and link information of the physical network. You must complete physical connections between switches based on the generated information displayed in the Configuration Preview tab of the fabric page. Completing Physical Connections Bringing Switches Online Bring all spine switches online as follows: 1. In the Configuration Preview tab of the fabric page, select all the switches with the Spine role. 2. Click Enable ZTP. Bringing All Spine Switches Online Bring all leaf switches online as follows: 1. In the Configuration Preview tab of the fabric page, select all switches with the Leaf role. 2. Click Enable ZTP. Bringing All Leaf Switches Online Checking Fabric Status Check whether the fabric is deployed successfully. 1. Click Physical Network > Fabrics from the navigation bar. 2. On the “Fabrics” page, locate the fabric deployed through simplified ZTP. 3. In the Status column, check the fabric deployment status. The Deployed status means that the fabric is deployed successfully. Checking Fabric Status Checking Switch Status Check whether switches are deployed successfully. 1. Click Device > Switches from the navigation bar. 2. On the “Switches” page, locate the switch deployed through simplified ZTP. 3. In the Status column, check the switch deployment status. The Provisioning Success status means that the switches are deployed successfully. Checking Switch Status Logical Network Deployment Workflow Overlay is a virtual network architecture built on top of an existing physical network (underlay). Overlay services refer to virtualized network functions or logical layers, which enable logical network isolation and flexible service deployment and network configuration without modifying the underlying infrastructure. Logical networks are logical spaces to provision overlay services. After a physical network is deployed, you can deploy logical networks to meet overlay service provisioning requirements. This guide provides a comprehensive overview of logical network deployment procedures. NOTEs The guide lists only the workflow of logical network deployment. You need to check the reference links for detailed steps. Pay attention to the notes in each reference link. Or else, the deployment might fail. Guidelines Understand the following concepts used for logical network deployment. For more information, see Logical Network Overview. Logical networks The core of overlay service provisioning. A logical network holds other logical network elements, including logical routers, logical switches, and virtual networks, to instantiate an overlay service network. Logical routers The Layer 3 distributed routing network elements that connect with logical switches and virtual routers. Similar to Layer 3 Virtual Network Instance (L3 VNI), logical routers are designed to enable Layer 3 communication across VLAN Domains and manage the pushing of VRF configurations. Logical switches The Layer 2 network elements that connect with resources (such as physical servers and virtual machines) within the same service system. Logical switches exist only on server leaf switches and handle configuration pushing of gateway interfaces, Network Virtualization Edge (NVE), and Bridge Domain (BD). Virtual networks The virtual Layer 2 network devices used in vSphere or bare metal Point of Delivery (PoD). The ports of virtual networks are attached to logical switches. The virtual network for bare metal PoD is called VL2. Point of Delivery (PoD) The minimum service unit of a data center, is a collection of resources in a data center. Currently, only bare metal PoD and vSphere PoD can be used for logical network deployment. You can connect virtual networks of bare metal PoD or vSphere PoD with logical switches. VLAN Domain group Each fabric contains one VLAN Domain group. Each VLAN Domain group contains one or multiple VLAN Domains. VLAN Domains restrict the allocation of VLAN IDs to a specific range for virtual networks connected to logical switches. Node uplink configuration Used to connect node devices in virtual networks with uplink switches after you connect virtual networks in PoD with logical switches. Prerequisites Before you deploy a logical network, ensure that the following prerequisite tasks have been completed: Table 1. Prerequisite Tasks and Links Category Task Reference Link Platform Requirement Install the AmpCon-DC server successfully. Platform Installation Workflow Log in to the AmpCon-DC UI with an account of the SuperAdmin role. Working with the User Interface Physical Network Requirement Ensure that you have completed the physical network (fabric) deployment. Physical Network Deployment Workflow VNI Pool Requirement Prepare VNI pools with enough available VNI values, which will be used for L2 VNI and L3 VNI assignment of the logical network. Adding VNI Pools PoD Requirement To add virtual networks of vSphere Point of Delivery (PoD) to the logical network, ensure that you have created the vSphere PoD. To add virtual networks of bare metal PoD to the logical network, ensure that you have created the bare metal PoD. NOTE For vSphere PoD, ensure that the AmpCon-DC server is connected to the vSphere platform. You can check as follows: a. Click Resource > Resource Interconnection from the navigation bar. b. In the PoD tab, ensure that the PoD is in Active status. Adding a vSphere PoD Adding a Bare Metal PoD VLAN Domain Group Requirement Ensure that you have added and configured a VLAN Domain group for the related physical network (fabric). NOTEs Only after the physical network (fabric) is deployed successfully, can you configure a VLAN Domain group for the fabric. Ensure that the Bridge Domain Range of each VLAN Domain has available intersections with the Global VLAN range of the related PoD. Or else, when you add a logical switch, VLAN will fail to be assigned. Adding a VLAN Domain Group Node Uplink Requirement To add virtual networks of vSphere PoD to the logical network, ensure that you have added node uplink configurations for the vSphere PoD. To add virtual networks of bare metal PoD to the logical network, ensure that you have added a bare metal node group (including node addition and node uplink configurations) for the bare metal PoD. NOTE Pay attention to the following points. Or else, the logical network deployment will fail. The node uplink configurations must be consistent with actual physical connections. When you configure node uplink, the speed of the NIC ports and connected switch ports must be the same. Configuring Node Uplink for Cloud Platform Nodes Adding a Bare Metal Node Group VL2 Requirement After you create a bare metal PoD, no virtual networks (called VL2 for bare metal) exist in the bare metal PoD. If you need to add virtual networks of bare metal PoD to the logical network, you must add a VL2 for the bare metal PoD, and then associate bare metal node devices with the VL2. NOTEs The node devices used for VL2 association are those bare metal nodes you added in the bare metal node group. So, if you haven’t added a bare metal node group for the related PoD to which the VL2 belongs, you can’t associate bare metal node devices with the VL2. When you add a VL2, pay attention to the VLAN field: If you don’t enter any VLAN value in the VLAN field, AmpCon-DC will automatically assign a VLAN ID from the Global VLAN range of the PoD. If you enter a VLAN ID here, ensure that the VLAN ID is in the intersections between the Global VLAN range of the PoD and the Bridge Domain Range of the related VLAN Domain, and the entered VLAN ID is not used by other VL2 of the same PoD. Or else, the logical network will fail to be deployed. Adding VL2 Associating Bare Metal Nodes with VL2 Procedure Table 2. Deployment Tasks and Links Category Task Reference Link Adding a Logical Network Add a logical network as follows: 1. Click Service Provision > Logical Networks from the navigation bar. 2. On the “Logical Networks” page, click + Logical Network. 1. Adding a Logical Network Adding Virtual Networks Add virtual networks to the logical network as follows: 1. Click Service Provision > Logical Networks from the navigation bar. 2. On the “Logical Networks” page, click the name of the logical network to enter the logical network provisioning page. 3. Drag the virtual network icon to the logical network provisioning canvas. 2. Adding Virtual Networks Provisioning Logical Switches Provision logical switches as follows: 1. Adding logical switches by dragging the logical switch icon to the logical network provisioning canvas. 2. Connect logical switches with virtual networks by right-clicking each added logical switch in the canvas and then clicking Add Connection. 3. Check whether the connection is successful. 4. The line between a logical switch and a virtual network is in green when the connection succeeds and in red when the connection fails. 3. Provisioning Logical Switches Provisioning Logical Routers Provision logical routers as follows: 1. Adding logical routers by dragging the logical router icon to the logical network provisioning canvas. 2. Connect logical routers with logical switches by right-clicking each added logical router in the canvas and then clicking Add Connection. 3. Check whether the connection is successful. 4. The line between a logical router and a logical switch is in green when the connection succeeds and in red when the connection fails. 4. Provisioning Logical Routers What to Do Next After you deploy a logical network, check the following tasks. These tasks are not mandatory and can be used only when needed. Table 3. Post-Deployment Tasks and Links Category Task Reference Link Managing Logical Networks Manage added logical networks as follows: View, edit, or delete a logical network. Delete logical elements from a logical network. Disconnect the connections between a logical switch and the virtual network of specific node devices. Disconnect the connections between a logical router and connected logical switches. Managing Logical Networks Managing Logical Switches View, edit, or delete added logical switches. Managing Logical Switches Managing Logical Routers View, edit, or delete added logical routers. Managing Logical Routers Ansible Automation Workflow Ansible is an open-source tool to automate configuration management, application deployment, and task automation. Ansible uses the simple, declarative language written in YAML, which is called playbook, to automate your tasks. By using AmpCon-DC, you can write, run, and schedule Ansible playbooks on managed PicOS switches and added Linux servers, reducing manual work, eliminating configuration errors, and improving network management efficiency. This guide provides a comprehensive overview of Ansible playbook running procedures. Prerequisites Before you run Ansible playbooks for automation, ensure that the following prerequisite tasks have been completed: Table 1. Prerequisite Tasks and Links Category Task Reference Link Platform Requirement Install the AmpCon-DC server successfully. Platform Installation Workflow Log in to the AmpCon-DC UI with an account of the SuperAdmin, Admin, or Operator role. Working with the User Interface Switch Requirement (Applicable only for running playbooks on PicOS switches) Ensure that each PicOS switch to run Ansible playbooks has been onboarded to AmpCon-DC. PicOS Switch Onboarding Workflow Ensure that the Device Default Login User and Device Default Password in the global system configuration can be used to log in to the PicOS switches. NOTE If the default username and password of a switch doesn’t match the Device Default Login User and Device Default Password specified in the global system configuration, the playbook will fail to be run on the switch. Adding a Global System Configuration Ensure that the PicOS switches are up and connected to the AmpCon-DC server. You can check the connectivity by clicking Device > Switches from the navigation bar and viewing the VPN IP column: ✓: The switch is up and connected to the AmpCon-DC server. x: The switch is down or not connected to the AmpCon-DC server. No Reference Link Linux Server Requirement (Applicable only for running playbooks on Linux servers) Ensure that the Linux servers have been added to AmpCon-DC. Adding Devices Procedure To run an Ansible playbook with AmpCon-DC, complete the following tasks: Table 2. Playbook Running Tasks and Links Category Task Reference Link Checking Pre-Built Playbooks AmpCon-DC offers a series of pre-built Ansible playbooks. Click Maintain > Automation > Playbooks from the navigation bar. On the “Playbooks” page, click the Show Pre-built Playbooks toggle, and then check whether the pre-built Ansible playbooks meet your needs. If yes, click Save AS on the “Playbooks” page to create a copy playbook, and then run the playbook. Using Pre-built Playbooks Writing or Importing Playbooks If the pre-built Ansible playbooks don’t meet your needs, write or import a playbook on the “Playbooks” page as follows: Click + Playbook, and then write a playbook in the AmpCon-DC UI. Click Import, and then import a local playbook to AmpCon-DC. Examples for Ansible Playbooks Using Ansible playbooks Writing a Playbook on AmpCon-DC Importing a Playbook Checking Playbook Syntax Before you run a playbook, check whether the playbook syntax is valid. On the “Playbooks” page, locate a playbook, and then click Check. Checking Syntax for a Playbook Running Playbooks On the “Playbooks” page, locate the playbook, and then click Run to complete the automation operation. Running a Playbook Checking Ansible Job Results and Output An Ansible job is a single execution of an Ansible playbook. Click Maintain > Automation > Ansible Jobs from the navigation bar. On the “Ansible Jobs” page, check the playbook execution result and output. Managing Ansible Jobs What to Do Next After you run an Ansible playbook, check the following tasks. These tasks are not mandatory and can be used only when needed. Table 3. Post-Running Tasks and Links Category Task Reference Link Viewing Playbook Scheduling View executed playbooks based on months, weeks, or days. Viewing Playbook Scheduling Troubleshooting for Failed Ansible Jobs If a playbook fails to be run on PicOS switches or Linux servers, check the possible reasons and solutions for troubleshooting. Troubleshooting

2026年3月18日 - AmpCon-DC Management Platform User Guide V2.2.0 AmpCon-DC Management Platform A powerful management platform for PicOS® data center switches, offering automated Zero Touch Provisioning (ZTP), real-time telemetry monitoring, topology auto-discovery, automated lifecycle mangement, physical network design, flexible Ansible extensions, and terminal device management. Key Topics Day 0 Day 1 Day 2+ Planning Deploying AmpCon-DC Deploying or Importing Switches Designing Physical Networks Managing Switches Managing Devices Checking RoCE Configuring RoCE Configuring Switches Running Ansible Playbooks for Automation Monitoring Switches Monitoring RoCE Monitoring NICs Monitoring Modules Managing Groups and Licenses Accessing Switches through SSH Sessions Administering AmpCon-DC 1.Release Notes Before you install or upgrade AmpCon-DC, read this topic to get a quick overview of what is added, changed, improved, or deprecated in each release. AmpCon-DC 2.2.0 New Features The following features are added to AmpCon-DC 2.2.0: Supports designing and managing physical networks with EVPN VXLAN to simplify the deployment of data center physical networks and reduce operational costs. For more information, see "6.Designing Physical Networks". Supports adding Available Zones (AZ) resources (vSphere, OpenStack, bare metal) to AmpCon-DC and viewing VPC, network, and VM resources of these added AZ. For more information, see "6.4.2 Adding AZ". Supports managing third-party devices, Network Interface Cards (NICs), RDMA over Converged Ethernet (RoCE), and connected optical modules. For more information, see "11.Managing Third-Party Devices". Supports viewing load balancing related metrics to optimize your network for better performance. For more information, see "10.4 Dynamic Load Balancing (DLB)". Supports receiving immediate alarm notifications through emails when issues arise. For more information, see "10.8 Alarm Notifications". Improvements The following improvements are added to AmpCon-DC 2.2.0: The supported switch list is updated with more supported switch models. For more information, see "3.1.1 Supported Switches for 2.2.0". When you click a switch in a topology, the Host Info tab is displayed, where you can see metrics of Linux servers connected to the switch. For more information, see "10.6.5 Host Info". The following telemetry metrics are added to the “Telemetry Dashboard” page. For more information, see "10.5.1 Global Telemetry Data". CPU usage Memory usage Fan In Bits Rate Out Bits Rate Out Pkts Rate In Pkts Rate The following telemetry metrics are added to the detail page of each managed switch. For more information, see "10.5.2 Telemetry Data of a Switch". Added Version (means PicOS version) in the Device Information tab Added In Bits Rate, Out Bits Rate, Out Pkts Rate, In Pkts Rate, Usage, and Fan in the Switch Overview tab Added In Bandwidth Utilization, Out Bandwidth Utilization, Out Bits Rate, In Bits Rate, Out Pkts Rate, and In Pkts Rate in the Port Overview tab Added a Device Overview tab with Redundant Power Supply Unit (RPSUs) and fans related metrics Added an ARP tab with ARP-related metrics Added a MAC tab with MAC-related metrics Added an OSPF tab with OSPF-related metrics Added a BGP tab with BGP-related metrics Added an IP Route tab with IP Route related metrics Relocated AI-related metrics to the RoCE Counters section of the navigation bar The following resource usage related alarms are supported. For more information, see "10.7.1 Resource Usage Alarms". The CPU usage is over 85% The memory usage is over 85% The input bandwidth usage is over 85% The output bandwidth usage is over 85% The switch is offline The switch is powered down The proportion of the fan's Pulse Width Modulation (PWM) to the total width is over 85% New Changes The recommended PicOS version for supported switches is PicOS 4.6.0E or later. Importing the AmpCon-DC license is no longer required during initial UI login. You can log in to the AmpCon-DC UI first and then import the license. For more information, see "4.3 Importing AmpCon-DC Licenses". 2.Overview AmpCon-DC, a management platform designed for PicOS® data center switches and NICs, automates and validates the design, deployment, and operation of data center networks from Day 0 through Day 2+. It empowers you to efficiently automate and manage your highly available HPC and data center networks at scale. AmpCon-DC accelerates VXLAN network deployment with automated underlay configurations and ZTP. It uses real-time telemetry for performance monitoring, supports automatic topology discovery, and offers end-to-end RoCE deployment for unified network interface card and switch management, backed by 1, 3, or 5 years of comprehensive support covering installation, configuration, troubleshooting, and updates. Deployed as a software appliance on a virtual machine (VM) or Docker, AmpCon-DC operates seamlessly in data center or cloud environments. 0b7da528-de31-44c9-8536-fbde3bd025db.png Highlights Continuous Day 0 to Day 2+ Operation Automation Automated Underlay Configurations for Efficient Deployment Visual Management with Topology Auto-Discovery Support Batch End-to-End RoCE Deployment Telemetry Visualization to Optimize Network Performance Fault Alerts via Visual Interface and Email Notifications When Issues Arise Powerful, Agentless Automation with Ansible Playbooks Virtual Pre-Configuration with PicOS-V Integration How AmpCon-DC Can Help AmpCon-DC is highly scalable and includes only the features that you truly need. You can use it to build small, medium, and large data center networks. Simplify physical network design Designing a modern 3-stage fabric with AmpCon-DC simplifies the deployment and operation of next‑generation data center networks, leads to a more stable data center fabric, and reduces operational costs. Enhance terminal device management You can manage these devices and monitor their Network Interface Cards (NICs) and optical modules. In addition, you can check or configure RoCE in one click and monitor RoCE-related telemetry data for performance tuning. Automate switch configurations and provide unified switch management AmpCon-DC helps you to configure, monitor, and manage switches in data centers. By using AmpCon-DC, you can maintain the High-Performance Network (HPN) architecture more efficiently, prevent and eliminate issues, and thus increase the resource utilization rate and decrease the operation costs. Improve the efficiency of switch deployment by using ZTP AmpCon-DC supports using ZTP to automatically deploy switches in a data center. Provide telemetry for real-time network monitoring AmpCon-DC supports telemetry to capture rich information about real-time network telemetry information, application workload usage, and system configurations. Provide automatic discovery of topology for visual switch management AmpCon-DC supports automatic discovery of topology to provide the network view of switches in all locations. You can simplify the network management by checking switch stats and port-level running status. Automate daily operation tasks by using Ansible playbooks AmpCon-DC supports using Ansible playbooks to automate daily network operations and decrease the operation cost. Deliver multiple deployment solutions AmpCon-DC provides multiple deployment solutions, including Docker, KVM, VMware, and Nutanix AHV. Support deploying, configuring, and managing remote switches at scale AmpCon-DC makes it easy to deploy, configure, and manage a large number of remote switches. You can use AmpCon-DC to deploy, configure, or manage switches at scale. 2.1 Key Features AmpCon-DC provides a powerful feature set, including deploying, configuring, monitoring, and managing switches, designing and managing physical networks, and managing terminal devices. For more information, see the following key features: 2.1.1 Physical Network Design In data center networks, east-west traffic dominates the business traffic. Therefore, data centers have a high demand for horizontal scalability. To meet the evolving business requirements in data centers, including cloud scenarios, container scenarios, and AI computing scenarios, the 3-stage fabric architecture (leaf-spine-leaf) is introduced to AmpCon-DC as the networking solution, leading to a more stable data center fabric, and reducing operational costs. AmpCon-DC automates underlay configurations with intuitive point-and-click user interfaces and workflow-driven deployment. Network administrators can select predefined templates and push configurations step by step, eliminating manual, device-by-device setups. This accelerates VXLAN deployment, reduces vendor-specific CLI learning curves, and ensures consistent, efficient network operations. Graphical Network Design AmpCon-DC offers the 3-stage Spine-Leaf architecture network design feature, supporting MLAG networking, drag-and-drop visual modeling, and custom physical network topology design, and provides two types of network configuration templates from which users can choose based on their needs to achieve template-based rapid replication, generating N physical networks from a single template. image.png Workflow-Driven Deployment You can follow steps to complete VLAN domain entry, physical device mapping, configuration confirmation, topology check, node addition, and fabric management. Ultimately, AmpCon-DC can push networking configurations to switches in batches, allowing them to build a VXLAN network while eliminating manual configurations. image.png 2.1.2 Zero Touch Provisioning Zero Touch Provisioning (ZTP) is a technology for automated deployment and configuration of network devices. When large numbers of switches need to be deployed or upgraded, you can use ZTP to reduce labor costs and improve deployment efficiency. ZTP can help you to implement fast, accurate, and reliable switch deployments. Simplifying Switch Deployment In scenarios like the construction or expansion of data centers, a large number of switches are required. If these switches are configured manually, improper configurations might lead to errors, and it’s difficult to troubleshoot issues. AmpCon-DC provides ZTP, which improves the efficiency of switch deployment, daily maintenance, and fault handling, while reducing labor costs. After you plug in the switch, the DHCP server automatically provides the switch with an IP address and the address of a provision script that is obtained from AmpCon-DC server. The switch automatically runs the script to register with the AmpCon-DC server, install PicOS® (for white-box switches only), configure the switch based on system configurations and switch configurations, and install a valid license on the switch. By using AmpCon-DC, no experienced network personnel are required at the remote site; anyone who can put the switch in the right place and plug it in will do. Automating Switch Management After switches are deployed through ZTP, they can be automatically added to fabrics and managed by AmpCon-DC. In traditional solutions, such tasks are manually performed by network administrators. The AmpCon-DC ZTP solution, however, frees administrators from these tasks, allowing them to focus on the orchestration of core overlay services. 2.1.3 Centralized Resource Management AmpCon-DC provides centralized resource management, including Available Zones (AZ) and resource pools (IP pools and ASN pools). AZ Resources In the AmpCon-DC UI, you can view VPC, network, and VM resources of the vSphere or OpenStack AZ that you added. Currently, you can't view resource information of the bare metal AZ. image.png Resource Pools IP pools (IPv4) and ASN pools are used by AmpCon-DC to assign Router ID, VTEP interfaces, L3 peer-link interfaces, direct access IP addresses, and BGP ASN during the fabric design process. image.png 2.1.4 Automatic Topology Discovery AmpCon-DC supports automatic discovery of topologies for automated identification and visualization of the network structure. It provides a map view to display all the locations. You can use the map view to pull up any location and drill down into an individual switch, right to the port level, to check port stats and overall health of the switch. In this way, network management and maintenance can be simplified. Planning Topologies AmpCon-DC supports automatic discovery of neighboring information to generate a topology map after switches are added. You can manually plan the topology and customize the network structure layout according to actual needs. image.png Viewing Real-time Topologies AmpCon-DC dynamically shows the current network status, which reflects changes such as device online status and link faults in real time. By clicking a device or a link, you can see detailed stats information. image.png Viewing Historical Topologies By selecting a timeline, you can see the network topologies and device link status at different time. You can analyze the historical topologies to trace problems. image.png Viewing Switch Details, Ports, and Linux Severs When you click a switch in a topology, you can view real-time or historical information about the switch, switch ports, and Linux servers connected to the switch. image.png 2.1.5 Real-Time Telemetry Monitoring AmpCon-DC uses the telemetry technology to automatically collect real-time or historical metric data from managed devices. Comprehensive Data Collection AmpCon-DC collects real-time data from managed switches, including routing neighbors, switch utilization, and port stats. The data can help network administrators gain insights for quick decisions and network adjustments. You can view the telemetry data of all managed switches on the “Telemetry Dashboard” page. image.png Real-time Performance Monitoring AmpCon-DC uses telemetry to track performance metrics of each managed switch in real time, such as port traffic, bandwidth utilization, and packet loss rate. With telemetry information, you can identify bottlenecks, optimize configurations, and ensure efficient resource usage on a switch. You can view the telemetry data of a specific switch on the detail page of the switch. image.png Telemetry Data of DLB You can visualize Dynamic Load Balancing (DLB) related telemetry metrics to optimize your network for better performance. image.png Telemetry Data of NICs After you add devices to AmpCon-DC with the monitor function enabled, AmpCon-DC automatically collects performance-related telemetry metrics of NICs on these devices. You can gain real-time or historical insights into network traffic conditions on each NIC, identify traffic peaks, and pinpoint bottlenecks. image.png Telemetry Data of RoCE You can monitor RDMA over Converged Ethernet (RoCE) data on the Network Interface Card (NIC) side and on the switch side. image.png Automatic Alerting after Detecting Anomalies AmpCon-DC uses telemetry data to issue immediate alerts on a visual interface when a device failure or a performance shift is detected, to help the network administrators diagnose the root cause and resolve problems quickly. image.png If you can't access the AmpCon-DC UI to view alarms but need immediate alerts when issues arise, use the alarm notification feature to receive real-time email notifications. In this way, you can promptly find problems and prevent incident escalation. image.png 2.1.6 Flexible Ansible Extensions Ansible is an open-source tool to automate configuration management, application deployment, and task automation. Ansible uses simple, declarative language written in YAML, which is called playbooks, to automate your tasks. You declare the desired state of a local or remote system in your playbook. Ansible ensures that the system remains in that state. For more information about Ansible, see Getting started with Ansible and Using Ansible playbooks. AmpCon-DC integrates with Ansible to automate and simplify network management, such as configuring interfaces, VLANs, and security settings. By using Ansible to automate network management, you can reduce errors, save time, and ensure consistency across your network. Then, you can focus on more strategic tasks. Automation with Ansible AmpCon-DC provides commonly used features that your network administrators need for day-to-day operations. You can also use AmpCon-DC to add capabilities that you might require by writing Ansible playbooks. If a network management task follows a certain routine regularly, build an Ansible playbook to automate the task. Pre-Built Playbooks AmpCon-DC offers a series of Ansible playbooks, which are templates for automating the following routines: Compliance and consistency checks, to ensure switches stay in compliance with industry regulations that require a certain configuration to maintain proper security and privacy Connectivity checks for PicOS® Software Switches Network operation and remediation routines such as dynamic policy enforcement image.png Customized Playbooks If the pre-built Ansible playbooks can’t meet your needs, you can customize an automation workflow by writing a playbook on AmpCon-DC or importing a local playbook to AmpCon-DC. image.png Playbook Run AmpCon-DC supports the following schedule types of playbook run: Run Now: Executes the task immediately upon creation One Time: Executes the task within the selected time range after creation Scheduled: Executes the task periodically after creation image.png Ansible Jobs An Ansible job is a single execution of an Ansible playbook. AmpCon-DC displays the list of Ansible jobs, the list of switches with Ansible jobs, the execution results, and the output of these jobs. image.png Linux Server Support In addition to running Ansible playbooks on managed switches, AmpCon-DC supports running Ansible playbooks on the Linux servers that you added. image.png 2.1.7 Terminal Device Management AmpCon-DC makes third-party device management more efficient and smarter. One-Click Integration and Full-Stack Control You can easily integrate third-party devices into AmpCon-DC, manage these devices, and track the status of Network Interface Cards (NICs) and optical modules, achieving transparent operation and maintenance experience. RoCE Intelligent Optimization With several clicks in the AmpCon-DC UI, you can complete RoCE protocol status detection and configurations. You can push RoCE configurations to multiple device NICs in batches by using built-in templates to simplify complex operations. Comprehensive Monitoring and Fault Diagnosis AmpCon-DC collects performance metrics of NICs and optical modules in real-time, combined with end-to-end RoCE telemetry data, to accurately assess network quality, quickly diagnose bottlenecks, and ensure zero business interruption. Automated Operations and Maintenance AmpCon-DC supports automatic device inventory, real-time or historical topology visualization, and seamless integration with Ansible playbooks for automated operations, improving operational efficiency. 2.1.8 Switch Lifecycle Management AmpCon-DC simplifies the management of switches, including configuration management, switch inventory, software updates, and more. image.png Configuration Management AmpCon-DC includes native configuration management capabilities, which you can use to push an update to a single switch or to an entire group of switches. By using AmpCon-DC, you don’t need to edit and push switch configurations one by one. In this way, the likelihood of errors can be reduced, the switch configuration process can be simplified, and you don’t need to deal with the added expense or headache of a third-party tool. In practice, the configuration management feature can greatly simplify the job of updating switches to deal with a new class of devices, such as connected servers. Your network administrators can detail how the network needs to treat the security devices (such as putting them on your own VLAN), and detail where traffic from devices is allowed to go. By adding only one configuration in the AmpCon-DC UI, you can push the update to appropriate switches. AmpCon-DC greatly simplifies the job of detailing network access level and priority each class of devices need to get and pushing the update to all relevant switches. Configuration Backup, Compliance, and Rollback Once the desired configurations are set and the network is stable, you might want to make sure that accidental changes don’t disrupt operations. When you make a configuration change such as adding devices or a VLAN, it is important to back up your configuration. AmpCon-DC makes configuration backup easy by automating and scheduling configuration backup on a specified date and time and saving the last N backups as you need. You can use the backup configuration to recover quickly from a crash or corruption of a switch. In addition, you can mark a specific backup instance as the Golden Config. The Golden Config will never be deleted and is used by default as the configuration to roll back a switch to a stable configuration when the switch operation is compromised. You can also use the Golden Config as the basis to run an automated compliance check to verify whether the network is operating as designed. Switch Inventory AmpCon-DC also supports the switch inventory feature, providing detailed inventory of all switches, including switch hardware details, software versions, configurations, and more. Though third-party tools also support this capability, these tools add expense to your company. In addition, such tools typically run on a Windows Server Enterprise Edition machine, which also adds additional server licensing costs. In contrast, AmpCon-DC can be deployed in minutes on a virtual machine. License Updates AmpCon-DC automates the process of checking and updating switch licenses with the latest support entitlements. A License Audit task checks whether a group of specified switches has valid licenses and creates a report of the license status including the support expiration date and other details. The License Action task automatically updates the license keys on all switches whose support is due to expire in the next 30 days and logs the result to a report, which you can examine or download. RMA Replacements AmpCon-DC incorporates a unique workflow to enable return merchandise authorization (RMA) replacements. When hardware of a switch fails and is replaced with new switch hardware, the RMA feature takes the configurations from the failed switch hardware, updates the serial number of the new switch, and pushes the configurations to the new switch to bring it up seamlessly in the network. Simplified Software and Switch Upgrade The nature of PicOS® itself makes it simpler to manage switches compared to other legacy network operating system (NOS) of switches or routers. Because PicOS® is Linux-based and compartmentalized, you can update or change one component or aspect without affecting other components. For example, if you’re pushing a security patch, it affects only the security component of the NOS; you don’t need to replace the entire software or firmware image. Additional Features Role-Based Access Control (RBAC) AmpCon-DC adopts role-based access control, which is used to permit individual users to perform specific actions and get visibility to an access scope. You can assign each user a specific role with associated permissions. In addition, you can authenticate user logins through a TACACS+ server, which also determines their access permissions based on their roles. If the TACACS+ server can’t be reached from AmpCon-DC, you can log in to the AmpCon-DC UI with local users that are defined in AmpCon-DC. Parking lot You can use parking lot to manage switches that have been shown in the network and registered with the AmpCon-DC server but haven’t been configured by the administrator. Setting up a group of switches To perform switch lifecycle operations more conveniently, you can organize switches in groups by region, location, building, and more. Importing switches For those switches that were not originally deployed through AmpCon-DC, you can import them directly to AmpCon-DC to manage them. Decommission workflow To shut a switch down temporarily and then redeploy it in another location, you can decommission the switch in the AmpCon-DC UI. Operational logs You can use operational logs to track all activities and troubleshoot issues by drilling down and analyzing issues. 2.2 Architecture AmpCon-DC is built on Ubuntu Linux and incorporates a web GUI and a MySQL database with Python codes built on top of an Ansible engine. Switches and AmpCon-DC communicate with the SSH protocol. AmpCon-DC gets switch stats through gNMI. Zero Touch Provisioning (ZTP) Workflow White-Box Switches Figure 1. ZTP Workflow of White-Box Switches image.png 1. After a switch is powered on, the switch sends DHCP Discover to get an IP address, and the DHCP server provides the switch with an IP address. 2. The switch sends a request to the DHCP server, and the DHCP server sends a response including the HTTP server address. 3. The switch sends an HTTP request to the HTTP server to get the shell script, and the HTTP server sends an HTTP response with the shell script. 