Kaspersky SD-WAN
2.2
English

Contents

Managing controllers

To display the table of controllers, go to the Infrastructure menu section, click the created data center, and select the Network resources tab. Information about controllers is displayed in the following columns of the table:

  • Name is the name of the controller.
  • Transport/service strategy is the
    transport strategy
    being used.
  • Controller nodes are IP addresses of controller nodes.
  • Connection type is the type of connection of CPE devices to the controller:
    • Unicast
    • Multicast
  • Cluster status is the status of the cluster of controller nodes:
    • Up means the cluster is operating normally.
    • DEGRADED means an error occurred during the operation of the cluster.
    • Down means the cluster is not operational.
  • Node statuses is the status of controller nodes:
    • Connected (primary) means the node is connected to the controller and is the primary node in the cluster.
    • Connected (single) means the node is connected to the controller and is the only node in the cluster.
    • Connected (secondary) means the node is connected to the controller and is a secondary node in the cluster.
    • Disconnected means the node is not connected to the controller.
    • Not in cluster means the node is not added to a cluster.
    • Unavailable means the node is not available.
    • Unknown means the status of the node is unknown.

The actions you can perform with the table are described in the Managing solution component tables instructions.

In this section

Editing a controller

Reprovisioning a controller

Restoring a controller

Enabling or disabling the maintenance mode on a controller

Deleting a controller

Managing controller properties

Viewing information about controller nodes
Page top
[Topic 257182]

Editing a controller

To edit a controller:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Edit next to the controller that you want to edit.
  3. This opens a window; in that window, in the Name field, enter the name of the controller. Range of values: 1 to 128 characters.
  4. If necessary, in the Description field, enter a brief description of the controller.
  5. In the Controller installation on <1>/<3>/<5> servers field, select the number of controller nodes.
  6. In the Connection type drop-down list, select the type of connection of CPE devices to the controller:
    • Unicast
    • Multicast
  7. Configure the controller node:
    1. In the Address (IP or hostname) field, enter the IP address or hostname of the controller node.
    2. In the gRPC port field, enter the gRPC port number of the controller node.
    3. In the JGroups port field, enter the jGroups port number of the controller node.
    4. If you want to make the controller node the primary node, select the Primary option.

    You can configure multiple controller nodes.

  8. Click Save.

The controller is modified and updated in the table.

Page top
[Topic 257145]

Reprovisioning a controller

During reprovisioning, controller properties are reset to their default values. This may help resolve errors.

To reprovision the controller:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Reprovision next to the controller that you want to reprovision.
  3. In the confirmation window, click Reprovision.

The controller is reprovisioned.

Page top
[Topic 257150]

Restoring a controller

You can download a file with controller settings and later use the file to restore the controller if necessary.

To restore a controller:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Download backup file next to the controller whose settings file you want to download.

    A file with controller settings in YAML format is saved to your local device.

  3. Click Management → Restore next to the controller that you want to restore.
  4. This opens a window; in that window, specify the path to the downloaded file with controller settings.
  5. Click Restore.

The controller is restored with settings from the controller settings file.

Page top
[Topic 257178]

Enabling or disabling the maintenance mode on a controller

You can enable maintenance mode on the controller when performing maintenance work related to the SD-WAN network to minimize the impact of the controller on parts of the SD-WAN network that are not affected by the maintenance work. In maintenance mode, the controller monitors the status of the SD-WAN network, but does not take any action when the parameters of the SD-WAN network change. For example, in maintenance mode the controller does not rebuild links and paths, does not rewrite MAC addresses of service interfaces, or change transport services.

When you disable maintenance mode, the controller performs actions corresponding to the changes you made to the parameters of the SD-WAN network.

To enable or disable maintenance mode on the controller:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Do one of the following:
    • If you want to enable maintenance mode on the controller, click Management → Enable maintenance next to it.
    • If you want to disable maintenance mode on the controller, click Management → Disable maintenance next to it.

