Configuring the Management Interface and Message Backbone Interface

A Solace PubSub+ appliance uses two Virtual Routing and Forwarding (VRF) objects:

• a Management VRF to enable out-of-band management and monitoring of the appliance
• a Message Backbone VRF to enable applications to establish client connections to the appliance to send and receive data

To configure the Management and Message Backbone VRFs on appliances, enter the following Global CONFIG commands:

solace(configure)# ip vrf {management | msg-backbone}

Where:

management is the Management VRF

msg-backbone is the Message Backbone VRF

The no version of this command, no vrf, deletes the specified VRF object from the appliance.

For both the Management VRF and Message Backbone VRF objects, you can perform the following configuration tasks:

• Configuring IP Interfaces
• Configuring IP Routes

Configuring IP Interfaces

To add IP interfaces for a VRF on an interface-by-interface basis, enter the following CONFIG command:

solace(configure/ip/vrf)# create interface <ip-interface> [primary | backup | static]

To configure existing IP interfaces for a VRF on an interface-by-interface basis, enter the following CONFIG command:

solace(configure/ip/vrf)# interface <ip-interface> [primary | backup | static]

Where:

<ip-interface> is an ASCII string in the form of <phy-interface>:<ip> that specifies the IP interface to be associated with the physical interface port. The <ip> parameter is a number from 1 to 3 that uniquely identifies this IP interface on the associated physical interface; it can be associated with any one of the interface types (primary, backup, or static). Valid values are:

• eth<port>:<ip> (for example, eth1:1)
• chassis/lag1:1 (for example, chassis/lag1:1)
• <cartridge>/<slot>/<port>:<ip> (for example, 1/1/8:3)
• <cartridge>/<slot>/lag1:<ip> (for example, 1/1/lag1:2)

primary specifies that this interface is for the primary virtual router—this is the default if no parameter is entered. It is only active when both the primary virtual router is locally active, and the IP interface on the VRF is running (through the no shutdown VRF IP Interface command)

backup specifies that this interface is for the backup virtual router. It is only active when both the backup virtual router is locally active, and the IP interface on the VRF is running (through the no shutdown VRF IP Interface command)

static specifies that this is the static interface for the appliance. It is always active irrespective of the virtual router activity. Clients cannot connect to the static interface if appliance redundancy is enabled.

The no version of this command (no interface) deletes the specified IP interface from the VRF object.

After you have entered the interface command, the CLI is at the configuration level, from which you can perform the following tasks for the given IP interface on the VRF:

• Configuring IP Addresses for IP Interfaces
• Configuring Kerberos Service Principal Names
• Starting/Stopping IP Interfaces on VRFs

Configuring IP Addresses for IP Interfaces

The Message Backbone VRF supports the assignment of either IPv4 or IPv6 addresses, but the Management VRF only supports IPv4.

To configure the IP address and network mask for the IP interface on the VRF, enter the following CONFIG command:

solace(configure/ip/vrf/interface)# ip-address <cidr-addr>

Where:

<cidr-addr> is the IP address and prefix length combination expressed in Classless Inter-Domain Routing (CIDR) notation. The specific format depends on whether <cidr-addr> is IPv4 or IPv6.

For IPv4 addresses, the format consists of an address in dot-decimal notation with a slash (/) terminating, followed by a decimal number in the range 1 to 32 such that the format looks like this, nnn.nnn.nnn.nnn/dd. An example is, 192.168.1.34/24.

For IPv6 addresses, the longest address format consists of 8 groups of hexadecimal quartets with a slash (/) terminating, followed by a decimal number in the range 1 to 128 such that the format looks like this, nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn/ddd. An example is, 2001:cdba:9abc:5678:0000:0000:0000:0000/64. Two shortening conventions are supported. The first is to replace any hexadecimal quartets equal to 0000 with 0. Applying this convention, the example address becomes 2001:cdba:9abc:5678:0:0:0:0/64. The second allows for an extended sequence of zero quartets to be replaced by ::. Applying this second convention to the example address yields, 2001:cdba:9abc:5678::/64.

The no version of this command, no ip-address, deletes the IP address and network mask configuration from the VRF's IP interface.

Configuring Kerberos Service Principal Names

For a msg-backbone VRF, you can optionally configure a Kerberos Service Principal Name (SPN) to be used for Kerberos-authenticated connections to the given IP address.

To configure a SPN for the given IP address, enter the following CONFIG commands (available only for a message backbone VRF and not for a management VRF):

solace(configure/ip/vrf/interface)# kerberos
solace(configure/ip/vrf/interface/kerberos)# service-principal-name <name>

Where:

<name> is a Kerberos SPN of the form component/<customer-provided-fully-qualified-domain-name-of-host>@<Kerberos Realm>. For example, solace/dev212@SIMPLESPNEXAMPLE.COM.

The no version of this command, no service-principal-name, removes the configured SPN from the IP interface on the VRF and the appliance’s default credentials are used for authentication.

Starting/Stopping IP Interfaces on VRFs

To start the IP interface on the VRF, enter the following CONFIG command:

solace(configure/ip/vrf/interface)# no shutdown

To stop the IP interface on the VRF from running, enter the following CONFIG command:

solace(configure/ip/vrf/interface)# shutdown

IP interfaces on the Message Backbone VRF are turned off by default.

Configuring IP Routes

Static routes and a default gateway can be created for the Management and Message Backbone VRFs. The Management VRF supports IPv4 addressing, but the Message Backbone VRF supports both IPv4 and IPv6.

Configuring IP Routes on the Management VRF

Static routes and a default gateway can be created utilizing IPv4 addressing on the Management VRF. To configure IP routes, enter the following CONFIG commands:

solace(configure)# ip vrf management
solace(configure/ip/vrf)# route {default | <cidr-addr>} <ip-addr> [<interface>]

Where:

default specifies the default route

<cidr-addr> specifies the IP/prefix length of the destination address in CIDR form.

<ip-addr> is the IP address of the gateway.

<interface> is an ASCII string that specifies the IP interface for the Management VRF to be associated with the gateway. Valid values for an IP interface are eth<port>:<ip> | chassis/lag1:1 (for example, eth1:1 or chassis/lag1:1). There is no default value.

The no version of this command, no route, deletes the specified route from the Management VRF.

Configuring IP Routes on the Message Backbone VRF

Static routes and a default gateway can be created utilizing either IPv4 or IPv6 addressing on the Message Backbone VRF. To configure IP routes, enter the following CONFIG commands:

solace(configure)# ip vrf msg-backbone
solace(configure/ip/vrf)# route {default | default6 | <cidr-addr>} <ip-addr> [<interface>]

Where:

default indicates that this is the default IPv4 route.

default6 indicates that this is the default IPv6 route.

<cidr-addr> specifies the IP/prefix length of the destination address in CIDR form.

<ip-addr> is the IP address of the gateway.

<interface> is an ASCII string that specifies the physical Ethernet interface port or LAG to be associated with the gateway. Valid values for a physical interface are <cartridge>/<slot>/<port> (for example, 1/1/8) or <cartridge>/<slot>/lag<N> (for example, 1/1/lag1). There is no default value.

The no version of this command, no route, deletes the specified route from the Message Backbone VRF.