4. The switch executes the shell script to complete the ZTP deployment, including downloading a PicOS image, installing PicOS and its license, registering with the AmpCon-DC server, updating switch configurations, and rebooting the switch. Integrated Hardware and Software Switches Figure 2. ZTP Workflow of Integrated Hardware and Software Switches image.png 1. After a switch is powered on, the switch sends DHCP Discover to get an IP address, and the DHCP server provides the switch with an IP address. 2. The switch sends a DHCP request to the DHCP server, and the DHCP server sends a DHCP response including the TFTP server address. 3. The switch sends a TFTP request to the TFTP server to get the shell script, and the TFTP server sends a TFTP response with the shell script. 4. The switch executes the shell script to complete the ZTP deployment, including registering with the AmpCon-DC server, installing a PicOS license on the switch, updating switch configurations, and rebooting the switch. Switch Configuration Workflow 1. The AmpCon-DC server includes a component called Configuration Manager, which is used to create a standard configuration to configure switches. All configurations are tied to specific switches by the switch serial number (or Service Tag) and are stored in the AmpCon-DC database. 2. After you use the AmpCon-DC UI to push configurations to switches, each switch then downloads its appropriate configurations. At the same time, the switch accesses another AmpCon-DC server component, License Manager, which accesses the customer’s account on the License Portal to generate a license key and install the license on the switch. 3. The switch runs a shell script to automatically apply and validate the new configurations, update its status in the AmpCon-DC database, and join the network. From your perspective, all these switch configurations happen with the touch of a button in the AmpCon-DC UI. You can use the AmpCon-DC UI to deploy dozens or hundreds of switches to far-flung sites while your network team stays at home and monitors the process centrally. 3.Planning Before you install AmpCon-DC, you must check supported information, installation requirements, and prepare the AmpCon-DC license. For detailed information, see the following child topics: 3.1 Supported Information Before you deploy AmpCon-DC, check the supported AmpCon-DC deployments and supported switches. Supported Deployments AmpCon-DC supports the following deployments: Table 1. Supported Deployment Information Indicator Support information Deployment method VMware ESXi 6.7, 7.0, 8.0, QEMU / KVM for Ubuntu 22.04 LTS, Oracle VirtualBox for lab only, physical machine based on Ubuntu 22.04 TLS with Docker Maximum number of switches supported 1000 Maximum number of registered users 1000 Maximum number of online users 100 Storage duration of system logs 2 months Storage duration of operation logs 2 months Maximum storage of current alerts Unlimited Maximum storage of historical alerts 2 months Supported Switches AmpCon-DC supports FS, Edgecore, DELL, Delta, and HPE switches. For detailed support lists, see the following part. 3.1.1 Supported Switches for 2.2.0 AmpCon-DC 2.2.0 supports managing the following switches: NOTE You are recommended to install PicOS 4.6.0E or later. Or else, some features of AmpCon-DC might not work. FS Hardware Table 1. Supported FS Switches Category Model Port Configuration Switch ASIC CPU 10G Switch Portfolio N5850-48S6Q 48 x 10G, 6 x 40G Trident2+ Intel x86 10G Switch Portfolio N5850-48X6C 48 x 10G-T, 6 x 100G Trident3-X5 Intel x86 25G Switch Portfolio N8550-48B8C 48 x 25G, 8 x 100G Trident3-X7 Intel x86 100G Switch Portfolio N8550-32C 32 x 100G Trident3-X7 Intel x86 100G Switch Portfolio N8560-32C 32 x 100G QSPF28 Trident3 Intel x86 100G Switch Portfolio N8550-64C 64 x 100G Tomahawk2 Intel x86 400G Switch Portfolio N9550-32D 32 x 400G Tomahawk3 Intel x86 Edgecore Hardware Table 2. Supported Edgecore Switches Category Model Port Configuration Switch ASIC CPU 1G Switch Portfolio AS4610-30P 24 x 1G PoE, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4610-30T 24 x 1G-T, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4610-54P 48 x 1G PoE, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4610-54T(B) 48 x 1G-T, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4625-54P 48 x 1G PoE, 6 x 10G Trident3-X2 Intel x86 1G Switch Portfolio AS4625-54T 48 x 1G-T, 6 x 10G Trident3-X2 Intel x86 1G Switch Portfolio AS4630-54PE (EPS202) 48 x 1G PoE, 4 x 25G Trident3 Intel x86 1G Switch Portfolio AS4630-54TE (EPS201) 48 x 1G, 4 x 25G Trident3 Intel x86 Multi- Gig SwitchPortfolio AS4630-54NPE (EPS203) 36 x 1/2.5G PoE,12 x 1/2.5/5/10G PoE Trident3 Intel x86 10G Switch Portfolio AS5712-54X 48 x 10G, 6 x 40G Trident2 Intel x86 10G Switch Portfolio AS5812-54T 48 x 10G-T, 6 x 40G Trident2+ Intel x86 10G Switch Portfolio AS5812-54X 48 x 10G, 6 x 40G Trident2+ Intel x86 10G Switch Portfolio AS5835-54T (DCS209) 48 x 10G-T, 6 x 100G Trident3 Intel x86 10G Switch Portfolio AS5835-54X (DCS208) 48 x 10G, 6 x 100G Trident3 Intel x86 25G Switch Portfolio AS7326-56X (DCS203) 48 x 25G, 8 x 100G Trident3-X7 Intel x86 40G Switch Portfolio AS6812-32X 32 x 40G Trident2+ Intel x86 100G Switch Portfolio AS7712-32X (DCS501) 32 x 100G Tomahawk Intel x86 100G Switch Portfolio AS7726-32X (DCS204) 32 x 100G Trident3-X7 Intel x86 100G Switch Portfolio AS7816-64X (DCS500) 64 x 100G Tomahawk2 Intel x86 25G Switch Portfolio AS7312-54X (S) 48 x 25G, 6 x 100G Tomahawk+ Intel x86 DELL Hardware Table 3. Supported DELL Switches Category Model Port Configuration Switch ASIC CPU 1G Switch Portfolio N3024EP-ON 24 x 1G PoE, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3024ET-ON 24 x 1G, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3048ET-ON 48 x 1G, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3224F-ON 24 x 1G SFP, 4 x 10G Trident3-X3 Intel x86 1G Switch Portfolio N3224P-ON 24 x 1G 30W PoE, 4 x 10G Trident3-X3 Intel x86 1G Switch Portfolio N3224T-ON 24 x 1G, 4 x 10G Trident3-X3 Intel x86 1G Switch Portfolio N3248P-ON 48 x 1G 30W PoE, 4 x 10G Trident3-X3 Intel x86 1G Switch Portfolio N3248TE-ON 48 x 1G, 4 x 10G Trident3-X3 Intel x86 Multi-Gig Switch Portfolio N2224PX-ON 24 x 1G/2.5G 30W/60W PoE, 4 x 25G Hurricane3-MG Intel x86 Multi-Gig Switch Portfolio N2224X-ON 24 x 1G/2.5G, 4 x 25G Hurricane3-MG Intel x86 Multi-Gig Switch Portfolio N2248PX-ON 48 x 1G/2.5G 30W/60W PoE, 4 x 25G Hurricane3-MG Intel x86 Multi-Gig Switch Portfolio N2248X-ON 48 x 1G/ 2.5G, 4 x 25G Hurricane3-MG Intel x86 Multi-Gig Switch Portfolio N3132PX-ON 24 x 1G PoE, 8 x 1/2.5/5G PoE, 4 x 10G Firebolt 4 FS ARM Cortex A9 Multi-Gig Switch Portfolio N3208PX-ON 4 x 1/2.5/5G PoE, 4 x 1G PoE, 2 x 10G SFP+ Hurricane3-MG Intel x86 Multi-Gig Switch Portfolio N3224PX-ON 24 x 1/2.5/5/10G 90W PoE,4 x 25 G Trident3-X3 Intel x86 Multi-Gig Switch Portfolio N3248PXE-ON 48 x 1/2.5/5/10G 90W PoE,4 x 25 G Trident3-X5 Intel x86 Multi-Gig Switch Portfolio N3248X-ON 48 x 1/2.5/5/10G, 4 x 25G Trident3-X5 Intel x86 10G Switch Portfolio S4048-ON 48 x 10G, 6 x 40G Trident2 Intel x86 10G Switch Portfolio S4128F-ON 28 x 10G, 2 x 100G Maverick Intel x86 10G Switch Portfolio S4128T-ON 28 x 10G, 2 x 100G Maverick Intel x86 10G Switch Portfolio S4148F-ON 48 x 10G SFP, 2 x 40G,4 x 100G Maverick Intel x86 10G Switch Portfolio S4148T-ON 48 x 10G BASE-T, 2 x 40G,4 x 100G Maverick Intel x86 25G Switch Portfolio S5212F-ON 12 x 25G, 3 x 100G Trident3-X5 Intel x86 25G Switch Portfolio S5224F-ON 24 x 25G, 4 x 100G Trident3-X5 Intel x86 25G Switch Portfolio S5248F-ON 48 x 25G, 8 x 100G Trident3-X7 Intel x86 25G Switch Portfolio S5296F-ON 96 x 25G, 8 x 100G Trident3-X7 Intel x86 100G Switch Portfolio Z9100-ON 32 x 100G Tomahawk Intel x86 100G Switch Portfolio Z9264F-ON 64 x 100G Tomahawk2 Intel x86 100G Switch Portfolio S5232F-ON 32 x 100G Trident3-X7 Intel x86 Delta Hardware Table 4. Supported Delta Switches Category Model Port Configuration Switch ASIC CPU 10G Switch Portfolio AG7648 48 x 10G Trident2 Intel x86 25G Switch Portfolio AG5648 v1-R 48 x 25G Tomahawk+ Intel x86 100G Switch Portfolio AG9032v1 32 x 100G Tomahawk Intel x86 HPE Hardware Table 5. Supported HPE Switches Category Model Port Configuration Switch ASIC CPU 10G Switch Portfolio HPE AL 6921-54T 48 x 10G-T, 6 x 40G Trident2+ Intel x86 10G Switch Portfolio HPE AL 6921-54X 48 x 10G-T, 6 x 40G Trident2+ Intel x86 3.2 Installation Requirements Before you deploy AmpCon-DC, check the following requirements: Server Requirements Before you install the AmpCon-DC server, ensure that the server machine meets the following requirements: Table 1. Server Requirement Details Indicators Requirements CPU Clock speed 2.0 GHz or faster Number of cores 4 CPU cores Memory 16 GB Hard disk 512 GB Operating systems Ubuntu 22.04 X86 architecture Network Requirements Before you install AmpCon-DC, set the firewall and proxy properly to allow the following network access. Ensure that the AmpCon-DC server machine allows the following protocols and ports: Table 2. Network Requirement for the AmpCon-DC Server Machine TCP/UDP Port Protocol TCP 80 HTTP TCP 443 HTTPS UDP 69 TFTP UDP 80 OpenVPN NOTE The supported subnet for OpenVPN is 10.8.0.0/20 currently. Ensure that the switch machines to be managed allow the following protocols and ports: Table 3. Network Requirement for Switches TCP/UDP Port Protocol TCP 22 SSH TCP 9339 gRPC/gNMI Browser Requirements When you use a browser to log in to the AmpCon-DC UI, use Chrome 98, Edge 98, Firefox 94, or higher versions. 4.Deploying AmpCon-DC To deploy AmpCon-DC, see the following instructions: 4.1 Installing the AmpCon-DC Server You can install the AmpCon-DC server on a virtual machine or a physical machine by using one of the following methods: If multiple NICs are added to the virtual machine or physical machine, you must specify one NIC IP address, which is used by AmpCon-DC server to establish connections with the switches to be managed, in the configuration file (/usr/share/automation/server/.env). Otherwise, the connections between the AmpCon-DC server and the switches to be managed might fail. For more information, see "4.1.5 Multi-NIC Deployment for Switch Connectivity". 4.1.1 Installing on VirtualBox for Lab Only You can install the AmpCon-DC server on VirtualBox for lab purposes only. Production environments require a proper enterprise-scale virtualization solution as described in "3.1 Supported Deployments". For how to use VirtualBox in general, see the Oracle VirtualBox documentation. Prerequisites Ensure that the "3.2 installation requirements" are met. Download the compressed AmpCon-DC server image file by going to the FS AmpCon-DC website and then clicking AmpCon-DC for VirtualBox 2.2.x Software in the Resources section. Put the compressed AmpCon-DC server image file to the machine where the hypervisor exists, and unzip the file. Installation Procedure 1. Open the VirtualBox console, and then click File > Import Appliance. 62b62147-3d37-4f30-b1db-b58728d8a4bd.png 2. Select Local File System, and then select the AmpCon-DC server .ova image file. 2.png 3. Confirm the settings for the .ova file, and then click Finish. 85c568fd-1aa8-4101-891a-7062030fa406.png Wait for the importing process to finish. Once completed, the virtual machine is successfully imported, and the AmpCon-DC server is installed. NOTE The AmpCon-DC server is installed in the /usr/share/automation/server directory. Currently, you can’t customize the installation directory. 3.png 4. Check the settings of the imported virtual machine. 4.png 5. Start the imported virtual machine by clicking the virtual machine and then clicking Start. 5.png 6. Modify the network interface configuration. a. Log in to the virtual machine with the default username (pica8) and password (pica8). b. Modify the IP address with the real IP address of the virtual machine. sudo vi /etc/netplan/00-installer-config.yaml 6.png c. Apply the network interface configuration by running the following command: sudo netplan apply 7. Start the AmpCon-DC server: a. Go to the AmpCon-DC installation directory by running the following command: cd /usr/share/automation/server b. Start the AmpCon-DC server by running the following command: sudo ./start.sh Now the AmpCon-DC server is installed and started. What to Do Next The image file contains only one Network Interface Card (NIC) by default. If you manually add additional NICs on the virtual machine, you must specify one NIC IP address in the configuration file (/usr/share/automation/server/.env). Otherwise, the connections between the AmpCon-DC server and the switches to be managed might fail. For more information, see "4.1.5 Multi-NIC Deployment for Switch Connectivity". After you install the AmpCon-DC server, you need to add system configurations and import AmpCon-DC Licenses. 4.1.2 Installing on VMware ESXi You can install the AmpCon-DC server on VMware ESXi 6.7, 7.0, 8.0. For how to use VMware ESXi in general, see the VMware ESXi documentation. Prerequisites Ensure that the "3.2 installation requirements" are met. Download the compressed AmpCon-DC server image file by going to the FS AmpCon-DC website and then clicking AmpCon-DC for VMWare ESXi 2.2.x Software in the Resources section. Put the compressed AmpCon-DC server image file to the machine where the hypervisor exists, and unzip the file. Installation Procedure 1. Open the VMware ESXi console, and then click Create / Register VM. fd4d8af9-c5e6-4a48-a47a-4b45041d88a2.png 2. Select Deploy a virtual machine from an OVF or OVA file, and then click Next. b9219549-4afa-446f-b0c2-c432d5db447e.png 3. Enter the virtual machine name, upload the AmpCon-DC server .ovf and .vmdk files, and then click Next. 37b2e5bd-4463-42ab-965b-5a00a9f6fa02.png 4. Confirm the storage type and datastore, and then click Next. 4.png 5. In the Network mappings drop-down list of the Deployment Options window, select the network adapter to which the virtual machine is connected, and then click Next. 6. Click Finish. 6.png Wait for the importing process to finish. Once completed, the virtual machine is successfully imported, and the AmpCon-DC server is installed. NOTE The AmpCon-DC server is installed in the /usr/share/automation/server directory. Currently, you can’t customize the installation directory. 7. On the VMware ESXi console, click the new virtual machine name that you specified in step 3. 7.png 8. Click Console to open the virtual machine console. 8.png 9. Modify the network interface configuration. a. Log in to the virtual machine with the default username (pica8) and password (pica8). b. Modify the IP address with the real IP address of the virtual machine. sudo vi /etc/netplan/00-installer-config.yaml 9.png c. Apply the network interface configuration by running the following command: sudo netplan apply 10. Start the AmpCon-DC server: a. Go to the AmpCon-DC installation directory by running the following command: cd /usr/share/automation/server b. Start the AmpCon-DC server by running the following command: sudo ./start.sh Now the AmpCon-DC server is installed and started. What to Do Next The image file contains only one Network Interface Card (NIC) by default. If you manually add additional NICs on the virtual machine, you must specify the IP address of one NIC for AmpCon-DC to establish the connections with the switches to be managed. For more information, see "4.1.5 Multi-NIC Deployment for Switch Connectivity". After you install the AmpCon-DC server, you need to add system configurations and import AmpCon-DC Licenses. 4.1.3 Installing on QEMU or KVM You can install the AmpCon-DC server on QEMU or KVM. For how to use QEMU or KVM in general, see the KVM documentation and QEMU documentation. In this topic, KVM virt-manager is used to demonstrate the AmpCon-DC server installation steps. Prerequisites Ensure that the installation requirements are met. Download the compressed AmpCon-DC server image file by going to the FS AmpCon-DC website and then clicking AmpCon-DC for QEMU/KVM 2.2.x Software in the Resources section. Put the compressed AmpCon-DC server image file to the machine where the hypervisor exists, and unzip the file. Installation Procedure 1. Open the virt-manager console by running the following command: virt-manager 2. Click the following button to start the importing process. 2.png 3. Select Import existing disk image, and then click Forward. 3.png 4. Click Browse to select the AmpCon-DC server .qcow2 image file. 4.png 5. Click Browse Local to add a local location. 5.png 6. Find the location of the AmpCon-DC server .qcow2 image file, and then click Open. 6.png 7. Select Ubuntu 22.04 LTS, and then click Forward. NOTE Do not select other operating systems because AmpCon-DC supports only Ubuntu 22.04 currently. 7.png 8. Adjust the memory and CPU settings as needed, and then click Forward. NOTE The memory and CPU settings need to meet the "3.2 Server Requirements". 8.png 9. In the Network selection section, select Macvtap device, and enter the device name. Then, click Finish. 9.png Wait for the importing process to finish. Once completed, the virtual machine is successfully imported, and the AmpCon-DC server is installed. NOTE The AmpCon-DC server is installed in the /usr/share/automation/server directory. Currently, you can’t customize the installation directory. 10.png 10. Modify the network interface configuration. a. Log in to the virtual machine with the default username (pica8) and password (pica8). b. Modify the IP address with the real IP address of the virtual machine. sudo vi /etc/netplan/00-installer-config.yaml 11.png c. Apply the network interface configuration by running the following command: sudo netplan apply 11. Start the AmpCon-DC server: a. Go to the AmpCon-DC installation directory by running the following command: cd /usr/share/automation/server b. Start the AmpCon-DC server by running the following command: sudo ./start.sh Now the AmpCon-DC server is installed and started. What to Do Next The image file contains only one Network Interface Card (NIC) by default. If you manually add additional NICs on the virtual machine, you must specify the IP address of one NIC for AmpCon-DC to establish the connections with the switches to be managed. For more information, see "4.1.5 Multi-NIC Deployment for Switch Connectivity". After you install the AmpCon-DC server, you need to add system configurations and import AmpCon-DC Licenses. 4.1.4 Installing on Physical Machines (Ubuntu Docker) You can install the AmpCon-DC server on a physical machine based on Ubuntu 22.04 with Docker installed. Prerequisites Ensure that the "3.2 installation requirements" are met. Prepare a physical machine based on Ubuntu 22.04 with Docker installed. Download the AmpCon-DC server installation package by going to the FS AmpCon-DC website and then clicking AmpCon-DC for Ubuntu Docker 2.2.x Software in the Resources section. Installation Procedure 1. Unzip the AmpCon-DC server installation package by running the following command: tar -zxvf Replace with the name of the compressed AmpCon-DC server installation package. 2. Modify the network interface configuration. a. Modify the IP address with the real IP address of the physical machine. sudo vi /etc/netplan/00-installer-config.yaml 00892096-fe81-490c-aadc-93ff6d8b39dc.png b. Apply the network interface configuration by running the following command: sudo netplan apply 3. Go to the directory where the unzipped AmpCon-DC server installation files exist. cd Replace with the name of the directory containing the unzipped AmpCon-DC server installation files. 4. Install the AmpCon-DC server by running the following command: sudo ./install_or_upgrade.sh Wait for the installation process to finish. Once completed, the AmpCon-DC server is installed and started. NOTE The AmpCon-DC server is installed in the /usr/share/automation/server directory. Currently, you can’t customize the installation directory. What to Do Next If multiple NICs are configured on the physical machine, you must specify the IP address of one NIC for AmpCon-DC to establish the connections with the switches to be managed. For more information, see "4.1.5 Multi-NIC Deployment for Switch Connectivity". After you install the AmpCon-DC server, you need to add system configurations and import AmpCon-DC Licenses. 4.1.5 Multi-NIC Deployment for Switch Connectivity As described in "4.1 Installing the AmpCon-DC Server", you need to import the image file into a virtual machine or unzip the installation package on a physical machine to install the AmpCon-DC server. On a virtual machine, the image file contains only one Network Interface Card (NIC) by default. If you manually add additional NICs, you must specify the IP address of one of the NICs for AmpCon-DC to establish the connections with the switches to be managed. On a physical machine, multiple NICs are typically configured to support various network functions. In this case as well, you must specify the IP address of one of the NICs for AmpCon-DC to establish the connections with the switches to be managed. Otherwise, the connections between AmpCon-DC and switches to be managed might fail. NOTEs When you install the AmpCon-DC server on a virtual machine, the imported AmpCon-DC image file contains only one Network Interface Card (NIC). But you can manually add more NICs. When you install the AmpCon-DC server on a physical machine, the AmpCon-DC installation package file is not an image file, and thus no NIC is contained in the file. But you can manually add one or multiple NICs to the physical machine. Prerequisite Ensure that the AmpCon-DC server is installed on a virtual machine or a physical machine. Procedure 1. Log in to the virtual machine or the physical machine, and then open the /usr/share/automation/server/.env file. sudo vim /usr/share/automation/server/.env 2. Locate the line containing PROD_IP= in the file, and add the NIC IP address of the AmpCon-DC server machine, which is used to connect to the switches to be managed. image.png 3. Restart the AmpCon-DC server by the following commands: cd /usr/share/automation/server/ sudo ./start.sh 4.2 Adding System Configurations Before you deploy, configure, and manage switches with AmpCon-DC, you must configure system configurations in the AmpCon-DC UI. System Configurations System configurations contain the following two types: Global system configuration The first time you log in to AmpCon-DC, you must add information to the global system configuration, The global system configuration can’t be removed. Non-global system configuration If the default username and password of switches to be managed are different, you can add multiple non-global system configurations. You can remove the non-global system configuration if it is not needed. A system configuration contains the following information: The URL, username, and password of the License Portal. The information is used to send requests to the License Portal. Default username and password of switches to be managed. The information is used to access the switches. A security configuration file with PicOS security-related set CLIs. Before you deploy and configure a switch, the switch needs to be configured with an initial security configuration to eliminate any unauthorized access. Security Config file is loaded to switch at the beginning of switch deployment. A parking security configuration file, which is used to push initial parking security configuration for those switches in the parking status. This configuration is not included in the non-global system configuration. The maximum backup number for the configuration snapshots. This configuration is not included in the non-global system configuration. The IP ranges of switches that are allowed for AmpCon-DC management. This configuration is not included in the non-global system configuration. Whether to enable debug logs for server-side operations or not. This configuration is not included in the non-global system configuration. Adding a Global System Configuration The first time you log in to AmpCon-DC, the global system configuration is blank. You must configure the global system configuration: 1. Log in to the AmpCon-DC UI with the URL of the AmpCon-DC server in the format of "https://.com/login" or "https:///login". The default AmpCon-DC UI username and password is admin/admin. 2. On the “System Config” page, input the following information: Configuration Name: The name of the configuration. Device Default Login User: The default username of switches to be managed. Device Default Password: The default password of the default user. NOTEs Ensure that the Device Default Login User and Device Default Password on the “System Configuration” page can be used to log in to these switches. If the switches to be managed don’t share the same username and password in the global system configuration, create one or multiple non-global system configurations and apply system configurations to these switches based on the Device Default Login User and Device Default Password values. License Portal URL: https://license.pica8.com License Portal User: The user ID for the License Portal. License Portal Password: The password of the user for the License Portal. Config Backup Number: The maximum backup number for the configuration snapshots. DB Backup Number: The allowed maximum number of database backups. Security Config File: The .txt file with PicOS security-related set CLIs. Parking Security Config File: Optional. To eliminate any unauthorized access, switches in the parking lot need to be configured with an initial parking security configuration. That is, configurations in Initial parking security config file will be pushed to switches that already registered to AmpCon-DC but without generated configurations. Allow Switch Source IP: Optional. Allow specified subnets from which switches can access AmpCon-DC. Debug: Optional. Enable debug logs for server-side operations or not. 3. Click Save. 51e51aa1-e839-45da-b058-f72fc35bb663.png The global system configuration is configured now. If you don’t add non-global system configurations, the global system configuration will be used to deploy switches. Adding a Non-global System Configuration To add a non-global system configuration, follow these steps: 1. Log in to the AmpCon-DC UI, and click Service > System Configuration. 2. Click the + icon. The “Add New System Config” page opens. 3. Input the following information： Configuration Name: The name of the configuration. Device Default Login User: The default username of switches to be managed. Device Default Password: The default password of the default user. License Portal URL: https://license.pica8.com License Portal User: The user ID for the License Portal. License Portal Password: The password of the user for the License Portal. License Portal URL, License Portal User, and License Portal Password are used to access the License Portal. Security Config File: The .txt file with PicOS security-related set CLIs. 7557686c-b4fd-4214-b4b1-496a3ec0d440.png 4. Click Add. After you add the non-global system configuration, you can do the following actions: To view the switch information associated with the system configuration, click View Associated Switch on the ”System Config” page. c0bce99d-5c88-4188-9d95-ac90216d3fd9.png To apply a non-global system configuration to specific switches, click Manage Switch, select the switches, and then click Save. 72bbfa92-cd70-49c1-9b48-f074b860268e.png To remove a non-global system configuration, click View Associated Switch to check whether the system configuration is associated with any switches or not. If not, click Remove. NOTE If the non-global system configuration is still associated with some switches, the removal will fail. You need to click Manage Switch to unselect these switches first. Checking License Portal Connectivity To check whether AmpCon-DC can connect with the License Portal, follow these steps: 1. Log in to the AmpCon-DC UI, and click Service > System Config. 2. In the global system configuration, add the License Portal information, which is used by AmpCon-DC to connect with the License Portal. 3. Check the connectivity by clicking the connect icon as follows. image.png 4.3 Importing AmpCon-DC Licenses AmpCon-DC is the control center for all switch licensing. It tracks the current switch entitlement and allows the appropriate number of switches to be managed by AmpCon-DC. AmpCon-DC needs a valid license with active support to perform its functions. The following license types are provided: Trial license: The trial period lasts for 90 days and an additional 14 days. After the trial license is expired, you must install a formal license to continue using AmpCon-DC. Formal license: After a formal license is installed, you cannot install a trial license. To manage switches with AmpCon-DC, you need to add the Hardware IDs of the switches to an AmpCon-DC license and then import the license to AmpCon-DC. Prerequisite Obtain the Hardware ID of each switch that you want to manage by running the following commands in each switch: run start shell sh sudo license -s image.png 4.3.1 Creating an AmpCon-DC License To create an AmpCon-DC license, follow these steps: 1. Log in to the License Portal, and then click AmpCon Licenses > New AmpCon License. NOTE You can get the username and password of the License Portal from the sales team. 2. Input the following information: Software Type: Select AmpCon-DC. Software Version: Select AmpCon-DC 2.2.0. Device Type: From the drop-down list, select a device type. Feature Type: Select Foundation. Currently, only the Foundation feature type is supported. License Type: Select Trial License or Standard License. License Name: The name of the license. 3. In the Addition Method section, select either of the following ways: Form input: Enter the Hardware IDs of switches to be managed with AmpCon-DC, and select the expiration date. image.png File upload: Click Upload to upload a .xlsx file with the Hardware IDs of switches to be managed with AmpCon-DC and the expiration date. You can click Blank template to download a .xlsx template file. image.png 4. Click Add AmpCon License. 4.3.2 Importing an AmpCon-DC License To import an AmpCon-DC license, follow these steps: 1. Get the updated or new license from the License Portal. a. Log in to the License Portal, and then click AmpCon Licenses. b. Click Copy to copy the license string or click Download to download the .lic license file. image.png 2. In the AmpCon-DC UI, click System > Software License > License Management. 3. On the “License Management” page, click Import. 4. Select either of the following ways to import licenses: Select Copy License.txt, and paste the license strings that you copied in step 1.b to the License Key box. image.png Select Copy License.lic, and then upload the .lic license file that you downloaded in step 1.b in the License Key selection box. image.png 5. Click Apply. After you import the new license, the All Licenses table is refreshed. Optional: Editing an AmpCon-DC License After you create an AmpCon-DC license, if you want to manage new switches with AmpCon-DC, you can edit the license. Follow these steps: 1. Log in to the License Portal, and click AmpCon Licenses. 2. Locate the license that you want to edit, and click the edit icon in the Total hw-ids column. 3. Click the Add Device icon, enter the Hardware ID of each new switch that you want to manage, and select the expiration date. image.png NOTE After you edit a license, import the updated license to AmpCon-DC so that newly added switches can be managed by AmpCon-DC. For more information, see "4.3 Importing a License". 4.4 Upgrading the AmpCon-DC Server After the AmpCon-DC server is installed, you can upgrade the server to a later version. To upgrade the AmpCon-DC server, follow these steps: Procedure 1. Download the AmpCon-DC server upgrade package by going to the FS AmpCon-DC website and then clicking Software Upgrade Package for AmpCon-DC V2.2.0 in the Resources section. 2. Go to the package directory, and run the following upgrade command: sudo ./install_or_upgrade.sh 614066f1-46cf-4d4d-b28e-0be3e7c64d88.png 3. Wait for the upgrade process to complete. Once you see a success message, the upgrade is finished. 8cbfa9a0-626f-4f24-a7da-c18c8917ef24.png 4. Log in to the AmpCon-DC UI to see whether the server is upgraded to the new version. 4.5 Uninstalling the AmpCon-DC Server After the AmpCon-DC server is installed, you can uninstall the server if it is not needed. To uninstall the AmpCon-DC server, follow these steps: Procedure 1. Go to the root directory of the AmpCon-DC server, and run the stop script with sudo privileges: cd /usr/share/automation/server sudo ./stop.sh 2. Clear the files in the server directory with sudo privileges: sudo rm -rf /usr/share/automation/server 5.Administering AmpCon-DC You can administer AmpCon-DC by using the user interface. For more information, see the following child topics: 5.1 Managing User Access After you deploy AmpCon-DC, you can manage user access so that users are assigned with appropriate permissions. NOTE Only users with the SuperAdmin role have access to the “User Management” page. Adding, editing, or deleting users, login restrictions, and TACACS+ configuration are only available to AmpCon-DC users with the SuperAdmin role. Role-Based Access Control Role-Based Access Control (RBAC) is used to permit individual users to perform specific actions and get visibility to an access scope. Each user can be assigned to a specific role with associated permissions. AmpCon-DC supports the following user roles. The permission levels are as follows: SuperAdmin > Admin > Operator > Readonly. SuperAdmin Provides access to all AmpCon-DC functions The only role that can manage users and groups Admin Provides access to almost all AmpCon-DC functions Can’t manage users and groups Can’t access Switch model and System Configuration Operator Provides access to most of AmpCon-DC functions Can’t manage users and groups Can’t access Switch model and System Configuration Can’t view and manage licenses and can’t view license logs Readonly Views limited pages including Dashboard, Config Files View, Host Inventory, NIC Inventory, NIC Monitoring, Modules Overview, Alarms, DLB, RoCE Counters, and Event Log Provides access to CLI Configuration, Template Verify, and Config Snapshot Diff User Self-Management All AmpCon-DC users can change their own passwords and email addresses. Follow these steps: 1. In the AmpCon-DC UI, click the username, and then click User Management. ecaf2d5d-d08c-453c-b99e-ad64d92b7356.png 2. To change the user password, enter a new password in the New Password field, and then enter the password again in the Confirm Password field. image.png 3. To change the email address associated with the AmpCon-DC user, enter a new email address in the Email field. Managing All Added Users Adding a Global User or a Group User When you add a user, you need to select a user role for the user and specify the user type (a group user or a global user). A group user means that the user is a member of a specific group. A global user means that the user is not limited to a group. To add a user, follow these steps: 1. Log in to the AmpCon-DC UI with a user of the SuperAdmin role. 2. Click System > User management from the navigation bar. 3. Click Add User, and input the following information: User Name: The username. User Password: The password of the user. The password needs to be a combination of uppercase letters, lowercase letters, numbers, and special symbols. The character count needs to be greater than 10. Confirm Password: The password of the user. User Role: Select “SuperAdmin“, “Admin“, “Operator“, or “Readonly“. User Type: Select “Global“ or “Group“. Email: The email of the user. 4. If you select Group as the user type, select a group name from the Group Name drop-down list. To assign the user to a new group that hasn’t been created, create a group as described in Adding or Deleting a Group. image.png 5. Click OK. Editing Users To edit an added user, follow these steps: 1. Log in to the AmpCon-DC UI with a user of the SuperAdmin role. 2. Click System > User management from the navigation bar. 3. On the “User Management” page, locate a user, and then click Edit. NOTE The built-in user admin can’t be edited here. 4. Modify user information as needed. image.png 5. Click OK. Deleting Users To delete an added AmpCon-DC user, follow these steps: 1. Log in to the AmpCon-DC UI with a user of the SuperAdmin role. 2. Click System > User management from the navigation bar. 3. On the ”User Management” page, locate a user, and then click Delete. NOTE The built-in user admin can’t be deleted. image.png Setting Login Restrictions for AmpCon-DC Users You can lock an added user so that the user can’t be used to log in to the AmpCon-DC UI. Or you can unlock an added user to enable the login again. NOTE The built-in user admin can’t be locked or unlocked. To lock an added user, follow these steps: 1. Log in to the AmpCon-DC UI with a user of the SuperAdmin role. 2. Click System > User management from the navigation bar. 3. On the ”User Management” page, locate a user, and then click Lock. 4. In the pop-up window, click Yes to confirm the lock operation. To unlock an added user, follow these steps: 1. Log in to the AmpCon-DC UI with a user of the SuperAdmin role. 2. Click System > User management from the navigation bar. 3. On the ”User Management” page, locate the locked user, and then click Unlock. image.png 4. In the pop-up window, click Yes to confirm the unlock operation. Now you can log in to the AmpCon-DC UI with the user again. User Permissions on Menu Pages For menu pages in the AmpCon-DC UI, different user roles have different permissions. For more information, see the User Permission Table topic. User Permissions on Menu Pages Table 1. Menu Permissions First-level menu Second-level menu Third-level menu Fourth-level menu SuperAdmin Admin Operator Readonly Dashboard Global View √ √ √ √ Switch View √ √ √ √ Telemetry Dashboard √ √ √ √ Physical Network Topology √ √ √ √ Design Units √ √ √ × DC Templates √ √ √ × Fabric Management √ √ √ × Resource AZ √ √ √ × Upgrade Management √ √ √ × Authority Management Device License Management License Audit √ √ √ × License Action √ √ √ × Local License √ √ √ × Group Management √ × × × Pools IP Pools √ √ √ × ASN Pools √ √ √ × Service Switch √ √ √ √ Hosts Device Discovery √ √ √ × Inventory √ √ √ √ NICs Inventory √ √ √ √ Modules Overview √ √ √ √ Monitoring √ √ √ √ RoCE Configuration √ √ √ × Global Configuration √ √ √ × Switch Configuration √ √ √ × Config Files View √ √ √ √ Switch Model √ × × × System Configuration √ × × × Config Template New Template √ √ √ × Template List √ √ √ × Push Config √ √ √ × Template Verify √ √ √ √ Config Snapshot Diff √ √ √ √ Config Backup √ √ √ × Monitor Alarm Alarms √ √ √ √ Alarm Notification Rules √ √ √ √ Readonly users can only read notification rules. Historical Alarm Email Logs √ √ √ √ Network DLB √ √ √ √ RoCE Counters Switch √ √ √ √ NICs √ √ √ √ Event Log AI Event √ √ √ √ Maintain Automation Playbooks √ √ √ × Ansible Jobs List √ √ √ × Schedule √ √ √ × System Backup √ √ √ × CLI Configuration √ √ √ √ System User Management √ × × × Email Setting √ √ √ × Software License License View √ √ × × License Management √ √ × × License Log √ √ × × Configuring TACACS+ Authentication and Authorization AmpCon-DC supports integrating with the Access Controller Access Control System (TACACS+) server to do authentication and authorization for the AmpCon-DC login users. In addition to using local users (global users or group users), you can also enable the TACACS+ integration to manage user access. Before You Begin Before you enable the TACACS+ integration, read the following notes: You can configure at most two TACACS+ servers on the AmpCon-DC server. One is the primary and active server, while the other one is the secondary server, which is used for backup. Configure the secondary server only when backup is needed. You can designate authorization levels by using the priv-lvl parameter on the TACACS+ server. The priv-lvl configuration is sent in the TACACS+ authorization response. The priv-lvl parameter value is mapped to one of these local role levels: Readonly, Operator, Admin, and Superadmin. For how to configure authorization levels on the TACACS+ server, see the Sample Configuration of Authorization Level on TACACS+ Server (Linux tac_plus) section. AmpCon-DC sends authorization requests with “Arg[0]” service=AmpCon-DC. On the TACACS+ server, you need to set the value of the parameter “service=AmpCon-DC” to process authorization requests of AmpCon-DC users. If both the primary and the secondary TACACS+ servers are unreachable, you can use local users (global user or group user) to log in to the AmpCon-DC UI. Procedure To enable the TACACS+ integration, follow these steps: 1. In the AmpCon-DC UI, click System > User management. 