Login
| Title | Size | Downloads |
|---|---|---|
| SeerEngine_DC-E6109H01.zip | 2.84 GB | |
| md5.txt | 64 bytes | |
| H3C_SeerEngine_DC-E6109H01_Release_Notes.pdf | 720.76 KB |
H3C SeerEngine_DC-E6109H01 Release Notes
Copyright © 2022 New H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd. The information in this document is subject to change without notice. |
|
Contents
MD5 checksums for software package files· 3
Software operating environments· 4
Minimum hardware requirements· 4
Operating system requirements· 4
Virtualization environments· 4
Registering and installing licenses· 12
Obtaining license server software and documentation· 12
Open problems and workarounds· 13
Resolved problems in H3C SeerEngine_DC-E6109H01· 13
List of tables
Table 1 Version history...................................................................................................................... 3
Table 2 Software compatibility matrix................................................................................................. 5
Version information
Version number
This release notes is for H3C SeerEngine_DC-E6109H01, which is also called SeerEngine_DC-E6109H01 for simplicity.
| NOTE: To see the version number, access the component list page in Unified Platform. |
MD5 checksums for software package files
To obtain the MD5 checksum for a software package, see the MD5 file that came with it.
Version history
Version number | Last version | Release date | Remarks |
SeerEngine_DC-E6109H01 | SeerEngine_DC-E6109 | 2022-08-06 | Fixed bugs |
SeerEngine_DC-E6109 | SeerEngine_DC-E6108 | 2022-06-18 | Added new features and fixed bugs |
SeerEngine_DC-E6108 | SeerEngine_DC-E6107 | 2022-05-12 | Added new features and fixed bugs |
SeerEngine_DC-E6107 | SeerEngine_DC-E6106 | 2022-03-01 | Fixed bugs |
SeerEngine_DC-E6106 | SeerEngine_DC- E3703P31 | 2022-01-30 | Added new features and fixed bugs |
SeerEngine_DC-E3703P31 | SeerEngine_DC-E6103H01 | 2021-11-30 | Fixed bugs |
SeerEngine_DC-E6103H01 | SeerEngine_DC-E6103 | 2021-11-11 | Fixed bugs |
SeerEngine_DC-E6103 | SeerEngine_DC-E6102 | 2021-10-28 | Added new features and fixed bugs |
SeerEngine_DC-E6102 | SeerEngine_DC-E6101 | 2021-08-25 | Added new features and fixed bugs |
SeerEngine_DC-E6101 | First release | 2021-07-16 | B01 TR5 version. First release |
Software operating environments
Server requirements
Minimum hardware requirements
See H3C SeerEngine-DC Installation Guide (Unified Platform).
| IMPORTANT: Before using or upgrading to this software version, make sure the hardware meets the requirements. |
Operating system requirements
H3Linux operating system (available only on x86 servers)
| NOTE: The controller is deployed in Unified Platform as a component. For how to install the H3Linux operating system on a server and deploy the containerized application deployment platform, see the corresponding installation guides and component deployment guides. |
Database requirements
PXC
· X86: Percona-XtraDB-Cluster-57-5.7.29-31.43.1
· ARM: Percona-XtraDB-Cluster-57-5.7.29-31.43.1
PostgreSQL
· X86: postgresql-9.2.24-4
· ARM: postgresql-9.2.24-1
| NOTE: You do not need to operate embedded databases. |
Virtualization environments
The hardware requirements for deployment on a VM are the same as those for deployment on a physical server, and make sure the resources are exclusive.
| NOTE: Deployment on a VM is only used for demo and test. |
Browsers
The controller is clientless. You can access the controller from a browser.
As a best practice, use Chrome 70 (or higher), and do not use any other browsers. The recommended screen resolution width is 1600.
