Configuration Supporting Multiple Management
IP Networks
The Multiple Management IP Network feature can scale up to 6 networks.
Third-party certificate changes
You can access EFA at different IP addresses (one for each of the new networks).
Update the third-party SSL certificates with the external IP address of management
interfaces of EFA. Re-generate the certificates when you add a new network. You can
replace the generated certificate with your own certificates (third-party
certificates), which must have a reference to each of the EFA IP addresses.
Third party certificate must contain a Subject Alt Name (SAN) field for each EFA IP
address. In particular, if you have added management access for external networks,
include the EFA management IP address for each external network. The openssl command
supports a flag for adding a SAN IP address.
For
example:
-addext "subjectAltName = IP.1:192.168.30.40"
Day 0 and installation changes
- In a multi-node deployment, the
VIP (virtual IP address) that you enter as part of installation remains the
same. This VIP is distinguished from those added during Multiple Management IP
Network operations and cannot be deleted.
- During installation, you are
prompted to create additional Multiple Management IP Networks.
- Once you specify all the
management route combinations, installation proceeds.
- Keepalived, ingress, and
interface changes are done as part of installation on both the nodes of a
multi-node deployment.
- Configuration is persisted for
RMA purposes, so that the Supportsave function has data for debugging
issues.
Day 1 to n changes
- You can add and delete management
routes and sub-interfaces after installation using the EFA CLI or the REST
APIs.
- Keepalived, ingress, and
interface changes are done as part of this operation on both the nodes.
- Configuration is persisted for RMA purposes, so that the Supportsave function
has data for debugging issues.
- The backup and restore process
also restores the previous configuration of the sub-interfaces.
Installer changes
During installation, you are asked whether you want to add additional management
networks for connection to EFA. If you select Yes, you are then
asked to provide three input parameters.
In single-node deployments, provide the following information:
- Sub-interface name, which is
a unique name that contains no more than 11 characters, no white space, and
no % or / characters.
- ID of the VLAN that the
management network uses to tag traffic. Valid values range from 2 through
4093.
- IP subnet address in CIDR
format. The subnet must not overlap with any IP subnet that you have already
provided.
In multi-node deployments, provide the following information:
- Target network IP address in CIDR format
- Source IP address for outbound traffic
- Next-hop or gateway IP address through which access to the destination
network is provided
You repeat this process until you finish adding all the information you need. Then
you select No to continue with installation. For details, see the installation and
upgrade information in the Extreme Fabric Automation Deployment
Guide.