Maintenance mode is enabled or disabled on the controller.

Page top
[Topic 280747]

Deleting a controller

Deleted controllers cannot be restored.

To delete a controller:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Delete next to the controller that you want to delete.
  3. In the confirmation window, click Delete.

The controller is deleted and is no longer displayed in the table.

Page top
[Topic 257181]

Managing controller properties

Properties regulate the operation of the controller. Each property has a change method that determines whether the property value can be changed and when the change takes effect. The following change methods are available:

  • Read-only means the property cannot be changed.
  • Reload means that when a property is changed, the orchestrator commits the new value to the database of the controller. The new value takes effect after the controller is restarted.

    A property value that is in the database, but has not yet taken effect is called a planning value. You can delete a planning value before restarting the controller to keep the current value.

  • Runtime means the new value takes effect immediately when the property is modified.

Modifying properties may lead to unstable operation of the controller, so we recommend contacting Kaspersky Technical Support before managing properties.

You can view the table of all controller properties or only changeable controller properties:

  • To display the table of all controller properties, navigate to the Infrastructure section, click the added data center, select the Network resources tab, and click Management → Properties next to the controller.
  • To display the table of changeable properties of the controller, navigate to the Infrastructure section, click the added data center, select the Network resources tab, click Management → Properties next to the controller and select the Changeable properties tab.

Information about controller properties is displayed in the following columns of the table:

  • Change method is the change method of the property.
  • Property is the name of the property.
  • Current value is the current value of the property.
  • Planned value is the planning value of the property. This column is displayed only on the Changeable properties tab.

The actions you can perform with the table are described in the Managing solution component tables instructions.

In this section

Description of editable controller properties

Editing a controller property

Deleting planning values of controller properties

Resetting controller properties to default values
Page top
[Topic 245521]

Description of editable controller properties

Modifying properties may lead to unstable operation of the controller, so we recommend contacting Kaspersky Technical Support before managing properties.

Property

Description

controller.buffers.in

Buffer size, in bytes, for messages coming in from switches on the controller.

controller.buffers.out

Buffer size, in bytes, for messages going out to switches on the controller.

controller.listen.port

The starting port number in the range of switch ports. Ports with the next three consecutive numbers are added to the range.

For example, if you enter 6553, the switch port range includes ports 6553, 6554, 6555, 6556.

controller.sockets.config.nodelay

Whether the TCP_NODELAY parameter is used for management sessions between switches and the controller.

Possible values:

  • true
  • false

controller.sockets.mode.epoll

Whether the epoll system is used by the controller when managing switches.

Possible values:

  • true
  • false

controller.sockets.timeouts.idle.both

Time in milliseconds after which management sessions between the switches and the controller go idle in absence of read or write operations. The countdown starts anew whenever a read or write operation is performed.

controller.sockets.timeouts.idle.read

Time in milliseconds after which management sessions between the switches and the controller go idle in absence of read operations. The countdown starts anew whenever a read operation is performed.

controller.sockets.timeouts.idle.write

Time in milliseconds after which management sessions between the switches and the controller go idle in absence of write operations. The countdown starts anew whenever a write operation is performed.

controller.threads.affinity

Netty threads preferentially run on separate CPU cores for separate switches.

Possible values:

  • true
  • false

controller.threads.boss

Number of Netty threads for handling new switch connections.

controller.tls.ca.certificate.path

Path to the PEM file of the root certificate that was used to sign the OpenFlow certificate.

controller.tls.certificate.path

Path to the PEM file of the encryption certificate for OpenFlow traffic between the controller and switches.

controller.tls.private.key.path

Path to the PEM file with the private key of the OpenFlow certificate.

controller.watermark.high

When the Netty buffer of the management session between switches and the controller contains this number of bytes, the queue is used to write to the session.

controller.watermark.low

When the Netty buffer of the management session between switches and the controller contains this number of bytes, the queue is no longer used to write to the session.