Compatibility information
| CAUTION: To avoid an installation or upgrade failure, use Table 2 to verify the software compatibility before performing an installation. |
Table 2 Software compatibility matrix
Item | Specification |
Model | H3C SeerEngine_DC |
Software image and MD5 checksum files in pairs | · SeerEngine_DC-E6109H01-MATRIX.zip · SeerEngine_DC_PLUGIN-DHCP_E6109H01_pike_2017.10-py2.7.egg · SeerEngine_DC_PLUGIN-E6109H01_pike_2017.10-1.noarch.rpm · SeerEngine_DC_PLUGIN-E6109H01_pike_2017.10-py2.7.egg · SeerEngine_DC_PLUGIN-E6109H01-1-py2.7.noarch.rpm · SeerEngine_DC_PLUGIN-E6109H01-1-py3.6.noarch.rpm · SeerEngine_DC_PLUGIN-E6109H01-py2.7.egg · SeerEngine_DC_PLUGIN-E6109H01-py3.6.egg · SeerEngine_DC_SEC_PLUGIN-E6109H01-1.noarch.rpm · SeerEngine_DC_SEC_PLUGIN-E6109H01-py2.7.egg · SeerEngine_DC_NET_PLUGIN-E6109H01.tar.gz · SeerEngine_DC-REST_API-E6109H01.zip · SeerEngine_DC_UPGRADE-E6109H01.zip · vBGP-E1117H02-X64.zip · SeerEngine_DC_ARBITRATOR-E6109H01.zip · SeerEngine_DC_DTN-E6109H01.zip · SeerEngine_DC_DTN_HOST-E6109H01.zip · SeerEngine_DC-E6109H01_SystemCenterAgent2012.zip · SeerEngine_DC-E6109H01_SystemCenterAgent2016.zip · SeerEngine_DC-E6109H01_SystemCenterAgent2019.zip |
vBGP | E1117H02 |
Browsers | Google Chrome 70 or later |
Screen resolution | 1600 pixels (recommended) |
Dependencies | CentOS: OpenJDK 8 JRE, PostgreSQL9.2.24, Virgo 3.6.4, Netty 3.2.6, and Zookeeper 3.4.5 |
F5 compatible product version | BIG-IP 12.1.2 Build 1.0.271 Hotfix HF1 |
Remarks | Make sure the system can access the Internet when you are installing the H3C SeerEngine-DC controller. · SeerEngine_DC-E6109H01-MATRIX.zip: SeerEngine-DC component installation file for deployment in Unified Platform (available only on x86 servers). · SeerEngine_DC_PLUGIN-DHCP_E6109H01_pike_2017.10-py2.7.egg: Standalone DHCP deployment package for DHCP failure to network nodes. The package contains the RPM packages of the plug-in and dependencies. · SeerEngine_DC_PLUGIN-E6109H01_pike_2017.10-1.noarch.rpm: RPM package of the OpenStack-based SeerEngine-DC plug-in for integration with CloudOS. · SeerEngine_DC_PLUGIN-E6109H01_pike_2017.10-py2.7.egg: EGG package of the OpenStack-based SeerEngine-DC plug-in for integration with CloudOS. · SeerEngine_DC_PLUGIN-E6109H01-1-py2.7.noarch.rpm and SeerEngine_DC_PLUGIN-E6109H01-1-py3.6.noarch.rpm: RPM packages of network plug-ins for converged OpenStack. You can use these files as needed. · SeerEngine_DC_PLUGIN-E6109H01-py2.7.egg and SeerEngine_DC_PLUGIN-E6109H01-py3.6.egg: EGG packages of network plug-ins for converged OpenStack. You can use these files as needed. · SeerEngine_DC_SEC_PLUGIN-E6109H01-1.noarch.rpm: RPM package of the security plug-in for converged OpenStack. · SeerEngine_DC_SEC_PLUGIN-E6109H01-py2.7.egg: EGG package of the security plug-in for converged OpenStack. · SeerEngine_DC_NET_PLUGIN-E6109H01.tar.gz: Kubernetes-based plug-in container image (available only on x86 servers). · SeerEngine_DC-REST_API-E6109H01.zip: Provides detailed descriptions on the northbound RESTful APIs for the SeerEngine-DC controller of the current version. · SeerEngine_DC_UPGRADE-E6109H01.zip: Script file for software upgrade check and preprocessing for the controller. This file is needed when the software is upgraded from an E25xx version. · vBGP-E1117H02-X64.zip: Optional component for transmitting and reporting BGP routes in the hybrid overlay scenario (available only on x86 servers). · SeerEngine_DC_ARBITRATOR-E6109H01.zip: Arbitrator installation package used for setting up a remote disaster recovery system (RDRS) (available only on x86 servers). · SeerEngine_DC_DTN_HOST-E6109H01.zip: Dependencies for deploying services related to the simulation host function. · SeerEngine_DC_DTN-E6109H01.zip: File used for deploying the simulation service function. · SeerEngine_DC-E6109H01_SystemCenterAgent2012.zip: Provides a plug-in installation package compatible with Microsoft System Center 2012. · SeerEngine_DC-E6109H01_SystemCenterAgent2016.zip: Provides a plug-in installation package compatible with Microsoft System Center 2016. · SeerEngine_DC-E6109H01_SystemCenterAgent2019.zip: Provides a plug-in installation package compatible with Microsoft System Center 2019. · *.md5: Checks the integrity of the corresponding file. |