2. Click TACACS+ Settings. 3. Click Enable to activate the TACACS+ service. The TACACS+ Settings pop-up window is displayed. image.png 4. Enter the following information： Parameter Description Enable Enable or disable TACACS+ authentication and authorization. Primary Server IP The IP address of the primary TACACS+ server. Secondary Server IP Optional. The IP address of the backup TACACS+ server. Server Key The shared key of TACACS+. NOTE The value of the Server Key field needs to be the same as the shared keys of the primary and secondary TACACS+ servers. The shared keys on both TACACS+ servers need to be the same Session Timeout The TACACS+ connection timeout in seconds. Auth Protocol The authentication protocol type of TACACS+ including ASCII, PAP, or CHAP. TACACS+ User Level Mapping The mapping ranges for TACACS+ authorization. The configuration page displays the default mapping values. You can configure a custom range for mapping values. The values are integers that range from 0 to15. NOTE Don’t overlap any range with other ranges among different user levels.If the priv-lvl configuration of a user on the TACACS+ server is not found in the level-mapping configuration on AmpCon-DC, the user role level is mapped to Readonly. 5. Click OK. Sample Configuration of Authorization Level on TACACS+ Server (Linux tac_plus) For how to configure authorization levels on the TACACS+ server, see the following example: user = leontest { global = cleartext "abc" service = AmpCon { default attribute = permit priv-lvl = 15 } } user = automation1 { global = cleartext "automation" service = AmpCon { default attribute = permit priv-lvl = 10 } } user = testtest { global = cleartext "testtest" service = AmpCon { default attribute = permit priv-lvl = 5 } } user = testpica8 { global = cleartext "testpica8" service = AmpCon { default attribute = permit priv-lvl = 1 } } 5.2 Updating the Encrypt Key for Sensitive Data Encryption After you deploy AmpCon-DC, a default encrypt key is generated to encrypt sensitive data in the AmpCon-DC database. In this way, plain text like password and sensitive TACACS+ keys is not shown in the AmpCon-DC UI. You can update the encrypt key as you need. Procedure To update the encrypt key, follow these steps: 1. Log in to the AmpCon-Ampus UI, and click Service > System Configuration. 2. On the “Global System Config” page, click Update Encrypt Key. 3. Enter the original key and the new key. The default encrypt key is pica8pica8 image.png 4. Click Save. 5.3 Forwarding Logs to External Syslog Servers To forward AmpCon-DC logs to other external Syslog servers, configure as follows: Prerequisite Ensure that the Syslog service of the target server is enabled. Procedure To update the encrypt key, follow these steps: 1. Log in to the AmpCon-DC UI, and click Service > System Configuration. 2. On the “Global System Config” page, click Syslog Config. 3. Input the following information: IP: The IP address of the external Syslog server. Port: The port number of the external Syslog server. Protocol: TCP or UDP. Level: SUCCESS or ERROR. The mapping rules of Ampcon-DC Log levels and Syslog rules are as follows: SUCCESS is equal to info (level=6) ERROR is equal to warning (level=4) For example, if the ERROR level is specified, the Syslog server receives logs with a warning level or higher from Ampcon-DC. image.png 4. Click Add. Verifying Syslog Forwarding To verify whether AmpCon-DC logs can be forwarded to the Syslog server, follow these steps: 1. Log in to the AmpCon-DC UI, and click Service > System Configuration. 2. In the License Portal User field, enter an incorrect username, and click Save. image.png 3. Access the AmpCon-DC server by using MobaXterm for verification. image.png 5.4 Backing up and Restoring the AmpCon-DC Database You can back up and restore the AmpCon-DC database securely for disaster recovery. Prerequisite The allowed maximum number of database backups is set based on the DB Backup Number field on the “System Config” page. Before you create a database backup, ensure that the current backup number doesn’t reach the allowed maximum number. You can remove a database backup if it is not needed. image.png Creating a Database Backup To create a database backup, follow these steps: 1. Log in to the AmpCon-DC UI, and click Maintain > System Backup. 2. Click Backup. The Create Backup Config pop-up window opens. 3. Enter the following information: Backup Name: The name of the backup to differentiate from the other backups. Encrypt Key: The encrypt key that you set on the global “System Config” page. The default encrypt key is pica8pica8 AmpCon Version: The version of AmpCon-DC that you use. 4. Click OK. Restoring from a Database Backup To restore from a database backup, follow these steps: NOTE The restore operation can only be executed once, and after an update, previous files cannot be restored. 1. Log in to the AmpCon-DC UI, and click Maintain > System Backup. 2. Locate the backup, and click Restore on the right. 3. In the Restore Backup Config pop-up window, input the following information: Encrypt Key: The encrypt key that you set on the global “System Config” page. The default encrypt key is pica8pica8 AmpCon Version: The version of AmpCon-DC that you use. image.png 4. Click OK. Optional: Editing a Database Backup To edit a database backup, follow these steps: 1. Log in to the AmpCon-DC UI, and click Maintain > System Backup. 2. Locate the backup, and click Edit on the right. 3. In the Edit Backup Config pop-up window, modify the backup name or AmpCon-DC version as you need. 4. Click OK. Optional: Removing a Database Backup To remove a database backup, follow these steps: 1. Log in to the AmpCon-DC UI, and click Maintain > System Backup. 2. Select the backup, and click Remove on the right. 3. Click Yes to confirm the removal. 6.Designing Physical Networks In data center networks, east-west traffic dominates the business traffic. Therefore, data centers have a high demand for horizontal scalability. To meet the evolving business requirements in data centers, including cloud scenarios, container scenarios, and AI computing scenarios, the 3-stage fabric model (leaf-spine-leaf) is introduced to AmpCon-DC. This document offers comprehensive guidance on using AmpCon-DC to design a modern 3-stage fabric. Benefits AmpCon-DC provides an easy‑to‑deploy and highly validated fabric design solution, which solves the deployment and operational complexity of next‑generation data center networks, leads to a more stable data center fabric, and reduces operational costs. Automate network construction By using AmpCon-DC templates, you can use the interactive canvas to visually design and model a physical network that fits your needs. Though only the 3-stage network architecture is supported currently, more network architectures will be supported in later versions. Simplify network design A template can be instantiated to one or multiple fabrics representing actual physical networks. You can use one template to build multiple fabrics, or you can copy a template and customize it to build a new fabric. Decrease configuration time and efforts For configurations of which you don’t care about the values, you can add related pools and designate the resource pools to be used in the unit and template. When you deploy the fabric, the required resources are automatically pulled and assigned by AmpCon-DC automatically. Manage switches comprehensively You can leverage the simple and powerful lifecycle management features of AmpCon-DC to manage switches in your network. Networking Elements In AmpCon-DC, the following elements are used to complete the network design and deployment: Resource pool The centralized collection of resources that are managed and allocated dynamically. AmpCon-DC automatically pulls and assigns IP addresses and Autonomous system numbers (ASN) from the resource pools that you specified. AZ The resources in available zones of a data center, including three types: bare metal resources, vSphere resources, and OpenStack resources. In AmpCon-DC, each AZ contains only one type of resources. Unit The minimum networking unit for creating a fabric. A unit includes one or multiple leaf switches. In a unit, you can specify details like leaf switch counts and whether to use the MLAG leaf strategy. Template The abstraction of network design that defines the relationship of leaf switches and spine switches and underlay and overlay protocols, without defining any vendor-specific information. A template contains one or multiple units. In a template, you can specify the spine switch count, included units and their counts, and underlay and overlay protocol related configurations. Fabric The logistic representation of an actual physical network. You can deploy a physical network by designing a fabric in the AmpCon-DC UI. A fabric is based on a template. A template contains one or multiple units. In a fabric, you can specify which managed switches serve as leaf and spine switches, and you can add terminal device nodes connected to leaf switches. Network Architecture The architecture of 3-stage fabrics in AmpCon-DC is as follows: The control plane adopts MP-BGP EVPN, which has excellent scalability, reduces broadcast dependency, automatically discovers VTEP tunnels, and matches routing isolation capabilities (VRF) perfectly. Spine switches and leaf switches are interconnected by using Layer 3 Ethernet interfaces to build a full-mesh fabric network. To avoid single-point failure, leaf switches can be added to MLAG. In a dual-active system, one terminal device is connected to two MLAG peer leaf switches to achieve device-level link reliability. OSPF or BGP is used as the underlay routing protocol. If OSPF is selected as the underlay routing protocol, IBGP is used as the overlay control protocol. The underlay uses direct access addresses to establish OSPF neighbors, while the overlay uses loopback interfaces to establish EVPN IBGP neighbors between spine and leaf switches, with the spine nodes acting as Route Reflectors (RR). Figure 1. Fabric Architecture with OSPF image.png If BGP is selected as the underlay routing protocol, MP-EBGP EVPN is used as the overlay control protocol. The underlay uses direct access addresses to establish EBGP neighbors, while the overlay uses direct access addresses to establish EVPN EBGP neighbors between spine and leaf switches. Figure 2. Fabric Architecture with BGP image.png Prerequisites This feature supports only switches with PicOS 4.6.0E or later installed. Check the recommended switch list in "6.2 Recommended Switches". You need to understand networking-related concepts. For more information, see "6.1 Key Concepts". Designing Procedure To design and deploy a physical network, follow the steps: 1. Add a fabric in the AmpCon-DC UI. See "6.3 Adding Fabrics". 2. Prepare IP pools, ASN pools, and AZ resources for fabric design. See "6.4 Adding Resources". 3. Add units to be used in the template. See "6.5 Designing Units". 4. Add a template to be imported to the fabric. See "6.6 Designing Templates". 5. Add managed switches to the fabric. See "6.7 Adding Switches to Fabrics". 6. Design and deploy the fabric. See "6.8 Designing and Deploying Fabrics". After the deployment status becomes SUCCEED, the physical network is deployed successfully. image.png What to Do Next After you complete the fabric deployment, you can use AmpCon-DC to manage the fabric and configure, manage, or monitor switches in the fabric. See the following topics: 6.4.5 Managing Fabrics 8. Configuring Switches 9. Managing Switches 10. Monitoring Switches 6.1 Key Concepts Before you design a physical network, you need to understand the following concepts: Autonomous System (AS) A collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain, which presents a common and clearly defined routing policy to the Internet. Each AS is assigned an autonomous system number (ASN), for use in Border Gateway Protocol (BGP) routing. An AS is a collection of routers and networks under a single technical administration, using an interior routing protocol and common metrics to determine how to route packets within the AS, and using an exterior routing protocol to determine how to route packets to other AS. Border Gateway Protocol (BGP) A routing protocol used to connect independent systems on the Internet. It is designed by the Internet Engineering Task Force (IETF) as a robust, scalable, and well-defined protocol for exchanging routing information among BGP routers within a single AS (IBGP) or among different AS (EBGP). External Border Gateway Protocol (EBGP) A routing protocol used to exchange routing information among different AS. Internal Border Gateway Protocol (IBGP) A routing protocol that operates within a single AS to distribute routing information among the BGP routers within that AS. Bare Metal (BM) The servers without operating systems, applications, or virtual machines installed. Bridge Domain (BD) The Layer 2 broadcast domain in which data packets are forwarded on a VXLAN network. BD is also called large Layer 2 domain. In a traditional network, VLANs are identified by VLAN ID. Similarly, in a VXLAN network, BDs are identified by VXLAN Network Identifiers (VNIs). Leaf Switch An access node on a VXLAN fabric network, which connects various network devices to the VXLAN network. MP-BGP EVPN Ethernet Virtual Private Network (EVPN) based on Multi-protocol Extensions for Border Gateway Protocol (MP-BGP). EVPN is a next-generation VPN solution that introduces a control plane to better control the MAC address learning process. MP-BGP is leveraged to distribute MAC information. MP-BGP EVPN facilitates efficient MAC address learning and synchronization across the network. Multi-Chassis Link Aggregation (MLAG) Implements link aggregation among multiple devices. AmpCon-DC networking solution supports using MLAG on leaf switches. Two leaf switches set up MLAG through peer links. The two switches are displayed as a logical device on the forwarding plane and as two independent switches on the management control plane. Upgrading and replacing devices are carried out independently, achieving simple maintenance and high running reliability. OpenStack An open-source cloud computing management platform that provides diverse components for computing, storage, networking, mirroring, and other services. OpenStack supports almost all types of cloud environments and provides a cloud computing management platform that supports easy implementation, large-scale expansion, and unified standards. OpenStack uses various components to control and manage resources, virtualize computing, network, storage, and pool resources. OpenStack also uses components to implement resource collaboration. OSPF A dynamic interior gateway protocol that uses link-state information to build and maintain a complete and consistent map of the network topology within an AS. It employs the Dijkstra algorithm to calculate the shortest path tree from each router to all other routers in the AS, based on which routing tables are built. Spine Switch The core node on a VXLAN fabric network, which provides high-speed IP forwarding and connects to leaf switches through high-speed interfaces. Virtual Routing and Forwarding (VRF) The technology that allows multiple instances of a routing table to coexist within the same router at the same time. It enables logical isolation between different networks on the same physical device. By using VRF, different instances can use the same IP address without conflicts. VLAN Domain The VLAN ID ranges of node devices connected to leaf switches. A VLAN Domain includes the Bridge Domain (BD) range and VRF VLAN range. Virtual Extensible Local Area Network (VXLAN) The overlay network virtualization technology that enables the creation of virtual Layer 2 networks across Layer 3 network boundaries by encapsulating Layer 2 frames within Layer 3 UDP packets. VXLAN extends traditional VLAN technology, addresses the limitations of VLANs, such as the 4096-network limit, and meets the needs of large-scale, virtualized data centers with multi-tenant capabilities. VXLAN Tunnel End Point (VTEP) The network entity that serves as the termination point for VXLAN tunnels. It is responsible for encapsulating Layer 2 frames into VXLAN packets for transmission over a Layer 3 network and for decapsulating VXLAN packets back into Layer 2 frames upon receipt. vSphere, ESXi, and vCenter vSphere is a virtualization platform released by VMware. ESXi and vCenter are important components of vSphere. ESXi is installed on physical servers to virtualize physical IT resources into virtual IT resource pools so that any applications can be virtualized. vCenter is a virtualization resource management component for managing ESXi servers. vCenter provides strong and flexible VM management capabilities, simplifying virtual data center management. 6.2 Recommended Switches The network design feature supports only switches with PicOS 4.6.0E or later installed. Before designing your fabric, refer to the following recommended solutions: Solution 1 The solution is recommended for most networks: Table 1. Recommended Solution 1 Role Application Scenario Device Model Port Configuration Switch ASIC Spine 100G Interconnect N8550-32C 32×100G, 2×10G Trident3 Spine 100G Interconnect N8560-32C 32×100G Trident3 Spine 100G Interconnect N8550-64C 64×100G Tomahawk2 Leaf 10G Access N5850-48X6C 48×10G, 6×100G Trident3 Leaf 25G Access N8550-48B8C 48×25G, 8×100G, 2×10G Trident3 Solution 2 If you need a higher-speed network, use the following solution: Table 2. Recommended Solution 2 Role Application Scenario Device Model Port Configuration Switch ASIC Spine 400G Interconnect N9550-32D 32×400G Tomahawk3 Spine 100G Interconnect N8550-64C 64×100G Tomahawk2 Leaf/Spine 100G Access N8550-32C 32×100G, 2×10G Trident3 Leaf/Spine 100G Access N8560-32C 32×100G Trident3 NOTEs If you choose other switches in Supported Switches for 2.2.0 as spine and leaf switches, pay attention to the following considerations: The switches are recommended to support both EVPN and VXLAN. In IDC scenarios, leaf switches need to support EVPN and both Layer 2 and Layer 3 VXLAN, while spine switches need to support at least EVPN. To view the EVPN and VXLAN support information, see PICOS Supported Features. 6.3 Adding Fabrics A fabric is an interconnected mesh of network devices, such as leaf and spine switches and connected nodes. You can use the built-in fabric default in the AmpCon-DC UI to design a physical network, or you can add a new fabric manually. Procedure To add a fabric manually, follow these steps: 1. In the AmpCon-DC UI, click Physical Network > Fabric Management from the navigation bar. 2. Click + Fabric. 3. In the pop-up window, enter the fabric name and description (optional). image.png 4. Click OK. 6.4 Adding Resources Before you design a physical network, prepare IP pools, ASN pools, and AZ resources for fabric design. 6.4.1 Adding Resource Pools You need to add IP pools (IPv4) and ASN pools. These pools are used by AmpCon-DC to assign Router ID, VTEP interfaces, L3 peer-link interfaces, direct access IP addresses, and BGP ASN during the fabric design process. For details about adding resource pools, see "6.4.1 Adding Resource Pools". For details about assignment rules of resource pools, see "6.8 Resource Pool Assignment Rules". image.png image.png In some cases, it doesn't matter what the actual values are; you just care that some values are assigned. For example, all you care about is that the switch has a Router ID, VTEP address, and ASN assigned no matter what these values are. You can add IP pools and ASN pools as needed. When you're ready to assign IP addresses or ASN resources, just tell AmpCon-DC which resource pools to use. The required resources are automatically pulled and assigned by AmpCon-DC. In this way, you can save the time spent on configuring IP addresses and ASN. If you find yourself short on resources while you're assigning them, you can create additional resource pools to meet your needs. For details about assignment rules of resource pools, see "6.8 Resource Pool Assignment Rules". For more information, see the following child topics: 6.4.1.1 Adding ASN Pools Autonomous system number (ASN) is used to support BGP in the underlay network. To design a physical network with AmpCon-DC, you need to add ASN pools so that you can designate ASN pools in the later Designing Templates process. AmpCon-DC automatically assigns ASN to switches based on the specified ASN pools. Adding ASN Pools To add an ASN pool, follow these steps: 1. In the AmpCon-DC UI, click Resource > Pools > ASN Pools from the navigation bar. 2. Click + ASN Pool. 3. In the Pool Name field, enter the pool name. 4. In the Range field, specify the ASN range of the ASN pool. image.png 5. lick Save. Optional: Viewing ASN Pools On the “ASN Pool” page, you can see the following ASN statistics and usage information: image.png Table 1. ASN Pool Metrics Metric Description Pool Name A unique name to identify the resource pool Used ASN Nums The number of ASN in use in the pool ASN Nums The total number of ASN in the pool Usage The percentage of ASN in use for all ASN ranges in the pool Status Whether the pool is in use Click + before a pool name. You can see the ASN ranges assigned to this ASN pool. NOTE Do not assign an ASN pool that is fully used when you design a template. image.png Table 2. ASN Range Metrics Metric Description ASN Range The ASN included in the range Used ASN Range Nums The number of ASN in use in the ASN range ASN Range Nums The total number of ASN included in the ASN range ASN Range Usage The percentage of ASN in use in this range for all ASN in this ASN range Status Whether the ASN range is in use Optional: Editing ASN Pools To edit an ASN pool, locate the ASN pool on the “ASN Pool” page, and then click Edit. Optional: Copying ASN Pools To copy an ASN pool, locate the ASN pool on the “ASN Pool” page, and then click Copy. Optional: Deleting ASN Pools To delete an ASN pool, locate the ASN pool on the “ASN Pool” page, and then click Delete. NOTE You can delete only ASN pools that are not used, which means the Status column of the ASN pool is displayed as Unused. 6.4.1.2 Adding IP Pools To design a physical network with AmpCon-DC, you need to add IP pools so that you can designate IP pools in the later Designing Units and Designing Templates processes. AmpCon-DC automatically assigns IP addresses to switches based on the specified IP pools. Currently, only IPv4 is supported. Adding IP Pools To add an IP pool, follow these steps: 1. In the AmpCon-DC UI, click Resource > Pools > IP Pools from the navigation bar. 2. Click + IP Pool. 3. In the Pool Name field, enter the name of the IP pool. 4. In the Subnet field, enter a subnet. To add multiple subnets, click +. image.png 5. Click Save. Optional: Viewing IP Pools On the “IP Pool” page, you can see the following IP address statistics and usage information: image.png Table 1. IP Pool Metrics Metric Description Pool Name A unique name to identify the resource pool Used IP Nums The number of IP addresses in use in the pool IP Nums The total number of IP addresses in the pool Usage The percentage of IP addresses in use for all IP addresses in the pool Status Whether the pool is in use Click + before a pool name. You can see the IP ranges assigned to this IP pool. NOTE Do not assign an IP pool that is fully used when you design templates and design units. image.png Table 2. IP Range Metrics Metric Description Subnet The IP addresses included in the subnet Used IP Range Nums The number of IP addresses in use in the subnet IP Range Nums The total number of IP addresses included in the subnet IP Range Usage The percentage of IP addresses in use in this subnet for all IP addresses in this subnet Status Whether the subnet is in use Optional: Editing IP Pools To edit an IP pool, locate the IP pool on the “IP Pool” page, and then click Edit. Optional: Copying IP Pools To copy an IP pool, locate the IP pool on the “IP Pool” page, and then click Copy. Optional: Deleting IP Pools To delete an IP pool, locate the IP pool on the “IP Pool” page, and then click Delete. NOTE You can delete only IP pools that are not used, which means the Status column of the IP pool is displayed as Unused. 6.4.2 Adding AZ You can add AZ resources as needed, including bare metal AZ, vSphere ESXi AZ, and OpenStack AZ. Then, you can view these AS resources or connect nodes in these AZ to leaf switches during the fabric design process. image.png As described in Add Nodes in the fabric design process, you can add node devices from added Available Zones (AZ) to connect to leaf switches. So before you design a fabric, add AZ if you want to add node devices in these AZ to the fabric. In the AmpCon-DC UI, you can view VPC, network, and VM resources of the vSphere or OpenStack AZ that you added. Currently, you can’t view resource information of the bare metal AZ. For more information, see the following child topics: 6.4.2.1 Adding a vSphere AZ To view VPC, Network, and VM related resources in VMware vSphere, add a vSphere AZ to AmpCon-DC. You can use the node devices in the vSphere AZ to design a fabric. AmpCon-DC supports only VMware vSphere 8.0 currently. Adding a vSphere AZ To add a vSphere AZ, follow these steps: 1. In the AmpCon-DC UI, click Resource > AZ from the navigation bar. 2. Click + AZ. 3. Input the following information: image.png Name: The name of the vSphere AZ. Resource Type: Select vSphere. Fabric: Select a fabric that is created on the “Fabric Management” page. Global VLAN: Optional. The VLAN range that can be assigned to the AZ. The supported global VLAN range is 2 to 3965. The VLAN assignment function is not available in AmpCon-DC 2.2. It will be available in the future versions. Version: The version of vSphere. Currently, you can select only 8.0. IP Address: The IP address of the vCenter server. Username: The administrator username used to log in to the vSphere environment. Port: The port number used to connect to the vCenter server. Password: The password associated with the username. For more information, see vSphere Automation API. 4. Click OK. Viewing a vSphere AZ On the “AZ” page, you can see all the AZ that you created. image.png To view detailed resources in a specific vSphere AZ, click the name of the AZ. You can see the following tabs. VPC Tab In the VPC tab, you can see the following information related to VPC in vSphere: image.png Table 1. VPC Metrics Metric Description VPC ID The ID assigned by AmpCon-DC based on the datacenter name VPC Name The datacenter name in vSphere User It is blank currently. Fabric The fabric to which the VPC belongs AZ The AZ to which the VPC belongs Resource Create Time The time when you created the AZ Network Tab In the Network tab, you can see the following information related to networks in vSphere: image.png Table 2. Network Metrics Metric Description Name The Port Group name in vSphere VPC The datacenter name in vSphere Fabric The fabric to which the network belongs AZ The AZ that the network belongs VM Count The count of VMs in vSphere Host Count The count of physical machines in vSphere Resource Create Time The time when you created the AZ VM Tab In the VM tab, you can see the following information related to VMs in vSphere: image.png Table 3. VM Metrics Metric Description Name The VM name VM IP Address The IP address of the VM Host IP Address The IP address of the physical machine Network The name of the network to which the VM belongs Fabric The fabric to which the VM belongs AZ The AZ to which the VM belongs VPC The data center to which the VM belongs Status The status of the VM Optional: Editing a vSphere AZ To edit a vSphere AZ, locate it on the “AZ” page, and then click Edit. Optional: Deleting a vSphere AZ To delete a vSphere AZ, locate it on the “AZ” page, and then click Delete. Adding a Bare Metal AZ You can add a bare metal AZ to AmpCon-DC, and then use the node devices in the bare metal AZ to design a fabric. 6.4.2.2 Adding a Bare Metal AZ To add a bare metal AZ, follow these steps: 1. In the AmpCon-DC UI, click Resource > AZ from the navigation bar. 2. Click + AZ. 3. Input the following information: image.png Name: The name of the bare metal AZ. Resource Type: Select BareMetal. Fabric: Select a fabric that is created on the “Fabric Management” page. Global VLAN: Optional. The VLAN range that can be assigned to the AZ. The supported global VLAN range is 2 to 3965. The VLAN assignment function is not available in AmpCon-DC 2.2. It will be available in the future versions. 4. Click OK. Viewing a Bare Metal AZ On the “AZ” page, you can see all the AZ that you have created. image.png Click the name of the AZ. You can see the VPC and Network tabs. For AmpCon-DC 2.2, no data is displayed in the VPC and Network tabs of the bare metal AZ. The data can be viewed in later versions. Optional: Editing a Bare Metal AZ To edit a bare metal AZ, locate it on the “AZ” page, and then click Edit. Optional: Deleting a Bare Metal AZ To delete a bare metal AZ, locate it on the “AZ” page, and then click Delete. 6.4.2.3 Adding an OpenStack AZ To view VPC, Network, and VM related resources in OpenStack, add an OpenStack AZ to AmpCon-DC. You can use the node devices in the OpenStack AZ to design a fabric. To add an OpenStack AZ, follow these steps: 1. In the AmpCon-DC UI, click Resource > AZ from the navigation bar. 2. Click + AZ. 3. Input the following information: image.png Name: The name of the OpenStack AZ. Resource Type: select OpenStack. Fabric: Select a fabric that is created on the “Fabric Management” page. Global VLAN: Optional. The VLAN range that can be assigned to the AZ. The supported global VLAN range is 2 to 3965. Global VNI VLAN: Optional. The VLAN used within the VXLAN network of the cloud platform. The supported global VNI VLAN range is 2 to 3965. The VLAN assignment function is not available in AmpCon-DC 2.2. It will be available in the future versions. Auth URL: The Keystone authentication endpoint. Username: The administrator username used to log in to the OpenStack environment. Password: The password associated with the username. User Domain Name: The domain where the user account exists. Project Name: The name of the OpenStack project. NOTE Though one project is specified here, all projects managed by the administrator user can be displayed in the AmpCon-DC UI after you add the AZ. Project Domain Name: The domain where the project exists. For more information, see OpenStack Docs: Authentication. 4. Click OK. Viewing an OpenStack AZ On the “AZ” page, you can find all the AZ you have created. image.png To view detailed resources in a specific OpenStack AZ, click the name of the AZ. You can see the following tabs. VPC Tab In the VPC tab, you can see the following information related to VPC in OpenStack: image.png Table 1. VPC Metrics Metric Description VPC ID The ID assigned by AmpCon-DC based on the project name VPC Name The project name in OpenStack User It is blank currently. Fabric The fabric to which VPC belongs AZ The AZ to which VPC belongs Resource Create Time The time when you create the AZ Network Tab In the Network tab, you can see the following information related to networks in OpenStack: image.png Table 2. Network Metrics Metric Description Name The network name in OpenStack VPC The project in OpenStack Fabric The fabric to which Network belongs AZ The AZ to which Network belongs VM Count The count of VMs in OpenStack Host Count The count of physical machines in OpenStack Resource Create Time The time when you create the AZ VM Tab In the VM tab, you can see the following information related to VMs in OpenStack: image.png Table 3. VM Metrics Metric Description Name The VM name VM IP Address The IP address of VM Host IP Address The IP address of physical machine Network The name of the network to which VM belongs Fabric The fabric to which VM belongs AZ The AZ to which VM belongs VPC The project to which the VM belongs Status The status of the VM Optional: Editing an OpenStack AZ To edit an OpenStack AZ, locate it on the “AZ” page, and then click Edit. Optional: Deleting an OpenStack AZ To delete an OpenStack AZ, locate it on the “AZ” page, and then click Delete. 6.5 Designing Units A unit means the minimum networking unit for creating a fabric. A unit includes one or multiple leaf switches. To design a physical network with AmpCon-DC, you need to add units as needed, which can be combined in the designing templates. Prerequisites You have added IP pools as described in Adding IP Pools. Adding Units You can add one or multiple leaf switches to the unit. To add a unit, follow these steps: 1. In the AmpCon-DC UI, click Physical Network > Design > Units from the navigation bar. 2. Click + Unit. 3. In the Basic Info section, enter the unit name and description (optional). 4. In the Leaf section, enter the following information: image.png Table 1. Leaf Information Configuration Description Leaf Name The name to distinguish the leaf switch. Leaf Strategy Select MLAG or None. The default value is MLAG. MLAG: Link Aggregation Group (MLAG) is used among two leaf switches. None: A non-MLAG leaf switch is used. MLAG Peer-Link VLAN ID The Virtual Local Area Network (VLAN) identifier assigned to the MLAG peer link. The value is 3966 and can’t be changed. NOTE This configuration is available only when you selected MLAG as the leaf strategy. L3 Peer-Link Interface The network interface used to establish a peer-to-peer connection between two MLAG peer leaf switches. Select from an IP pool. You can also click + Add Pool to add a new IP pool as needed. NOTE This configuration is available only when you selected MLAG as the leaf strategy. 5. To add another leaf switch, click + Add, and then input information as described in the last step. 6. lick Save to complete the unit design. Optional: Viewing Units On the “Units” page, you can see the following information: image.png Table 2. Unit Metrics Metric Description Unit Name The name that you specified for the unit Description The description of the unit Leaf Count The total number of leaf switches in the unit MLAG Count The total number of MLAG in the unit To see more information about the unit, locate the unit, and then click View. Optional: Editing Units To edit a unit, locate the unit on the “Units” page, and then click Edit. NOTE After you delete a unit, the fabrics that use this unit are not impacted. Optional: Copying Units To copy a unit, locate the unit on the “Units” page, and then click Copy. Optional: Deleting Units To delete a unit, locate the unit on the “Units” page, and then click Delete. NOTE After you delete a unit, the fabrics that use this unit are not impacted. 6.6 Designing Templates Templates are abstractions of network designs that define the structure and protocols of networks, without defining any vendor-specific information. To design a physical network with AmpCon-DC, you need to add a template, which can be used to design a fabric. Prerequisites You have added IP pools and ASN pools as described in Adding Resource Pools. You have added units as described in Designing Units. Adding Templates You can add one or multiple units to a template. To add a template, follow these steps: 1. In the AmpCon-DC UI, click Physical Network > Design > DC Templates from the navigation bar. 2. Click + Template. 3. In the Basic Info section, enter the template name and description (optional). Currently, AmpCon-DC supports only the 3-stage network architecture. So here 3-Stage is selected automatically. 4. In the Spine Layer section, specify the count of spine switches in this template. NOTE Ensure that the count of spine switches does not exceed 128. 5. In the Unit section, select a unit from the drop-down list, and specify its count. To add more units, click +. NOTE Ensure that the total number of leaf switches in all included units does not exceed 128. 6. In the Underlay section, select the underlay routing protocol, BGP or OSPF. If you selected BGP, enter the following information: image.png Table 1. BGP Information Configuration Description EBGP ASN The unique identifier to distinguish an Autonomous System (AS) in EBGP. Select an ASN pool. You can also click + Add Pool to add a new ASN pool as needed. Router ID The identifier used by the routing protocol BGP to uniquely identify the router. Select an IP pool. You can also click + Add Pool to add a new IP pool as needed. VTEP Interface The interface on a VXLAN Tunnel End Point (VTEP) device, through which VXLAN packets are sent and received. Select an IP pool. You can also click + Add Pool to add a new IP pool as needed. For each leaf switch, the loopback0 address of the switch is used as the router ID, and the loopback1 address of the switch is used as the VTEP interface. The loopback0 addresses on both MLAG peer switches differ and the loopback1 addresses on both MLAG peer switches are the same. Overlay Control Protocol MP-BGP-EVPN is selected automatically. Currently, only MP-BGP-EVPN is supported as the overlay control protocol. If you selected OSPF, enter the following information: image.png Table 2. OSPF Information Configuration Description Area ID The identifier to distinguish different areas within an OSPF domain.The value is 0.0.0.0 and can’t be changed. Router ID The identifier used by the routing protocol OSPF to uniquely identify the router.Select an IP pool. You can also click + Add Pool to add a new IP pool as needed. VTEP Interface The interface on a VTEP device, through which VXLAN packets are sent and received.Select an IP pool. You can also click + Add Pool to add a new IP pool as needed.For each leaf switch, the loopback0 address of the switch is used as the router ID, and the loopback1 address of the switch is used as the VTEP interface. The loopback0 addresses on both MLAG peer switches differ and the loopback1 addresses on both MLAG peer switches are the same. Overlay IBGP ASN The unique identifier to distinguish an AS in IBGP.Select an ASN pool. You can also click + Add Pool to add a new ASN pool as needed. Overlay Control Protocol MP-BGP-EVPN is selected by default. Currently, only MP-BGP-EVPN is supported as the overlay control protocol. 