This property is used when the number of bytes reaches the controller.watermark.high value.

core.catcher.meter.value.kbits

The throughput of the policer on the switches when sending traffic packets through the management session between the switches and the controller. Traffic packets are copied by interception flow rules.

core.drop.rule.idle.sec

Time, in seconds, after which flow rules automatically created by the controller when processing the first intercepted traffic packet are deleted on the switches to block subsequent packets. The countdown starts anew every time the flow rule is applied.

core.link.bonding.enable

Bonding of parallel links between two switches.

Possible values:

  • true
  • false

core.link.bonding.equal.cost

Whether the equal cost algorithm is used when bonding links.

Possible values:

  • true
  • false

If you specify false, the unequal cost algorithm is used.

core.link.bonding.max.links

Maximum number of links in a bonded link.

core.link.bonding.mode

Type of the bonded link group.

Possible values:

  • BALANCING means traffic is balanced across links in accordance with a hash value. The hash is calculated based on the IP Proto, IP src-dst and Port src-dst fields of traffic packets.
  • BROADCAST means traffic is duplicated through all links.

core.link.check.ports.status

Whether the controller periodically sends LLDP packets only to enabled ports to detect links between switches.

Possible values:

  • true
  • false

core.link.enabled.ports.only

Whether the switches relay LLDP packets to the controller only from enabled ports when the controller attempts to discover links between the switches.

Possible values:

  • true
  • false

core.link.liveness.interval

Interval in milliseconds for the controller sending LLDP packets through the switch links.

core.link.liveness.timeout

Interval in milliseconds for the receiving side of switch links to receive LLDP packets and forward the LLDP packets to the controller. If no LLDP packets arrive through the link within the specified time, the controller considers the link unavailable.

core.lldp.sendrem.enabled

Whether switches send notifications to the controller whenever flow rules that send traffic packets to the controller are deleted.

Possible values:

  • true
  • false

core.switch.liveness.interval

Interval in milliseconds for checking the connection of switches to the controller.

core.switch.liveness.timeout

Time in milliseconds within which disconnected switches must reconnect to the controller.

core.tunnel.port.end

Number of the last virtual network interface (VNI) in the range of switch interfaces.

core.tunnel.port.start

Number of the first virtual network interface in the range of switch interfaces.

dampening.link.enabled

Whether link Dampening is used.

Possible values:

  • true
  • false

dampening.link.maxSuppressTime.ms

Maximum time in milliseconds for which access to the link can be restricted. When the specified time elapses, all Dampening counters are reset.

dampening.link.penalty

The number by which Penalty is incremented when the link changes state.

dampening.link.suppressLevel

The Penalty value at which access to the link is restricted.

dampening.link.updateInterval.ms

Time in milliseconds within which the Penalty must reach the dampening.link.suppressLevel value for access to the link to be restricted.

eth.s.type

The IEEE 802.1Q TPID value that is specified as the inner tag for traffic packets with Q-in-Q traffic classification.

eth.t.type

The IEEE 802.1Q TPID value that is specified as the outer tag for traffic packets with Q-in-Q traffic classification.

inband.statistics.enabled

Getting statistics on switches. Statistics contain information about network devices to which the switch is connected, as well as the ports being used.

Possible values:

  • true
  • false

inband.swos.cookie

Value of the 'cookie' field in the message for requesting statistics from the switches.

Possible values:

  • true
  • false

This property must be specified if for inband.statistics.enabled, you specified true.

network.control.queue.id

ID of the LLDP packet queue on the switches.

notification.all.queue.max.size

Maximum size of the push notification queue on the switches. If this size is exceeded, the first push notification in the queue is deleted.

openflow.fail2ban.banTimeSec

Duration in seconds for which IP addresses and ports of switches are blocked after an attempt to connect to the controller with an invalid TLS certificate.

openflow.fail2ban.enabled

Whether IP addresses and ports of switches are blocked after an attempt to connect to the controller with an invalid TLS certificate.