Restrictions and cautions
Restrictions
Restriction 1
The system time cannot be modified. As a best practice, deploy NTP clock synchronization on the server before deploying the controller software on the server. To modify the system time after installing the controller, as a best practice, restart the server after modifying the system time.
Restriction 2
When using a service gateway group, make sure the subnet of the tenant network does not overlap with the IP address pool network ranges configured for other service gateway groups. The IP address pools include the tenant carrier network address pool, security internal network address pool, security external network address pool, and virtual device management network address pool.
Restriction 3
When a tenant with the VLAN network type uses an LB service gateway group, make sure the virtual IP address of the LB and the IP address of the real server are on different network segments.
Restriction 4
When creating a service gateway group, you must configure a VTEP IP address even if the tenant network type is VLAN.
Restriction 5
The controller supports metadata. In the current software version, one network supports only one subnet that can use the metadata function. If a network has multiple subnets, only one subnet can properly use the metadata function.
Restriction 6
The controller uses the hostname of the operating system of the server where the controller resides as a key parameter to identify controller team members. After installing the controller, do not modify the hostname of the operating system. To modify it, contact Technical Support.
Restriction 7
When deploying a bare-metal server, make sure the storage VLAN configured for the physical device does not conflict with the default access VLAN of the bare-metal server.
Restriction 8
If F5 devices use HA, as a best practice, do not configure services on standby F5 devices.
Restriction 9
You must uniformly plan VLANs and storage VLANs in the hierarchical port binding and port-level VLAN-VXLAN mapping and make sure the VLANs do not overlap.
Restriction 10
To configure an aggregate interface as a VTEP access port, you must first execute the undo vtep access port command on the member ports to be assigned to the aggregate interface, and then assign the member ports to the aggregate interface.
Restriction 11
When you manually specify a VRF for a vRouter, the VRF name cannot start with external_vpn.
Restriction 12
The hierarchical port binding and service chain features cannot use VLAN 1. The PVID cannot be configured for interfaces of hierarchical port binding or access interfaces of service chain nodes.
Restriction 13
Interface Reth1 has been reserved as the external network egress interface or private line interface for a service gateway firewall, and the interface cannot be used for any other purpose. Reth 1 cannot be configured as both the external network egress interface and private line interface.
Restriction 14
When the network position of a border device group is DCI, traffic of internal IPv4 networks cannot pass through firewall.
Restriction 15
MDCs on a device cannot be backed up, restored, or upgraded.
Restriction 16
The device O&M function is not supported during the ISSU process for the controller.
Restriction 17
If multiple vRouters share the same firewall resource, IPv6 subnet addresses cannot overlap, and IPv4 subnet addresses can overlap when NAT is enabled.
Restriction 18
In the cloud scenario, as a best practice to avoid impacts on user services, do not modify the configuration deployed by the cloud, for example, network resources including vNetworks, vRouters, and vSubnets created in the cloud tenant.
Restriction 19
When the centralized vRouter link function is used and the firewall service is disabled, you must identify whether the name is evpn for the IBGP peer group established between a border device and other devices in the data center. If the name is not evpn, a red audit flag will be displayed for the device and the traffic cannot be forwarded after this function is configured. Make sure the configured IBGP peer group name is evpn.
