Ruckus Virtual SmartZone Data Plane (vSZ D™) Configuration Guide For 3.4.1 Smart Zone (MR) (v SZ D) Vszd 341 Guide20161001
2016-10-17
User Manual: Ruckus SmartZone 3.4.1 (MR) Configuration Guide (vSZ-D)
Open the PDF directly: View PDF 
.
Page Count: 36
| Download | |
| Open PDF In Browser | View PDF |
Virtual SmartZone Data Plane (vSZ-D) for
Release 3.4.1
Configuration Guide
Part Number: 800-71354-001 Rev A
Published: 28 September 2016
www.ruckuswireless.com
Contents
Copyright Notice and Proprietary Information
Virtual SmartZone Data Plane Overview
Features and Benefits....................................................................................................4
Network Architecture.....................................................................................................7
Communication Workflow.............................................................................................7
NAT Deployment Topologies.........................................................................................8
System Requirements
Hardware Requirements..............................................................................................15
Supported Modes of Operation.........................................................................16
Recommended NICs and Operation Modes......................................................22
Hypervisor Configuration
Supported Hypervisors................................................................................................23
General Configuration..................................................................................................23
VMware Specific Configuration....................................................................................24
KVM Specific Configuration.........................................................................................28
Upgrade Procedure
vSZ-D Performance Recommendations
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
2
3
Copyright Notice and Proprietary Information
Copyright 2016. Ruckus Wireless, Inc. All rights reserved.
No part of this documentation may be used, reproduced, transmitted, or translated, in any form
or by any means, electronic, mechanical, manual, optical, or otherwise, without prior written
permission of Ruckus Wireless, Inc. (“Ruckus”), or as expressly provided by under license from
Ruckus.
Destination Control Statement
Technical data contained in this publication may be subject to the export control laws of the
United States of America. Disclosure to nationals of other countries contrary to United States
law is prohibited. It is the reader’s responsibility to determine the applicable regulations and to
comply with them.
Disclaimer
THIS DOCUMENTATION AND ALL INFORMATION CONTAINED HEREIN (“MATERIAL”) IS
PROVIDED FOR GENERAL INFORMATION PURPOSES ONLY. RUCKUS AND ITS LICENSORS
MAKE NO WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, WITH REGARD TO THE
MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE,
OR THAT THE MATERIAL IS ERROR-FREE, ACCURATE OR RELIABLE. RUCKUS RESERVES
THE RIGHT TO MAKE CHANGES OR UPDATES TO THE MATERIAL AT ANY TIME.
Limitation of Liability
IN NO EVENT SHALL RUCKUS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL
OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA
OR USE, INCURRED BY YOU OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT
OR TORT, ARISING FROM YOUR ACCESS TO, OR USE OF, THE MATERIAL.
Trademarks
Ruckus Wireless, Ruckus, the bark logo, BeamFlex, ChannelFly, Dynamic PSK, FlexMaster,
Simply Better Wireless, SmartCell, SmartMesh, SmartZone, Unleashed, ZoneDirector and
ZoneFlex are trademarks of Ruckus Wireless, Inc. in the United States and other countries. All
other product or company names may be trademarks of their respective owners.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
3
Virtual SmartZone Data Plane Overview
Features and Benefits
Virtual SmartZone Data Plane Overview
The Ruckus Wireless Virtual SmartZone controller platform is the industry’s most scalable Wi-Fi
controller platform that enables service providers and enterprises to leverage virtualization
technologies to deploy superior Wi-Fi management systems.
With the introduction of the Virtual Data Plane (vSZ-D), the Virtual SmartZone platform launches
sophisticated data plane capabilities in a virtualized form factor. This is an industry-first, truly
differentiated and distinguished offering that provides compelling business benefits for varied
deployment scenarios.
Figure 1: vSZ-D services
Features and Benefits
vSZ-D is a virtualized service to segregate and securely tunnel user data traffic.