Possible values:

  • true
  • false

openflow.fail2ban.findTimeSec

Time in seconds within which the switches must make the number of attempts (specified in the openflow.fail2ban.maxRetry property) to connect to the controller with an invalid TLS certificate, which causes the IP addresses and ports of these switches to be blocked.

openflow.fail2ban.maxRetry

The number of attempts of switches to connect to the controller with an invalid TLS certificate, after which the IP addresses and ports of the switches are blocked.

openflow.io.cpe.rate.limiter.read.byteps

This property is no longer used.

openflow.io.cpe.rate.limiter.write.byteps

This property is no longer used.

openflow.io.ovs.meters.enabled

Whether flow rules send traffic packets to the controller.

Possible values:

  • true
  • false

openflow.io.rate.limiter.switch.type-to-rate

This property is no longer used.

openflow.io.switch.latency.monitoring.delay.ms

Interval in milliseconds for checking the latency between the controller and the switches.

openflow.io.switch.latency.monitoring.enabled

Whether latency is checked between the controller and switches.

Possible values:

  • true
  • false

openflow.io.switch.latency.sma.initial.drop.size

Number of leading traffic packets on the switches, which is not counted towards statistics.

openflow.io.switch.latency.sma.window.size

Number of trailing traffic packets on the switches, which is not counted towards statistics.

openflow.io.switch.messages.chunk.bytes

Size, in bytes, of chunks of serialized OpenFlow messages that the controller sends to the switches.

openflow.io.switch.messages.window.size

Maximum number of blocks of serialized OpenFlow messages in the controller queue.

openflow.io.switch.rate.limiter.read.byteps

This property is no longer used.

openflow.io.switch.rate.limiter.write.byteps

This property is no longer used.

openflow.io.vtep.rate.limiter.read.byteps

This property is no longer used.

openflow.io.vtep.rate.limiter.write.byteps

This property is no longer used.

segment.path.num.max

Maximum number of paths in a segment.

segment.path.spf.num.max

Maximum number of SPF paths for automatic balancing.

table-miss.mode

Action that switches perform with traffic packets that are not in any of the OpenFlow tables.

Possible values:

  • DROP to drop the traffic packets.
  • TO_CTL to send the traffic packets to the controller.

topology.cfm.enabled

Whether Connectivity Fault Management (CFM) is used on links.

Possible values:

  • true
  • false

topology.debug.enabled

Whether controller debug routines are used involving the gRPC protocol.

Possible values:

  • true
  • false

topology.intervtep.links.enabled

Establishing links between VTEPs.

Possible values:

  • true
  • false

topology.link.charged

Using all links as a last resort when routing traffic, regardless of the link quality.

Possible values:

  • true
  • false

topology.link.discovery.groups.enabled

Link discovery by groups.

Possible values:

  • true
  • false

topology.link.encryption.enabled

Traffic encryption on links.

Possible values:

  • true
  • false

topology.link.encryption.key.update.interval.minutes

Interval in minutes for updating the decryption key on links.

topology.link.error.monitoring.enabled

Monitoring of errors on links.

Possible values:

  • true
  • false

topology.link.error.threshold.eps

Threshold value of the number of errors per second on links.

topology.link.eu.monitoring.delay.sec

Interval in seconds for measuring the number of errors on links and link utilization.

topology.link.fec.enable

Whether Forward Error Correction (FEC) is used on links.

Possible values:

  • true
  • false

topology.link.fec.ratio

Ratio of original traffic packets to additional packets with redundant code.

Enter a value in the <number of original packets>:<number of additional packets> format.

topology.link.fec.timeout

The maximum time, in milliseconds, during which a traffic packet can stay in the queue for FEC to apply.

topology.link.jitter.monitoring.enabled

Monitoring of jitter on links.