Restriction 20
In the M-LAG scenario, the VTEP IP address pool needs sufficient addresses. A device needs 5.5 VTEP IP addresses on average. Calculate the address pool space according to this rule. The detailed address usage is as follows for a pair of M-LAG member devices:
· For physical VTEPs, each device uses one IP addresses, and two IP addresses are used in all.
· For virtual VTEPs, two devices use one IP address, and one IP address is used in all.
· For keepalive IP addresses, each device uses one IP address. 30-bit masks are used, and four IP addresses are used in all.
· For failover IP addresses, each device uses one IP address. 30-bit masks are used, and four IP addresses are used in all.
Restriction 21
After the controller is upgraded from an earlier version to E3701, the external vDHCP component is not used any more. When the automated underlay deployment service is used, you must use the dhcp relay server-address ip-address command to reconfigure the DHCP relay agent address as the DC controller cluster IP address.
Restriction 22
In RDRS mode, the cluster network in a site cannot be deployed over a Layer 3 network.
Restriction 23
To delete the controller region configuration, first identify whether devices exist on the device resources page and delete these devices (if any).
Restriction 24
On a device (for example, S6800) where you need to configure a service loopback group member port, if you first configure M-LAG on the device and then execute the port service-loopback group 1 command on a port, all previous settings on the port will be removed. If this problem occurs, you can use the configuration synchronization function to synchronize the configuration differences to the device.
Restriction 25
When you configure a PBR service chain resource template, the manually entered management interface IP address range cannot be the same as or overlap with the IP address ranges in the management network address pool for virtual devices. Similarly, the manually entered IP address ranges in the management network address pool for virtual devices cannot be the same as or overlap with the management interface IP address range already configured in the PBR service chain resource template. Plan the addresses in advance.
Restriction 26
Kirin v10 SP2 does not provide compatible OVS versions, and thus is not supported in the hybrid overlay scenario.
Restriction 27
The local IP address, destination subnet, and next hop address of a cloud private line cannot overlap with an existing IP address pool. The VLAN ID of a cloud private line cannot be in an existing VLAN pool and cannot conflict with an external network VLAN ID.
Features and functionality
Category | Features |
Language | Chinese, English |
Backup and recovery | · Scheduled backup and manual backup for the current configuration of the system. · Saving the backup file locally or on a remote server. · Recovering the system from the backup configuration. |
External interfaces | · Northbound interfaces: REST API. · Southbound interfaces: OpenFlow 1.3, NETCONF, and OVSDB. |
Team | · Controller team for backup and load sharing. · Deploying a team across Layer 3 networks. · Deploying multiple NICs for controllers in a team to prevent a controller from leaving the team because its single NIC fails. |
Region | Configuring regions for devices managed by controllers to implement backup and load sharing. |
Device resources | Managing network device resources managed by the controller. |
Multitenant management | · Creating and deleting tenants. · Configuring multiple instances. ¡ Configuring multiple instances for tenant traffic. ¡ Configuring multiple gateway resources for a tenant. ¡ Configuring multiple service resources for a tenant. |
NAT | · SNAT. · Floating IP. |
Configuration synchronization control | · Auditing the data synchronization status, which can be manually triggered. · Displaying the data synchronization status. · Device types: access device, border device, vFW, and vLB. · Setting the data synchronization status: on, off, and reserving the extra configuration. · Setting the per-device or global data synchronization status. |
VPNaaS | · Configuring the VPN service: site connection. · IKE: Phase 1 negotiation mode, DPD, encryption algorithms, authentication methods, authentication algorithms, DH group parameters, and IKE SA lifetime. · IPsec policy: security protocols, encapsulation modes, ESP encryption algorithms, authentication algorithms, SAs, SA lifetime, and PFS. |
FWaaS | · Supported types: service gateway type. · Supported policies: forward policy and backward policy. · Layer 3 and Layer 4 protocols: source IP, destination IP, source port, destination port, and protocol types (TCP, UDP, and ICMP). · Time range: periodic time range and absolute time range. · Deactivating rules. · DPI: IPS, antivirus, and URL filtering. · Viewing the session status. · Viewing the policy and rule statistics. |
