印刷

VeloCloud SD-WAN 6.4 - Partner Guide - Partner Gateway Upgrade and Migration 印刷

Partner Gateway Upgrade and Migration

This document provides instructions on how to upgrade the Partner Gateway from the 3.3.2 or 3.4 release to the 4.0 release.

The Gateway appliance includes the following changes in the 4.0 release:
  • A new system disk layout based on LVM to allow more flexibility in volume management
  • A new kernel version
  • New and upgraded base OS packages
  • Improved security hardening based on Center for Internet Security benchmarks
The Gateway appliance includes the following system changes in the 4.0 release:
  • ifupdown has been deprecated in favor of https://netplan.io/
    • ifup and ifdown are no longer available.
    • Network configuration is now in /etc/netplan vs /etc/network/
    • etc/network/ifup.d and /etc/network/ifdown.d no longer work. Network-dispatcher locations should be used /usr/lib/networkd-dispatcher (dormant.d, no-carrier.d, off.d, routable.d).
  • Substantial changes to cloud-init. Cloud-init deployment scripts must be reviewed and tested for compatibility.
  • net-tools (ifconfig, netstat, etc.) are considered deprecated and may be removed in the future versions.

Network Configuration

ifupdown has been deprecated in favor of https://netplan.io/. Network configuration has moved from /etc/network to /etc/netplan.

Example network configuration (white space is important!) - /etc/netplan/50-cloud-init.yaml: 
network: 
version: 2 
ethernets: 
eth0: 
addresses: 
- 192.168.151.253/24 
gateway4: 192.168.151.1 
nameservers: 
addresses: 
- 8.8.8.8 
- 8.8.4.4 
search: [] 
routes: 
- to: 192.168.0.0/16 
via: 192.168.151.254 
metric: 100 
eth1: 
addresses: 
- 192.168.152.251/24 
gateway4: 192.168.152.1 
nameservers: 
addresses: 
- 8.8.8.8 
search: []
Network configuration is regenerated on every boot. To make changes to the location configuration, deactivate the Cloud-init network configuration. 
echo 'network: {config: disabled}' > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg

Cloud-init

Cloud-init was upgraded to version 20.2. More information on Cloud-init can be found here: https://cloudinit.readthedocs.io/en/stable/index.html

Example 1: Simple

meta-data:

instance-id: vcg1

local-hostname: vcg1

user-data: 
#cloud-config 
hostname: vcg1 
password: Velocloud123 
chpasswd: {expire: False} 
ssh_pwauth: True

Example 2: New-style network configuration (network-config file)

meta-data: 
instance-id: vcg1 
local-hostname: vcg1
user-data: 
#cloud-config 
hostname: vcg1 
password: Velocloud123 
chpasswd: {expire: False} 
ssh_pwauth: True 
ssh_authorized_keys: 
- ssh-rsa … rsa-key 

velocloud: 
vcg: 
vco: demo.velocloud.net 
activation_code: F54F-GG4S-XGFI 
vco_ignore_cert_errors: false 
runcmd:
- 'echo “Welcome to VeloCloud”'

network-config Example 1:

version: 2 
ethernets: 
eth0: 
addresses: 
- 192.168.152.55/24 
gateway4: 192.168.152.1 
nameservers: 
addresses: 
- 192.168.152.1 
eth1: 
addresses: 
- 192.168.151.55/24 
gateway4: 192.168.151.1 
nameservers: 
addresses: 
 - 192.168.151.1

network-config Example 2:

Note: If multiple interfaces are present on the Gateway and need an interface to be selected as a preferred interface for the default gateway, the below configuration (with the metric value) can be used to select the correct interface.
version: 2 
ethernets: 
eth0: addresses: [192.168.82.1/24] 
eth1: addresses: [70.150.1.1/24] 
routes: 
- {metric: 1, to: 0.0.0.0/0, via: 70.150.1.254} 
eth2: 
addresses: [70.155.1.1/24] 
routes: - {metric: 2, to: 0.0.0.0/0, via: 70.155.1.254}

Net-tools

Net-tools utilities like ifconfig, netstat, route, etc. are considered “deprecated.” Net-tools suggested replacements are shown in the table below. These commands only display information for the Linux Host and not for the SD-WAN Overlay Network.
Note: For more information, type: man ip.
Table 1. Net-tools Suggest Replacements
Old Net-tool Utilities New Corresponding Net-tool Utilities
arp ip n (ip neighbor)
ifconfig ip a (ip addr), ip link, ip-s (ip-stats)
nameif ip link, ifrename
netstat ss, ip route (for netstat-r), ip-s link (for netstat-i), ip maddr (for netstat-g)
route ip r (ip route)

Sample Command Output for Net-tool Utilities

The sample output is confirmation that the command is successful. Sample command outputs for ip n (ip neighbor), ip a (ipaddr), and ip link are shown below.