7. Click Save to complete the template design. Optional: Viewing Templates On the “DC Templates” page, you can see the following information: image.png Table 3. Template Metrics Metric Description Template Name The name that you specified for the template Description The description of the template Type The type of the network architecture Underlay Routing Protocol The routing protocol used in the underlay network Overlay Control Protocol The protocol used in the overlay network To see more information about a template, locate the template, and then click View. Optional: Editing Templates To edit a template, locate the template on the “DC Templates” page, and then click Edit. NOTE After you edit a template, the fabrics that use this template are not impacted. Optional: Copying Templates To copy a template, locate the template on the “DC Templates” page, and then click Copy. Optional: Deleting Templates To delete a template, locate the template on the “DC Templates” page, and then click Delete. NOTE After you delete a template, the fabrics that use this template are not impacted. 6.7 Adding Switches to Fabrics A fabric is composed of multiple leaf and spine switches. When you design a fabric, you need to select which managed switches act as leaf switches or spine switches. Before you design your fabric, you must add managed switches to the fabric. Prerequisites You must have imported or deployed the switches as described in Deploying or Importing Switches. Adding Unassigned Switches If the switches to be added haven’t been assigned as spine or leaf switches of any other fabrics, add the switch to the fabric directly. Follow these steps: 1. In the AmpCon-DC UI, click Physical Networks > Fabric Management from the navigation bar. 2. Locate the fabric, and then click Edit. image.png 3. Select the switches to be added. You can filter switches by entering keywords in the search box. image.png 4. Click Apply. Adding Assigned Switches If a switch has been assigned as a spine or leaf switch of another fabric, deallocate the switch from the fabric first, and then add the switch to the new fabric. Follow these steps: 1. Deallocate the switch from the fabric where the switch is assigned as a leaf or spine switch: a. Deploy or import a new switch, and add the switch to the fabric. b. Redeploy the fabric. In the Allocate Device process, assign the new switch as a leaf or spine switch to replace the switch to be added to the new fabric. 2. Add the switch to the new fabric: a. Click Physical Networks > Fabric Management from the navigation bar. b. Locate the new fabric, and then click Edit. c. Select the switch. You can filter switches by entering keywords in the search box. d. Click Apply. 6.8 Designing Fabrics Now you have added a fabric and added switches to this fabric, and you have added required resources and templates. It’s time to deploy a physical network by designing a fabric. Import a template to a fabric, and then you can design the fabric. AmpCon-DC automatically configures related switches based on fabric configurations to complete the network deployment. Prerequisites Ensure that the following prerequisites are met: You have imported or deployed switches as described in Deploying or Importing Switches. You have added a template used for the fabric design. You have added switches to the fabric that you want to design, the built-in fabric default or the fabric that you manually added. The IP pools and ASN pools used by the units and template in the fabric have enough available IP addresses and ASN. Adding Fabrics 1. Log in to the AmpCon-DC UI with a user of the SuperAdmin, Admin, or Operator role. NOTE AmpCon-DC users with the Readonly role can’t access the “Fabric Management” page. 2. Click Physical Network > Fabric Management from the navigation bar. 3. Click the fabric that you want to design. 4. In the pop-up window, select a DC Template from the drop-down list. image.png 5. Click Apply to import the template. You are now redirected to the fabric design page. The fabric design includes the following processes: 1. Configuring VLAN Domain The VLAN Domain restricts the allocation of VLAN IDs to a specific range for each node device connected to leaf switches. You must designate the Bridge Domain range and VRF VLAN range. Follow these steps: 1. Edit the VLAN Domain for all leaf switches. To edit the VLAN Domain ranges for multiple leaf switches, click the square before each VLAN Domain name, and then click Edit at the top of the section. To edit the VLAN Domain range for a single leaf switch, locate the switch, and then click Edit in the Operation column. image.png 2. In the Edit VLAN Domain section, input the following information: VLAN Domain Name: Optional. A default name is added automatically. You can modify it. VRF VLAN Range: The VLAN ranges reserved by VRF VLAN for L3VNI on the switch. The available VRF VLAN values range from 2 to 3965. Example Bridge Domain Range: 500-505,600,66 Bridge Domain Range: The VLAN ranges reserved by Bridge Domain for L2VNI on the switch. The available Bridge Domain values range from 2 to 3965. Example Bridge Domain Range: 30-300,400,509,1600-2000 The Bridge Domain range cannot be duplicated with the VRF VLAN range. The ranges in different VLAN Domains can be duplicated. Tips The following information is generated by AmpCon-DC automatically and can’t be changed: Hostname: The hostname of the leaf switch. Role: Only the role leaf is displayed here, which means leaf switches. Status: Whether the VLAN Domain is assigned to any node device. In AmpCon-DC 2.2, the VLAN Domain is not assigned, and thus the status is always Unused. In later versions, the VLAN Domain assignment function will be added. 3. Click Continue to go to the Allocate Device process. NOTEs The Continue button becomes clickable only after you have entered all required information. Configurations in each process can be saved only after you click Continue. 2. Allocating Devices 1. Click the Switch List tab. In the Physical Device drop-down list, select a physical switch for each logical leaf or spine switch. NOTE You can select only online physical switches (switches that are up and connected to the AmpCon-DC server). image.png Tip The following information is generated by AmpCon-DC automatically and can’t be changed: HostName: The hostname of the switch Role: leaf or spine, which means a leaf switch or spine switch Switch SN: The serial number of the switch Model: The model of the switch Mgmt IP: The management IP address (VPN IP address) of the switch Status: Imported or Deployed, which means the switch is deployed with AmpCon-DC or imported to AmpCon-DC 2. Check the Mgmt IP column, and ensure that all switches are up and connected to the AmpCon-DC server. Or else, the deployment will fail. ✓: The switch is up and connected to the AmpCon-DC server. x: The switch is down or not connected to the AmpCon-DC server. 3. In the IP Link Address tab, select an IP pool for AmpCon-DC to automatically assign a direct access IP address to each switch. By using direct access IP addresses, devices can communicate directly with each other without going through an intermediary device such as a router. NOTE You must select an IP pool that has enough available IP addresses to assign. image.png 4. Click Continue to go to the Confirm Configuration process. 3. Confirming Configurations 1. Click the Spine and Leaf tabs, and confirm whether the switch configurations are correct. NOTEs The Router ID, VTEP Interface, L3 Peer link, and ASN values are automatically pulled from related IP pools and ASN pools that you specified. For more information, see Resource Pool Assignment Rules and Adding Resource Pools. If the Router ID, VTEP Interface, L3 Peer link, and ASN values are blank, the IP pools or ASN pools might have been fully utilized. In this case, modify the unit and template to select other available IP pools or ASN pools, delete this fabric, and then add a new fabric. image.png image.png Table 1. Leaf Information Column Description HostName The hostname of the switch. Role leaf or spine, which means a leaf switch or spine switch. Physical Device The physical switch for each leaf and spine node. ASN The unique identifier to represent an Autonomous System (AS). MLAG Peer The counterpart device in a Multi-Chassis Link Aggregation (MLAG) setup. Router ID The identifier used by routing protocols such as OSPF and BGP to uniquely identify the router. VTEP Interface The interface on a VXLAN Tunnel End Point (VTEP) device, through which VXLAN packets are sent and received. MLAG Peer Links The number of direct connections between the switches participating in a MLAG setup. MLAG Peer Link VLAN The value is 3966 and can’t be changed. L3 Peer Link The network link between two MLAG peers at Layer 3, which is used for synchronizing routing information, exchanging protocol messages, and potentially transmitting data traffic. Routing Protocol The underlay routing protocol, BGP or OSPF. 2. Click Continue to go to the Check Topo process. Resource Pool Assignment Rules You have specified the IP pools and ASN pools in the template and unit design processes. After you import the template to the fabric, AmpCon-DC assigns information based on specified IP pools and ASN pools for the following columns: Table 2. Assignment Rules Column Assignment Rule Router ID AmpCon-DC assigns router IDs (loopback0 address) for both spine and leaf switches from the specified Router ID IP pool in the related template. Each switch has a unique Router ID. VTEP Interface AmpCon-DC assigns VTEP interfaces for only leaf switches from the specified VTEP Interface IP pool in the related template. Each non-MLAG switch has a unique VTEP interface. Both MLAG peer switches share the same VTEP interface. L3 Peer Link AmpCon-DC assigns L3 peer links from the specified L3 Peer-link Interface IP pool in the related unit. Only MLAG peer leaf switches have L3 peer links. ASN AmpCon-DC assigns ASN for both spine and leaf switches.If BGP is used as the routing protocol, ASN is assigned from the specified EBGP ASN pool in the related template.All spine switches share one ASN.Peer leaf switches in each MLAG setup share one ASN. Each non-MLAG leaf switch has a unique ASN.If OSPF is used as the routing protocol, ASN is assigned from the specified Overlay IBGP ASN pool in the related template. All spine and leaf switches share one ASN. 4. Checking Links 1. Click the square before the Link Name column heading to select all links, and then click Auto Discovery to automatically discover connected switch interfaces in each link. NOTE If switch interfaces in a link are not connected, no values will be displayed in the Interface column. image.png 2. Optional: To manually add connected switch interfaces for a link, follow these steps: a. Locate the link, and then click Edit. b. In the Interface columns of Node 1 and Node 2, enter the interfaces used to connect these two switch nodes. c. Click Apply. image.png 3. Click the square before the Link Name column heading to select all links, and then click Check to check each link status in the Status column. passed means switches in the link can connect to each other. failed means switches in the link can’t connect to each other. NOTEs If a link status is failed, check the physical interfaces and network to ensure that the switches in the link can connect to each other. Only after each link status is passed, you can click Continue to go to the Add Node process. By design, the IP addresses of MLAG peer leaf switches are not displayed here. You can check their IP addresses in the L3 Peer Link column of the Confirm Configuration process. 4. Click Continue to go to the Add Node process. NOTE The Add Node process can be skipped. You can click Continue again to go to the Deploy process directly. 5. Optional: Adding Nodes 1. In the Add Node process, add node devices connected to leaf switches, including bare metal nodes and cloud platform nodes (vSphere or OpenStack). To add bare metal nodes, click the Bare Metal Nodes tab. To add cloud platform nodes, click the Cloud Platform Nodes tab. 2. Click + Node, and then enter the following information: image.png Table 3. Node Information Input Entry Description Node Name The name of the node. Description Optional. The description of the node device. IP The IP address of the node. User Optional. The name of the user to log in to the node device. Password Optional. The password of the user to log in to the node device. AZ Select the AZ to which the node device belongs. 3. Click + Add In the Link section, and enter the connected leaf switch information: image.png Table 4. Link Information Input Entry Description Port Group Name The name of the port group including the connected leaf switch. VLAN Domain The name of the VLAN Domain assigned to the connected leaf switch. Switch The leaf switch to which the node device connected. Access MLAG Mode This field is available only when you selected an MLAG leaf in the VLAN Domain list. Select Single-Homed or Dual-Homed. Single-Homed: The node device connects to one peer leaf switch in the MLAG setup. Dual-Homed: The node device connects to both peer leaf switches in the MLAG setup. Peer Leaf This field is available only when you selected an MLAG leaf in the VLAN Domain list and selected Single-Homed in the Access MLAG Mode section. Select the MLAG peer leaf switch to which the node device connected. Port Mode The port mode used by the node device to connect to the leaf switch, Access or Trunk. Physical Link Count per Individual Switch Select Single or Dual. Single: The node device connects to the leaf switch with one physical link. Dual: The node device connects to the leaf switch with two physical links. Ports The ports connect to the leaf switch. If you selected an MLAG leaf in the VLAN Domain list and selected Single-Homed in the Access MLAG Mode section, you can see only one Ports field. If you selected an MLAG leaf in the VLAN Domain field and selected Dual-Homed in the Access MLAG Mode field, you can see two Ports fields. If you selected Single in the Physical Link Count per Individual Switch section, you need to enter one port in each Ports field. If you selected Dual in the Physical Link Count per Individual Switch section, you need to enter two ports in each Ports field. 4. Click Apply. 5. Click Continue to go to the Deploy process. 6. Deploying the Fabric 1. In the the Deploy process, check the Mgmt IP column, and ensure that all switches are up and connected to the AmpCon-DC server. Or else, the deployment will fail. ✓: The switch is up and connected to the AmpCon-DC server. x: The switch is down or not connected to the AmpCon-DC server. 2. Click Apply to deploy the fabric. The configuration pushing process takes some time (depending on the number of switches in the fabric) to complete. image.png Verifying the Deployment In the the Deploy process, check the Deployment Status column to see whether the status is SUCCEED. If the deployment status of any switch is FAILED, click Log to check more details for troubleshooting. Example: You might see the error message “Error: Configuration failed on host 10.8.0.186: commit;BGP instance is already running; AS is 111;Commit failed” in the log. This error message means that the BGP local AS has been configured on the switch. You need to log in to the switch and delete these configurations first. Then, click Apply in the Deploy process to re-deploy the fabric. If the deployment status of any switch is PENDING, the fabric is waiting to be deployed. If the deployment status of any switch is RUNNING, the fabric is being deployed. If the deployment status of all switches is SUCCEED, the fabric deployment is finished. Now your physical network is constructed as designed. image.png Redeploying Fabrics If fabric configurations are not pushed to switches due to some reasons, resolve the issues based on deployment logs, and then redeploy the fabric by following these steps: 1. Click Physical Network > Fabric Management from the navigation bar. 2. Locate the fabric, and then click the fabric name to enter the fabric design page. image.png 3. Click Continue until going to the Deploy process. 4. Check whether all switches in the fabric are in online status, and then click Apply to redeploy the fabric. 6.9 Managing Fabrics After you complete the physical network design as described in Designing and Deploying Fabrics, you can manage the fabrics in the AmpCon-DC UI, such as re-designing the network, deleting the network, checking network statistics and status, and viewing fabric topologies. Viewing All Fabrics In the AmpCon-DC UI, click Physical Network > Fabric Management from the navigation bar. On the “Physical Network” page, you can see the list of all added fabrics. image.png Table 1. Fabric Metrics Metric Description Fabric Name The name of the fabric. Description The description that you added when you add the fabric. Switch The number of switches added to the fabric. AZ The number of AZ added to the fabric. Underlay Routing Protocol The Routing protocol that you specified in the template of the fabric, OSPF or BGP. Last Modified Time The last time when you modify the fabric. Status The status of the fabric deployment. Deployed: You have deployed the fabric successfully. Deploying: After you click Apply in the Deploy section of the fabric design page fabric, the fabric is being deployed. Deploy Failed: After you click Apply in the Deploy section of the fabric design page fabric, the fabric fails to be deployed. Not Deployed: You haven’t clicked Apply in the Deploy section of the fabric design page. Redesigning Fabrics To redesign a fabric, follow these steps: 1. On the “Physical Network” page, click the name of the fabric to enter the fabric design page. 2. Redesign the fabric as described in Designing and Deploying Fabrics. To modify the unit and template configurations in the fabric, see Editing Units and Editing Templates. image.png Removing Switches from a Fabric To remove switches not assigned as spine or leaf switches from a fabric, follow these steps: 1. On the “Physical Network” page, locate the fabric, and then click Edit. 2. Unselect the switches to be removed. You can filter switches by entering keywords in the search box. image.png 3. Click Apply. To remove switches assigned as spine or leaf switches from a fabric, follow these steps: 1. Add new switches to the fabric as described in "6.7 Adding Switches to Fabrics". 2. Click Physical Network > Fabric Management from the navigation bar. Then, deallocate the switches to be removed as follows: a. Locate the fabric, and click the fabric name to enter the fabric design page. b. Click Continue to go to the Allocate Device process. c. Assign new switches as leaf or spine switches to replace the switches to be removed. d. Click Continue until going to the Deploy process. e. Check whether all switches in the fabric are in online status, and then click Apply to redeploy the fabric. 3. Go back to the “Physical Network” page, locate the fabric, and then click Edit. 4. Unselect the switches to be removed. You can filter switches by entering keywords in the search box. 5. Click Apply. Displaying the Topology Associated with a Fabric To display the topology associated with a fabric, follow these steps: 1. In the AmpCon-DC UI, click Physical Network > Topology. 2. In the Fabric list, click the corresponding fabric name. Then, you can see the topology graph of switches that belong to this fabric. For more information, see "10.6 Topology". image.png Deleting a Fabric To delete a fabric, follow these steps: 1. On the “Physical Network” page, locate the fabric, and then click Delete. 2. Click Yes to confirm the deletion. NOTEs After you delete a fabric, all data related to the fabric is deleted permanently and can’t be recovered. The fabric default is a built-in fabric that is automatically created by AmpCon-DC and can’t be deleted. The fabrics with spine or leaf switches allocated can’t be deleted. 7.Deploying or Importing Switches To manage switches with AmpCon-DC, you need to deploy switches or import switches. Importing Switches For switches that are deployed but not deployed with AmpCon-DC, you can import these switches so that they can be managed by AmpCon-DC. For more information, see "7.8 Importing Switches". Deploying Switches For switches that are not deployed, you can deploy these switches with AmpCon-DC. Then, these switches can be managed by AmpCon-DC. Deploying a white-box switch (switch on which PicOS is not installed) includes registering with the AmpCon-DC server, obtaining a PicOS image from the AmpCon-DC server, installing PicOS, configuring the switch based on system configurations and switch configurations, and installing a valid license on the switch. Deploying an integrated hardware and software switch (switch that has PicOS installed) includes registering with the AmpCon-DC server, configuring the switch based on system configurations and switch configurations, and installing a valid license on the switch. Deploying White-Box Switches To deploy white-box switches, follow these steps: 1. Ensure that the system configuration for each switch contains the default username and password of the switch. For more information, see "4.2 Adding System Configurations". 2. Click Service > Switch Model in the AmpCon-DC UI, and check whether the PicOS image that you want to install for each switch model is listed in the Deployed ONIE Image drop-down list. If the images are not listed there, upload these PicOS images and their MD5 files to AmpCon-DC. For more information, see "7.1 Uploading Images". If the images are listed there, you don’t need to upload PicOS images and their MD5 files. 3. Configure each switch model that you want to manage with AmpCon-DC. For more information, see "7.2 Configuring Switch Models". If not, the default port number ranges and built-in PicOS images are used to deploy switches with these switch models. 4. Prepare the global configurations that you want to push to each switch. For more information, see "7.3 Configuring Global Configurations". 5. Prepare the configuration templates that you want to use. For more information, see "7.4 Configuring Configuration Templates". 6. Add a switch configuration for each switch. For more information, see "7.5 Adding Switch Configurations". After you add a switch configuration, the switch is listed on the “Switch” page with the Configured status. OTE If you provision a switch without adding a switch configuration beforehand, the switch will be in Parking status. The switch in Parking status is not listed on the “Switch” page and can’t be staged. In the AmpCon-DC UI, click Service > Switch. On the “Switch” page, click Parking Lot, and then you can see all switches in Parking status. Locate a parking switch, and then click Create Config to add a switch configuration. After you add the switch configuration, the switch will be listed on the “Switch” page with the Configured status. 7. Stage each switch to make them ready for Zero Touch Provisioning (ZTP). For more information, see "7.6 Staging Switches". After you stage a switch, the switch is shown as Staged on the “Switch” page. 8. Provision new switches with ZTP to complete the PicOS installation and configuration without manual intervention. For more information, see "7.7 Provisioning New Switches with ZTP". After you provision a switch, the switch is shown as Provisioning Success on the “Switch” page. On the “Switch View” page, it’s shown as Deployed. Deploying Integrated Hardware and Software Switches To deploy integrated hardware and software switches, follow these steps: 1.Ensure that the system configuration for each switch contains the default username and password of the switch to be deployed. For more information, see "4.2 Adding System Configurations". 2. Prepare the global configurations that you want to push to each switch. For more information, see "7.3 Configuring Global Configurations". 3. Prepare the configuration templates that you want to use. For more information, see "7.4 Configuring Configuration Templates". 4. Add a switch configuration for each switch. For more information, see "7.5 Adding Switch Configurations". After you add a switch configuration, the switch is listed on the “Switch” page with the Configured status. NOTE If you provision a switch without adding a switch configuration beforehand, the switch will be in Parking status. The switch in Parking status is not listed on the "Switch" page and can’t be staged. In the AmpCon-DC UI, click Service > Switch. On the "Switch" page, click Parking Lot, and then you can see all switches in Parking status. Locate a parking switch, and then click Create Config to add a switch configuration. After you add the switch configuration, the switch will be listed on the “Switch” page with the Configured status. 5. Stage each switch to make them ready for Zero Touch Provisioning (ZTP) deployment. For more information, see "7.6 Staging Switches". After you stage a switch, the switch is shown as Staged on the "Switch" page. 6. Provision new switches with ZTP to complete the PicOS installation and configuration without manual intervention. For more information, see "7.7 Provisioning New Switches with ZTP". After you provision a switch, the switch is shown as Provisioning Success on the “Switch” page. On the "Switch View" page, it's shown as Deployed. 7.1 Uploading and Pushing Images AmpCon-DC provides multiple built-in PicOS images, which you can use to deploy switches. To deploy a switch with a PicOS image that is not built in AmpCon-DC, upload the image and its MD5 file first before you deploy the switch. Uploading Images To upload a PicOS image, follow these steps: 1. In the AmpCon-DC UI, click Resource > Upgrade Management. 2. Click Upload. 3. In the pop-up window, upload an image by using one of the following ways: Click File, and select a local image file (required) and its MD5 file (optional). image.png Click Link, and enter the image URL (required) and the MD5 file URL (optional). image.png Click Latest, and check the image files that you want to upload. image.png 4. Click Upload. Optional: Uploading MD5 Files An MD5 file is used to verify the completeness of the corresponding PicOS image. If the MD5 file is not uploaded when you upload the PicOS image, AmpCon-DC will not verify the completeness of the PicOS image when it installs the PicOS image. To upload an MD5 file for a PicOS image, follow these steps: 1. In the AmpCon-DC UI, click Resource > Upgrade Management. 2. In the Software list, locate the PicOS image, and then click Upload Md5. 3. Upload the MD5 file by using either of the following ways: Click File, and select the MD5 file. Click Link, and enter the URL of the MD5 file. 4. Click Upload. Optional: Removing Images 1. In the AmpCon-DC UI, click Resource > Upgrade Management. 2. In the Software list, locate an image, and then click Delete. 3. Click Yes to confirm the deletion. Optional: Pushing Images You can push PicOS images to one or multiple switches. The pushed images are located in the /home/automation directory. To push a PicOS image to a single switch, follow these steps: 1. In the AmpCon-DC UI, click Resource > Upgrade Management. 2. In the Software list, select the PicOS image that you want to push. 3. In the Switch list, locate the switch, and then click Push Image. image.png To push a PicOS image to multiple switches, follow these steps: 1. In the AmpCon-DC UI, click Resource > Upgrade Management. 2. In the Software list, select the PicOS image that you want to push. 3. In the Switch list, select the corresponding switches, and then click Push Image. image.png 7.2 Configuring Switch Models Before you deploy switches, configure each switch model that you want to manage with AmpCon-DC. If not, the default port number ranges and built-in PicOS images are used to deploy switches with these switch models. Configuring a Switch Model To configure a switch model, follow these steps: 1. In the AmpCon-DC UI, click Service > Switch Model. 2. To ensure the Switch Model drop-down list is the latest, click Update Switch Model, and then click Yes. image.png 3. In the Switch Model drop-down list, select the switch model that you want to configure. 4. Configure the port number range for each speed. 5. In the Deployed ONIE Image drop-down list, select the PicOS image that you want to install for this switch model. If the PicOS image to install is not listed here, upload the PicOS image and its MD5 file to AmpCon-DC. For more information, see "7.1 Uploading Images". image.png 6. Click Save. Optional: Resetting a Switch Model To reset a switch model, follow these steps: 1. In the AmpCon-DC UI, click Service > Switch Model. 2. Click Reset. 3. Click Save. After you reset a switch model, the port number range for each speed is set to zero, and the PicOS image in the Deployed ONIE Image drop-down list is reset to the built-in image. 7.3 Configuring Global Configurations Global configurations are configurations that you push to switches during the switch deployment process. When you add a switch configuration, you need to select a global configuration file. Prepare the global configuration before you add a switch configuration. Adding a Global Configuration To add a global configuration, follow these steps: 1. In the AmpCon-DC UI, click Service > Global Configuration. 2. Input the following information: Switch Model: The model of the switch. Global Config Name: The name of the global configuration. Generic Global File: Select a .txt file with general configurations to push to the switch. Security Global File: Select a .txt file with security-related configurations to push to the switch. image.png 3. Click Generate. 4. In the Admin Global Config Preview section, confirm or edit the configurations that are retrieved from the Generic Global File and the Security Global File. image.png 5. Click Save. Viewing a Global Configuration In the Historical Configuration section, you can see all global configurations, which are grouped by switch models. To search for a global configuration, enter the global configuration name in the search box (supports fuzzy matching). Editing a Global Configuration To edit a global configuration, follow these steps: 1. In the Historical Configuration section, locate the global configuration, and then click it. 2. In the Admin Global Config Preview section, click Edit. 3. Edit the configurations as needed. image.png 4. Click Save. 7.4 Configuring Configuration Templates AmpCon-DC provides powerful configuration templates to help you simplify the configuration writing process: When youadd a switch configuration during the switch deployment process, you must select a configuration template. When you push configurations to a switch after the switch is deployed or imported, you can use one or multiple configuration templates. Prepare configuration templates before you add a switch configuration or push configurations to a switch. Adding a Configuration Template To add a configuration template, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the New Template tab, input the following information: Name: The name of the configuration template. Descr: The description of the configuration template. Model: Select the switch model that is applicable to the configuration template. Version: Select the PicOS version that is applicable to the configuration template. Action: Select Config or Delete. 3. Optional: Click Update CLI Tree to refresh the CLI tree. image.png 4. In the CLI Tree section, add one or multiple template configurations by clicking the plus icon. The selected template configurations appear on the right. image.png 5. Click Save. Viewing or Editing a Configuration Template To view or edit a configuration template, follow these steps: In the AmpCon-DC UI, click Service > Config Template. In the Template List tab, locate a switch, and then click View Template. To view a configuration template, select the format for viewing the template in the pop-up window. Then, you can see the template configurations. image.png To edit a configuration template, click Edit in the pop-up window, and then click Save. Optional: Removing a Configuration Template To remove a configuration template, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Template List tab, locate a switch, and then click Remove Template. 3. Click Yes to confirm the deletion. Optional: Viewing or Updating Pre-Built Templates To view or update pre-built configuration templates, follow these steps: In the AmpCon-DC UI, click Service > Config Template, and then click the Template List tab. To view the pre-built templates, click Show Pre-built Template. To refresh the pre-built template list, click Update Pre-built Template. Optional: Copying a Configuration Template To copy a configuration template, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Template List tab, locate a switch, and then click Copy. 3. Enter the name for the copied template and a description (optional). 4. Click Save. Optional: Exporting a Configuration Template To export a configuration template, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Template List tab, locate a switch, and then click Export. Optional: Exporting All Configuration Template To export all configuration templates, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Template List tab, click Export All Template. Optional: Adding a Label to a Configuration Template To add a label to a configuration template, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Template List tab, locate a switch, and then click Tag Management. 3. In the pop-up window, enter the name of the tag. 4. Click Add. 5. Click Save. Optional: Uploading a Local Configuration Template To upload a local configuration template, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Template List tab, click Upload Template. 3. In the pop-up window, enter the name of the configuration template and the template description (optional). 4. Click or drag a .txt template file to upload it. 5. Click Upload. image.png 7.5 Adding Switch Configurations Before you provision a switch as described in Provisioning New Switches with ZTP, add a switch configuration. You can also add multiple switch configurations by using a JSON file. Before You Begin If you provision a switch without adding a switch configuration beforehand, the switch will be in Parking status. The switch in Parking status is not listed on the “Switch” page and can’t be staged. In the AmpCon-DC UI, click Service > Switch. On the “Switch” page, click Parking Lot, and then you can see all switches in Parking status. Locate a parking switch, and then click Create Config to add a switch configuration. After you add the switch configuration, the switch will be listed on the “Switch” page with the Configured status. Ensure that the global configuration file and configuration template for the switch to deploy have been created. For more information, see "7.3 Adding Global Configurations" and "7.4 Adding Configuration Templates". Adding a Switch Configuration 1. In the AmpCon-DC UI, click Service > Switch Configuration. 2. Input the following information: Switch SN/Service Tag: The SN or service tag of the switch. Switch Model: Select the switch model of the switch. Deployment Location: The location where the switch exists, such as Beijing. Fabric: Select the fabric that the switch belongs to. The default fabric is selected by default. Select Global Config: Select the global configuration file with configurations to push to the switch. Select Site Template: Select the configuration template to use. Option Post-Deployed: Select whether to back up the switch configuration. image.png 3. Click Next. You can see an input section, which is related to the selected configuration template. Enter the relevant information. image.png 4. Click Save. 5. In the Preview Config pop-up window, preview or edit the global configurations. image.png 6. Click Save. The switch configuration is added now. On the “Switch List” page, you can see the switch status is shown as Configured. 7. Click System Config to select the system configuration that is applicable to the switch. NOTE The selected system configuration needs to contain the default username and password of the switch. image.png 8. Optional: Click Agent to edit the Pushing Agent Configuration information. Adding Multiple Switch Configurations with a JSON file You can add multiple switch configurations by uploading a JSON file. In this way, you don’t need to add each switch configuration one by one. Follow these steps: 1. Prepare a JSON file with switch configurations. See the following example: { "sn": [ "EC1631000063","EC1806001292","732656X2007017"], "hardware_model": "ag5648", "location": "Beijing", "global_config_name": "2024-8-2-glob-ag5648-test1", "site_template_name": ["test1"], "agent_config": { "enable": true, "vpn_enable": true, "server_domain": "http://pica8.com ", "inband_native_vlan": "4094", "server_vpn_host": "vpn.pica8.com", "inband_vlan": "4094", "server_hostname_prefix": "ac", "inband_lacp": true, "uplink_ports": "te-1/1/49,te-1/1/50", "uplink_speed": "1000" }, "vpn": true, "retrieve_config": true, "default_config_param": { "test1": { "vlan_id": "12", "vlan_name": "23" } }, "unique_config_param": { } } 2. In the AmpCon-DC UI, click Services > Switch Configuration. 3. Click Upload by JSON. 4. Click or drag a file to upload the JSON file. 5. Click Upload. Viewing or Editing Switch Configurations In the Historical Switch Config Edit section, you can see all the added switch configurations, which are grouped by switch models. To edit a switch configuration, follow these steps: 1. Locate the global configuration, and then click it. image.png 2. In the pop-up window, click Edit. 3. Edit the configurations as you need. 4. Click Save. Optional: Checking the Switch Status After you add a switch configuration, check whether the switch status is shown as Configured. If not, locate the switch, and click Log to see more details. image.png Optional: Checking the Config View image.png To manage the configurations for a switch provisioned with ZTP, locate the switch, and then click Config View in the Operation column. Agent Config: The configurations are automatically uploaded to the switch during the ZTP process to assist with ZTP provision and switch lifecycle management. To check the agent configurations, click Agent Config. Init Deploy Config: To check the initial configurations of the switch, click Init Deploy Config. Current Config: To check the current configurations of the switch, click Current Config. Backup Config: To back up switch configurations, click Backup Config. Upload Config: To add local switch configurations by uploading a .boot file, click Upload Config. For more information, see "8.3 Uploading Local Configuration Files". To manage the configurations for a switch imported to AmpCon-DC (instead of provisioned with ZTP), locate the switch, and then click Config View in the Operation column. Backup Config: To back up switch configurations, click Backup Config. Upload Config: To add local switch configurations by uploading a .boot file, click Upload Config. For more information, see "8.3 Uploading Local Configuration Files". 7.6 Staging Switches After you add a switch configuration, you must stage the switch to make it ready for Zero Touch Provisioning (ZTP). Procedure 1. In the AmpCon-DC UI, click Service > Switch. 