Table 1: vSZ-D features and benefits
Feature
Benefit
Secure data plane tunneling
Manages the creation of aggregated user data
streams through secure tunnel
Multiple Hypervisor Support
Supports the most widely deployed VMware
and KVM hypervisors
Dynamic data plane scaling
Supports 1Gbps, 10Gbps or even higher
throughput capacities to support all types of
enterprise and carrier deployments that can be
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
4
Virtual SmartZone Data Plane Overview
Features and Benefits
Feature
Benefit
dynamically tuned without needing software
updates
Seamless integration with vSZ controller
• Simple integration and management with
vSZ controller clustering architecture enables
support for multiple vSZ-D instances
• 2 vSZ-D instances per vSZ instance
• 8 vSZ-D instances per vSZ cluster of 4
instances
• The controller runs in Active/Active (3+1)
mode for extremely high availability. Each
vSZ-D runs as an independent virtual
machine instance that is managed by the
controller
Superior data plane functions
Encrypted tunnel aggregation from all types of
WLANs (Captive portal, 802.1x, HS2.0), VLANs,
DHCP Relay, NAT traversal
Multiple tunneling options
Provides the ability to service distributed and
centralized network configurations
Deployment and operational simplicity
Simple integration and management with vSZ-E
and vSZ-H installations
Site level QoS and policy control
Service policy management and data stream
(will be supported in a later release)
Tunneled WLANs and Flexible Traffic Redirection
Many WiFi deployments have requirements to support tunneled WLANs for guest isolation and
encryption, POS data security, VoIP traffic management, and seamless roaming across L2
subnets. One of the most deployed and easily managed way to meet these requirements is to
enable a flat network topology by tunneling traffic to a controller.
With the vSZ-D, it is now possible to support tunneled WLANs on Ruckus Wireless APs that are
managed by a vSZ controller. In addition, both the Ruckus Wireless AP and the vSZ-D support
encryption capabilities on tunnels for data protection. This is especially important when tunneling
guest traffic and in use cases where the service provider or enterprise operator does not have
control on the backhaul links.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
5
Virtual SmartZone Data Plane Overview
Features and Benefits
Figure 2: Traffic redirection flexibility with the Virtual SmartZone platform
Architecture and Deployment Flexibility
Existing architectures for supporting tunneled WLANs involve tunneling data back into controllers.
This results in architectures where a complete controller needs to be deployed on each site or
all the tunneled WLAN traffic being backhauled into a centralized data center. This also results
in dependencies on choices for controller platforms with different capacity profiles, which increase
the capital and operating expenses of the entire solution without actually solving the real problem.
With the vSZ-D, it is now possible to deploy the same software either on-premise (on cheaper
COTS hardware) when needed, as well as deploy it at the data center (on higher end COTS
hardware) and the entire Wi-Fi management controller by the vSZ controller.
Figure 3: Unmatched architecture flexibility
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
6
Virtual SmartZone Data Plane Overview
Network Architecture
Network Architecture
vSZ-D requires at least two physical interfaces: one for control/management and another for
data plane.
The control/management interface is used for communication with the vSZ controller, as well
as the command line interface. The data plane interface is used to tunnel user data traffic from
the APs.
Figure 4: vSZ-D logical interfaces
The access layer (southbound) is used to tunnel traffic to and from managed APs. The following
connections exist on the access layer.
1. AP to and from vSZ-D: Data plane, secured by Ruckus GRE tunnel.
2. vSZ to and from vSZ-D: Control plane, for vSZ to manage vSZ-D
3. AP to and from vSZ: Control plane, for vSZ to manage the AP
The core layer (northbound) is used by vSZ-D to forward traffic to and from the core network.
Communication Workflow
The figure below captures a high level end-to-end communication flow between Ruckus Wireless
APs, vSZ and vSZ-D.
Figure 5: Communication workflow between Ruckus Wireless APs, vSZ, and vSZ-D
The following are the steps seen in the above figure.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
7
Virtual SmartZone Data Plane Overview
NAT Deployment Topologies
1. Update the vSZ controller to the latest 3.x release or perform a fresh install of the vSZ controller
with the latest release
NOTE: If you are upgrading the vSZ controller and the vSZ-D, Ruckus Wireless recommends
the update of vSZ controller before the update of vSZ-D
2. Install vSZ-D and point it to the vSZ-E or vSZ-H controller by using the following options:
• Set vSZ-E or vSZ-H control interface IP address or FQDN or configure the controller IP
address via DHCP option 43.
• For vSZ-E or vSZ-H configured with three (3) IP interfaces, the IP address to use is the
vSZ control interface IP address.
3.
4.
5.
6.
7.
