Site Mesh Group

Objective

This document presents information and provides instructions on how to configure site mesh group in VoltConsole. The site mesh group is used to directly connect Volterra CE sites to other arbitrary CE sites using IPsec or SSL tunnels. Using the site mesh group, connectivity between the CE sites can be direct and not via the RE sites. For more conceptual information on site mesh group, see Site to Site Connectivity.

Volterra supports connecting the CE sites in the following modes:

  • Hub-Spoke - A hub site routes traffic between the spoke sites.
  • Full Mesh - All sites have direct connectivity to each other.

Using the instructions provided in this guide, you can configure site mesh group objects and select sites for them.


Prerequisites

The following prerequisites apply:

  • Volterra Account

  • Two or more registered site in the enterprise tenant

  • Volterra virtual site.

    • Note: If you do not have a virtual site, see Virtual Site.
  • Port 4500 should be open on the CE sites for ingress traffic.

Restrictions

The following apply:

  • A spoke can form IPsec tunnels with multiple hubs.
  • A hub site can be a spoke site for another site mesh group.
  • A site can be member of either a hub group or a spoke group but not both in the same hub-spoke relation.
  • Only IPsec tunnel type is supported.
  • The site mesh group is not supported for the sites deployed using the site management functionality of VoltConsole. It is only supported for baremetal sites and terraform based cloud deployments.

Configure Hub-Spoke Site Mesh Group

In the Hub-Spoke model, two site mesh groups are required. One group is for the hub sites and the other is for the spoke sites. The spoke sites establish tunnels with all the hub sites. The hub sites form full mesh connectivity with each other. The sites for each mesh group are selected using the virtual site functionality.

Creating hub-spoke site mesh group requires you to first set the site-to-site tunnel IP address in the configuration of hub sites. After that, create a hub site mesh group and spoke site mesh group. The steps provided in this guide configure site mesh between 2 CE sites with one as a hub and other as spoke.

Log into VoltConsole and perform the following steps:

Step 1: Set site-to-site tunnel IP for the hub sites.
  • Select the System namespace in the namespace selector and navigate to Sites -> Site List.
  • Click ... -> Edit for the sites that are to be part of the hub group.
  • Enter the IP address for the tunnel in the Site to Site Tunnel IP field.

s2s tunnel ip
Figure: Site-to-Site Tunnel IP

  • Click Save Changes.

Note: Set the site-to-site tunnel IP for all HUB sites.

Step 2: Create site mesh group for hub sites.
  • Select Manage-> Networking in the System namespace and select Site Mesh Groups in the options. Click Add site mesh group.

smg nav
Figure: Navigate to Site Mesh Group

  • Enter a name for your site mesh group object. Select Hub for the Site Mesh Group Type field.
  • Click Select virtual site object in the Virtual Site (Sites in this group) section. Select the virtual sites that are to be part of this hub group. Click Select virtual site object to apply the virtual sites to the mesh group configuration.

hub smg 1
Figure: Hub Site Mesh Group

Note: You can also create a virtual site from here using the Add new virtual site option.

hub smg 2
Figure: Hub Site Mesh Group

  • Click Save and Exit.

Note: Leave the Hub (site mesh group) section empty as it is only applicable for the spoke mesh group. The Tunnel Type field is populated as IPsec by default.

Step 3: Create site mesh group for spoke sites.
  • Select Manage-> Networking in the System namespace and select Site Mesh Groups in the options. Click Add site mesh group.
  • Enter a name for your site mesh group object. Select Spoke for the Site Mesh Group Type field.
  • Click Select virtual site object in the Virtual Site (Sites in this group) section. Select the virtual sites that are to be part of this spoke group. Click Select virtual site object to apply the virtual sites to the mesh group configuration.

Note: You can also create a virtual site from here using the Add new virtual site option.

  • Click Select hub object in the Hub (site mesh group) section. Select the hub site mesh group created in Step 2. Click Select hub object to apply the hub to the spoke group configuration.

spoke smg
Figure: Spoke Site Mesh Group

  • Click Save and Exit.

Note: The Tunnel Type field is populated as IPsec by default.

Configure Full Site Mesh Group

Perform the following in VoltConsole:

Step 1: Start creating full site mesh group object.
  • Select Manage-> Networking in the System namespace and select Site Mesh Groups in the options. Click Add site mesh group.
  • Set a name for your site mesh group object.
Step 2: Set the mesh group type as full mesh.

Select Full mesh for the Site Mesh Group Type field in the site mesh group type section.

Step 3: Define sites that are part of the full mesh.

Click Select virtual site object in the Virtual Site (Sites in this group) section. Select the virtual sites that are to be part of this group. Click Select virtual site object to apply the virtual sites to the mesh group configuration.

Note: You can also create a virtual site from here using the Add new virtual site option.

Step 4: Complete creating the full mesh group.

Click Save and Exit to create the full mesh group of sites.

full mesh smg
Figure: Full Mesh Site Mesh Group

Note: The Tunnel Type field is populated as IPsec by default.

Note: Leave the Hub (site mesh group) section empty as it is only applicable for the spoke mesh group.


Verification

The site status shows the status of the IPsec tunnel between the CEs. Apart from connected REs, you can monitor all CE sites that it connects to using IPsec.

  • Log into VoltConsole and select the System namespace in the namespace selector. Navigate to Sites -> Site List. Click on a site that is part of a mesh group to open its dashboard.
  • Click Status Objects tab.

state objs
Figure: Site Status Objects Page

  • Click on the object with Creator Class as the CE name and Status ID containing string SiteStatusMgr. This opens the status in JSON format.
  • Check for site_tunnel_status section in the displayed JSON. Verify that the state field of the tunnel towards the other CE is TUNNEL_UP.

Concepts


API References