LBaaS(v2) | · Supported types: service gateway type. · Supporting listeners: setting the listening port number, load balancing protocol, connect limiting, and manually specifying the administration status for a listener. · Supporting virtual servers: specifying the subnet and IP address for a virtual server. · Supporting real server groups: Supporting load balancing scheduling algorithms and binding real server groups to listeners. · Supporting real servers: setting the IP address and port number for a real server, manually specifying the administration status for a real server, and manually specifying the subnet for a real server. · Supporting health monitoring. |
SSLVPN | · Issuing the specified public key, local certificate, and CA certificate to the specified PKI domain. · Creating the global address pool and AC access address. · ISP domain authentication. |
Service chain | Automated configuration of vFW nodes, vLB nodes, third-party service nodes of the service chain proxy, service nodes. |
Automated deployment | · Device roles: spine and leaf. · Connecting the controller to devices at Layer 2 · Connecting the controller to devices at Layer 3 |
IPv6 support | vSubnets, vPorts, intra-subnet forwarding, and inter-subnet forwarding. |
Data center interconnection | Layer 2 interconnection and Layer 3 interconnection |
System log management | · Viewing system logs. · Marking system logs. · Searching system logs. · Exporting system logs. · Five system log levels: Info, Warning, Error, Serious, and Critical. |
Operation log management | Viewing, refreshing, clearing, and exporting operation logs. |
O&M monitoring | · Traffic statistics: Provides VXLAN tunnel traffic statistics, device-side ARP packet statistics, and controller Packet-in packet statistics. · Radar detection: Provides VXLAN tunnel connectivity detection in a REST API. |
License management | · Pre-licensing. · License control through the license server. · Displaying the license status and usage. |
ISSU | · Upgrade through ISSU. · ISSU process visualization. |
Neutron LBaaSv2 driver | Interoperating with the controller LBaaSv2 solution. |
Neutron Metadata | Allowing VMs to access the OpenStack Metadata service to obtain information, for example, the host name and SSH public key. |
Neutron hierarchical port binding | Creating the same number of networks as the VXLANs in the network overlay. |
Kubernetes interoperation | The plugin supports the Network, QoS, SecurityGroup, DNS, and Service functions. |
EVPN hybrid overlay | EVPN hybrid overlay is supported. |
Underlay support for IPv6 | The underlay networks support IPv6. |
VLAN trunking | The VLAN trunking feature is supported. |
Microsegmentation | Microsegmentation is supported. |
Multicast | Layer 3 multicast is supported within a router and across vRouters. |
Interoperation with VMware in non-cloud scenarios | Interoperation with vCenter and pulling inventory |
Certificates | Certificate management |
Closed fault management loop | Searching for, processing, and closing faults |
OSPF | Supports deploying OSPF on vNetworks, external networks, and Layer 3 device interfaces, and establishing OSPF neighbors with the peer devices |
Version updates
Licensing
About licensing
H3C offers licensing options for you to deploy features and expand resource capacity on an as needed basis. To use license-based features, purchase licenses from H3C and install the licenses. For more information about the license-based features and licenses available for them, see H3C AD-NET&U-Center 2.0 Solution License Matrixes.
Registering and installing licenses
To register and transfer licenses, access H3C license services at http://www.h3c.com/en/License.
For information about registering licenses, installing activation files, and transferring licenses, see H3C Software Product Remote Licensing Guide.
Obtaining license server software and documentation
To perform remote licensing, first download and install the H3C license server software.
· To obtain the H3C license server software package, click
H3C license server software package
· To obtain H3C license server documentation, click
H3C license server documentation
Open problems and workarounds
202111080171
· Symptom: When RDRS operates in automatic switchover mode, the network of the primary site becomes abnormal, the backup site is automatically switched to the primary site, and then the network restores. In this case, the original primary sites fails to be switched to the backup site.
· Condition: This symptom occurs if the external network of the primary site becomes abnormal and the backup site is switched to the primary site.