The vSZ-D management interface connects with the vSZ-E or vSZ-H controller control interface
The vSZ-E or vSZ-H controller administrator approves the vSZ-D connection request
The vSZ informs the AP of the vSZ-D data interface
The vSZ-D is displayed as active and managed on vSZ-E or vSZ-H
AP establishes a Ruckus GRE tunnel with the vSZ-D data interface when a tunnelling WLAN
is configured
The figure above depicts logical network architecture. In real-world deployments, there may be
network routers, gateways, firewalls and other devices; these typical network devices are not
shown in the figure to focus on the vSZ-D interfaces and communication protocol aspects
between the various entities.
It is also important to note that support for distributed or centralized deployment topologies
introduce NAT routers/gateway devices. The communication interfaces between Ruckus Wireless
APs, vSZ and vSZ-D are designed to support NAT traversal so as to support such deployment
topologies.
NAT Deployment Topologies
vSZ-D supports several deployment topologies.
AP Behind NAT and vSZ-D Behind NAT
When an AP is behind NAT, it is assumed that AP is sitting in the private world and wants to talk
to vSZ-D in the public world through NAT. The AP obtains its private IP address and communicate
with the vSZ-D through NAT. During communication with vSZ-D, the NAT router will intercept
the packet and change the source IP address (which is the AP IP address) to a public IP address
and add a new source port number before forwarding the packet to vSZ-D. vSZ-D, in this case,
is insensitive to the NAT router’s operation. When the packet comes back from vSZ-D to the
AP, the NAT router will intercept the packet and translate the destination IP address and port
number back to the appropriate (original) AP IP address and port number.
When vSZ-D is behind NAT, it is assumed that vSZ-D is sitting in the private world and wants
to talk to the AP in the public world through NAT. In this case, it is needed to setup the NAT IP
(public IP) and a port number pair in vSZ-D “setup” process. vSZ picks up this public address
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
8
Virtual SmartZone Data Plane Overview
NAT Deployment Topologies
and the associated port number and informs the AP that this is the vSZ-D address/port (public-IP,
port) pair to connect to.
It is also needed to configure the NAT device and enter the port mapping, basically, (public-IP,
port) <-> (private-IP, 23233) into NAT’s rule table. Thus, when NAT receives the packet bound
for vSZ-D (sent to public-IP/port) from the AP, it will translate it to (private-IP, 23233) based on
the rule table before sending it to vSZ-D, and conversely, for packet from vSZ-D, NAT router will
look at the srcIP/srcPort (IP, 23233), and convert it to public IP address or port based on the
rule table before sending it to AP.
NOTE: Both TCP and UDP protocols on port 23233 need to be forwarded as both are used
(TCP is used for tunnel establishment and UDP for client data)
vSZ and vSZ-D at Data Center Behind NAT
In this deployment topology, vSZ-D and vSZ are co-located at the data center behind NAT, while
Ruckus Wireless APs are on the access network behind NAT.
Figure 6: vSZ and vSZ-D at data center behind NAT
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
9
Virtual SmartZone Data Plane Overview
NAT Deployment Topologies
vSZ-D at Access Side with NAT
In this deployment topology, vSZ is at the data center and vSZ-D is co-located with the Ruckus
Wireless APs on the access network. In this scenario, there are NAT routers between vSZ and
vSZ-D/Ruckus APs.
Figure 7: vSZ-D at access side with a NAT router
vSZ-D Behind NAT
In this deployment topology, vSZ is at the data center and vSZ-D is in a distributed site but not
co-located with the Ruckus Wireless APs within the access network. There are NAT routers
between vSZ and vSZ-D, and between vSZ-D and Ruckus Wireless APs.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
10
Virtual SmartZone Data Plane Overview
NAT Deployment Topologies
Figure 8: vSZ-D behind a NAT router
DHCP Relay with NAT
Similar to the vSZ-D Behind NAT, in this deployment topology, vSZ is at the data center and
vSZ-D is in a distributed site but not co-located with the Ruckus Wireless APs within the access
network. There are NAT routers between vSZ and vSZ-D, and between vSZ-D and Ruckus
Wireless APs. However, in this topology, the DHCP server assigning client IP addresses is on
its own separate subnet. vSZ-D provides the DHCP relay function to support such a network
configuration.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
11
Virtual SmartZone Data Plane Overview
NAT Deployment Topologies
Figure 9: DHCP relay with a NAT router
DHCP Option 82 and Bridge Profile
If you are enabling the DHCP Option 82 in WLAN configuration in the controller vSZ, it means
that the AP is going to put DHCP Option 82 in the DHCP server and will send it to vSZ-D. This
is in the format IF-Name:VLAN-ID:ESSID:AP-Model:AP-Name:AP-MAC. If you want to
give the users the option to choose what needs to be included in DHCP Option 82, you would
need to create a Bridge Service Profile in the vSZ controller web interface. Follow the steps to
create a Bridge Service Profile.