Possible values:

  • true
  • false

topology.link.jitter.threshold.ms

Time threshold of jitter on links, in milliseconds.

topology.link.latency.monitoring.enabled

Monitoring of latency on links.

Possible values:

  • true
  • false

topology.link.latency.threshold.ms

Latency threshold on links, in milliseconds.

topology.link.ljp.monitoring.delay.sec

Interval in seconds for comparing the received monitoring figures with the specified thresholds of latency, jitter, and packet loss on links.

topology.link.ljp.stats.collecting.enabled

Monitoring of latency, jitter, and traffic packet loss on links.

Possible values:

  • true
  • false

You can specify the monitoring protocol using the topology.link.ljp.stats.collecting.method property.

topology.link.ljp.stats.collecting.lldp.window

Size in bytes of the additional buffer in each LLDP packet for latency, jitter, and packet loss monitoring figures.

This property must be specified if for topology.link.ljp.stats.collecting.method, you specified GENEVE.

topology.link.ljp.stats.collecting.method

Protocol for monitoring of latency, jitter, and traffic packet loss on links.

Possible values:

  • LLDP
  • GENEVE

topology.link.ljp.stats.collecting.multiplicity

The multiplier that the controller applies to delay, jitter, and packet loss monitoring figures.

This property must be specified if for topology.link.ljp.stats.collecting.method, you specified GENEVE.

topology.link.packet.loss.monitoring.enabled

Monitoring of traffic packet loss on links.

Possible values:

  • true
  • false

topology.link.packet.loss.threshold.percents

Threshold value of the traffic packet loss percentage on links.

topology.link.pmtud.scheduler.interval.sec

Interval in seconds for automatic detection of the MTU figure on links.

topology.link.pmtud.wait.time.ms

How long the controller waits for a PMTUD LLDP packet, in milliseconds. If the controller does not receive a PMTUD LLDP packet within this time, the controller concludes that a packet of this size cannot be transmitted over the link.

topology.link.threshold.monitoring.delay.sec

Interval in seconds for monitoring of link thresholds.

topology.link.threshold.monitoring.enabled

Threshold monitoring on links.

Possible values:

  • true
  • false

topology.link.threshold.monitoring.unban.periods

Number of successful checks in a row for a link to be unblocked. A check is performed once per second.

topology.link.util.monitoring.enabled

Monitoring of link utilization (bandwidth usage).

Possible values:

  • true
  • false

topology.link.util.threshold.percents

Threshold value of link utilization as a percentage of the bandwidth of service interfaces.

topology.overlay.lldp.sender.concurrent

Concurrent sending of LLDP packets by the controller for link discovery.

Possible values:

  • true
  • false

topology.overlay.lldp.sender.core.pool.size

Minimum number of streams for concurrent sending of LLDP packets by the controller.

This property must be specified if for topology.overlay.lldp.sender.concurrent, you specified true.

topology.overlay.lldp.sender.max.pool.size

Maximum number of streams for concurrent sending of LLDP packets by the controller.

This property must be specified if for topology.overlay.lldp.sender.concurrent, you specified true.

topology.overlay.lldp.sender.max.queue.capacity

Maximum queue size when the controller is sending LLDP packets concurrently.

This property must be specified if for topology.overlay.lldp.sender.concurrent, you specified true.

topology.reserve.si.auto.revert.enabled

The reserve service interface becomes reserve again if the old service interface becomes operational again.

Possible values:

  • true
  • false

topology.throttler.timeout.hard.enabled

Accumulation of physical operations on the controller, such as connecting a switch or a port, to perform the operations when the specified time elapses.

Possible values:

  • true
  • false

You can specify the time using the topology.throttler.timeout.hard.ms and topology.throttler.timeout.idle.ms properties.

topology.throttler.timeout.hard.ms

Time in seconds after which the physical operations accumulated on the controller are carried out.

This property must be specified if for topology.throttler.timeout.hard.enabled, you specified true.

topology.throttler.timeout.idle.ms

Time in seconds after which the physical operations accumulated on the controller are carried out. The countdown starts anew whenever a physical operation appears.