2. In the Switch list, locate the switch, and then click Stage. image.png 3. Check whether the switch status is shown as Staged. image.png After you stage the switch, you can continue to next part. 7.7 Provisioning New Switches with ZTP Zero Touch Provisioning (ZTP) is a technology for automated deployment and configuration of network devices. AmpCon-DC supports using ZTP to provision new switches. ZTP relies on the DHCP service, and thus you need to configure DHCP first. After you plug in and reboot a switch, DHCP automatically provides the switch with an IP address and the address of a provision shell script that is obtained from AmpCon-DC server. Then, the switch automatically runs the shell script to complete the ZTP deployment: The white-box switch runs the shell script to download a PicOS image, install PicOS and its license, register with the AmpCon-DC server, update switch configurations, and reboot the switch. The integrated hardware and software switch runs the shell script to register with the AmpCon-DC server, install a PicOS license on the switch, update switch configurations, and reboot the switch. Prerequisites Ensure that the following prerequisites are met: The Hardware IDs of the switches to provision have been added to the AmpCon-DC license, and you have imported the license to AmpCon-DC. For more information, see "4.3 Importing AmpCon-DC Licenses". For white-box switches, step 1 to 7 in Deploying White-Box Switches are completed. For integrated hardware and software switches, step 1 to 5 in Deploying Integrated Hardware and Software Switches are completed. You have installed a DHCP server and added configurations as follows to the DHCP configuration file (/etc/dhcp/dhcpd.conf): For white-box switches, refer to the following configuration example: image.png The assigned IP address of the switch is “10.10.51.198“. The IP address of the AmpCon-DC server is “10.56.20.184”. NOTE The following DHCP option is used： Option default-url: 114 For integrated hardware and software switches, refer to the following configuration example: image.png The assigned IP address of the switch is “10.10.51.4“. The IP address of the AmpCon-DC server is “10.56.20.180”. NOTE The following DHCP options are used： Option bootfile-name: 67 Option tftp-server-name: 66 Provisioning a White-Box Switch 1. Download and install MobaXterm. 2. Open MobaXterm, and then create a session to connect with the switch. 3. Reboot the switch by running the following command: sudo reboot -f 4. If you see the “Hit any key to stop autoboot” message, press the Enter key to exit the autoboot mode. If you don’t see this message, go to step 5 directly. 5. Reboot the switch. For switches with the ONIE menu, select ONIE, and then select ONIE: Install OS. image.png image.png For AS4610 switches, reboot from ONIE by running the following command: run onie bootcmd Then, the switch will be restarted and automatically register with the AmpCon-DC server. 6. Wait for the registration process to be completed. image.png 7. In the AmpCon-DC UI, click Service > Switch. Check whether the switch status is shown as Provisioning Success. image.png Provisioning an Integrated Hardware and Software Switch 1. Download and install MobaXterm. 2. Open MobaXterm, and then create a session to connect with the switch. 3. Reboot the switch by running the following command. sudo reboot image.png Then, the switch will be restarted and automatically register with the AmpCon-DC server. 4. Wait for the registration process to be completed. image.png 5. In the AmpCon-DC UI, click Service > Switch. Check whether the switch status is shown as Provisioning Success. image.png 7.8 Importing Switches For switches that are deployed but not deployed with AmpCon-DC, you can import these switches so that they can be managed by AmpCon-DC. Prerequisites The switches to be imported haven’t been managed by AmpCon-DC. The Hardware IDs of the switches to be imported have been added to the AmpCon-DC license, and you have imported the license to AmpCon-DC. For more information, see "4.3 Importing AmpCon-DC Licenses". Automatically Importing a Switch Importing a Switch with a Global User 1. Log in to the AmpCon-DC UI with a global user, and then click Service > Switch. 2. Click Import Actions, and then select Import. 3. In the IP field, enter the IP address of the switch. 4. In the System Config drop-down list, select the appropriate system configuration. NOTE The selected system configuration needs to contain the default username and password of the switch. image.png 5. In the Fabric drop-down list, select a fabric. To add a fabric, see "6.9 Managing Fabrics". 6. Click OK. 7. In the AmpCon-DC UI, click Service > Switch. Check whether the switch status is shown as Imported. Importing a Switch with a Group User 1. Log in to the AmpCon-DC UI with a group user, and then click Service > Switch. 2. Click Import Actions, and then select Import. 3. In the IP field, enter the IP address of the switch. 4. In the System Config drop-down list, select the appropriate system configuration. NOTE The selected system configuration needs to contain the default username and password of the switch. 5. In the Fabric drop-down list, select a fabric. To add a fabric, see "6.9 Managing Fabrics". 6. In the Group drop-down list, select a group. To add a group, see "12.1 Managing Groups". image.png 7. Click OK. 8. In the AmpCon-DC UI, click Service > Switch. Check whether the switch status is shown as Imported. Manually Importing a Switch 1. Generate the tunnel keys based on the input serial number. These keys are used to ensure that the VPN tunnel between the switch and the AmpCon-DC server is encrypted. a. Log in to the AmpCon-DC UI, and then click Service > Switch from the navigation bar. b. Click Import Actions, and then select Adopt. c. In the SN field, enter the serial number of the switch. image.png d. Click OK. 2. Download the VPN script and run it on the switch. The script will retrieve the tunnel keys and establish a VPN tunnel between the switch and the AmpCon-DC server. a. Log in to the AmpCon-DC UI, and then click Service > Switch from the navigation bar. b. Click Import Actions, and then select Download VPN Script. The VPN script is downloaded to your local machine. image.png c. Copy the script to the PicOS switch. d. SSH log in to the switch, enter the Linux shell mode, and run the script using the command: curl -o /opt/auto-deploy/auto-deploy.conf -k -v https:///rma/file/agent/auto-deploy.conf sudo ./enable_switch_vpn.sh NOTEs You must run the first command to replace the /opt/auto-deploy/auto-deploy.conf file before running the second command to import the switch. Otherwise, the switch import might fail. You need to replace with the IP address of your AmpCon-DC server. 8.Configuring Switches After you deploy or import a switch with AmpCon-DC, you can push configurations to the switch, manage configurations, back up and restore configurations for disaster recovery, or compare configurations for troubleshooting or auditing. You can push configurations to one switch or a group of switches. 8.1 Pushing Configurations to Switches After switches are successfully deployed or imported with AmpCon-DC, you can push configurations to these switches as needed. Prerequisite Ensure that you have created the configuration templates to push to each switch. For more information, see “7.4 Configuring Configuration Templates”. Procedure To push configurations to one or multiple switches, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Push Config tab, select a folder, and then click Add Node. A node represents a configuration file. 3. Enter the node name and its description (optional). 4. Click OK to save the node. 5. Click the node that you just created, and click Edit. image.png 6. Add configurations to push to switches by using either of the following ways: Enter the configurations manually. Using the configuration templates that you created before: a. Click Generate Config. b. Select a configuration template file from the drop-down list. c. Click Next, and enter the value for each variable. d. Click Save. image.png 7. Click Push Config, and then select the switches to apply these configurations. You can select specific switches in the Config Switch tab or select a group in the Config Group tab. For how to add a group or manage switches in a group, see “12.1 Managing Groups”. image.png 8. Click OK to start the configuration pushing. Optional: Verifying the Pushing Status and Log To verify whether the configuration is pushed to each switch successfully, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Push Config tab, click Push Config Logs. 3. Click Task List, check whether the pushing status is success. 4. If the pushing status is not success, click Push Log to check more pushing details for troubleshooting. 8.2 Viewing, Editing, or Deleting Configurations On the “Config Files Views” page, you can manage all global configurations and site configurations. In the Push Config tab of the “Config Template” page, you can manage all general configurations. Global configurations Configurations that you created as described in "7.3 Adding a Global Configuration" Site configurations Configurations that you created as described in "7.5 Adding Switch Configurations" General configurations Configurations that you pushed to switches as described in "8.1 Pushing Configurations to Switches" Managing Global Configurations and Site Configurations Viewing or Editing Global and Site Configuration Files 1. In the AmpCon-DC UI, click Service > Config Files View. 2. On the “Config Files Views” page, locate the configuration file, and then click View. You can see a pop-up window with detailed configurations. 3. To close the pop-up window, click the close icon. 4. To edit the configurations, click Edit, modify configurations, and then click Save. image.png Checking Switches Associated with a Configuration File 1. In the AmpCon-DC UI, click Service > Config Files View. 2. Locate the configuration file, and then click Associated. You can see the switches that are associated with the configuration file. image.png 3. To close the pop-up window, click the close icon. Deleting a Configuration File NOTE If a configuration file is still associated with one or multiple switches, the configuration file can’t be deleted. 1. In the AmpCon-DC UI, click Service > Config Files Views. 2. Locate the configuration file, and then click Delete. 3. Click Yes to confirm the deletion. Managing General Configurations Viewing or Editing a General Configuration File 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Push Config tab of the “Config Template” page, click the node that you want to view. Each node represents a general configuration file. image.png 3. To edit a configuration file, click Edit, modify configurations, and then click Save. image.png Deleting a General Configuration File 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Push Config tab, click the node that you want to delete. 3. Click Delete Node. 4. Click Yes to confirm the deletion. 8.3 Backing up and Restoring Configurations You can manually back up switch configurations or automatically back up configurations at a specific interval. In addition, you can restore configurations based on a backup configuration file for disaster recovery. Backing up Switch Configurations Backing up Configurations for a Single Device To back up configurations for a single switch, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Backup Config. image.png 3. Optional: Check whether the backup file is created successfully. a. Locate a switch, and then click Snapshot List. b. Check whether the backup file is in the snapshot list. c. To see the configuration details, click Snapshot. Backing up Configurations for a Group of Switches To back up configurations for a group of switches, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Config Backup tab, select the group, and then click Backup Config. image.png 3. Optional: Check whether the backup file for each switch is created successfully. a. Locate a switch, and then click Snapshot List. b. Check whether the backup file is in the snapshot list. c. To see the configuration details, click Snapshot. Backing up Configurations Automatically To back up configurations periodically and automatically, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Config Backup tab, set the backup interval and time: Interval Days: The interval in days between each backup Hours: The time in hour to do the backup 3. Click Save. Then, AmpCon-DC will automatically back up configurations at a specific interval. image.png Rolling Back Configurations To restore configurations based on a backup configuration file, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Snapshot List. 3. Locate the configuration to roll back, and then click Rollback Config. image.png 4. Set the wait time in seconds. The default value is 10. 5. Click Save. Optional: Viewing Backup Logs To view configuration backup logs on a switch, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. n the Config Backup tab, locate a switch, and then click Log. image.png Optional: Viewing All Configurations on a Switch To view detailed configurations on a switch, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Config. Optional: Viewing or Deleting Backup Configuration Files To view or delete backup configuration files, follow these steps: In the AmpCon-DC UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Snapshot List. You can see all available backup configuration files for the switch. To view configuration details, click Snapshot. To delete a backup configuration file, click Delete. image.png Optional: Uploading Local Configuration Files You can upload a local switch configuration file to AmpCon-DC. After you upload the configuration file, the uploaded configurations can’t be pushed to the switch directly but can be pushed to the new switch during the Returning Merchandise Authorization (RMA) process. If you didn’t back up configurations but uploaded a local configuration file before, when you RMA, the uploaded configurations will be pushed to the new switch. If you backed up configurations and also uploaded a local configuration file before, when you RMA, the backup configurations will be pushed to the new switch. To upload a local configuration file, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Upload Config. image.png 3. Select a .boot file with switch configurations and upload it. image.png 4. Click Config. In the pop-up window, check whether the uploaded configurations are added. image.png Optional: Setting Golden Config The backup file with Golden Config will never be deleted. When the switch operation is compromised, the backup file with Golden Config is used to roll back a switch. You can also check whether the switch is operating as designed by comparing running configurations with the backup configuration file with Golden Config. To set Golden Config, follow these steps: 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the Config Backup tab, locate a switch, and then click Snapshot List. 3. Locate a backup file, and then click Set Golden Config. Optional: Adding or Deleting Configuration File Tags You can add or delete tags for a backup configuration file. Follow these steps: In the AmpCon-DC UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Snapshot List. Locate a backup snapshot, and then click Tag Management. To add a tag, enter the tag name, and then click Add > Save. image.png To delete a tag, locate the tag, click the deletion icon, and then click Save. 8.4 Comparing Running or Backup Configurations You can compare running configurations or backup configurations on one switch or on different switches. Running configurations Configurations that are currently running on a switch Backup configurations Configuration files that were backed up as described in Backing up Switch Configurations. Procedure 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the first SN field, click Select to choose one switch to compare. 3. In the pop-up window, select the switch. 4. In the first Select Config drop-down list, select a running configuration file or a backup configuration file. NOTE The running configuration is available only for online switches (switches can connect with the AmpCon-DC server). image.png 5. In the second SN field, click Select to choose another switch to compare. 6. In the pop-up window, select the switch. 7. In the second Select Config drop-down list, select a running configuration file or a backup configuration file. Then, you can see configuration differences as follows: image.png 8.5 Comparing Running Configurations with Initial Configurations You can compare running configurations with initial configurations on the same switch. Initial configurations Configurations that you selected when you add a switch configuration, including the global configuration file and the configuration template Running configurations Configurations that are currently running on the switch This feature doesn’t support the following scenarios: Comparing configurations on different switches Comparing configurations on imported switches Comparing configurations on disconnected switches (switches can’t connect with the AmpCon-DC server) Prerequisites Check the Mgmt IP column on the “Switch” page, and ensure that the switch to compare is connected to the AmpCon-DC server. √: The switch is connected to the AmpCon-DC server. x: The switch is not connected to the AmpCon-DC server. image.png Ensure that the switch to compare is not in Imported status on the “Switch” page. NOTE After you Return Merchandise Authorization (RMA) to replace an imported switch with a new switch, the new switch is shown as Provisioning Success. However, you can’t compare running configurations with initial configurations on this new switch. This is because the new switch is configured by using the backup configuration file or uploaded configurations of the imported switch during the deployment process, instead of by creating a switch configuration. Procedure 1. In the AmpCon-DC UI, click Service > Config Template. 2. In the SN field, click Select. image.png 3. In the pop-up window, select the switch to compare. image.png 4. In the Template field, click Select. 5. In the pop-up window, select the global configuration file and the configuration template that you pushed to the switch during the initial switch deployment process. Then, click Generate. image.png 6. In the SN drop-down list, select Running Config(set format) or Running Config(all set format). Running Config(set format): Displays configurations as the show | display set command result in the switch Running Config(all set format): Displays configurations as the show all | display set command result in the switch Then, you can see differences between the running configurations and the initial configurations on the switch. image.png 9.Managing Switches After you deploy or import switches with AmpCon-DC, you can manage the lifecycle of these switches: 9.1 Upgrading PicOS on Switches You can upgrade PicOS on a single switch or on multiple switches. 9.2 Returning Merchandise Authorization for Switches You can Return Merchandise Authorization (RMA) to replace a failed switch with a new switch of the same switch model. 9.3 Decommissioning Switches You can decommission (DECOM) a deployed switch to revoke the license and configurations from the switch. The decommissioned switch will not be managed by AmpCon-DC. Imported switches can’t be decommissioned but can be removed. 9.4 Removing Switches You can remove a deployed or imported switch from AmpCon-DC. The switch will be removed from the AmpCon-DC database and thus not be displayed in the AmpCon-DC UI. Removing a switch doesn’t revoke the PicOS license and configurations from the switch. 9.1 Upgrading PicOS on Switches By using AmpCon-DC, you can upgrade PicOS on a single switch or on multiple switches at scale. Before You Upgrade Before upgrading a switch to PicOS 4.6.0E or later, if both EVPN VXLAN and static VXLAN have been configured on the switch, you must manually delete the static VXLAN configuration. Otherwise, the upgrade will fail and terminate with the following error message: Error: The current version only supports EVPN VXLAN. Please delete the static VXLAN configuration before upgrading. Upgrade aborts. For more information, see Upgrading PICOS from Version 4.0.0 or Later Using Upgrade Command and Upgrading PICOS from Version 3.0 or Later Using Upgrade2. Upgrading PicOS on a Single Switch To upgrade PicOS on a single switch, follow these steps: 1. In the AmpCon-DC UI, click Resource > Upgrade Management. 2. In the Software list, select the PicOS image to which you want to upgrade. 3. Locate the switch in the Switch list, and then click Upgrade. image.png 4. Click Yes to confirm the upgrade operation. Upgrading PicOS on Multiple Switches To upgrade PicOS on multiple switches, follow these steps: 1. In the AmpCon-DC UI, click Resource > Upgrade Management. 2. In the Software list, select the PicOS image to which you want to upgrade. 3. In the Switch list, select the corresponding switches, and then click Upgrade. image.png 4. Click Upgrade to confirm the upgrade operation. Verifying the Upgrade To verify the upgrade, follow these steps: 1. In the Switch list, locate the switch, and then check the Upgrade Status column to see whether the status is upgraded. 2. If the status is upgrade failed, click Log to see more details for troubleshooting. You can click the refresh icon to update the logs. image.png 9.2 Returning Merchandise Authorization for Switches AmpCon-DC supports Returning Merchandise Authorization (RMA), which means replacing a switch with another switch of the same switch model. When hardware of a switch fails and is replaced with a new switch, you can RMA to take the configurations from the failed switch, install or upgrade PicOS, update the serial number of the new switch, and push the configurations to the new switch to seamlessly manage it with AmpCon-DC. During the RMA process, AmpCon-DC deploys PicOS on the new switch based on the Deployed ONIE Image setting on the “Switch Model” page and configure the new switch based on the backup configuration file or uploaded configurations of the replaced switch. The backup configuration file with Golden Config is used to configure the new switch. If no backup configuration file is set with Golden Config, the latest backup configuration file is used to configure the new switch. If you haven’t done any configuration backup, the uploaded configurations are used to configure the new switch. Prerequisites Ensure that the following prerequisites are met: The switch to RMA must be in the Provisioning Success or Imported status, and you have backed up or uploaded switch configurations before. The new switch must have the same switch model as the replaced switch. Procedure To RMA, follow these steps: 1. In the AmpCon-DC UI, click Service > Switch. You can see a list of managed switches. 2. Locate the switch to RMA, click Lifecycle Actions > RMA. 3. Input the following information: Staged: Whether to stage the new switch SN: The SN number of the new switch System Configuration: The system configuration that is applicable to the new switch NOTE The selected system configuration needs to contain the default username and password of the new switch. image.png 4. Click OK. 5. Optional: Click Service > Switch, and check whether the switch to RMA disappears from the switch list and the new switch is shown as Provisioning Success in the switch list. 9.3 Decommissioning Switches You can decommission (DECOM) a deployed switch to revoke the PicOS license and configurations from the switch. The decommissioned switch will not be managed by AmpCon-DC. NOTEs Imported switches can’t be decommissioned but can be removed as described in Removing Switches. After an imported switch is upgraded, the switch can be decommissioned. Decommissioned switches are still displayed in the AmpCon-DC UI. You can remove the decommissioned switch from AmpCon-DC as described in Removing Switches. Procedure To DECOM a switch, follow these steps: 1. In the AmpCon-DC UI, click Service > Switch. 2. Locate the switch, click Lifecycle Actions, and select DECOM. 3. Click Yes to confirm the deletion. image.png 4. Optional: Click Service > Switch, and check whether the switch is removed from the switch list. 9.4 Removing Switches You can remove a deployed or imported switch from AmpCon-DC. The switch will be removed from the AmpCon-DC database and thus not be displayed in the AmpCon-DC UI. NOTE Removing a switch doesn’t revoke the PicOS license and configurations from the switch. Procedure To remove a switch, follow these steps: 1. In the AmpCon-DC UI, click Service > Switch. 2. Locate the switch, click Lifecycle Actions, and select Remove. 3. Click Yes to confirm the deletion. image.png 4. Optional: Click Service > Switch, and check whether the switch is removed from the switch list. 10.Monitoring Switches After switches are deployed or imported with AmpCon-DC, you can monitor these switches easily: 10.1 Global View You can check managed switches and the health of the AmpCon-DC server. 10.2 Switch View You can get a comprehensive overview of configurations, templates, switches, licenses, and tasks. 10.3 Switch List and Details You can view the list of all managed switches and check information about devices, telemetry, ports, modules, and AI. 10.4 Dynamic Load Balancing (DLB) You can use the DLB page to visualize load-related metrics. Based on these metrics, you can optimize your network for better performance. 10.5 Telemetry You can track performance metrics in real time from various network devices, such as port traffic, bandwidth utilization, and packet loss rate. 10.6 Topology You can visualize your switches in all locations and drill down into an individual switch, right to the port level, to check the port stats and overall health of the switch. In addition, you can view real-time or historical information about Linux servers connected to the switch. 10.7 Alarms You can check different types of alarms to take corrective actions before issues are escalated. 10.8 Alarm Notifications You can receive real-time alarm notifications through emails when issues arise. 10.1 Global View In the AmpCon-DC UI, click Dashboard > Global View. On the “Global View” page, you can check the health of the AmpCon-DC server and managed switches. In the CPU, MEM, and DISK sections, you can see the status of the AmpCon-DC server including CPU, memory, and hard disk. image.png In the CPU Utilization and Memory Utilization sections, you can see the historical utilization curves for CPU and memory in the AmpCon-DC server. image.png In the Devices section, you can see information about managed switches. The Online status means that the switch can connect with the AmpCon-DC server. The Offline status means that the switch can’t connect with the AmpCon-DC server. image.png In the Recent Alarms section, you can see recent switch alarms and the numbers for different types of switch alarms. image.png 10.2 Switches View In the AmpCon-DC UI, click Dashboard > Switch View. On the “Switch View” page, check the following information for managed switches: Checking Configurations or Templates In the Config/Templates section, you can see the total numbers for different types of switch configurations and templates. image.png Click the number for one specific type. You are redirected to the related page in the Service menu: Click Global Config to go to the “Global Configuration” page. Click Site Config to go to the “Switch Configuration” page. Click General Config to go to the Push Config section of the “Config Template” page. Click Retrieved Config to go to the Config Backup section of the “Config Template” page. Click Template to go to the Template List of the “Config Template” page. Click Hardware Model Configured to go to the “Switch Model” page. Checking Switches Checking Lifecycle Workflow In the Deployment and Lifecycle Work Flow section, you can see the lifecycle transition process of switches and the total number of each state. image.png Click Switch List. You can check all managed switches on the “Switch” page. image.png Checking the Proportions of Switches in Each Lifecycle State In the Deployment section, you can see the proportion of switches in each lifecycle state. image.png Checking Switch Models In the Hardware Models section, you can see the total numbers of switch models and their proportions. image.png Checking Licenses Checking Available License Numbers In the Available Licenses section, you can see the currently available license number. image.png Click Available Licenses, and then you are redirected to the License Portal, where you can see more details about available licenses. Checking License Expiration Dates In the License Expiration section, you can see the total number of devices that will expire in each month over the next six months. image.png Checking License Usage In the License Usage section, you can see the license usage information. image.png Checking Tasks Checking All Switch Activities In the Deployment Tasks section, click Deployment. You can see activities for all switches and each activity progress. image.png In the pop-up window, you can do the following actions: Click Display to see the initial configurations during the switch deployment process. This button is not available for imported switches. Click Log to see the log information. Click Report to see the corresponding report. Checking System Tasks In the System Tasks tab of the Deployment Tasks section, you can see the total numbers for different types of running tasks. image.png Checking Automation Jobs In the Automation Jobs tab of the Deployment Tasks section, you can see the total numbers for different types of automation jobs. image.png Click the number for one specific type. You are redirected to the related page: Click Playbooks Number to go to the “Playbooks” page. Click Jobs Number to go to the Job View section of the “Ansible Jobs List” page. Click IDLE Jobs to go to the Job View section of the “Ansible Jobs List” page. Click Running Jobs to go to the Job View section of the “Ansible Jobs List” page. Click Executed Jobs to go to the Job View section of the “Ansible Jobs List” page. 10.3 Switches List and Details You can view the list of all managed switches and check detailed telemetry data related to each switch. Viewing the Switch List In the AmpCon-DC UI, click Service > Switch. On the “Switch” page, you can see the list of all managed switches. image.png Table 1. Switch Metrics Metric Description Sysname The hostname of the switch. SN/Service Tag The serial number or service tag of the switch. Model The model of the switch. Version The version of the switch. Status The state of the switch. The following states are supported: Imported: The switch is imported to AmpCon-DC. Provisioning Success: The switch is deployed by using AmpCon-DC. Configured: After you add a switch configuration, the switch is in Configured status. Staged: After you stage a switch, the switch is in Staged status. Registered: The switch has registered with AmpCon-DC but hasn’t been deployed completely. Provisioning Failed: The switch fails to be deployed by using AmpCon-DC. DECOM: The deployed switch is decommissioned (DECOM) when it’s online. DECOM-Manual: The deployed switch is decommissioned (DECOM) when it’s offline. RMA: The switch is replaced with another switch of the same switch model by using Return Merchandise Authorization (RMA). Mgmt IP The switch IP address used to connect to AmpCon-DC and the status icons ✓ and x. ✓: The switch is up and connected to AmpCon-DC. x: The switch is down or not connected to AmpCon-DC. In the Operation column, you can manage the switch as follows: To connect to the switch from the AmpCon-DC UI through an SSH session, follow these steps: a. Click SSH. b. Input the following information: Username: The username to log in to the switch Password: The password of the user image.png c. Click OK. To check the operation log of the switch, click Log. To change the system configuration of the switch, click Configuration. To back up configurations for the switch, hover your mouse over Config View, and then click Backup Config. For more information, see "8.3 Backing up Switch Configurations". To upload configurations of the switch, hover your mouse over Config View, and then click Upload Config. For more information, see "8.3 Uploading Local Configuration Files". To replace the switch with another switch of the same switch model, hover your mouse over Lifecycle Actions, and then click RMA. For more information, see "9.2 Returning Merchandise Authorization for Switches". To remove the switch from AmpCon-DC, hover your mouse over Lifecycle Actions, and then click Remove. For more information, see "9.4 Removing Switches". Viewing Telemetry Data of a Switch Click a specific switch SN or service tag in the switch list. You can see detailed telemetry data related to the switch. For more information, see "10.5.2 Telemetry Data of a Switch". image.png Viewing the Parking Lot If you provisioned a switch without adding a switch configuration beforehand, the switch will be in Parking status. The switch in Parking status is not listed on the “Switch” page and can’t be staged. In the AmpCon-DC UI, click Service > Switch from the navigation bar. On the “Switch” page, click Parking Lot, and then you can see all switches in Parking status. image.png Table 2. Switch Metrics Metric Description SN The serial number of the switch Hardware ID The Hardware ID of the switch IP Address The switch IP address used to connect to AmpCon-DC Model The model of the switch Register Count The number of times the switch initiates ZTP authentication with the AmpCon-DC server Time In The time when the switch initiates the first ZTP authentication with the AmpCon-DC server Latest Time The time when the switch initiates the last ZTP authentication with the AmpCon-DC server Flag Indicates whether the switch has been investigated In the Operation column, you can manage the switch as follows: To add a switch configuration, click Create Config. Then, the switch will be listed on the “Switch” page and can be staged. To confirm whether you have viewed the switch, click Investigated. After you click the button, the value of the Flag field will be "I". To remove the switch from the parking lot list, click Remove. To save all the switch information from the parking lot list to a local file, click Export in the top-left corner. Updating the Switch Hostname During the switch lifecycle, you might need to change their hostnames. To see the latest hostnames, follow these steps: 1. Log in to the AmpCon-DC UI, and then click Service > Switch from the navigation bar. 2. Click Lifecycle Actions, and then select Sync Hostname. image.png 3. Click Yes. Updating the Switch Mgmt IP Address During the switch lifecycle, you might need to change their Mgmt IP addresses, which are used to connect to AmpCon-DC. To see the latest Mgmt IP addresses, follow these steps: 1. Log in to the AmpCon-DC UI, and then click Service > Switch from the navigation bar. 2. Click Lifecycle Actions, and then select Sync Mgmt IP Address. image.png 3. Click Yes. 10.4 Dynamic Load Balancing (DLB) AmpCon-DC provides a DLB page to help you visualize load balancing related metrics. Based on these metrics, you can optimize your network for better performance. To check the metrics for load balancing, click Monitor > Network > DLB in the AmpCon-DC UI, and then select the SN or service tag of a switch in the SN/Service Tag drop-down list. This feature works for only online switches and ports. For offline switches and ports, no data is displayed on the “DLB” page. Performance Trend In the Performance Trend tab, you can see the following line charts: Bandwidth Utilization (Output) and Bandwidth Utilization (Input) image.png These two metrics are used to measure how effectively the available bandwidth is being utilized. Bandwidth Utilization (Output) The percentage of the total outbound bandwidth that is being used on each port of the selected switch Bandwidth Utilization (Input) The percentage of the total inbound bandwidth that is being used on each port of the selected switch How It Is Calculated AmpCon-DC calculates Bandwidth Utilization (Output) and Bandwidth Utilization (Input) as follows: Bandwidth Utilization (Output) = Out Bits Rate / Port Speed × 100% Bandwidth Utilization (Input)= In Bits Rate / Port Speed × 100% For example, in the Port Overview tab of the switch detail page, the In Bits Rate metric, which means the rate at which bits are received by the switch port, is 376 bytes per second, and the Port Speed metric, which means the maximum data transfer rate that the port can support, is 1GB. So, the Bandwidth Utilization (Input) value is: 376 bit / 1GB × 100% = 0.0000376% image.png image.png Packet Loss Rate (Input) and Packet Loss Rate (Output) image.png These two metrics are used to measure the reliability of the network and the switch port in delivering data packets. Packet Loss Rate (Input) The rate at which input data packets are discarded during transmission Packet Loss Rate (Output) The rate at which output data packets are discarded during transmission How It Is Calculated AmpCon-DC calculates Packet Loss Rate (Output) and Packet Loss Rate (Input) as follows: Packet Loss Rate (Output) = Out Discards / Out Pkts × 100% Packet Loss Rate (Input) = In Discards / In Pkts × 100% For example, in the Port Overview tab of the switch detail page, the In Discards metric, which means discarded input packets, is 24356, and the In Pkts metric, which means all input packets, is 31004. So, the Packet Loss Rate (Input) value is: 24356 / 31004 × 100% = 78.557605% image.png Throughput (Output) and Throughput (Input) image.png These two metrics are used to measure the speed and efficiency of data transmission. Throughput (Output) The rate of data packets sent from the network interface within a unit of time Throughput (Input) The rate of data packets received by a network interface within a unit of time How It Is Calculated AmpCon-DC calculates Throughput (Output) and Throughput (Input) as follows: The Throughput (Output) metric value is equal to the Out Pkts Rate metric value in the Port Overview tab of the switch detail page. The Throughput (Input) metric value is equal to the In Pkts Rate metric value in the Port Overview tab of the switch detail page. image.png Real-Time Statistics In the Real-time Statistics tab, you can see the following table: image.png Metric Description Port Name The name of the switch port. 5sec Input Rate The rate of data packets received by a switch port within a unit of time. The same as the In-Pkts-Rate metric in the Port Overview tab of the switch detail page. 5sec Output Rate The rate of data packets sent from the switch port within a unit of time. The same as the Out Pkts Rate metric in the Port Overview tab of the switch detail page. Input Total Packets Without Errors The total number of error-free data packets received by a switch port. Output Total Packets Without Errors The total number of error-free data packets sent from a switch port. Input Total Packets With Errors The total number of erroneous data packets received by a switch