.svg?sv=2022-11-02&spr=https&st=2024-11-22T00%3A27%3A44Z&se=2024-11-22T00%3A37%3A44Z&sr=c&sp=r&sig=7fbW35vwcayVbfqKv4SPQm%2BOZieiLjOR7vefPenvYdQ%3D){kind=logo}
Important Considerations
- 18 Nov 2024
- 10 Minutes to read
- Contributors
- Print
- PDF
Important Considerations
- Updated on 18 Nov 2024
- 10 Minutes to read
- Contributors
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
CAUTION: Skylight orchestrator is a high-performance, real-time active system that requires special considerations to operate properly. For instance, if you install a Skylight sensor: control on the same server then hyper-threading must be disabled.
Network Requirements
Skylight orchestrator has requirements for the data communications network. Certain protocols and ports must be supported, and sufficient bandwidth must be allocated.
The DCN interfaces with the Skylight orchestrator over one or more of its five Gigabit Ethernet ports. By default, the 10/100/1000Base-T port named MGMT is the only configured port, but the other interfaces can be enabled.
The following categories of communication need to be considered:
- End-user browser communications
- Communication with devices
- OSS communications
- Infrastructure communications
- Base communications
- Network Address Translation (NAT)
The sections that follow detail the data exchanges for each of these categories.
Note: For large installations (more than 3,000 devices), it is recommended that the data store backup file transfers be carried out using a separate physical interface. Since these backups can be large, isolating this traffic is preferable.
End-User Browser Communications
End users interact with Skylight orchestrator using a standard web browser running on their end-user workstation.
Communications will consist primarily of HTTP and HTTPS traffic initiated from the end-user workstation towards the Skylight orchestrator server. All data exchanges between end users and Skylight orchestrator will be handled via these protocols.
The following table summarizes the network requirements.
| Source | Destination | Protocol | Dest. Port | Bandwith (per user session) | Description |
|---|---|---|---|---|---|
| Browser | Virtual Machine/Docker | HTTPS | 6080 | 512 Kbps | Main user interface |
| Browser | Virtual Machine/Docker | HTTPS | 6081 | 512 Kbps | Main user interface |
| Browser | Virtual Machine/Docker | HTTPS | 443 | 512 Kbps | Main user interface |
| Browser | Virtual Machine/Docker | HTTPS | 80 | 512 Kbps | Main user interface |
| Browser | Virtual Machine/Docker | HTTP | 9080 | 64 Kbps | Web services (REST) API |
| Browser | Virtual Machine/Docker | HTTPS | 9081 | 64 Kbps | Web services (REST) API |
Communication With Devices
Communication between Skylight orchestrator and its managed devices (Skylight elements, Skylight sensor: control, Skylight Flex 100) involves several flows:
- Command Line Interface (CLI) sessions
This is the primary interface used by Skylight orchestrator to establish, maintain and configure devices. It is a permanent SSH session established by Skylight orchestrator. - SFTP sessions
This is the main communication protocol used to exchange bulk information with devices. These sessions are temporary. They include transfer of firmware loads for upgrade information and transfer of configuration files. These sessions are initiated by the devices towards Skylight orchestrator.
SFTP sessions are also used by Y.1564 and RFC-2544 test processes to retrieve test reports. - Performance data streams
This is the main communication protocol used to collect performance data from devices. These are permanent SSH connections initiated from the devices towards Skylight orchestrator. The following table summarizes the network requirements for communication between Skylight orchestrator and devices.
Note: The supported network latency between Skylight orchestrator and devices is 300ms +/- 50ms.