This property can be specified if for topology.throttler.timeout.hard.enabled, you specified true.

topology.throttler_future.enable

System property.

Editing this property may render the controller inoperable.

topology.throttler_future.timeout.sec

System property.

Editing this property may render the controller inoperable.

Page top

[Topic 271891]

Editing a controller property

Changes you make to the controller properties with the Runtime change method take effect immediately. Changes you make to controller properties with the Reload change method take effect after the controller is restarted.

To change a controller property:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Properties next to the controller for which you want to change a property.

    The controller properties page is displayed. By default, the All properties tab is selected, which displays a table of all controller properties.

  3. Select the Changeable properties tab.

    A table of editable properties of the controller is displayed.

  4. Click Management → Edit next to the controller property that you want to edit.
  5. This opens a window; in that window, in the Planned value field, enter the new value of the controller property.
  6. Click Save.

The new value of a property with the Runtime method is displayed in the Current value column. The new value of a property with the Reload method is displayed in the Planned value column.

See also

Description of editable controller properties
Page top
[Topic 240370]

Deleting planning values of controller properties

You can delete a planning value to undo a controller property change. This action is applicable only to properties that have the Reload method.

Deleted planning values of controller properties cannot be restored.

To delete planning values of controller properties:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Properties next to the controller for which you want to delete planning values of properties.

    The controller properties page is displayed. By default, the All properties tab is selected, which displays a table of all controller properties.

  3. Select the Changeable properties tab.

    A table of editable properties of the controller is displayed.

  4. Delete the planning values of controller properties in one of the following ways:
    • If you want to delete the planning value of an individual property of the controller, click Management → Delete planned value next to that property.
    • If you want to delete planning values of all controller properties, in the upper part of the table, click the settings icon Delete all planned values.
  5. In the confirmation window, click Delete.

The planning values of controller properties are deleted.

Page top
[Topic 256797]

Resetting controller properties to default values

To reset controller properties to default values:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click ManagementProperties next to the controller whose properties you want to reset to default values.

    The controller properties page is displayed. By default, the All properties tab is selected, which displays a table of all controller properties.

  3. Select the Changeable properties tab.

    A table of editable properties of the controller is displayed.

  4. Reset the controller properties in one of the following ways:
    • If you want to reset an individual property of the controller to its default value, click Management → Reset property next to that property.
    • If you want to reset all controller properties to their default values, click the settings icon in the upper part of the tableReset all properties.
  5. In the confirmation window, click Reset.

The controller properties are reset to their default values.

Page top
[Topic 272084]

Viewing information about controller nodes

To view information about controller nodes:

  1. In the menu, go to the Infrastructure section.

    This opens the resource management page. By default, the Network resources tab is selected, which displays the table of controllers.

  2. Click Management → Configuration menu next to the controller for which you want to view information about nodes.

    This opens the controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of controller nodes. Information about controller nodes is displayed in the following columns of the table:

    • Address is the IP address of the controller node.
    • Status is the status of the controller node:
      • Connected (primary) means the node is connected to the controller and is the primary node in the cluster.
      • Connected (single) means the node is connected to the controller and is the only node in the cluster.
      • Connected (secondary) means the node is connected to the controller and is a secondary node in the cluster.
      • Disconnected means the node is not connected to the controller.
      • Not in cluster means the node is not added to a cluster.
      • Unavailable means the node is not available.
      • Unknown means the status of the node is unknown.
    • gRPC port is the number of the gRPC port of the controller node.
    • JGroups port is the JGroups port number of the controller node.
    • Version is the version of the controller node software.

    The actions that you can perform with the table are described in the Managing solution component tables instructions.

  3. If you want to view statistics for a controller node, click Management →Statistics next to the node.
  4. If you want to view the properties of a controller node, click Management → Node properties next to the node.
Page top
[Topic 245522]