•
•
•
•
•
Go to vSZ controller web interface > Configuration > Services & Profiles > Bridge
Create a Bridge Forwarding Profile
Verify if the DHCP Relay is enabled.
Add the DHCP server IP address
Enable DHCP Option 82 and choose the sub options based on your requirement or of the
user. This will be taken care by vSZ-D during DHCP packet relay to the DHCP server.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
12
Virtual SmartZone Data Plane Overview
NAT Deployment Topologies
Figure 10: Creating Bridge Profile
• Go to vSZ controller web interface > Configuration > AP Zones > AP Zone List > Ruckus
AP
• Create a new WLAN configuration by enabling:
•
•
•
•
•
Access Network as Tunnel WLAN traffic through Ruckus GRE
Core Network as Bridge
Authentication Options > Methodas Open
Encryption Options > Methodas None
Forwarding Policy as Factory Default . Choose the forwarding policy as the bridge
profile.
• Click OK to complete and save the configuration.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
13
Virtual SmartZone Data Plane Overview
NAT Deployment Topologies
Figure 11: Creating a WLAN Configuration
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
14
15
System Requirements
Hardware Requirements
vSZ-D supports auto scaling, which means the number of CPU cores can be expanded without
needing a software update. Ruckus Wireless has tested from three to six CPU core allocations
for the vSZ-D in release 3.2 and above.
NOTE: The minimum memory and CPU requirements for vSZ have changed in this release. You
may need to upgrade your infrastructure before upgrading. Please read carefully. This is the
minimum requirement recommended. Refer to the Release Notes or the vSZ Getting Started
Guide.
The following table lists the minimum hardware requirements recommended for running an
instance of vSZ-D.
Table 2: vSZ-D hardware requirements
Hardware Component
Requirement
Hypervisor support
VMWare Esxi 5.5 and later OR KVM (CentOS 7.0 64bit)
Processor
Intel Xeon E55xx and above. Recent Intel E5-2xxx chips are
recommended
CPU cores
• Minimum 3 to 6 cores per instance dedicated for data plane
processing.
• DirectIO mode for best data plane performance.
NOTE: Actual throughput numbers will vary depending on
infrastructure and traffic type.
• vSwitch mode for flexibility and service chaining
Memory
Minimum 6 Gb memory per instance
Disk space
10GB per instance
Ethernet interfaces
2
NICs that support Intel
DPDK
• Intel NICs iab, ixabe
• 82576, I350
• 82599EB, 82599, X520
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
15
System Requirements
Hardware Requirements
Important Notes About Hardware Requirements
• If you change the number of CPU cores, you must reboot vSZ-D for the changes to take
effect.
• The first core is always shared between Linux and NPE. Other cores are dedicated to NPE.
• vSZ-D requires two interfaces and these interfaces must be deployed on different subnets.
Supported Modes of Operation
vSZ-D supports two modes of operation: direct IO mode and vSwitch mode.
For best performance, Ruckus Wireless recommends using the direct IO mode. SR-IOV mode
is unsupported. Refer to the table below for mode of operation
NOTE: NICs assigned to direct IO cannot be shared. Moreover, VMware features such as
vMotion, DRS, and HA are unsupported.
The hardware configuration for a single vSZ-D instance specified in the guide will scale to handle
10K tunnels (10K APs) and up to 10Gbps of throughput (unencrypted) with appropriate underlying
Intel NIC cards (10G interfaces) in directIO mode of operation. This aligns with the number of
Ruckus AP that a vSZ controller supports. Refer to the dimensioning table below.
Table 3: Hardware Dimensioning
Number of
vSZ
Instances
Number of
vSZ-D
Instances
Number of
Ruckus APs
Number of
Tunnels on
vSZ-D
Maximum
Notes
Throughput
(Unencrypted)
1
1
10000
10000
10 Gbps
It is
recommended
to have 10G
NICS on the
vSZ-D
considering
the high
number of
Ruckus APs.