port. Output Total Packets With Errors The total number of erroneous data packets sent from a switch port. NOTE Except the Port Name column, you can sort all the other columns by clicking the sorting triangle. Filtering DLB data To filter DLB data, use the following methods: To check only the data of specific switch ports in a line chart, click the Filter search box of the line chart, and then select the switch ports. image.png To specify how many ports that you want to monitor, select one of the following options: Top 5: The 5 switch ports with the largest values. By default, Top 5 is selected. Top 10: The 10 switch ports with the largest values. Top 25: The 25 switch ports with the largest values. NOTE Even though Top X is selected, you might see less than the selected number of switch ports in the line chart when other ports are down. image.png To specify the time range for the data display, select the start date and end date in the Time section. image.png To display or hide the data of a switch port, click the square before the switch port. image.png To view the metric details in a specific time point, hover the mouse over that time point. image.png 10.5 Telemetry To ensure that the network is healthy and devices are working well, you need to continuously monitor and validate the operational state of your network and devices. AmpCon-DC uses the telemetry technology to automatically collect real-time or historical metric data from managed switches. In addition, AmpCon-DC analyzes the telemetry data to predict equipment failures and performance anomalies and then triggers immediate alarms. By using AmpCon-DC, you can view multi-dimensional telemetry data of all managed switches in a centralized user interface, gain detailed insights into network performance and device health, and proactively troubleshoot and optimize your network performance. Prerequisites The telemetry data can be displayed in the AmpCon-DC UI only when the following prerequisites are met: The switch to be monitored is connected to the AmpCon-DC server. Click Service > Switch, and then check the Mgmt IP column ✔ means the switch is connected to the AmpCon-DC server. x means the switch is not connected to the AmpCon-DC server. Google Remote Procedure Call (gRPC) and Link Layer Discovery Protocol (LLDP) are enabled on the switch to be monitored. By default, gRPC and LLDP are enabled automatically after you deploy a switch with AmpCon-DC or import a switch to AmpCon-DC. Use Cases The following scenarios are examples of using the telemetry data: Monitor your network comprehensively with the telemetry data You can have an overall understanding about the network running status by checking telemetry metrics like routing neighbors, switch resource utilization, port counts, and Layer 2 and Layer 3 forwarding tables. Track real-time performance metrics from various switches You can monitor performance-related telemetry metrics for all managed switches, such as port traffic, bandwidth utilization, and packet loss rate. Optimize network performance based on the telemetry data You can better distribute the load based on the routing neighbor information, avoid excessive load on certain neighbors, and improve the overall network performance. Decrease time and efforts on locating and resolving network problems You can get early warnings of network failures, be notified when equipment failures and performance anomalies happen, and quickly troubleshoot and address network issues. Viewing Global Telemetry Data To view the telemetry data of all managed switches, click Dashboard > Telemetry Dashboard in the AmpCon-DC UI. For detailed information about each telemetry metric, see "10.5.1 Global Telemetry Data". Viewing Telemetry Data of a Switch To view the telemetry data of a specific switch, click Service > Switch in the AmpCon-DC UI, and then click the SN or service tag of the switch. For detailed information about each telemetry metric, see "10.5.1 Telemetry Data of a Switch". Filtering Telemetry Data To filter telemetry data as needed, use the following methods: To specify the metrics that you want to monitor, click the All Counters icon, select the metrics, and then click OK. image.png image.png To specify how many ports that you want to monitor, select one of the following options: Top 5: The 5 switch ports with the largest values. By default, Top 5 is selected. Top 10: The 10 switch ports with the largest values. Top 25: The 25 switch ports with the largest values. Note: Even though Top X is selected, you might see fewer than the selected number of switch ports in the line chart when other ports are down. image.png To specify the time range for the data display, select the start date and end date in the Time section. image.png To display or hide the data of a switch port, click the square before the port. image.png To view the metric details at a specific time point, hover the mouse over that time point. image.png 10.5.1 Global Telemetry Data Click Dashboard > Telemetry Dashboard in the AmpCon-DC UI, and then you can see the following telemetry data of all managed switches: CPU and Memory image.png Metric Description CPU The CPU usage of a switch in percentage. Memory The memory usage of a switch in percentage. NOTE The CPU and Memory sections are always displayed and can’t be hidden. You can display or hide other metrics by clicking the setting icon and selecting the metrics to be monitored. Port Metrics image.png Metric Description In Octets The number of octets (8-bit bytes) received by a switch port. In Pkts The number of incoming packets received by a switch port. In Discards The number of incoming packets that a switch port intentionally discards (drops) during processing. In Errors The number of incoming packets that contain errors and are dropped by a switch port. In Fcs Errors The number of incoming packets that fail the Frame Check Sequence (FCS) validation. Out Octets The number of octets (8-bit bytes) transmitted out of a switch port. Out Pkts The number of outgoing packets transmitted by a switch port. Out Discards The number of outgoing packets that a switch port intentionally discards (drops) before they are transmitted. Out Errors The number of outgoing packets that a switch port fails to transmit successfully due to errors. Out Bits Rate The rate at which bits are transmitted from a switch port. It’s measured in bits per second (bps). In Bits Rate The rate at which bits are received by a switch port. It’s measured in bits per second (bps). Out Pkts Rate The rate of data packets sent from a switch port. It’s measured in Packets Per Second (pps). In Pkts Rate The rate of data packets received by a switch port. It’s measured in Packets Per Second (pps). Module Metrics image.png Metric Description Output Power The amount of optical power delivered by the optical module connected to the switch port. It’s measured in dBm. Input Power The amount of optical power consumed by the optical module connected to the switch port. It’s measured in dBm. Laser Temperature The temperature of the optical module connected to the switch port. It’s measured in Celsius (°C). Output Power - Input Power The difference between the output power and the input power. 10.5.2 Telemetry Data of a Switch Click Service > Switch in the AmpCon-DC UI, and click a specific switch SN or service tag in the switch list. Then, you can see the following telemetry data related to the switch: Device Information In the Device Information section, you can see the following information: image.png Table 1. Device Information Metric Description Model The model of the switch. SN The serial number of the switch. Hardware-ID The hardware ID of the switch. MAC Address The MAC address of the switch. Sysname The hostname of the switch. IP Address The switch VPN IP address that is used to communicate with AmpCon-DC. Version The PicOS version on the switch. Switch Overview Click the Switch Overview tab. Then, you can see the following line charts: image.png NOTE The Usage and Fan sections are always displayed and can’t be hidden. You can display or hide other metrics by clicking the setting icon and selecting the metrics to be monitored. Table 2. Switch Overview Metrics Metric Description Usage The CPU and memory usage of the switch. It’s measured in percentage. Fan The proportion of the fan's PWM to the total width. In Octets The number of octets (8-bit bytes) received by the switch port. In Pkts The number of incoming packets received by the switch port. In Discards The number of incoming packets that the switch port intentionally discards (drops) during processing. In Errors The number of incoming packets that contain errors and are dropped by the switch port. In Fcs Errors The number of incoming packets that fail the Frame Check Sequence (FCS) validation. Out Octets The number of octets (8-bit bytes) transmitted out of the switch port. Out Pkts The number of packets transmitted out of the switch port. Out Discards The number of outgoing packets that the switch port intentionally discards (drops). Out Errors The number of outgoing packets that the switch port fails to transmit successfully due to errors. Out Bits Rate The rate at which bits are transmitted from the switch port. It’s measured in bits per second (bps). In Bits Rate The rate at which bits are received by the switch port. It’s measured in bits per second (bps). Out Pkts Rate The rate of data packets sent from the switch port. It’s measured in Packets Per Second (pps). In Pkts Rate The rate of data packets received by the switch port. It’s measured in Packets Per Second (pps). Output Power The amount of optical power delivered by the optical module connected to the switch port. It’s measured in dBm. Input Power The amount of optical power consumed by the optical module connected to the switch port. It’s measured in dBm. Laser Temperature The temperature of the optical module connected to the switch port. It’s measured in Celsius (°C). Output Power - Input Power The difference between the output power and the input power. Device Overview Click the Device Overview tab. Then, you can see the following tables: image.png Redundant Power Supply Units (RPSUs) Table 3. RPSU Metrics Metric Description PSU Index The index of the Power Supply Unit (PSU). Power on Whether the PSU is powered on. Enabled Whether the PSU is activated or turned on. Present Whether the PSU is properly plugged. Fans Table 4. Fan Metrics Metric Description Position The position of the fan. Direction The direction of the wind, forward or back. PWM The proportion of the fan's PWM to the total width. Speed The fan speed. Port Overview Click the Port Overview tab. Then, you can see the following table: image.png Table 5. Port Overview Metrics Metric Description Port Name The name of the switch port. Port State The state of the switch port. MTU The largest size of a data packet that can be transmitted over a network without being fragmented. It’s measured in bytes. Loopback Mode Whether the loopback mode is enabled on this port.In loopback mode, the switch port sends data packets that are then routed back to itself. You can enable this mode to verify whether data can be sent or received as expected without involving external networks. Port Speed The maximum data transfer rate that the port can support. In Bandwidth Utilization The percentage of the inbound bandwidth that is being used on the port. Out Bandwidth Utilization The percentage of the outbound bandwidth that is being used on the port. Auto Negotiate Whether the Auto Negotiate feature on the port is enabled.Auto Negotiate means the process to automatically negotiate and select the optimal operating parameters, such as the speed and duplex mode. Mac Addr The MAC address of the switch port connecting to this switch port. Duplex Mode Whether data can flow in one direction (half duplex) at a time or both directions (full duplex) simultaneously. In Broadcast Pkts The number of broadcast packets received by the port. In Discards The number of incoming packets that the switch port intentionally discards (drops) during processing. In Errors The number of incoming packets that contain errors and are dropped by the switch port. In Fcs Errors The number of incoming packets that fail the Frame Check Sequence (FCS) validation. In Multicast Pkts The number of multicast packets received by the switch port. In Octets The number of octets (8-bit bytes) received by the switch port. In Pkts The number of incoming packets received by the switch port. In Unicast Pkts The number of unknown unicast packets received by the switch port. Out Broadcast Pkts The number of broadcast packets sent by the switch port. Out Discards The number of outgoing packets that the switch port intentionally discards (drops). Out Errors The number of outgoing packets that the switch port fails to transmit successfully due to errors. Out Multicast Pkts The number of multicast packets sent by the switch port. Out Octets The number of octets (8-bit bytes) transmitted out of the switch port. Out Pkts The number of packets transmitted out of the switch port. Out Unicast Pkts The number of unknown unicast packets sent by the switch port. In Oversize Frames The number of oversize frames received by a switch port.Oversize frames mean frames that exceed the typical maximum transmission unit (MTU) size. In Undersize Frames The number of undersize frames received by a switch port.Undersize frames mean frames with a length less than 64 bytes and a correct checksum. Out Bits Rate The rate at which bits are transmitted from the switch port. It’s measured in bits per second (bps). In Bits Rate The rate at which bits are received by the switch port. It’s measured in bits per second (bps). Out Pkts Rate The rate of data packets sent from the switch port. It’s measured in Packets Per Second (pps). In Pkts Rate The rate of data packets received by the switch port. It’s measured in Packets Per Second (pps). In Frames 64 Octets The number of 64-byte frame packets received by the switch port. In Frames 65-127 Octets The number of frame packets between 65 and 127 bytes received by the switch port. In Frames 128-255 Octets The number of frame packets between 128 and 255 bytes received by the switch port. In Frames 256-511 Octets The number of frame packets between 256 and 511 bytes received by the switch port. In Frames 512-1023 Octets The number of frame packets between 512 and 1023 bytes received by the switch port. In Frames 1024-1518 Octets The number of frame packets between 1024 and 1518 bytes received by the switch port. Modules Overview Click the Modules Overview tab. Then, you can see the following table: image.png Table 6. Module Overview Metrics Metric Description Port Name The name of the switch port connected with the optical module. Connector Type The type of the connector used by the optical module. Form Factor The physical size, shape, and interface specifications of the optical module. Vendor The manufacturer of the optical module. Vendor Part The model name of the optical module. Transmission Distance The maximum distance over which an optical signal can be transmitted effectively through the module. Transmission Rate The speed at which data can be transmitted through the module. It’s measured in gigabits per second (Gbps). WaveLength The distance between two corresponding points on an optical wave, typically measured from crest to crest (or trough to trough). It’s measured in nanometers (nm). Tx Power The amount of optical power consumed by the optical module. It’s measured in dBm. Rx Power The amount of optical power delivered by the optical module. It’s measured in dBm. Power Budget The difference between the output power and the input power. Temperature The temperature of the optical module. It’s measured in Celsius (°C). BGP Click the BGP tab. Then, you can see the following table: image.png Table 7. BGP Metrics Metric Description VRF Name The name of the Virtual Routing and Forwarding (VRF) instance. BGP Version The version of Border Gateway Protocol (BGP). Local AS The Autonomous System Number (ASN) of the local switch. Local Router ID The unique BGP identifier of the local switch. Remote AS The ASN of the remote device. Remote Router ID The unique BGP identifier of the remote device. BGP State The state of the BGP session. Hold Time The allowed maximum time between two BGP peers without receiving any messages. It’s measured in seconds. Keepalive Interval The time interval for sending KEEPALIVE messages between BGP peers. It’s measured in seconds. OSPF Click the OSPF tab. Then, you can see the following table: image.png Table 8. OSPF Metrics Metric Description VRF Name The name of the VRF instance. Neighbor ID The unique identifier to distinguish a neighboring device. Pri The OSPF router priority, which is a parameter that influences the election process for the Designated Router (DR) and Backup Designated Router (BDR) within an OSPF network. State The current status of the OSPF router. Dead Time The amount of time that a router waits to receive a Hello packet from a neighboring router before it declares that neighbor as "dead" or unreachable. It’s measured in seconds. Address The IP address of the neighbor. Interface The interface on a router to establish the OSPF neighbor relationship. RXmtl The total number of link state advertisements on the retransmission queue sent to neighbors. Rqstl The total number of link state advertisements on the request messages queue sent to neighbors. DBsml The total number of link state advertisements on the Database Description (DD) messages queue sent to neighbors. DR The Designated Router, a special router elected within an OSPF area to handle the exchange of link-state information. BDR Backup Designated Router, a backup to the DR in an OSPF network. MAC Click the MAC tab. Then, you can see the following table: image.png Table 9. MAC Metrics Metric Description MAC address The MAC address of the switch port connecting to this switch. Interface The physical port associated with the MAC address. Vlan Th identifier of the VLAN including this MAC address. Age The duration during which the MAC address entry remains valid before it is deleted due to lack of updates. It’s measured in seconds. Type The obtaining method of the MAC address, dynamic or static. ARP Click the ARP tab. Then, you can see the following table: image.png Table 10. ARP Metrics Metric Description Address The IP address of the neighboring switch. HW Address The MAC address of the neighboring switch. Type The types of the ARP entry, dynamic or static. Interface The physical or logical port on the switch associated with the IP address and the MAC address. AI Click the AI tab. Then, you can see the following table: image.png Table 11. AI Metrics Metric Description Interface Name The interface of the switch ECN-Marked-Packets The number of packets that have been marked with Explicit Congestion Notification (ECN). ECN-Marked-Packets-Rate The number of packets per unit time that are marked with Explicit Congestion Notification (ECN) codes by the switch in response to detected congestion. Queue Name The queue of PFC PFC-Deadlock-Monitor-Count A counter used for monitoring and recording the number of Priority Flow Control (PFC) deadlock events. PFC-Deadlock-Recovery-Count A counter used to track and record the number of recoveries from Priority Flow Control (PFC) deadlock states. Receive-PFC-Pause-Frames The PAUSE frames received by the receiver end for flow control. Receive-PFC-Pause-Frames-Rate The rate at which PFC (Priority-based Flow Control) PAUSE frames are received by the switch. Send-PFC-Pause-Frames The PAUSE frames sent by the transmitting end for flow control. Send-PFC-Pause-Frames-Rate The rate at which PFC (Priority-based Flow Control) PAUSE frames are sent. NOTE You can see PFC and ECN related telemetry data only for Trident3 and Tomahawk3 switches that support PFC and ECN and have PFC and ECN enabled. IP Route image.png Table 12. IP Route Metrics Metric Description Type The protocol through which the route was learned or configured. DIRECTLY_CONNECTED: This is a directly connected network. STATIC: This is a static route. OSPF: This is a route learned through the OSPF protocol. BGP: This is a route learned through the BGP protocol. Destination Network The address and subnet mask of the destination network. Route Metrics The metric (or cost) of the route, which determines the priority of the route. For example, [110/2] indicates that the route uses the OSPF protocol, where 110 is the OSPF priority (cost) and 2 is the metric of the route. Next-Hop The next hop IP address to which packets are forwarded. Outgoing Interface The network interface from which packets are forwarded. Route Age The elapsed time since the route was learned or configured. 10.6 Topology You can use the automatic discovery of topology feature to visualize your switches in all locations and drill down into an individual switch, right to the port level, to check port stats and overall health of the switch. In addition, you can view real-time or historical information about Linux servers connected to the switch. 10.6.1 Managing Topologies You can add, edit, or delete topologies by using the AmpCon-DC UI. 10.6.2 Planning Topologies You can enter the topology edit mode to customize a topology based on your actual needs. 10.6.3 Viewing Real-Time Topologies You can enter the real-time topology mode to view real-time network status such as switch status and link faults. By clicking a switch or a link, you can see detailed stats information. 10.6.4 Viewing Historical Topologies You can enter the historical topology mode to view the network status at different time or analyze the historical topology to trace problems. 10.6.5 Viewing Switch Details, Ports, and Linux Severs When you click a switch in a topology, you can view real-time or historical information about the switch, switch ports, and Linux servers connected to the switch. 10.6.1 Managing Topologies Topologies can help you identify and visualize your network structure. You can add, edit, or delete topologies by using the AmpCon-DC UI. NOTE The topologies in the Fabric section are automatically created and can’t be manually added or deleted. To add switches to a fabric or remove switches from a fabric, see “10.2 Managing Fabrics”. Adding a Topology 1. In the AmpCon-DC UI, click Physical Network > Topology. 2. In the Topology List section, click the “Add Topology” icon. image.png 3. Enter the topology name and description (optional), add then click Add. 4. Wait for the process to complete. Then, you can see the new topology in the Topology list. Editing a Topology 1. Click the topology in the Topology List section, and then click the edit icon. 2. Enter a new name or description, and then click Save. Deleting a Topology 1. Click the topology in the Topology List section, and then click the delete icon. 2. In the pop-up window, verify the name of the topology, and then click Yes to confirm the deletion. 3. Verify whether the topology is removed from the Topology List section. Setting or Unsetting a Default Topology When you click Physical Network > Topology, the default topology is displayed. To set a default topology, follow these steps: 1. Click a non-default topology, and then click the “Set Default Topology” icon. image.png 2. Verify whether the selected topology is marked with the default icon. image.png To unset a default topology, click the default topology, and then click the “Set Default Topology” icon again. 10.6.2 Planning Topologies You can enter the topology edit mode to customize a topology based on your actual needs. Entering the Topology Edit Mode 1. In the AmpCon-DC UI, click Physical Network > Topology. 2. Select the topology in the Topology List section to enter the real-time topology mode. 3. Click the "Edit" icon to enter the topology edit mode. image.png Adding Switches to a Topology To add switches to a topology, follow these steps: 1. Enter the topology edit mode as described in the last section. 2. Click the topology, and then click the "Add Device" icon. image.png 3. Select the switches that you want to add, and then click Save. Removing Switches from a Topology To remove switches from a topology, follow these steps: 1. Enter the topology edit mode as described in the Entering the Topology Edit Mode section. 2. Remove switches by using either of the following ways: Using the "Add Device" icon 3. Click the topology, and then click the "Add Device" icon. 4. Uncheck the switches that you want to remove, and then click Save. Using the “Delete Node” icon Click the topology, and then click the "Delete Node" icon. image.png Automatically Discovering Links 1. In the topology edit mode, click the "Auto Discover" icon. image.png 2. In the pop-up window, click Yes to start the auto-discovery process. 3. Wait for the process to complete. Then, the links in the topology are updated. NOTE If switches in the topology don’t connect with each other in the real network, you will not see links. Manually Adding Links To add a link, follow these steps: 1. In the topology edit mode, hover your mouse over a switch until you see a cross symbol. 2. Connect the switch with another switch. Then, you can see an Add Link pop-up window. 3. In the Ports section, input the connection ports for these two switches. Click + on the right to add a new port connection, or click - to remove a port connection. If a selected port is already in use by another link, a warning is displayed. image.png 4. Click Add Link. After you add a link and save the topology, the link is displayed in red or green based on real connectivity status: If the link between these two switches doesn’t exist in the real network, the link is marked in red. If the link between these two switches exists in the real network, the link is marked in green. Editing Links After a link is added, you can edit the link. Follow these steps: 1. Right-click a link, and click Edit. 2. In the pop-up window, modify the link as needed. 3. Click Add Link. image.png Selecting a Topology Layout In the topology edit mode, you can see the topology in the auto hierarchy layout by default. To select a topology layout, follow these steps: 1. Click the arrow below the Auto Hierarchy Layout button. image.png 2. Select a layout from the following four layout styles: Auto Hierarchy Layout (Tree Layout) Select a specific switch in the topology, and then click Auto Hierarchy Layout. You can see a tree layout with the switch as the root node. The auto hierarchy layout cannot be applied when no switches are selected or no links exist among switches. Grid Layout If no switches are selected, the grid layout automatically lays out all global elements. If some switches are selected, the grid layout is applied only to the selected switches. Circular Layout If no switches are selected, the circular layout automatically lays out all global elements. If some devices are selected, the circular layout is applied only to the selected switches. Elliptical Layout If no switches are selected, the elliptical layout automatically lays out all global elements. If some switches are selected, the elliptical layout is applied only to the selected switches. Zooming in or out of a Topology To zoom in a topology, hover the mouse over the topology diagram, hold down the Ctrl key on the keyboard, and scroll the mouse wheel forward. To zoom out of a topology, hover the mouse over the topology diagram, hold down the Ctrl key on the keyboard, and scroll the mouse wheel backward. Undoing or Redoing Operations In the topology edit mode, you can undo or redo operations. To revert to the last operation, click Undo. To redo the last operation, click Redo. If no undo or redo operations are available, these two buttons are grayed out and disabled. image.png Saving a Topology 1. In the topology edit mode, click Save to save the current topology. 2. Wait for the process to complete. After the topology is saved, you will automatically exit the topology edit mode. image.png Displaying or Hiding the Legend To hide the legend, click the "Hide Legend" icon in the topology edit mode. image.png To show the legend, click the "Show Legend" icon in the topology edit mode. image.png Refreshing the Current Topology In the topology edit mode, click the "Refresh" icon. image.png Exiting the Topology Edit Mode To exit the topology edit mode, click the "Cancel Edit" icon in the topology edit mode. image.png 10.6.3 Viewing Real-Time Topologies You can enter the real-time topology mode to view real-time network status such as switch status and link faults. By clicking a switch or a link, you can see detailed stats information. Entering the Real-Time Topology mode 1. In the AmpCon-DC UI, click Physical Network > Topology. 2. Click the topology in the Topology List section, and then you enter the real-time topology mode automatically. image.png NOTE If you are in the historical topology mode, click the “Back To Real-Time Topology” icon to return to the real-time topology mode. image.png Refreshing the Topology In the real-time topology mode, click the "Refresh" icon. image.png Zooming in or out of a Topology To zoom in a topology, hover the mouse over the topology diagram, hold down the Ctrl key on the keyboard, and then scroll the mouse wheel forward. To zoom out of a topology, hover the mouse over the topology diagram, hold down the Ctrl key on the keyboard, and then scroll the mouse wheel backward. Exporting a Topology In the real-time topology mode, click the "Download Image" icon. You can view the exported topology in the download history of your browser. image.png 10.6.4 Viewing Historical Topologies You can enter the historical topology mode to view the network status at different time or analyze the historical topology to trace problems. Viewing a Historical Topology 1. In the AmpCon-DC UI, click Physical Network > Topology. 2. lick the topology in the Topology List section, and then you enter the real-time topology mode automatically. 3. To enter the historical topology mode, click the "History" icon. image.png Then, you can see the historical topology as follows: image.png 4. In the historical topology mode, click the "Aim" icon. image.png 5. Modify the time in the pop-up window, and click OK. image.png 6. After the topology is loaded completely, the topology shows the state at the selected time point. The timeline shows 35 minutes forward or backward from that time point. 7. Click the time points in the timeline to view historical topologies at different time. Zooming in or out of a Topology To zoom in a topology, hover the mouse over the topology, hold down the Ctrl key on the keyboard, and then scroll the mouse wheel forward. To zoom out of a topology, hover the mouse over the topology, hold down the Ctrl key on the keyboard, and then scroll the mouse wheel backward. Exporting a Topology In the historical topology mode, click the "Download Image" icon. You can view the exported topology in the download history of your browser. image.png Returning to the Real-Time Topology Mode In the historical topology mode, click the “Back To Real-Time Topology” icon to leave the historical mode. image.png 10.6.5 Viewing Switch Details, Ports, and Linux Severs When you click a switch in a topology, you can view real-time or historical information about the switch, switch ports, and Linux servers connected to the switch. Prerequisites To check the Linux servers connected to managed switches in a topology, ensure that the following prerequisites are met: The Linux servers to be managed are added to AmpCon-DC with the monitor function enabled. For more information, see "11.1 Adding a Device to AmpCon-DC". The Linux servers to be managed are connected to the AmpCon-DC server. You can check by following these steps: 1. Click Service > Hosts > Device Discovery. 2. Select the Linux servers to be managed, and then click Ping. 3. Check whether the status is showed as ✔ in the Status column. Viewing Real-time or Historical Data To view real-time switch details, switch ports, and Linux servers, Enter the Real-Time Topology Mode, and then click the switch to be monitored. To view historical switch details, switch ports, and Linux servers, Enter the Historical Topology Mode, and then click the switch to be monitored. Then, you can see the following sections in the topology: Device Info In the Device Info section, you can see the following switch-related information: image.png Table 1. Device Info Metrics Metric Description Switch Name The name of the switch. Switch SN The SN of the switch. Model The model of the switch. Version The PicOS version of the switch. State The state of the switch. For the topologies in the Fabric section, the following switch states are supported: Imported: The switch is imported to AmpCon-DC. Provisioning Success: The switch is deployed by using AmpCon-DC. Configured: After you add a switch configuration, the switch is in Configured status. Staged: After you stage a switch, the switch is in Staged status. Registered: The switch has registered with AmpCon-DC but hasn’t been deployed completely. Provisioning Failed: The switch fails to be deployed by using AmpCon-DC. DECOM: The deployed switch is decommissioned (DECOM) when it’s online. DECOM-Manual: The deployed switch is decommissioned when it’s offline. RMA: The switch is replaced with another switch of the same switch model by using Return Merchandise Authorization (RMA). For the topologies in the Topology section, the following switch states are supported: Imported: The switch is imported to AmpCon-DC. Provisioning Success: The switch is deployed by using AmpCon-DC. Mgmt IP The management IP address (VPN IP address) of the switch. Port Info In the Port Info section, you can see the following port-related metrics: image.png Table 2. Port Info Metrics Metric Description Port Name The name of the switch port Port State The state of the switch port, up or down Port Speed The maximum data transfer rate that the port can support In Octets The number of octets (8-bit bytes) received by the switch port In Pkts The number of incoming packets received by the switch port In Discards The number of incoming packets that the switch port intentionally discards (drops) during processing In Errors The number of incoming packets that contain errors and are dropped by the switch port Out Octets The number of octets (8-bit bytes) transmitted out of the switch port Out Pkts The number of outgoing packets transmitted by the switch port Out Discards The number of outgoing packets that the switch port intentionally discards (drops) before they are transmitted Out Errors The number of outgoing packets that the switch port fails to transmit successfully due to errors Host Info In the Host Info section, you can see the following metrics for Linux servers connected to the switch: image.png Table 3. Host Info Metrics Metric Description Port Name The name of the switch port Port State The state of the switch port, up or down MTU The largest size (measured in bytes) of a packet or frame that can be sent in a single network transmission Vlan The VLAN of the Linux server Host IP The IP address of the Linux server NIC Name The name to distinguish the network interface card (NIC) of the Linux server Interface The Ethernet port to which the Linux server is connected Status The status of the Ethernet port to which the Linux server is connected MAC Address The MAC address of the Linux server 10.7 Alarms AmpCon-DC uses monitoring data to predict equipment failures and performance anomalies and then trigger immediate alarms. By checking these alarms, you can take corrective actions before issues are escalated. Supported Alarm Types and Levels AmpCon-DC supports the following alarm levels: Error Warning Info AmpCon-DC supports the following alarm types: Packet Loss Alert Resource Usage Alert Interface Monitoring Alert Optical Module Alert For detailed alarms and related alarm levels, see "10.7.1 Alarm Types and Levels" Viewing Alarms Viewing All Unread Alarms In the AmpCon-DC UI, click Monitor > Alarm. You can see all unread alarms. image.png Viewing All Alarms Click All Messages, and then you can see all alarms. image.png Click Back to Alarms, and then you can see all unread alarms. image.png Viewing All Unread "Error" Alarms Click the red flame icon, and then you can see all unread "error" alarms. image.png Viewing All Unread "Warn" Alarms Click the orange warning icon, and then you can see all unread "warn" alarms. image.png Viewing All Unread "Info" Alarms Click the blue bell icon, and then you can see all unread "info" alarms. image.png 10.7.1 Alarm Types and Levels To check supported alarm types and related alarm levels, see the following tables: Packet Loss Alarms Table 1. Packet Loss Alarms Alarm Metric Description Triggering Condition Alarm Level In Errors The number of incoming packets that contain errors and are dropped by a switch port increase The metric value changes two times in the last four sampling cycles. Error Out Errors The number of outgoing packets that a switch port fails to transmit successfully due to errors The metric value changes two times in the last four sampling cycles. Error In Discards The number of incoming packets that a switch port intentionally discards (drops) during processing The metric value changes two times in the last four sampling cycles. Error Out Discards The number of outgoing packets that a switch port intentionally discards (drops) before they are transmitted The metric value changes two times in the last four sampling cycles. Error In Fcs Errors The number of incoming packets that fail the Frame Check Sequence (FCS) validation The metric value changes two times in the last four sampling cycles. Error Resource Usage Alarms Table 2. Resource Usage Alarms Alarm Metric Description Triggering Condition Alarm Level CPU Usage The CPU usage The metric value exceeds 85%. Warn Memory Usage The memory usage The metric value exceeds 85%. Warn In Bindwidth Usage The input bandwidth usage The metric value exceeds 85%. Warn Out Bindwidth Usage The output bandwidth usage The metric value exceeds 85%. Warn Fan PWM Usage The proportion of the fan's Pulse Width Modulation (PWM) to the total width The metric value is over 85%. Warn RPSU Power-on Whether the Power Supply Unit (PSU) is powered on or off The metric value changes. Info Interface Monitoring Alarms Table 3. Interface Monitoring Alarms Alarm Metric Description Triggering Condition Alarm Level Admin Status The port status (Up or Down) manually configured by the network administrator, including Up and Down The metric value changes. Info Oper Status The actual operational port status (Up or Down), which is detected by the switch The metric value changes. Warn MTU The largest size of a data packet that can be transmitted over a network without being fragmented. It’s measured in bytes The metric value changes. Info Loopback Mode Whether the loopback mode is enabled on this port The metric value changes. Info Duplex Mode Whether data can flow in one direction (half duplex) at a time or both directions (full duplex) simultaneously The metric value changes. Warn Port Speed The maximum data transfer rate that the port can support The metric value changes. Warn Optical Module Alarms Table 4. Optical Module Alarms Alarm Metric Description Triggering Condition Alarm Level Laser Temperature The temperature of the optical module connected to the switch port. It’s measured in Celsius (°C) The metric value exceeds 90 °C. Warn Tx Power The amount of optical power delivered by the optical module connected to the switch port The metric value is not in the output power range. See the next section, Tx Power and Rx Power Ranges Warn Rx Power The amount of optical power consumed by the optical module connected to the switch port The metric value is not in the input power range. See the next section, Tx Power and Rx Power Ranges. Warn Power Budget The difference between the output power and the input power The metric value changes. Info Tx Power and Rx Power Ranges Table 5. Tx Power and Rx Power Ranges Optical Module Type Input Power Range Output Power Range CFP Min: -10, Max: 0 Min: -8, Max: 2 CFP2 Min: -10, Max: 0 Min: -8, Max: 2 CFP2_ACO Min: -10, Max: 0 Min: -5, Max: 5 CFP4 Min: -10, Max: 0 Min: -8, Max: 2 QSFP Min: -10, Max: 0 Min: -8, Max: 2 QSFP28 Min: -10, Max: 0 Min: -8, Max: 2 QSFP28_DD Min: -10, Max: 0 Min: -8, Max: 2 QSFP56 Min: -10, Max: 0 Min: -8, Max: 2 QSFP56_DD Min: -10, Max: 0 Min: -8, Max: 2 QSFP56_DD_TYPE1 Min: -10, Max: 0 Min: -8, Max: 2 QSFP56_DD_TYPE2 Min: -10, Max: 0 Min: -8, Max: 2 QSFP_PLUS Min: -10, Max: 0 Min: -8, Max: 2 SFP Min: -17, Max: -1 Min: -9, Max: -1 SFP_PLUS Min: -17, Max: -1 Min: -9, Max: -1 SFP28 Min: -12, Max: -1 Min: -8, Max: 4 SFP56 Min: -12, Max: -1 Min: -8, Max: 4 SFP_DD Min: -12, Max: -1 Min: -8, Max: 4 CPAK Min: -10, Max: 0 Min: -8, Max: 2 CSFP Min: -17, Max: -1 Min: -9, Max: -1 DSFP Min: -12, Max: -1 Min: -8, Max: 4 XFP Min: -10, Max: 0 Min: -8, Max: 2 X2 Min: -10, Max: 0 Min: -8, Max: 2 OSFP Min: -10, Max: 0 Min: -8, Max: 2 10.8 Alarm Notifications If you can't access the AmpCon-DC UI to view alarms but need immediate alerts when issues arise, use the alarm notification feature to receive real-time email notifications. In this way, you can promptly find problems and prevent incident escalation. 