· Workaround: Switch the original primary site to the backup site 20 minutes after this problem occurs.
202111080123
· Symptom: After the active leader controller switchover, a device will be activated for multiple times.
· Condition: This symptom occurs if the active leader controller switchover occurs and the master controller is the new active leader.
· Workaround: None. At last, the device can be activated stably. This problem does not affect the usage.
202206090033
· Symptom: On the Ocata cloud platform, a firewall fails to be created in agentless mode.
· Condition: This symptom occurs if the service_plugins is configured to operate in firewall_h3c mode on the Ocata cloud platform and a firewall is created on the cloud.
· Workaround: As a best practice, configure the service_plugins to operate in firewall or fwaas_h3c mode on the Ocata cloud platform. Do not create a firewall in agentless mode.
List of resolved problems
Resolved problems in H3C SeerEngine_DC-E6109H01
202207250565
· Symptom: When the cloud platform reuses the unstacked firewall resource of the service chain type, the controller reports an error that it fails to reuse the unstacked resource.
· Condition: This symptom occurs if the firewall is an unstacked resource and the cloud platform reuses the unstacked firewall resource.
202207250368
· Symptom: The system fails to bind a new interface to a VLAN-VXLAN mapping. The system prompts that the PVID is not from this mapping and cannot be edited.
· Condition: This symptom occurs if the following operations are performed:
a. In a version that does not support bulk configuring PVIDs, an interface-to-VLAN-VXLAN mapping binding exists, and the interface is configured with a PVID.
b. Upgrade the software to version E6102, and bind a new interface to the VLAN-VXLAN mapping.
202207140061
· Symptom: Vpn and l3 vsi interface configurations remain on a border device, but the controller cannot discover the differences through an audit. When you create a vRouter later, it might conflict with the remaining configuration on the device. As a result, the controller will discover configuration differences through an audit, and the differences cannot be restored through synchronization.
· Condition: This symptom occurs if the tenant border gateway policy of VMM is configured to match a border gateway name and the last vRouter in the tenant is deleted from the cloud platform.
Related documentation
Documentation set
· H3C SeerEngine-DC Controller Installation Guide (Unified Platform)-E61xx-5W106
· H3C SeerEngine-DC Operation Log Messages Reference-E61xx-5W107
· H3C SeerEngine-DC System Log Messages Reference-E61xx-5W106
· H3C SeerEngine-DC Controller OpenStack Plug-Ins Installation Guide for CentOS-E61xx-5W104
· H3C SeerEngine-DC Controller OpenStack Plug-Ins Installation Guide for Kolla-E61xx-5W104
· H3C SeerEngine-DC Controller OpenStack Plug-Ins Installation Guide for Ubuntu-E61xx-5W105
· H3C SeerEngine-DC Controller Converged OpenStack Plug-Ins Installation Guide for CentOS-E61xx-5W107
· H3C SeerEngine-DC Controller Converged OpenStack Plug-Ins Installation Guide for Kolla-E61xx-5W106
· H3C SeerEngine-DC Controller Converged OpenStack Plug-Ins Installation Guide for Ubuntu-E61xx-5W107
· H3C SeerEngine-DC Controller Kubernetes Plug-Ins Installation Guide-E61xx-5W105
· H3C SeerEngine-DC Device Provisioning Guide-E61xx-5W102
· H3C SeerEngine-DC Simulation Network Deployment Guide-E61xx-5W106
· H3C SeerEngine-DC System Center Plug-Ins Installation Guide-E61xx-5W101
Obtaining documentation
To obtain related documents, access the Technical Documents center at the following website:
https://www.h3c.com/en/Support/Resource_Center/Technical_Documents/
Technical support
To obtain technical assistance, contact H3C by using one of the following methods:
· Email:
h3cts@h3c.com (countries and regions except Hong Kong, China)
service_hk@h3c.com (Hong Kong, China)
· Technical support hotline number. To obtain your local technical support hotline number, go to the H3C Service Hotlines website: https://www.h3c.com/en/Support/Online_Help/Service_Hotlines/
To access documentation, go to the H3C website at http://www.h3c.com/en/.