ip n (ip neighbor): 
root@SS-gateway-1:~# ip n 
192.168.0.100 dev eth2 lladdr 00:50:56:84:85:d4 REACHABLE 
192.168.0.250 dev eth2 lladdr 00:50:56:84:97:66 REACHABLE 
13.1.1.2 dev eth0 lladdr 00:50:56:84:e7:fa REACHABLE 
root@SS-gateway-1:~#
ip a (ipaddr): 
root@SS-gateway-1:~# ip a 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 
inet 127.0.0.1/8 scope host lo 
valid_lft forever preferred_lft forever 
inet6 ::1/128 scope host 
valid_lft forever preferred_lft forever 
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 4096 
link/ether 00:50:56:84:a0:09 brd ff:ff:ff:ff:ff:ff 
inet 13.1.1.1/24 brd 13.1.1.255 scope global eth0 
valid_lft forever preferred_lft forever 
inet6 fe80::250:56ff:fe84:a009/64 scope link 
valid_lft forever preferred_lft forever 
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 
link/ether 00:50:56:84:a6:ab brd ff:ff:ff:ff:ff:ff
inet 101.101.101.1/24 brd 101.101.101.255 scope global eth1
valid_lft forever preferred_lft forever 
inet6 fe80::250:56ff:fe84:a6ab/64 scope link 
valid_lft forever preferred_lft forever 
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 
link/ether 00:50:56:84:bc:75 brd ff:ff:ff:ff:ff:ff 
inet 192.168.0.201/24 brd 192.168.0.255 scope global eth2 
valid_lft forever preferred_lft forever 
inet6 fe80::250:56ff:fe84:bc75/64 scope link 
valid_lft forever preferred_lft forever 
6: gwd1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 4096 
link/none
inet 169.254.129.1/32 scope global gwd1 
valid_lft forever preferred_lft forever 
inet6 fe80::27d5:9e46:e7f7:7198/64 scope link stable-privacy 
valid_lft forever preferred_lft forever root@SS-gateway-1:~#
ip link 
root@SS-gateway-1:~# ip link 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 4096 
link/ether 00:50:56:84:a0:09 brd ff:ff:ff:ff:ff:ff 
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 
link/ether 00:50:56:84:a6:ab brd ff:ff:ff:ff:ff:ff 
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 
link/ether 00:50:56:84:bc:75 brd ff:ff:ff:ff:ff:ff 
6: gwd1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 4096 
link/none 
root@SS-gateway-1:~#

Upgrade Considerations

Note: The below steps are based on the assumption that you want to keep the same IP address and Gateway name for the new Gateway deployed in the 4.0 release. However, if you want to create a new Gateway with a different IP address and, you can follow the new Gateway procedures.

Due to substantial changes to the disk layout and system files, an in-place upgrade is not possible from older releases to the 4.0 release. The migration will require deploying new 4.0 Gateway systems and decommissioning systems running older code.

For VPN Gateways or NAT Gateways with well-known public IP addresses, adhere to the following procedure below if the public IP of the Gateway must be preserved.

Procedure: (VNP or NAT Gateways with Well-Known Public IP Addresses)

  1. Launch the new Gateway system based on the 4.0 release image. Refer to the deployment guide for your platform for more information (Gateway Installation Procedures).
  2. Shutdown the old Gateway system. (Bring down the old Gateway VM (either by running the “sudo poweroff” command on the CLI console, or by powering off from the available Hypervisor options).
  3. Migrate the public IP to the new system: update the NAT record to point to the new Gateway system, or configure the public IP on the new Gateway network interface. Deploy the new Gateway with the Cloud-int examples given above using the same IP address as the previous Gateway.
  4. Obtain the activation key from the existing Gateway record in the Orchestrator (as described in the steps below).
    1. From the Orchestrator, go to Gateway Management > Gateways .
    2. In the Gateways screen, select the Gateway for which you to obtain the activation key and select the right arrow before the Gateway name.
    3. An information box expands and you can find the activation key at the bottom, as shown in the image below.
      Figure 1. Activation Key for Gateways
  5. Set the following system property gateway.activation.validate.deviceId to False, as shown in the image below. Refer to the System Properties section in the VeloCloud SD-WAN Operator Guide, if necessary for more information.
    Figure 2. System Properties Modification
  6. Re-activate the new Gateway system: from the CLI console run: 
    sudo /opt/vc/bin/activate.py -s <vco_address> <activation_code>
  7. Restore the following system property gateway.activation.validate.deviceId to the original value (if necessary). The Gateway is now registered and ready to receive a connection from the Edges.
    Note: The Gateway reactivation can be performed via Cloud-int, as described in the User Data section in this document.

    Activation Example Output

    root@gateway/opt/vc# /opt/vc/bin/activate.py FLM6-CSV6-REJS-XFR5-i-s 169.254.8.2
Activation successful, VCO overridden back to 169.254.8.2 root@SS1-gateway-2:/opt/vc#

Gateways Without Well-known Public IPs

This section is only for Gateways without a well-known public IP, such as, VPN Gateways. If this scenario applies, follow the procedure below.

  1. Launch a new Gateway system. Refer to the deployment guide for your platform if necessary (Gateway Installation Procedures).
  2. Activate a new Gateway system.
  3. Add new Gateway to the Orchestrator Gateway pool. Refer to the Gateway Management section in the VeloCloud SD-WAN Operator Guide for more details.
    • The Gateway is now registered and ready to receive a connection from the Edges.
  4. Remove the old Gateway from Orchestrator Gateway pool. Refer to the Gateway Management section in the VeloCloud SD-WAN Operator Guide for more information.
  5. Decommission the old Gateway VM. (Remove the Gateway record from the Orchestrator and decommission the VM instance).

Obtaining Gateway Activation Key Via API

To deploy using the API Method, use the following: network/getNetworkGateways

Sample response:

{"jsonrpc":"2.0","result":[{"id":1, "activationKey":"69PX-YHY2-N5PZ-G3UW …

Configure Handoff Interface in Data Plane

To configure Handoff Interface in Data Plane, see the topic Post-Installation Tasks.

..