10.8.1 Configuring an SMTP Server Simple Mail Transfer Protocol (SMTP) servers are specialized applications responsible for sending, relaying, and routing email messages between senders and recipients over the internet or a network. To receive alarm notifications through emails, you need to configure an SMTP server first. Supported Information AmpCon-DC supports mainstream email service providers like Outlook and Gmail. AmpCon-DC supports using email encryption transmission or not (SSL, TLS, or none). Adding an SMTP Server To add an SMTP server, follow these steps: NOTE When you add an SMTP server, ensure to send a test email and check whether the email can be received by the receiver. 1. Click System > Email Setting in the AmpCon-DC UI. 2. On the “Email Setting” page, input the following information: SMTP Server Address: The hostname or IP address of the SMTP Server. SMTP Server Port: The TCP port number to connect to the SMTP Server. Secure Connection: The encryption method for secure email transmission, including SSL, TSL, or None. None means that the emails sent to this SMTP server are not encrypted. Sender Email: The email address to send a test email. Use Authentication: Select Enabled or Disabled. The default value is Disabled. Enabled: The SMTP server requires authentication for logged-in users. If you selected Enabled, specify the following parameters: Username: The name of the user to log in to the SMTP server. Password: The password of the SMTP server user. Disabled: The SMTP server doesn’t require authentication for logged-in users. NOTEs If you selected SSL or TSL in the Secure Connection section, you must select Enabled. If you selected None in the Secure Connection section, you must select Disabled. 3. Click Send Test Email. 4. In the Test Email Address field of the pop-up window, enter the email address of the receiver. image.png 5. Click Send. 6. Ensure that the test email can be received by the receiver. 7. Click Apply to complete the SMTP server configuration. Optional: Editing an SMTP Server To edit an SMTP server, modify the configurations on the “Email Setting” page as needed, and then click Apply. NOTE Do not forget to send a test email and check whether the email can be received by the receiver. Optional: Resetting an SMTP Server To reset SMTP server configurations, click Reset on the “Email Setting” page. NOTE After you reset SMTP server configurations, configure a new SMTP server. Or else, AmpCon-DC will still use the previous SMTP server configurations. 10.8.2 Configuring Alarm Notification Rules After you configure an SMTP server, configure alarm notification rules. In alarm notification rules, specify alarm types, alarm levels, and the fabrics to be monitored. You are informed of these specified alarms when they are triggered. Adding Alarm Notification Rules To add an alarm notification rule, follow these steps: NOTE At most 100 alarm notification rules can be added. 1. Click Monitor > Alarm > Alarm Notification Rules in the AmpCon-DC UI. 2. On the “Alarm Notification Rules” page, click + Rule. 3. In the pop-up window, input the following information: image.png Rule Name: The name of the rule. The rule name needs to be unique. Fabric: The fabric to be monitored. You can select one or multiple fabrics. Email: The email addresses of the receivers to be notified. You can enter one or multiple email addresses, which need to be separated by commas (,). Silent Period (Minutes): The period (in minutes) during which the same alarm notification is not sent repeatedly. To prevent email bombing, set the silent period to at least 30 minutes. If you set the silent period to a value less than 30, the silent period is changed to 30 automatically. Email Notification: Whether to enable email notifications. Enabled: Alarm notifications will be sent to the receiver email address and will be displayed on the “Historical Alarm Email Logs” page. Disabled: Alarm notifications will not be sent to the receiver email address and will not be displayed on the “Historical Alarm Email Logs” page. NOTEs If you selected Enabled to enable email notifications, only the selected levels and types of alarms can be sent to the receiver email address and displayed on the “Historical Alarm Email Logs” page. For how to select alarm levels and alarm types, see step 4 and step 5. All triggered alarms can be displayed on the “Alarms” page no matter you enabled email notifications or not. 4. In the Alert Level section, select the levels of alarms to be monitored in the left cell, including Warning, Error, and Info. Then, click >. To disable the monitoring of specific alarm levels, select the alarm levels in the right cell, and then click <. 5. In the Alert Type section, select the types of alarms to be monitored in the left cell, and then click >. To disable the monitoring of specific alarm types, select the alarm types in the right cell, and then click <. For supported alarm types and alarm levels, see "10.7.1 Alarm Types and Levels" 6. Click Add. Viewing Alarm Notification Rules On the “Alarm Notification Rules” page, you can see the following information: image.png Table 1. Alarm Notification Rule Metrics Metric Description Rule Name The name of the rule Alarm Scope (Fabric) The fabric to be monitored Alarm Level The levels of alarms to be monitored, including Warning, Error, and Info Alarm Type The types of alarms to be monitored Silent Period (Minutes) The period (in minutes) during which the same alarm notification is not sent repeatedly Status Whether alarm notifications can be sent to the receiver’s email address Create User The AmpCon-DC user who created the alarm notification rule Optional: Editing Alarm Notification Rules To edit an alarm notification rule, follow these steps: 1. Locate the rule on the “Alarm Notification Rules” page, and then click Edit. 2. In the pop-up window, modify the rule as needed. 3. Click Save. Optional: Deleting Alarm Notification Rules To delete an alarm notification rule, locate the rule on the “Alarm Notification Rules” page, and then click Delete. 10.8.3 Viewing Historical Alarm Notification Logs You can view all alarm notifications sent in the last 30 days for root cause analysis, fault prevention, or auditing. Checking Historical Alarm Notifications To check historical alarm notifications, follow these steps: 1. Click Monitor > Alarm > Historical Alarm Email Logs in the AmpCon-DC UI. On the “Historical Alarm Email Logs” page, you can see all the historical alarm notifications that are sent in the last 30 days. image.png Table 1. Historical Alarm Email Log Metrics Metric Description Rule Name The name of the alarm notification rule Subject The alarm levels and alarm types Receivers The email addresses of the receivers to be notified Status Whether the email is sent to the receivers successfully Send Time The time when the alarm notification email is sent 2. To view the email contents of a historical alarm notification, locate the alarm notification, and then click Details. image.png Deleting Historical Alarm Notifications To delete a historical alarm notification, locate the alarm notification, and click Delete. 11.Managing Third-Party Devices After you add third-party devices to AmpCon-DC with the monitor feature enabled, you can manage these devices and monitor their Network Interface Cards (NICs) and optical modules. In addition, you can check or configure RoCE in one click and monitor RoCE-related telemetry data for performance tuning. 11.1 Managing Devices After you add devices to AmpCon-DC with the monitor function enabled, you can keep the inventory of added devices, view device information in real-time or historical topologies, and run Ansible playbooks on these devices for automation. Currently, this feature supports only managing Linux servers. Adding a Device to AmpCon-DC To add a device to AmpCon-DC, follow these steps: 1. Click Service > Hosts > Device Discovery from the navigation bar. 2. On the “Device Discovery” page, click + Device. 3. In the Device Details pop-up window, enter the following information: image.png Name: The device name IP: The IP address of the device Port: The device port used to connect to AmpCon-DC Monitor: Whether to enable the monitor function or not NOTE To view device information on the “Inventory” page and in a topology, you must add the device to AmpCon-DC with the monitor function enabled. Type: Select Password or Pkey User: The name of the administrator user to log in to the device NOTE You must provide an administrator user here. Or else, the device management feature might not work. Password: The password of the administrator user to log in to the device Pkey: The public key to log in to the device SudoPassword: The password of the administrator user used by AmpCon-DC to install a monitoring tool for device monitoring. This field can be seen only if you selected Pkey in the Type drop-down list. 4. Click OK. Viewing the Device Inventory To view the monitored device inventory, ensure that the following prerequisites are met: The devices to be managed are added to AmpCon-DC with the monitor function enabled. The devices to be managed are connected to the AmpCon-DC server. You can check whether the device status is ✔ by clicking Ping on the “Device Discovery” page. Then, click Service > Hosts > Inventory in the AmpCon-DC UI. You can see the list of devices that are added with the monitor feature enabled and connected to the AmpCon-DC server: Sysname: The host name of the device Last Seen: The last time when the device is connected to the AmpCon-DC server OS Vendor: The vendor of the OS on the device CPU: The CPU specification of the device Memory: The memory size of this device Storage: The storage capacity of this device image.png Viewing Devices in a Real-Time or Historical Topology Click Physical Network > Topology, enter the real-time topology mode or the historical topology mode, and then click the switch to be monitored. You can view information of Linux servers connected to the switch. For more information, see "10.6.5 Viewing Switch Details, Ports, and Linux Severs" image.png Enabling the Monitoring Function You might not have enabled the monitor function for a device. To enable the monitor function, locate the device on the “Device Discovery” page, and then click Enable Monitor. Deleting a Device To delete a device from AmpCon-DC, follow these steps: 1. On the “Device Discovery” page, locate a device, and then click Delete. 2. Click Yes to confirm the deletion. NOTE After you delete a device, all information related to the device is removed from AmpCon-DC. Testing Device Connectivity To check whether all added devices can connect to AmpCon-DC or not, follow these steps: 1. Select the square before the Sysname column heading to select all devices. 2. Click Ping on the “Device Discovery” page. Then, you can see the connectivity status in the Status column. ✔ means the device can connect to the AmpCon-DC server. ☓ means the device can't connect to the AmpCon-DC server. 11.2 Monitoring NICs You can view Network Interface Cards (NICs) to evaluate network performance, diagnose issues, and thus ensure optimal network performance. This feature supports Nvidia and Broadcom NICs on Linux servers. For the list of supported NICs, see "11.2.1 Supported NICs" Prerequisites Ensure that the following prerequisites are met: The terminal devices are added with the monitor function enabled and with an administrator user of the device specified. For more information, see "11.1 Adding a Device to AmpCon-DC". The port 9100 can’t be blocked on the added device. The devices to be managed are connected to the AmpCon-DC server. You can check by following these steps: 1. Click Service > Hosts > Device Discovery. 2. Select the devices to be managed, and then click Ping. 3. Check whether the status is showed as ✔ in the Status column. Viewing the Inventory of NICs After you add devices to AmpCon-DC with the monitor feature enabled, AmpCon-DC automatically monitors all NICs on these devices. You can view basic information and running status of NICs, such as NIC interface name, NIC state, chip number, and MAC address. For more information, see "11.2.2 Viewing the NIC Inventory". image.png Viewing the Telemetry Data of NICs After you add devices to AmpCon-DC with the monitor feature enabled, AmpCon-DC automatically collects performance-related telemetry metrics of each NIC on these devices, such as the number of octets (8-bit bytes) and packets received by a NIC. For more information, see "11.2.3 Viewing the Telemetry Data of NICs". image.png 11.2.1 Supported NICs The Network Interface Card (NIC) monitoring feature of AmpCon-DC supports the following NICs: Broadcom NICs Table 1. Supported Broadcom NICs Series Device Model Chip Ethernet Network Adapters P210P BCM57412 P210TP BCM57416 P225P BCM57414 P425G BCM57504 P2100G BCM57508 P2200G BCM57608 P1400GD BCM57608 BCM5720-2P BCM95720 N1400GD BCM57608 N2200G BCM57608 N2100G BCM57508 N425G BCM57504 N225G BCM57414 N210TP BCM57416 N210P BCM57412 Nvidia NICs Table 2. Supported Nvidia NICs Series Device Model Chip ConnectX-4 Lx EN MCX4121A-ACAT MT27710 Family MCX4111A-XCAT MCX4121A-XCAT MCX4121A-XCHT MCX4111A-ACAT MCX4111A-ACUT MCX4121A-ACUT MCX4121A-ACHT MCX4121A-ACST MCX4131A-BCAT MCX4131A-GCAT ConnectX-5 MCX512A-ACAT MT27620 Family MCX512A-ACUT MCX512F-ACAT MCX512F-ACHT MCX515A-GCAT MCX516A-GCAT MCX515A-CCAT MCX515A-CCUT MCX516A-CCHT MCX516A-CCAT NVIDIA ConnectX-6 MCX653106A-HDAT MT28908 Family and MT28908A0 Family MCX653105A-EFAT MCX653106A-EFAT MCX651105A-EDAT MCX653105A-ECAT MCX653106A-ECAT MCX654106A-HCAT MCX653105A-HDAL MCX653106A-HDAL MCX683105AN-HDAT MCX654106A-ECAT MCX654105A-HCAT ConnectX-7 PCIe x16 Stand-up Adapter Cards MCX75310AAS-NEAT MT2910 Family MCX75310AAC-NEAT MCX75310AAS-HEAT MCX713104AC-ADAT MCX713104AS-ADAT ConnectX-7 Socket Direct Ready Cards for Dual-Slot Servers MCX755106AS-HEAT MT2910 Family MCX715105AS-WEAT MCX75510AAS-NEAT MCX75510AAS-HEAT MCX755106AC-HEAT NVIDIA ConnectX-6 Dx MCX623102AC-GDAT MT28908A0 Family MCX621202AS-ADAT MCX621202AC-ADAT MCX623106AC-CDAT MCX623106AN-CDAT MCX623106AS-CDAT MCX623105AN-VDAT MCX623102AS-ADAT MCX623102AS-ADAT MCX621102AN-ADAT MCX621102AC-ADAT MCX623102AC-ADAT MCX623102AN-ADAT MCX621102AE-ADAT MCX623102AN-GDAT MCX623102AE-GDAT MCX623102AS-GDAT MCX623105AN-CDAT MCX623106PC-CDAT MCX623105AC-CDAT MCX623105AE-CDAT MCX623106AE-CDAT MCX623109AC-CDAT MCX623109AN-CDAT MCX623106GC-CDAT MCX623106TC-CDAT(a) MCX623106GN-CDAT MCX623106PC-CDAT MCX623106PE-CDAT MCX623106PN-CDAT MCX623106TN-CDAT MCX623105AE-VDAT MCX623105AS-VDAT MCX623105AC-VDAT(a) 11.2.2 Viewing the Inventory of NICs After you add devices to AmpCon-DC with the monitor function enabled, AmpCon-DC automatically monitors Network Interface Cards (NICs) on these devices. You can have an overall understanding of NICs in your network, ensure NICs work well, and prevent network failures. Prerequisites Ensure that the prerequisites described in Monitoring NICs are met. Viewing NIC Data Click Service > NICs > Inventory in the AmpCon-DC UI. You can see the list of all monitored devices. To check detailed NIC information of a specific device, click + before the device. Then, you can see the following metrics: image.png Table 1. NIC Metrics Metric Description Sysname The name of a device or a NIC State The state of the Ethernet port, up or down Interface The name of the Ethernet port Chip Number The chip number of the NIC Mac Address The MAC address of the Ethernet port Host Port The number of ports on the NIC interface Firmware Version The firmware version of the NIC Type The type of the item in the list, server or nics Exporting NIC Data To export the data of some specific NICs on a device, select the NICs by clicking the square before each NIC name, and then click Export. To export the data of all NICs on a device, click the square before the device name, and then click Export. To export the data of all NICs on all devices, click the square before each device name, and then click Export. Refreshing the Inventory List To refresh the inventory list, click Refresh. 11.2.3 Viewing the Telemetry Data of NICs After you add devices to AmpCon-DC with the monitor function enabled, AmpCon-DC automatically collects performance-related telemetry metrics of NICs on these devices. You can gain real-time or historical insights into network traffic conditions on each NIC, identify traffic peaks, and pinpoint bottlenecks. Prerequisites Ensure that the prerequisites described in Monitoring NICs are met. Viewing Telemetry Data Click Service > NICs > Monitoring in the AmpCon-DC UI. Then, you can see NIC-related telemetry data of all monitored devices. image.png Table 1. NIC Telemetry Data Metric Description In Octets The number of octets (8-bit bytes) received by a NIC. By using the In-Octets metric, you can understand how much data the NIC has received and analyze the traffic and bandwidth usage. In Pkts The number of incoming packets received by a NIC. By using the In-Pkts metric, you can understand the load on the NIC and diagnose network congestion or connection issues. In Discards The number of incoming packets that a NIC intentionally discards (drops) during processing. High discarded incoming packets are possibly caused by buffer overflow, misconfiguration, or traffic control mechanisms. In Errors The number of incoming packets that contain errors and are dropped by a NIC. High erroneous incoming packets are possibly caused by potential hardware failures, signal interference, or physical layer problems. Out Octets The number of octets (8-bit bytes) transmitted out of a NIC. By using this metric, you can evaluate the total amount of outgoing data and analyze upstream bandwidth usage. Out Pkts The number of outgoing packets transmitted by a NIC.By using this metric, you can understand the frequency of sending data packets, the packet transmission behavior, and traffic load of the network interface. Out Discards The number of outgoing packets that a NIC intentionally discards (drops) before they are transmitted. High discarded outgoing packets are possibly caused by buffer overflow or flow control issues. Out Errors The number of outgoing packets that a NIC fails to transmit successfully due to errors.High erroneous incoming packets are possibly caused by hardware failures or transmission line issues. Filtering Telemetry Data To specify the metrics that you want to monitor, click the All Counters icon, select the metrics to be monitored, and then click OK. image.png image.png To specify the devices and NICs that you want to monitor, click the All Counters icon, select the devices and NICs, and then click OK. image.png To specify how many NICs that you want to monitor, select one of the following options: Top 5: The 5 NICs with the largest values. By default, Top 5 is selected. Top 10: The 10 NICs with the largest values. Top 25: The 25 NICs with the largest values. image.png NOTE Even though Top X is selected, you might see less than the selected number of NICs in the line chart when other NICs are down. To specify the time range for the data display, select the start date and end date in the Time section. image.png To display or hide the data of a NIC, click the square before the NIC. image.png To view the metric details in a specific time point, hover the mouse over that time point. image.png 11.3 Managing RoCE RDMA over Converged Ethernet (RoCE) leverages Remote Direct Memory Access (RDMA) to achieve high-throughput and low-latency data transfers between nodes in a network. For more information, see "11.3.1 RoCE Overview". By using AmpCon-DC, you can check or configure RoCE in one click and monitor RoCE-related telemetry data for performance tuning. Currently, this feature supports Nvidia and Broadcom NICs on Linux servers. Prerequisites Ensure that the following prerequisites are met: The devices to be managed are added to AmpCon-DC with the monitor function enabled. For more information, see "11.1 Adding a Device to AmpCon-DC". The devices to be managed are connected to the AmpCon-DC server. You can check by following these steps: Click Service > Hosts > Device Discovery. Select the devices to be managed, and then click Ping. Check whether the status is showed as ✔ in the Status column. Checking RoCE Before you configure or monitor RoCE, check the RoCE status on the device first, including checking whether NIC drivers, RoCE drivers, and RDMA-related tools are installed, whether RoCE V2 and ECN are enabled, and whether QOS and PFC are configured as required. For more information, see "11.3.2 Checking RoCE". Configuring RoCE You can customize RoCE configurations based on the built-in RoCE configuration template and push these configurations to one or multiple NICs in one go. The RoCE configuration process is greatly simplified by using AmpCon-DC. For more information, see "11.3.3 Configuring RoCE". Monitoring RoCE You can monitor RoCE-related telemetry data on the network interface card (NIC) side. For more information, see "11.3.4 Monitoring RoCE". To monitor PFC and ECN telemetry data on the switch side, see "10.5.1 Global Telemetry Data - AI Metrics". 11.3.1 RoCE Overview RDMA over Converged Ethernet (RoCE) is a network protocol that enables high-throughput and low-latency data communication between nodes in a network. Benefits of RoCE RoCE helps reduce CPU workloads by providing direct memory access for applications that bypass the CPU. Because packet processing and memory access are handled by the network interface card (NIC) and network switch rather than the CPU, RoCE allows for higher throughput, lower latency, and reduced CPU utilization for both the sender and receiver, which is crucial for distributed storage, high-performance computing (HPC), and AI deep learning model training and big data analytics. image.png Versions of RoCE RoCE has the following two versions. AmpCon-DC supports only checking and configuring RoCEv2. RoCEv1: This version operates at Layer 2 of the OSI model, meaning it is not routable beyond the local Ethernet network. It requires all devices to be in the same Ethernet broadcast domain. RoCEv2: This version operates at Layer 3, making it routable over IP networks. RoCEv2 packets can traverse multiple subnets, allowing for greater scalability and flexibility in network design. Key Features of RoCE AmpCon-DC supports configuring and monitoring the following features of RoCE: Priority Flow Control (PFC) Priority Flow Control (PFC) is a network protocol designed to manage congestion on Ethernet networks by allowing for the independent pausing of traffic based on priority levels. It is part of the IEEE 802.1Qbb standard and is particularly useful in data center environments where different types of traffic need to be handled with varying degrees of urgency. PFC is a critical technology for managing congestion in Ethernet networks, particularly in data center environments. By enabling traffic differentiation and providing lossless transport for high-priority traffic, PFC helps maintain performance and reliability for critical applications. Explicit Congestion Notification (ECN) Explicit Congestion Notification (ECN) is an effective mechanism for managing network congestion by marking packets instead of dropping them. It is an extension of the IP and TCP protocols, enhancing the way congestion is managed by marking packets instead of discarding them. It helps improve network performance, reduce packet loss, and maintain high throughput, making it especially valuable in data centers and for real-time applications. Quality of Service (QoS) QoS is a network mechanism used to manage and ensure different levels of quality and performance for different types of traffic in a network. QoS aims to control the transmission priority of data packets through network devices, protocols, and mechanisms, thereby ensuring priority processing for critical tasks and reducing issues such as latency, packet loss, and jitter. 11.3.2 Checking RoCE Before you configure or monitor RoCE, use AmpCon-DC to check the RoCE status on the device first to see whether NIC drivers, RoCE drivers, and RDMA-related tools are installed, whether RoCEv2 and ECN are enabled, and whether QOS and PFC are configured as required. Prerequisites Ensure that the prerequisites described in Managing RoCE are met. Procedure To check RoCE on one or multiple devices, follow these steps: 1. Click Service > Hosts > Device Discovery in the AmpCon-DC UI. 2. Select the devices for which you want to check RoCE, and then click Check. image.png 3. In the pop-up window, select RoCE from the Check Configuration list. 4. Click OK. 5. Locate each device that you checked, and then click Result. You can see the checking result as follows: image.png 6. Analyze the checking results to see whether RoCE is configured well. NOTEs If NIC drivers, RoCE drivers, and related tools are not installed, install these drivers and tools first before you configure RoCE. If NIC drivers, RoCE drivers, and related tools are installed but RoCEv2 and ECN are not enabled or QoS and PFC are not configured as required, use AmpCon-DC to configure RoCE as described in Configuring RoCE. 11.3.3 Configuring RoCE You can customize RoCE configurations by using RoCE templates provided by AmpCon-DC and push these configurations to one or multiple NICs in one click. The RoCE configuration process is greatly simplified in this way. Prerequisites Ensure that the prerequisites described in Managing RoCE are met. Procedure To configure RoCE on one or multiple devices, follow these steps: Click Service > NICs > RoCE Configuration in the AmpCon-DC UI. In the NIC Vendors drop-down list, select the vendor of the NIC, Nvidia or Broadcom. NOTE Currently, only Nvidia and Broadcom NICs are supported. In the NIC Ports drop-down list, select the devices and the NICs to be configured. In the script area, configure the parameter values in blue. For Broadcom NICs, the RoCE configuration script is as follows. Hover over the question icon to see explanations of parameters to be configured. image.png For Nvidia NICs, the RoCE configuration script is as follows. Check the comments to see explanations of parameters to be configured. image.png Click Apply. Then, these RoCE configurations are pushed to the selected devices and NICs. To bring these configurations into effect, restart these devices. Verifying RoCE Configurations Verify whether the RoCE configurations are pushed to selected devices successfully. For more information, see "11.3.5 Verifying RoCE Configurations". 11.3.4 Monitoring RoCE RoCE monitoring is valuable to identify key factors affecting network performance, ensure business continuity, and improve network management efficiency. By using AmpCon-DC, you can monitor RoCE monitoring data on the Network Interface Card (NIC) side and on the switch side. 11.3.4.1 Monitoring RoCE on NICs You can monitor RoCE data on the Network Interface Card (NIC) side. image.png By using AmpCon-DC, you can monitor RoCE data on the Network Interface Card (NIC) side. Prerequisites Ensure that the prerequisites described in Managing RoCE are met. Procedure 1. Click Monitor > RoCE Counters > NICs in the AmpCon-DC UI. 2. Click the All Counters icon to specify the scope of the telemetry data to be displayed. image.png a. In the PFC section, select the PFC data priority levels. For example, if you selected Prio3 and Prio5, only the PFC telemetry data with priority 3 and 5 are displayed. NOTE You are not suggested to select all priority levels. Or else, the metric numbers will be too large to display the telemetry data. image.png b. In the PFC section, select the PFC metrics to be monitored. Table 1. PFC Metrics Metric Description prioX_rx_byte Total incoming bytes with the selected priority level prioX_rx_packet Total incoming frames received with the selected priority level prioX_rx_pause Total incoming Pause Frames received with the selected priority level prioX_tx_byte Total outgoing bytes with the selected priority level prioX_tx_packet Total outgoing frames with the selected priority level prioX_tx_pause Total outgoing Pause Frames with the selected priority level c. In the ECN section, select or unselect the ECN metric rx_ecn_marked_pkts, which means the count of incoming packets marked with ECN. d. In the Device section, select the NIC vendor, Nvidia or Broadcom. NOTE Currently, the RoCE telemetry data of Nvidia and Broadcom NICs can’t be displayed together. e. In the Select Device section, click the filter icon, and then select the device and NICs to be monitored. f. Click OK. 3. In the Time section, select the start date and end date. Then, the data during the selected time range is displayed. Open image-20250519-074940.png 4. Select the count of NICs to be displayed, Top 5, Top 10, or Top 25. Top 5: The 5 NICs with the largest values. By default, Top 5 is selected. Top 10: The 10 NICs with the largest values. Top 25: The 25 NICs with the largest values. NOTE Even though Top X is selected, you might see less than the selected number of NICs in the line chart when other NICs are down. image.png 5. To display or hide the data of a NIC, click the square before the NIC. Open image-20250519-075016.png 6. To view the metric details in a specific time point, hover the mouse over that time point. 11.3.4.2 Monitoring RoCE on Switches By using AmpCon-DC, you can monitor RoCE data on the switch side. You can see PFC and ECN data for only Trident3 and Tomahawk3 switches that support PFC and ECN and have PFC and ECN enabled. Prerequisites Ensure that the prerequisites described in Managing RoCE are met. Viewing the Trends Tab 1. Click Monitor > RoCE Counters > Switch in the AmpCon-DC UI. 2. In the Trends tab, you can see the following telemetry data: image.png Table 1. RoCE Telemetry Data Metric Description Ecn Marked Packets The number of packets that have been marked with Explicit Congestion Notification (ECN) Send-Pfc-Pause-Frames The PAUSE frames sent by the transmitting end for flow control Receive-Pfc-Pause-Frames The PAUSE frames received by the receiver end for flow control Pfc-Deadlock-Monitor-Count A counter used for monitoring and recording the number of Priority Flow Control (PFC) deadlock events Pfc-Deadlock-Recovery-Count A counter used to track and record the number of recoveries from Priority Flow Control (PFC) deadlock states 3. Click the Filter icon to specify the scope of the telemetry data to be displayed. image.png image.png a. In the Fabric list, select one or multiple fabrics. b. In the Device Role list, select leaf, spine, or both. c. In the Sysname list, select the switches and NICs. d. In the TopK list, select the count of NICs to be displayed, Top 5, Top 10, Top 25, or Total X (all selected NICs). Top 5: The 5 NICs with the largest values. By default, Top 5 is selected. Top 10: The 10 NICs with the largest values. Top 25: The 25 NICs with the largest values. NOTE Even though Top X is selected, you might see less than the selected number of NICs in the line chart when other NICs are down. e. Click OK. 4. In the Time section, select the start date and end date. Then, the data during the selected time range is displayed. image.png Viewing the Statistics Tab 1. Click Monitor > RoCE Counters > Switch in the AmpCon-DC UI. 2. Click the Statistics tab. You can see the following information: image.png Table 2. RoCE Metrics Metric Description Fabric The fabric of the switch Sysname The hostname of the switch Device Role Spine switch or leaf switch Port Name The port of the switch Queue Number The queue number of PFC Send-PFC-Pause-Frames The PAUSE frames sent by the transmitting end for flow control Receive-PFC-Pause-Frames The PAUSE frames received by the receiver end for flow control PFC-Deadlock-Monitor-Count A counter used for monitoring and recording the number of Priority Flow Control (PFC) deadlock events PFC-Deadlock-Recovery-Count A counter used to track and record the number of recoveries from Priority Flow Control (PFC) deadlock states Send-PFC-Pause-Frames Rate The rate at which PFC (Priority-based Flow Control) PAUSE frames are sent Receive-PFC-Pause-Frames Rate The rate at which PFC (Priority-based Flow Control) PAUSE frames are received by the switch ECN Marking Number The number of packets that have been marked with Explicit Congestion Notification (ECN) The Rate Of ECN Marked Packets The number of packets per unit time that are marked with Explicit Congestion Notification (ECN) codes by the switch in response to detected congestion 3. Click the Filter icon to specify the scope of the telemetry data to be displayed. The steps are the same as Step 2 of the Viewing the Trends Tab section. image.png 11.3.5 Verifying RoCE Configurations To verify whether the RoCE configurations are pushed to selected devices successfully, follow these steps: Procedure 1. Click Monitor > Event Log in the AmpCon-DC UI. 2. Locate the device, and check whether the status is displayed as Success in the Status column. Success: RoCE configurations are pushed to the device successfully without any errors. Fail: RoCE configurations fail to be pushed to the device due to some errors. image.png 3. To see more result details, click Detail. image.png 11.4 Monitoring Modules After you add devices to AmpCon-DC with the monitor feature enabled, you can view detailed information of optical modules connected to the devices. Prerequisites Ensure that the following prerequisites are met: The devices to be managed are added to AmpCon-DC with the monitor function enabled. For more information, see "11.1 Adding a Device to AmpCon-DC". The devices to be managed are connected to the AmpCon-DC server. You can check by following these steps: 1. Click Service > Hosts > Device Discovery. 2. Select the devices to be managed, and then click Ping. 3. Check whether the status is showed as ✔ in the Status column. Procedure 1. Click Service > NICs > Modules Overview in the AmpCon-DC UI. You can see the list of devices that are added with the monitor feature enabled and connected to the AmpCon-DC server. 2. Click + before a device. You can see detailed information of optical modules connected to the device. Table 1. Module Metrics Metric Description Sysname The name of the device or the NIC Port The Ethernet port connected to the optical module Status The status of the module, Active or Inactive PN The vendor part number to distinguish the type and model of the optical module SN The serial number of the optical module Vendor The supplier or manufacturer of the optical module Length The maximum distance over which an optical signal can be transmitted effectively through the module Wavelength The wavelength of the light used in the optical module Power Class The power consumption or optical power output classification of the optical module Temperature The operating temperature range of the optical module Voltage The voltage level required to power the optical module TX BIAS The bias current applied to the laser diode in the transmitter (Tx) section of the optical module TX The transmitter section of the optical module RX The receiver section of the optical module 3. To specify the metrics to be monitored, click the All Counters icon, select the metrics in the Parameters section, and then click OK. 4. To specify the devices and NICs to be monitored, click the All Counters icon, select the devices and NICs, and then click OK. image.png 12.Managing Authority You can create a group and then add switches and users to the group so that these users can manage only the assigned switches in this group. You can also designate the operation permissions for a group so that the users and switches in the group can only perform the allowed operations. 12.1 Managing Groups Adding a Group 1. In the AmpCon-DC UI, click Resource > Authority Management > Group Management. 2. On the “Group Management” page, click Create. 3. Enter the group name and description (optional), and select the allowed operation permissions in the Group Class section. License Audit: You can perform the license audit operation. License Actions: You can perform the license audit operation. Upgrading: You can perform the PicOS upgrading operation. Retrieve Config: You can perform the configuration backup operation. image.png 4. Click OK. Editing a Group By editing a group, you can add switches to a group or remove switches from a group. In addition, you can modify the allowed operation permissions for the group. 1. In the AmpCon-DC UI, click Resource > Authority Management > Group Management. 2. Select the group. 3. Click Edit Group. 4. Select the switches to add or remove. You can filter switches by entering keywords in the search box. image.png 5. Select the allowed operation permissions including “License Audit”, “License Actions”, “Upgrading”, and “Retrieve Config”. 6. Click Save. Adding Users to a Group 1. In the AmpCon-DC UI, click System > User management. 2. Click Add User, and input the following information: User Name: The username. User Password: The password of the user. The password needs to be a combination of uppercase letters, lowercase letters, numbers, and special symbols. The character count needs to be greater than 10. Confirm Password: The password of the user. User Role: Select “SuperAdmin”, “Admin”, “Operator”, or “Readonly”. User Type: Select “Group”. Email: The email of the user. 3. Select the group name from the Group Name drop-down list. image.png 4. Click OK. Displaying Users Associated with a Group 1. In the AmpCon-DC UI, click Resource > Authority Management > Group Management. 