Configuration Supporting Multiple Management
IP Networks
The Multiple Management IP Network feature can scale up to 6 networks.
Third-party certificate changes
You can access EFA at different IP addresses (one for each of the new networks).
Update the third-party SSL certificates with the external IP address of management
interfaces of EFA. Re-generate the certificates when you add a new network. You can
replace the generated certificate with your own certificates (third-party
certificates), which must have a reference to each of the EFA IP addresses.
Third party certificate must contain a Subject Alt Name (SAN) field for each EFA IP
address. In particular, if you have added management access for external networks,
include the EFA management IP address for each external network. The openssl command
supports a flag for adding a SAN IP address.
For
example:
-addext "subjectAltName = IP.1:192.168.30.40"
Day 0 and installation changes
- In a high-availability
deployment, the VIP (virtual IP address) that you enter as part of installation
remains the same. This VIP is distinguished from those added during Multiple
Management IP Network operations and cannot be deleted.
- During installation, you are
prompted to create additional Multiple Management IP Networks.
- Once you have specified all the
IP address and VLAN combinations, installation proceeds as with earlier releases
of EFA.
- Keepalived, ingress, and
interface changes are done as part of installation on both the nodes of a
high-availability deployment.
- Configuration is persisted for
RMA purposes, so that the Supportsave function has data for debugging
issues.
Day 1 to n changes
- You can add and delete IP address
and VLAN combinations after installation using the EFA CLI or the REST
APIs.
- Keepalived, ingress, and
interface changes are done as part of this operation on both the nodes.
- Configuration is persisted for RMA purposes, so that the Supportsave function
has data for debugging issues.
- The backup and restore process
also restores the previous configuration of the sub-interfaces.
Installer changes
During installation, you are asked whether you want to add additional management
networks for connection to EFA. If you select Yes, you are then
asked to provide three input parameters:
- Sub-interface name, which is a
unique name that contains no more than 11 characters, no white space, and no
% or / characters.
- ID of the VLAN that the
management network uses to tag traffic. Valid values range from 2 through
4093.
- IP subnet address in CIDR format.
The subnet must not overlap with any IP subnet that you have already
provided.
You repeat this process until you have finished adding all the sub-interface
information you need. Then you select No to continue with installation. For details,
see the installation and upgrade information in the
Extreme Fabric Automation Deployment Guide,
2.4.0
.