Manualshelf

HP Network Protector SDN Application Administrator Guide

ManualsBrandsHP ManualsSoftwareHP Network Protector SDN Application 250 Concurrent Clients E-LTU
11121314151617181920
2 Deployment examples
This chapter contains a few approaches to deploy the application that were implemented during
the development, testing, and deployment phases. Use this section to understand certain important
aspects before deploying the application in your network. In the current release, you cannot deploy
the application in the following network environments:
On a HP VAN SDN Controller teamed installation.
On switches in stacked mode and are using OOBM (out-of-band management) port.
Instance approach to DNS inspection
Instance mode allows production (non-OpenFlow) VLANs and VLANs that belong to OpenFlow
instances to be configured on the switch. Each OpenFlow instance is independent and has its own
OpenFlow configuration and OpenFlow controller connection. An OpenFlow instance must have
a VLAN associated as a member VLAN. This example uses a simpler configuration than other
examples.
Figure 3 (page 12) illustrates this example.
In this example:
Each edge device, such as an HP 2920 switch or an HP 3800 series switch, is connected to
the HP VAN SDN Controller and is configured to use OpenFlow.
The L2 aggregation switch, such as an HP 5406 switch, is not configured to use OpenFlow
and is not connected to the controller in this example.
The application performs inspection and control on VLAN 20 and VLAN 30 but not on VLAN
10 or 40.
Every VLAN on every device has an OpenFlow instance.
DNS inspection is automatic when endpoints are browsing because of the transparent proxy
configuration at the firewall. In a transparent proxy deployment, HTTP requests are automatically
directed to a Proxy server without requiring manual browser configuration.
There is no wireless controller. Traffic is inspected when it arrives on VLAN 20.
Example configuration file to use OpenFlow 1.3 in instance mode.
controller-id 8 ip 15.146.194.104 controller-interface vlan
1
instance "office13"
member vlan 4
controller-id 8
version 1.3 only
mode passive
enable
exit
Example configuration file to use OpenFlow 1.0 in instance mode.
controller-id 8 ip 15.146.194.104 controller-interface vlan
1
instance "office10"
member vlan 4
controller-id 8
mode passive
enable
exit
Instance approach to DNS inspection 11