1
2
10000
5000 (10K
maximum in
case of
failover)
10 Gbps
Tunnels are
load-balanced
towards the
vSZ-D by the
vSZ. This is
useful when
data plane
redundancy is
required. It is
recommended
to have 10G
NICS on the
vSZ-D
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
16
System Requirements
Hardware Requirements
Number of
vSZ
Instances
Number of
vSZ-D
Instances
Number of
Ruckus APs
Number of
Tunnels on
vSZ-D
Maximum
Notes
Throughput
(Unencrypted)
considering
the high
number of
Ruckus APs.
2
2
10000
5000 (10K
maximum)
10 Gbps
Tunnels are
load-balanced
towards the
vSZ-D by the
vSZ. Each
vSZ-D
instance can
handle 10K
maximim
tunnels.
2
4
10000
2500 (10K
maximum)
10 Gbps
Tunnels are
load-balanced
towards the
vSZ-D by the
vSZ. Each
vSZ-D
instance can
handle 10K
maximim
tunnels.
3
6
20000
3300 (10K
maximum)
10 Gbps
Tunnels are
load-balanced
towards the
vSZ-D by the
vSZ. Each
vSZ-D
instance can
handle 10K
maximim
tunnels.
4
8
30000
3750 (10K
maximum)
10 Gbps
Tunnels are
load-balanced
towards the
vSZ-D by the
vSZ. Each
vSZ-D
instance can
handle 10K
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
17
System Requirements
Hardware Requirements
Number of
vSZ
Instances
Number of
vSZ-D
Instances
Number of
Ruckus APs
Number of
Tunnels on
vSZ-D
Maximum
Notes
Throughput
(Unencrypted)
maximim
tunnels.
Table 4: Mode of Operation
Hypervisor Number of Memory
CPUs
(GB)
Hard Disk
(GB)
Number of Tunnel
Packet Size
Tunnels
Bandwidth (Bytes)
(Intel
NIC-10 G)
(Unencrypted)
Vmware
(DirectIO)
3
6
10
1000
10 Gbps
1400
Vmware
(DirectIO)
6
6
10
10000
10 Gbps
1400
Vmware
(DirectIO)
3
6
10
10000
10 Gbps
1400
NOTE: Refer to the vSZ-D Performance Recommendations on page 36 chapter for encryption
and vSwitch impacts.
NOTE: vDP needs to increase the CPUs to 6 for sustaining the 10G line rate in 1400-byte traffic
when the encryption is enabled.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
18
System Requirements
Hardware Requirements
The figure below depicts a sample configuration in DirectIO mode. This is the recommended
deployment model for the vSZ-D for best performance benefits. In this setup, cores as well as
the NICs are dedicated to the vSZ-D VM only for best performance. Note that, in this setup, the
vSZ-D data plane interfaces directly with the DPDK NIC, completely bypassing the vSwitch.
vSZ-D with DirectI/O
NOTE: The figure below depicts multiple virtual data plane instances for reference purposes
only.
It also depicts a vSZ controller instance running as a separate VM. These VMs can be running
on the same underlying host or potentially different hosts.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
19
System Requirements
Hardware Requirements
vSZ-D with Hypervisor vSwitch Installed
The figure below depicts a sample setup via the vSwitch.
NOTE: The figure below depicts multiple virtual data plane instances for reference. It also depicts
a vSZ controller instance running as a separate VM.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
20
System Requirements
Hardware Requirements
vSZ-D and vSZ with Hypervisor vSwitch Installed
The figure below depicts an architecture where vSZ and vSZ-D are running on the same underlying
host.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
21
System Requirements
Hardware Requirements
Recommended NICs and Operation Modes
The following table lists the modes of operation and network interface cards (NICs) that have
been tested by Ruckus Wireless. Other NICs that support Intel DPDK architectures may or may
not work.
Table 5: Recommended NICs and operation modes
Interface
Mode
Supported NIC Driver
NIC Model
Control /
management
vSwitch
E1000
82574
Data
Direct IO
1GB
igb
I350
82576
Intel 82571EB
Broadcom
BCM5720
10GB
ixgbe
82599EB
82598
X540 (T1 and T2,
for RJ-45
twist-pair)
X520
vSwitch
VMware
VMXNET3
--
KVM
Virtio
--
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
22
23
Hypervisor Configuration
This section covers hypervisor-specific configurations that Ruckus Wireless recommends and
other settings that you may need to fine tune.