2. Click the group. image.png 3. Click the User View tab to see the users belonging to this group. image.png NOTE If no users are listed here, it means that you haven’t added any users to the group. Add a new user to this group or add a currently existed user to this group by editing the user. For more information, see "5.1 Managing User Access". Searching for Switches and Users To search for specific switches, enter keywords in the search box of the Switch View tab. image.png To search for specific users, enter keywords in the search box of the User View tab. image.png Deleting a Group 1. In the AmpCon-DC UI, click Resource > Authority Management > Group Management. 2. Click the group, and then click Delete. image.png 3. Click Yes to confirm the deletion. 12.2 Managing Licenses To deploy and manage switches with AmpCon-DC, both AmpCon-DC licenses and PicOS licenses are needed: To deploy and manage a switch with AmpCon-DC, the Hardware ID of the switch needs to be added to an AmpCon-DC license and the AmpCon-DC license needs to be imported to AmpCon-DC. During the switch deployment process, AmpCon-DC installs a PicOS license on the switch by getting the license information from the License Portal that you specified in the system configuration. To manage AmpCon-DC licenses or PicOS licenses, see the following child topics: 12.2.1 Managing AmpCon-DC License You can view all imported AmpCon-DC licenses, import a new or updated AmpCon-DC license to manage more switches, or invalidate the AmpCon-DC license on a switch to release the license. In addition, you can check the operation logs and alarms related to AmpCon-DC licenses. 12.2.2 Managing PicOS Licenses You can verify whether PicOS licenses are valid or not by using the License Audit feature. Or you can verify whether PicOS licenses are valid and extend PicOS licenses by using the License Action feature. If the AmpCon-DC server can’t access the License Portal that you specified in the system configuration, you can add local PicOS licenses to AmpCon-DC so that AmpCon-DC can install PicOS licenses on corresponding switches. 12.2.1 Managing AmpCon-DC Licenses You can view all imported AmpCon-DC licenses, import a new or updated AmpCon-DC license to manage more switches, or invalidate the AmpCon-DC license on a switch to release the license. In addition, you can check the operation logs and alarms related to AmpCon-DC licenses. Viewing AmpCon-DC Licenses In the AmpCon-DC UI, click System > Software License > License View. You can see the AmpCon-DC licenses that are imported to AmpCon-DC. In addition, you can see the status and usage information of these AmpCon-DC licenses. For more information, see "12.2.1.1 Viewing AmpCon-DC Licenses". image.png Importing an AmpCon-DC License To manage a new switch with AmpCon-DC, you need to add the Hardware IDs of these new switches to an AmpCon-DC license by updating an existing AmpCon-DC license or creating a new AmpCon-DC license as described in Creating an AmpCon-DC License and Editing an AmpCon-DC License. Then, import the updated or new license to AmpCon-DC. For how to import an AmpCon-DC license, see "12.2.1.2 Importing a License". image.png Invalidating the AmpCon-DC License on a Switch If you don’t need to deploy and manage a switch with AmpCon-DC, you can invalidate the AmpCon-DC license on the switch. For how to invalidate an AmpCon-DC license, see "12.2.1.2 Invalidating a License". image.png Checking License Logs and Alarms In the AmpCon-DC UI, click System > Software License > License Log. You can check the operation logs and alarms that are related to AmpCon-DC licenses. For more information, see "12.2.1.3 Checking License Logs and Alarms". image.png Refreshing AmpCon-DC Licenses To get the latest license information, click System > Software License > License management. On the “License Management” page, click Refresh. image.png Searching for AmpCon-DC Licenses To search for specific licenses on the “License Management” page, enter keywords in the search box. Except for the Operation column, other columns support both ascending and descending sorting. image.png 12.2.1.1 Viewing AmpCon-DC Licenses In the AmpCon-DC UI, click System > Software License > License View. You can see the AmpCon-DC licenses that are imported to AmpCon-DC. In addition, you can see the status and usage information of these AmpCon-DC licenses. License Status In the License File Status section, you can see the numbers of “all“, “invalid“, and “expired“ AmpCon-DC licenses. All Indicates all licenses Invalid Indicates that the license is invalid Expired Indicates that the license has expired image.png License Usage In the License Usage section, you can see the numbers of normal, abnormal, and expired AmpCon-DC licenses. Abnormal licenses include both invalid licenses and expired licenses. image.png License Details In the License Information section, you can view the following columns. All columns support ascending and descending sorting. License ID: The ID of the AmpCon-DC license Hardware ID: The ID of the switch hardware Model Name: The name of the switch model License Type: Includes standard license (formal License) and trial license (temporary License) License File Status: The status of the AmpCon-DC license for the switch Valid Date: The date from when the switch can be managed by AmpCon-DC Expiration Date: The date until when the switch can be managed by AmpCon-DC You can filter licenses with the license status file keywords. In the License Information table, click the License File Status column, and select a status to view relevant licenses. image.png Fuzzy Search for License Information In the search box of the License Information table, enter keywords to search for specific licenses. image.png 12.2.1.2 Importing a License To manage a new switch with AmpCon-DC, you need to add the Hardware IDs of these new switches to an AmpCon-DC license by updating an existing AmpCon-DC license or creating a new AmpCon-DC license as described in Creating an AmpCon-DC License and Editing an AmpCon-DC License. Then, import the updated or new license to AmpCon-DC. Procedure To import an AmpCon-DC license, follow these steps: 1. Get the updated or new license from the License Portal. a. Log in to the License Portal, and then click AmpCon Licenses. b. Click Copy to copy the license string or click Download to download the .lic license file. image.png 2. In the AmpCon-DC UI, click System > Software License > License Management. 3. On the “License Management” page, click Import. 4. Select either of the following ways to import licenses: Select Copy License.txt, and paste the license strings that you copied in step 1.b to the License Key box. image.png Select Copy License.lic, and then upload the .lic license file that you downloaded in step 1.b in the License Key selection box. image.png 5. Click Apply. After you import the new license, the All Licenses table is refreshed. 12.2.1.3 Invalidating a License If you don’t need to deploy and manage a switch with AmpCon-DC, you can invalidate the AmpCon-DC license on the switch to release this license. NOTEs The Hardware ID of a switch might exist in multiple AmpCon-DC licenses. Ensure that you invalidate all AmpCon-DC licenses on the switch. After you invalidate all AmpCon-DC licenses on a switch, the switch can’t be deployed and managed with AmpCon-DC. The switch that has been deployed will be removed from the switch list on the “Switch” page. You can perform three invalidation operations at most. Procedure 1. In the AmpCon-DC UI, click System > Software License > License Management. 2. Click the license file, and click the Hardware ID to be invalidated. Then, click Invalid License. image.png 3. In the pop-up window, click Yes. You can see the invalid code is displayed in a pop-up window. The status of the license is changed to Invalid, and show invalid code in the Operation column is shown as clickable instead of grayed out. If the license status is not displayed as Invalid, click Refresh to update the license status. Open image-20250519-081133.png 4. Click Show Invalid Code to copy the invalid code. 5. Release the invalidated license in the License Portal. a. Log in to the License Portal, and then click AmpCon Licenses > Verify Revoke Code. b. In the Software Type drop-down list, select AmpCon-DC. c. Use either of the following ways: - In the Addition Method section, select Form Input. In the Revoke Code field, paste the invalid code that you copied in step 4. image.png - In the Addition Method section, select File Upload. Click Blank template to download a template file. Open the template file, and enter the invalid code in the .xlsx template file. Then, upload the file. image.png 6. Click Save. 12.2.1.4 Checking License Logs and Alarms In the AmpCon-DC UI, click System > Software License > License Log. You can check the operation logs and alarms that are related to AmpCon-DC licenses. Viewing License Operation Logs On the “License Log” page, you can view license-related operation records (such as license import operations and license invalidation operations), the time of each operation, and the status of each operation. image.png Exporting License Operation Logs To export license logs as a .csv file, select one or more entries, and then click Export in the License Log section. image.png Searching for License Operation Logs To perform a fuzzy search for logs, enter keywords in the search box of the License Log section. image.png Checking License Alarms To check license alarm information, check the License Alarm section. image.png Tips During the grace period of a trial AmpCon-DC license, the AmpCon-DC login interface displays "License is expired, you have a 14-day grace period". If a formal AmpCon-DC license expires, you can see the license status is expired in the License Alarm section of the AmpCon-DC UI. Exporting License Alarms To export alarms as a .csv file, select one or more alarm entries, and then click Export in the License Alarm section. image.png Searching for License Alarms To perform a fuzzy search for alarms, enter keywords in the search box of the License Alarm section. image.png 12.2.2 Managing PicOS Licenses You can verify whether PicOS licenses are valid or not by using the License Audit feature. Or you can verify whether PicOS licenses are valid and extend PicOS licenses by using the License Action feature. If the AmpCon-DC server can’t access the License Portal, you can add local PicOS licenses to AmpCon-DC so that AmpCon-DC can install PicOS licenses on corresponding switches. Verifying License Validity By using the License Audit feature, you can verify whether PicOS licenses are valid or not. Verifying the PicOS License for a Switch To check the PicOS license validity for a switch, follow these steps: 1. In the AmpCon-DC UI, click Resource > Authority Management > Device License Management. 2. In the License Audit tab, locate a PicOS license, and then click License Audit. image.png 3. Click Yes. 4. Check the License Status and License Expiry columns. License expiry means the expiration date of the PicOS license. License status means the current status of the PicOS license. You might see the following license status: Expired: The PicOS license is expired. Active: The PicOS license is valid. Unknown: The PicOS license is not related to the switch. No License: The switch has no PicOS license assigned. 5. Click Log to view the license audit logs. image.png Verifying PicOS Licenses for a Group of Switches To check the PicOS license validity for a group of switches, follow these steps: 1. In the AmpCon-DC UI, click Resource > Authority Management > Device License Management. 2. In the License Audit tab, select a group name from the Group Name drop-down list, and then click License Audit. image.png 3. Check the License Status and License Expiry columns. License expiry means the expiration date of the PicOS license. License status means the current status of the PicOS license. 4. Optional: Select the newly generated report from the drop-down list, and then click View Report. NOTE The View Report button is applicable to only License Action operations based on groups. image.png Verifying License Validity and Extending Licenses By using the License Action feature, you can verify whether PicOS licenses are valid and extend PicOS licenses if these PicOS licenses are extended in the License Portal. Verifying and Extending the PicOS License for a Switch 1. In the AmpCon-DC UI, click Resource > Authority Management > Device License Management. 2. Click the License Action tab. 3. Locate a license, and then click License Action. image.png 4. Click Yes. 5. Check the License Status and License Expiry columns. License expiry means the expiration date of the PicOS license. License status means the current status of the PicOS license. 6. Optional: Click Log to view the License Action logging information. Verifying and Extending PicOS Licenses for a Group of Switches 1. In the AmpCon-DC UI, click Resource > Authority Management > Device License Management. 2. Click the License Action tab. 3. Select a group name from the Group Name drop-down list, and then click License Action. image.png 4. Check the License Status and License Expiry columns. License expiry means the expiration date of the PicOS license. License status means the current status of the PicOS license. 5. Optional: Select the newly generated report from the drop-down list, and then click View Report. NOTE The View Report button is applicable to only License Action operations based on groups. Adding Local PicOS Licenses By default, when you deploy a switch with AmpCon-DC, AmpCon-DC installs the PicOS license based on License Portal URL, username, and password information in the system configuration. But if the AmpCon-DC server can’t access the License Portal that you specified in the system configuration, for example in an air-gapped environment, you need to add local PicOS licenses to AmpCon-DC so that AmpCon-DC can install PicOS licenses on corresponding switches. NOTEs Only after you add a switch configuration for the switch with the local PicOS license, the local PicOS license can be added to AmpCon-DC. When AmpCon-DC can access the License Portal to get the PicOS license for the switch and a local PicOS license is added for the switch, AmpCon-DC will install the added local PicOS license. To add a local PicOS license, follow these steps: 1. Click Resource > Authority Management > Device License Management. 2. Click the Local License tab, and then click Add License. image.png 3. In the SN field, enter the SN of the switch with the uploaded PicOS license. 4. In the License field, enter the local PicOS license key. image.png 5. Click Save. 13.Running Ansible Playbooks for Automation Ansible is an open-source tool to automate configuration management, application deployment, and task automation. Ansible uses the simple, declarative language written in YAML, which is called playbook, to automate your tasks. You declare the desired state of a local or remote system in your playbook. Ansible ensures that the system remains in that state. For more information about Ansible, see Getting started with Ansible. AmpCon-DC offers the picos_config Ansible module to interact with managed devices, making it easy to automate tasks such as configuring interfaces, VLANs, and managing security settings. The picos_config module is included in the AmpCon-DC server. By using AmpCon-DC, you can write, run, and schedule Ansible playbooks on managed switches and added Linux servers, reducing manual work, eliminating configuration errors, and improving network management efficiency. Use Cases and Benefits Ansible helps you automate virtually any task. Check the common use cases of Ansible: Eliminate repetition and simplify workflows Manage and maintain system configurations Continuously deploy complex software Perform zero-downtime rolling updates Ansible provides open-source automation that reduces complexity and runs everywhere. Check the benefits of Ansible: Agentless architecture Ansible operates in an agentless manner, meaning you don’t need to install anything on the devices being managed. Simplicity Automation playbooks use straightforward YAML syntax for code that reads like documentation. Ansible is also decentralized, using SSH with existing OS credentials to access remote machines. Scalability and flexibility You can easily and quickly scale the systems to be automated through a modular design that supports a large range of operating systems, cloud platforms, and network devices. Idempotence and predictability When the system is in the state that your playbook describes, Ansible does not change anything, even if the playbook runs multiple times. Best Practices Test in a lab: Always test your automation scripts in a lab or on non-production devices to ensure they work as expected. Idempotency: Ansible playbooks should be written to be idempotent, meaning running the playbook multiple times won’t cause unintended changes. Backups: Before applying any configuration, ensure that you have backups of the current configurations. For more information, see "8.3 Backing up and Restoring Configurations". To run playbooks on switches, ensure that each switch to run Ansible playbooks are managed by AmpCon-DC: You have added system configurations in the AmpCon-DC UI. For more information, see "4.2 Adding System Configurations". Ensure that the Device Default Login User and Device Default Password on the “System Configuration” page can be used to log in to these switches. You have imported or deployed these switches so that they are managed by AmpCon-DC. For more information, see "7.Deploying or Importing Switches". These switches are connected to the AmpCon-DC server. Check the connectivity by clicking Service > Switch from the navigation bar and then checking the Mgmt IP column. ✓: The switch is up and connected to the AmpCon-DC server. x: The switch is down or not connected to the AmpCon-DC server. To run playbooks on Linux servers, ensure that the Linux servers are added to AmpCon-DC. For more information, see "11.1 Adding a Device to AmpCon-DC". Quick Start To quickly get started with the Ansible automation feature, see "13.1 Quick Start Flow". Playbook Examples Before you run Ansible playbooks on managed switches, write playbooks based on the configuration examples. For more information, see "15.5 Examples for Ansible Playbooks". Child Topics 13.2 Running Playbooks On the “Playbooks” page, you can see the list of playbooks that are created. You can write or import a playbook, check syntax for a playbook, or run a playbook. In addition, AmpCon-DC provides multiple playbook management functions including copying playbooks, using pre-built playbooks, editing, deleting, copying, or exporting playbooks, and adding tags to playbooks. 13.3 Managing Ansible Jobs An Ansible job is a single execution of an Ansible playbook. On the “Ansible Jobs List” page, you can view the list of Ansible jobs and the list of switches with Ansible jobs. You can also check the execution results and output of these jobs. 13.4 Viewing Playbook Scheduling On the “Schedule” page, you can view executed playbooks based on months, weeks, or days. You can also view executed playbooks in the list format. 13.5 Troubleshooting If a playbook fails to be run on switches or Linux servers, check this topic for reasons and solutions. 13.1 Quick Start Flow Run Ansible playbooks on AmpCon-DC to automate routine operations in your network. Prerequisites Ensure that each switch to run Ansible playbooks is managed by AmpCon-DC. For more information, see "13. Prerequisites". Step 1: Checking Pre-Built Playbooks AmpCon-DC offers a series of pre-built Ansible playbooks for automating the following routines: Compliance and consistency checks, to ensure switches stay in compliance with industry regulations that require a certain configuration to maintain proper security and privacy Connectivity checks for PicOS Software Switches Network operation and remediation routines such as dynamic policy enforcement Click Maintain > Automation > Playbooks. On the “Playbooks” page, click the Show Pre-built Playbooks toggle. Check whether these pre-built Ansible playbooks meet your needs. If yes, click Save AS on the “Playbooks” page to create a copy playbook, and then go to Step 4: Running Playbooks. image.png Step 2: Writing or Importing Playbooks If the pre-built Ansible playbooks can’t meet your needs, you can create a customized workflow by writing a playbook on AmpCon-DC or importing a local playbook to AmpCon-DC. Click Maintain > Automation > Playbooks. On the “Playbooks” page, click + Playbook, and then write a playbook in the AmpCon-DC UI. When you write playbooks for managed switches, refer to "15.5 examples for Ansible Playbooks". When you write playbooks for added Linux servers, refer to Using Ansible playbooks. image.png Click Import, and then Import a local playbook to AmpCon-DC. image.png Step 3: Checking Playbook Syntax Before you run a playbook, check whether the playbook syntax is valid or not. image.png Step 4: Running Playbooks Run a playbook to complete the automation operations. You can designate the schedule type of the playbook run. Run Now: Executes the task immediately upon creation One Time: Executes the task within the selected time range after creation Scheduled: Executes the task periodically after creation image.png Step 5: Checking Ansible Job Results and Output After you run the Ansible playbook, you can check the execution result and output of the Ansible job. image.png 13.2 Running Playbooks On the “Playbooks” page, you can see the list of playbooks that are created. You can add or import a playbook, check syntax for a playbook, or run a playbook as needed. In addition, AmpCon-DC provides multiple playbook management functions including copying playbooks, using pre-built playbooks, editing, deleting, copying, or exporting playbooks, and adding tags to playbooks. Writing a Playbook on AmpCon-DC 1. Click Maintain > Automation > Playbooks in the AmpCon-DC UI. 2. On the “Playbooks” page, click Playbook. 3. Enter the playbook name and description (optional). Click playbook.yml, and add contents to the .yml file. image.png 4. Optional: Click Add File or Add Folder to add files or folders to the playbook. For example, to load configurations from a configuration file to the playbook, click Add File to add a .conf file. For more information, see "15.5 Loading Configurations in a Configuration File". image.png 5. Click Save All. Importing a Playbook 1. Click Maintain > Automation > Playbooks in the AmpCon-DC UI. 2. On the “Playbooks” page, click Import. 3. Enter the playbook name and description (optional), and upload the playbook .zip file. NOTE The playbook .zip file needs to contain a playbook .yml file and a configuration .conf file (optional). image.png 4. Click Import. Running a Playbook 1. Click Maintain > Automation > Playbooks in the AmpCon-DC UI. 2. On the “Playbooks” page, locate a playbook, and then click Run. 3. Select the playbook.yml file, and then click Next. image.png 4. Select target switches to run the playbook by using the following ways: NOTE If you select switches, groups, and other devices in the Choose Switches, Choose Groups, and Choose Other Devices tabs, the playbook will be run on all selected targets. In addition to running Ansible playbooks on managed switches, you can add third-party Linux server devices and then run Ansible playbooks on these added devices. Choose switches In the Choose Switches tab, select one or multiple switches. Choose groups In the Choose Groups tab, select one or multiple groups. Choose other devices In the Choose Other Devices tab, select one or multiple devices that you added as described in "11.1 Adding a Device to AmpCon-DC". 5. Click Next. 6. If variables are specified in the playbook, enter variable values in JSON format, and then click Next. image.png 7. Select the schedule type to run the playbook. Run Now: Executes the task immediately upon creation One Time: Executes the task within the selected time range after creation Scheduled: Executes the task periodically after creation image.png 8. Click Run Playbook. Optional: Checking Syntax for a Playbook On the “Playbooks” page, locate a playbook, and then click Check. A message pops up with the checking result. image.png Optional: Using Pre-built Playbooks AmpCon-DC provides multiple pre-built playbooks, which are hidden by default. NOTE Pre-built playbooks can’t be run directly. You need to click Save As to copy a pre-built playbook as a new playbook and then run the new playbook. You can’t edit or remove pre-built playbooks. And you can’t add tags or check syntax for pre-built playbooks. To show the pre-built playbooks, click the Show Pre-built Playbooks toggle on the “Playbooks” page. image.png To view a pre-built playbook, locate the playbook, and then click View. image.png To refresh the pre-built playbook list, click Update Pre-built Playbooks. image.png To export a pre-built playbook, locate the playbook, and then click Export. Optional: Editing a Playbook On the “Playbooks” page, locate a playbook, and then click Edit. Modify the playbook contents as needed. You can also add or remove folders and files. Then, click Save All. image.png Optional: Deleting a Playbook On the “Playbooks” page, locate a playbook, and then click Remove. Then, click Yes to confirm the deletion. image.png Optional: Copying a Playbook On the “Playbooks” page, locate a playbook, and then click Save As. The new playbook has a default name, which you can modify as needed. Then, click Save. image.png Optional: Exporting a Playbook On the “Playbooks” page, locate a playbook, and then click Export. image.png Optional: Adding or removing Playbook Tags On the “Playbooks” page, locate a playbook, and then click Tag Management. Enter the tag name in the Tag Name field, and then click Add. You can remove a tag by clicking the removal icon. image.png 13.3 Managing Ansible Jobs An Ansible job is a single execution of an Ansible playbook. On the “Ansible Jobs List” page, you can view the list of Ansible jobs and the list of switches with Ansible jobs. You can also check the execution results and output of these jobs. Job View Viewing Ansible Jobs Click Maintain > Automation > Ansible Jobs List in the AmpCon-DC UI. In the Job View tab, you can see the list of playbook execution jobs. image.png The Schedule Type column including the following types: DIRECT Playbooks are executed with "Run Now". ONCE Playbooks are executed with "One Time". SCHEDULED Playbooks are executed with "Scheduled". The Status column includes the following status: IDLE The playbook has not been executed. For example, after a playbook is created and before it’s executed, the status is IDLE. NOTE For Playbooks with the schedule type of "SCHEDULED", the status is changed to IDLE after the playbook execution is completed. RUNNING The playbook is currently running. EXECUTED The playbook execution has been completed. Checking Ansible Job Results and Output 1. In the Job View tab, locate a job, and then click Task Results. You can see the playbook execution result in the Result Table tab. image.png 2. To view detailed result information, click Show Result. 3. To view the output of the playbook execution, click the Result Output tab. image.png Removing an Ansible Job 1. In the Job View tab, locate a job, and then click Remove. 2. Click Yes to confirm the deletion. Switch View Viewing Switches with Ansible Jobs In the Switch View tab, you can see the list of switches that have playbook execution jobs. image.png Checking Ansible Job Results and Output 1. In the Switch View tab, locate a switch, and then click Task Results. image.png 2. To view detailed result information, click Show Result. 3. To view the output of the playbook execution, click the Result Output tab. 13.4 Viewing Playbook Scheduling On the “Schedule” page, you can view executed playbooks based on months, weeks, or days. You can also view executed playbooks in the list format. Procedure 1. Click Maintain > Automation > Schedule in the AmpCon-DC UI. 2. View executed playbooks by using the following ways: To view executed playbooks each month, click MONTH. Click < to view playbooks executed in the previous month. Click > to view playbooks executed in the next month. image.png To view executed playbooks each week, click WEEK. Click < to view playbooks executed in the previous week. Click > to view playbooks executed in the next week. Open 257.png To view executed playbooks each day, click DAY. Click < to view playbooks executed on the previous day. Click > to view playbooks executed on the next day. Click Today to view playbooks executed today. image.png To view executed playbooks in the list format, click LIST. Click < to view playbooks executed on the previous day. Click > to view playbooks executed on the next day. Click Today to view playbooks executed today. image.png 3. Optional: Click a playbook, and then you can see the playbook execution result and output. In the Result Table tab, you can see the playbook execution result. To view detailed result information, click Show Result. image.png In the Result Output tab, you can see the playbook execution output. image.png 13.5 Troubleshooting If the playbook fails to be run on switches or Linux servers, refer to the following reasons and solutions: Playbook Syntax Issues If the playbook syntax is wrong, the playbook can’t be run on specified devices. Symptom When you check the playbook execution result in the AmpCon-DC UI, you can see the error log as follows: image.png Solutions For playbooks run on switches, check as follows: Check whether you follow the syntax as described in Examples for Ansible Playbooks. Check whether the commands included in each playbook are correct. When you run a playbook with variables designated, check whether you have set the variable values in JSON format as described in Step 6 of Running a Playbook. When you run a playbook with a configuration file (.conf) specified, check whether you have clicked Add File to add the configuration file. For playbooks run on added Linux servers, check whether you follow the playbook syntax as described in Using Ansible playbooks. Connection Issues If the AmpCon-DC server fails to access the switches or added Linux servers, the playbook can’t be run on these devices. Symptom When checking the playbook execution result in the AmpCon-DC UI, you can see the error log as follows: image.png Solutions Test the connectivity between the problematic switches (or Linux servers) and the AmpCon-DC server by running the following Ansible playbook: --- - name: Test connectivity hosts: all tasks: - name: Ping ping: You can write and run the playbook in the AmpCon-DC UI. Follow these steps: 1. Write a playbook. image.png 2. Run the playbook on problematic switches or Linux servers. image.png 3. Check the playbook execution result in the AmpCon-DC UI to see whether the AmpCon-DC server can access the problematic switches or Linux servers. If the AmpCon-DC server can access the problematic switches or Linux servers, the result is as follows: image.png If the AmpCon-DC server can’t access the problematic switches or Linux servers, the result is as follows: image.png In this case, check whether the prerequisites for running playbooks are met. 14.Accessing Devices through SSH Sessions You can connect to a device (such as a switch or terminal device) from the AmpCon-DC UI by creating an SSH session. Procedure In the AmpCon-DC UI, click Maintain > CLI Configuration. Input the following information: Host: The IP address of the device User Name: The username to log in to the device Password: The password of the user Port: The port to establish the session Session: Select SSH New Tab: Whether to open the session in a new browser tab image.png Click Submit. 15.References When you configure switches, you can refer to the following examples: 15.1 Example Global Configurations See the following example global configurations including PoE, IP routing, VLAN, and inband configurations: NOTE These configurations are just used for illustration. Ensure that the CLIs you use are compatible with the version of PicOS being used. set poe interface all enable true set ip routing enable true set vlans vlan-id 20 l3-interface vlan20 set l3-interface vlan-interface vlan20 address 192.168.20.10 prefix-length 24 set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 20 set system inband enable true set protocols lldp enable true set system services ssh idle-timeout 60 set protocols spanning-tree enable true set protocols spanning-tree force-version 4 15.2 Example Security Configurations See the following example security configurations: NOTE These configurations are just used for illustration. Ensure that the CLIs you use are compatible with the version of PicOS being used. # TACACS+ configurations set system aaa tacacs-plus disable false set system aaa tacacs-plus key 12345678 set system aaa tacacs-plus server-ip 10.10.51.42 set system login user test authentication plain-text-password xxxxxx set system login user test class super-user # SNMP ACL configurations set system snmp-acl network 192.168.1.0/24 set system snmp-acl network 10.8.0.0/24 # NAC configurations # Provide the RADIUS server connection information set protocols dot1x aaa radius authentication server-ip shared-key "" # Configure the access profile set protocols dot1x aaa radius nas-ip # Configure a RADIUS dynamic authorization client from which the switch accepts the Change of Authorization (CoA) messages set protocols dot1x aaa radius dynamic-author client shared-key "" # Configure Server Priority set protocols dot1x aaa radius authentication server-ip priority [1|2] set protocols dot1x server-fail-vlan-id 15.3 Example Configuration Template See the following example configuration template for switch N3248PXE-ON, which includes the host name, Out of Band Management IP, and gateway: NOTE The template is just used for illustration. Ensure that the CLIs you use are compatible with the version of PicOS being used. name: N3248PXE-ON-Nov20 description: N3248PXE-ON-Nov20 platform: N3248PXE-ON content_start: {#::::: For input Variable::::#} set system hostname {{ Hostname }} {% if Hostname %} set protocols static route 0.0.0.0/0 next-hop {{ Default_gateway }} {% endif %} {#::::: Basic PoE config::::#} set poe interface all enable true {#::::: Basic VLAN config::::#} set vlans vlan-id {{Data_VLAN_id}} vlan-name "DataVlan1" set vlans vlan-id {{Data_VLAN_id}} l3-interface Vlan{{Data_VLAN_id}} set l3-interface vlan-interface Vlan{{Data_VLAN_id}} address {{Data_VLAN_IP_Address_Mask.split('/')[0]}} prefix-length {{Data_VLAN_IP_Address_Mask.split('/')[1]}} set vlans vlan-id {{Voice_VLAN_id}} {#:::::For ports 1/1/1 through 1/1/24:data vlan 100 voice 101 ::::#} {% for i in range(1,51) %} set interface gigabit-ethernet te-1/1/{{ i }} family ethernet-switching port-mode "trunk" {#::::: Inband port :::::#} set interface gigabit-ethernet te-1/1/{{ i }} family ethernet-switching native-vlan-id {{Data_VLAN_id}} set interface gigabit-ethernet te-1/1/{{ i }} voice-vlan vlan-id {{Voice_VLAN_id}} {% endfor %} {#::::: Outband port :::::#} set system management-ethernet eth0 ip-address IPv4 {{Management_IP_Address_Mask.split('/')[0]}}/{{Management_IP_Address_Mask.split('/')[1]}} set system management-ethernet eth0 ip-gateway IPv4 192.168.42.1 content_end$ param_start: { "Hostname": { "param_default": "P8-Access-BR-1-SW-1", "type": "text", "required": "not required", "description": "Configure the hostname", "param_check": "" }, "Management_IP_Address_Mask": { "param_default": "192.168.42.169/24", "type": "text", "required": "required", "description": "Configure management IP mask.e.g. 192.168.42.169/24", "param_check": "" }, "Default_gateway": { "param_default": "192.168.42.1", "type": "IPv4", "required": "required", "description": "Configure the default gateway e.g 192.168.42.1", "param_check": "" }, "Data_VLAN_id": { "param_default": "10", "type": "text", "required": "required", "description": "Configure Data VLAN id , e.g. 10", "param_check": "" }, "Data_VLAN_IP_Address_Mask": { "param_default": "192.168.43.169/24", "type": "text", "required": "required", "description": "Configure management IP mask.e.g. 192.168.43.169/24", "param_check": "" }, "Voice_VLAN_id": { "param_default": "800", "type": "text", "required": "required", "description": "Configure Voice VLAN id , e.g. 800", "param_check": "" } } param_end$ 15.4 Example JSON file for Multiple Switch Configurations See the following example JSON file for multiple switch configurations: { "sn": ["TEST-SN-1", "TEST-SN-2"], "hardware_model": "as4610_54p", "location": "Beijing", "global_config_name": "2022-8-2-glob-as4610_54p-test", "site_template_name": ["test-template-1", "test-template-2"], "agent_config": {}, "vpn": true, "retrieve_config": true, "default_config_param": { "test-template-1": { "address": "1.1.1.1", "interface": "1", "prefix_length": "4", "vif": "1" }, "test-template-2": { "classifier": "4" } }, "unique_config_param": { "TEST-SN-2": { "test-template-1": { "address": "111.2.2.2" }, "test-template-2": { "classifier": "5" } } } } 15.5 Examples for Ansible Playbooks Ansible modules are code or binaries that Ansible copies to and executes on each managed device to accomplish the action defined in each Ansible task. AmpCon-DC offers the picos_config Ansible module to interact with managed switches. The picos_config module, included in the AmpCon-DC server, makes it easy to automate tasks such as configuring interfaces, VLANs, and managing security settings. Before you run Ansible playbooks on managed switches, write playbooks based on the following configuration examples, which are supported by the picos_config Ansible module. NOTE This topic only shows playbook examples for managed switches with PicOS installed. To run Ansible playbooks on Linux servers that you added, write playbooks based on playbook syntax described in Using Ansible playbooks. For the flow of using Ansible playbooks on AmpCon-DC, see "13.1 Quick Start Flow". For detailed steps of writing, importing, and running playbooks on AmpCon-DC, see "13.2 Running Playbooks". Syntax Examples Running Linux Shell Commands To run Linux shell commands in managed switches, use the shell mode. Playbook YAML Example: --- - name: Shows uptime info for all switches hosts: all tasks: - name: Shows uptime info for all switches picos_config: mode='shell' cmd='uptime' register: exec_result - name: Show execution result debug: var=exec_result.stdout_lines This playbook example runs the Linux shell command uptime under the Linux shell mode to show the current time, the time since the system and processes started, the number of logged-in users, and the average time of system load in the last 1 minute, 5 minutes, and 15 minutes. Replace the command in the cmd field with any other Linux shell command to meet your needs. After you run this playbook, check the playbook execution result in the AmpCon-DC UI. For how to check playbook execution results, see "13.3 Managing Ansible Jobs". image.png Showing Switch Configurations or Status To show configurations or status of managed switches, use the cli_show mode. Playbook YAML Example: --- - name: Show Version info of all switches hosts: all tasks: - name: Show version of switches picos_config: mode='cli_show' cmd='show version' register: exec_result - name: Show execution result debug: var=exec_result.stdout_lines