Supported Hypervisors
Unlike the vSZ controller, vSZ-D can only be installed on specific versions of VMware and KVM.
The tables below list the hypervisors and versions on which vSZ and vSZ-D can and cannot be
installed.
Table 6: vSZ and vSZ-D supported hypervisors
vSZ
VMware 5.1
vSZ-D
Supported from 2.5
VMware 5.5 and later Supported from 3.0
KVM CentOS 6.5
64-bit
Supported from 2.5
KVM CentOS 7.0
64-bit
Supported from 3.0
Hyper-V
Supported from 3.2
Azure
Supported from 3.2
GCE
Supported from 3.2
Supported from 3.2
Supported from 3.2
General Configuration
Ruckus Wireless offers the following general configuration recommendations.
Table 7: General vSZ-D configuration recommendations
Component
Minimum Recommendation
Recommended reserved
memory
Minimum 6144MB
Recommended number of Minimum three CPU cores. For improved performance in a
CPU cores
large-scale deployment, allocate six CPU cores.
Configuration via DirectIO or To enable passthrough on NIC devices, configure DirectIO mode
through vSwitch
in ESXi in Advanced Settings. See figure below.
Figure 12: Configuring DirectIO mode in Advanced Settings
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
23
Hypervisor Configuration
VMware Specific Configuration
VMware Specific Configuration
If you are installing vSZ-D on VMware, read these VMware specific configuration recommendations
from Ruckus Wireless.
• Deploy vSZ-D on a machine that has at least two physical NICs. Alternatively, deploy to two
vSwitch instances with dedicated physical NICs.
• When deploying an instance of vSZ-D using an OVA file, you must assign the management
and data interfaces to two different network groups (vSwitch) on different subnets.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
24
Hypervisor Configuration
VMware Specific Configuration
• Enable Promiscuous mode in vSwitch Config.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
25
Hypervisor Configuration
VMware Specific Configuration
• In vSwitch Config, enable VLAN ID for All.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
26
Hypervisor Configuration
VMware Specific Configuration
• After the vSZ-D instance is ready, modify the number of CPU cores (if needed) before powering
on vSZ-D.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
27
Hypervisor Configuration
KVM Specific Configuration
• For advanced CPU and memory resource configuration recommendations, refer to the vSphere
Resource Management Guide, which is available on the VMware website.
KVM Specific Configuration
If you are installing a KVM on VMware, read these KVM specific configuration recommendations
from Ruckus Wireless
CPU Type
When selecting the CPU model, make sure you select one that is higher than Intel Core 2 Duo.
On Linux, you can this information in /proc/cpuinfo.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
28
Hypervisor Configuration
KVM Specific Configuration
Disk Configuration
Ruckus Wireless recommends using Virtio as the disk bus and qcow2 as the storage format.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
29
Hypervisor Configuration
KVM Specific Configuration
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
30
Hypervisor Configuration
KVM Specific Configuration
NIC Configuration in Direct IO Mode
NOTE: Only the data interface needs to be configured to direct PCI passthrough. The
management interface should always be configured to e1000 as the NIC driver.
Before adding a PCI device to the KVM, you need to complete the following steps:
1. Enable VT-d (for Intel processors) in the motherboard BIOS. Intel's VT-d ("Intel Virtualization
Technology for Directed I/O") is available on most i7 family processors.
2. Add kernel boot parameters via GRUB to enable IOMMU (see figure below). To enable IOMMU
in the kernel of Intel processors, pass intel_iommu=on boot parameter on Linux. For more
information, read this tutorial.
3. After configuring the boot parameter, reset the computer.
NIC Configuration in vSwitch Mode
NOTE: Configure only two ports for vSZ-D.
For the management interface, use the following settings:
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
31
Hypervisor Configuration
KVM Specific Configuration
• Device model: e1000
• Source mode: Either Bridge or Passthrough if you are using macvtap for the device type.
For the data interface, use the following settings:
• Device model: e1000
• Source mode: Passthrough if you are using macvtap for the device type. Only the
passthrough mode can allow UE traffic to pass through the VM NIC.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
32
Hypervisor Configuration
KVM Specific Configuration
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
33
Upgrade Procedure
Upgrade Procedure
Procedure for upgrading to a new vSZ-D version.
Follow these steps to upgrade the vSZ-D version.
NOTE: Before starting this procedure, you should have already obtained a valid software upgrade
file from Ruckus Wireless® Support or an authorized reseller.
NOTE: If you are upgrading both vSZ and vSZ-D, Ruckus Wireless® recommends upgrading
vSZ first before vSZ-D.
1. Copy the software upgrade file that you received from Ruckus Wireless® to the computer
where you are accessing the controller web interface or to any location on the network that
is accessible from the web interface.
2. Go to Controller web interface > Administration > Upgrade to vSZ-D
3. In the Upload Patch File section, click the Browse button, and then browse to the location
of the software upgrade file.
The file name of the software upgrade file is vSZ-D-installer_{version}.ximg.
4. Click Upload to upload the software upgrade file.
5. The Patch Information displays the new vSZ-D file details.
6. Select the vSZ-D instance that you want to upgrade from the Data Plane table and click
Apply.
The controller fetches the new vSZ-D version on a reboot.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
34
Upgrade Procedure
7. To verify if the upgrade is successful after a reboot:
• Go to Controller web interface > Administration > Upgrade to view a confirmation
message that the data plane firmware upgrade is complete.
• Go to Controller web interface > Configuration > System > Cluster Planes to view a
confirmation message that the data plane is managed with an upgrade firmware version.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
35
vSZ-D Performance Recommendations
vSZ-D Performance Recommendations
vSZ-D has been designed to induce minimal latency in user data aggregation and forwarding.
The unique design of the vSZ-D software enables consistent packet performance with minimal
throughput degradation as the number of tunnels or the number of clients’ increase.
The fast path processing of the vSZ-D is engineered to scale to the underlying NIC capacity
profiles whether be it 1G or 10G speeds. vSZ-D is designed to scale and handle data tunnels
and data forwarding capabilities at high scale.
The following are some important observations and recommendations related to the vSZ-D
performance:
• To obtain the best throughput, Ruckus Wireless recommends operating vSZ-D in directIO
mode. This recommended mode of operation applies whether the hypervisor used is VMware
or KVM.
• vSZ-D supports vSwitch mode of operation for added flexibility in deployments where vSZ-D
may be co-located with other VMs for service chaining on the same underlying hardware.
Note that the current observations are that in the vSwitch mode of operation, there is an
induced performance impact in comparison with the directIO mode of operation. This may
be due to the latency or performance bottleneck in virtIO and vSwitch sharing. This is still
being researched at the Ruckus Wireless R&D Labs.
• There is an expected performance impact when enabling encryption (AES 128 bit) on the
Ruckus GRE Tunnels. This is due to the overhead induced by the crypto processing on
Ruckus Wireless AP and vSZ-D due to the associated overheads of encryption and decryption
on a per packet basis. The vSZ-D software is designed to introduce minimal latency and
overheads associated in packet processing. vSZ-D takes advantage of the underlying Intel
chip’s crypto module for packet encryption and decryption and the associated impact is
primarily bounded at the hardware level.
For specific recommendations and calibrations that may be needed for your deployment, contact
Ruckus Wireless.
Virtual SmartZone Data Plane (vSZ-D) for Release 3.4.1 Configuration Guide
36
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.4 Linearized : Yes Author : Ruckus Wireless, Inc. Create Date : 2016:09:28 09:56:11Z Modify Date : 2016:09:28 15:29:02+05:30 Subject : Virtual SmartZone Data Plane (vSZ-D™) Configuration Guide for SmartZone 3.4.1 XMP Toolkit : Adobe XMP Core 5.4-c005 78.147326, 2012/08/23-13:03:03 Format : application/pdf Title : Virtual SmartZone Data Plane (vSZ-D™) Configuration Guide for SmartZone 3.4.1 Creator : Ruckus Wireless, Inc. Description : Virtual SmartZone Data Plane (vSZ-D™) Configuration Guide for SmartZone 3.4.1 Producer : XEP 4.22 build 2013 Trapped : False Creator Tool : DITA Open Toolkit Metadata Date : 2016:09:28 15:29:02+05:30 Document ID : uuid:36d9223a-faa7-47c6-9581-c951480bb0f0 Instance ID : uuid:224913f4-410a-412b-a55f-e3ce4b411531 Page Mode : UseOutlines Page Count : 36EXIF Metadata provided by EXIF.tools