Managed Element Requirements (Protocol, Port, Bandwidth)
| Source | Destination | Protocol | Destination Port | Bandwidth | Description |
|---|---|---|---|---|---|
| Skylight elements and Skylight sensor: control | Skylight orchestrator | TCP | 14040 | 40 kbps per Skylight element 1 | Metrics Collection stream. |
| Skylight elements and Skylight sensor: control | Skylight orchestrator | TCP | 11021 | 5 KB per test report 100 KB per backup 30 MB per Skylight element firmware 90 MB per Skylight sensor: control firmware | Y.1564 test reports RFC-2544 test reports backups/ Restores and firmware retrieval. |
| Skylight element and Skylight sensor: control | Skylight orchestrator | TCP | 10021 | 5 KB per test report 100 KB per backup 30 MB per Skylight element firmware 90 MB per Skylight sensor: control firmware | Legacy nodes (4.9) backups/ Restores and firmware retrieval. |
| Skylight elements and Skylight sensor: control | Skylight orchestrator | UDP | 1163 (can be configured as required) | 10 kbps per Skylight element | SNMP traps generated by the managed elements |
| Skylight elements | Inventory Node | UDP | 9065 | 10 kbps per Skylight element | Skylight element to Inventory node communications. |
| Skylight orchestrator | Skylight elements and Skylight sensor: control | TCP | 22 | 10 kbps per Skylight element | CLI communications and Control traffic (XML over SSH). |
| Skylight orchestrator | Skylight sensor: control | TCP | 22 | 40 kbps per Skylight element | Performance session data collection |
| Skylight orchestrator | Skylight elements and Skylight sensor: control | TCP | 443 | 64 kbps per machine | Web UI cut-through using reverse proxy. |
Additional Requirements of the 15K profile
Additional communications ports are required when running with a 15K deployment profile. These ports are in addition to the ports listed in Managed Element Requirements (Protocol, Port, Bandwidth).
| Source | Destination | Protocol | Destination Port | Bandwidth | Description |
|---|---|---|---|---|---|
| Skylight elements and Skylight sensor: control | Skylight orchestrator | TCP | 14040, 14140, 14240 | 40 kbps per Skylight element | Metrics Collection stream. |
| Skylight elements and Skylight sensor: control | Skylight orchestrator | TCP | 11021, 11121, 11221 | 5 KB per test report 100 KB per backup 90 MB per Skylight element firmware 270 MB per Skylight sensor: control firmware | Y.1564 test reports RFC-2544 test reports backups/ Restores and firmware retrieval. |
| Skylight elements and Skylight sensor: control | Skylight orchestrator | TCP | 10021, 10121, 10221 | 5 KB per test report 100 KB per backup 90 MB per Skylight element firmware 270 MB per Skylight sensor: control firmware | Legacy nodes (4.9) backups/ Restores and firmware retrieval. |
| Skylight elements and Skylight sensor: control | Skylight orchestrator | UDP | 1163, 1263, 1363 | 10 kbps per Skylight element | SNMP traps generated by the managed elements. |
Additional Requirements of the 30K profile
Additional communications ports are required when running with a 30K deployment profile. These ports are in addition to the ports listed in Managed Element Requirements (Protocol, Port, Bandwidth).
| Source | Destination | Protocol | Destination Port | Bandwidth | Description |
|---|---|---|---|---|---|
| Skylight elements and Skylight sensor: control | Skylight orchestrator | TCP | 14040, 14140, 14240, 14340, 14440, 14540 | 40 kbps per Skylight element | Metrics Collection stream. |
| Skylight elements and Skylight sensor: control | Skylight orchestrator | TCP | 11021, 11121, 11221, 11321, 11421, 11521 | 5 KB per test report 100 KB per backup 180 MB per Skylight element firmware 540 MB per Skylight sensor: control firmware | Y.1564 test reports RFC-2544 test reports backups/ Restores and firmware retrieval. |
| Skylight element and Skylight sensor: control | Skylight orchestrator | TCP | 10021, 10121, 10221, 10321, 10421, 10521 | 5 KB per test report 100 KB per backup 180 MB per Skylight element firmware 540 MB per Skylight sensor: control firmware | Legacy nodes (4.9) backups/ Restores and firmware retrieval. |
| Skylight elements and Skylight sensor: control | Skylight orchestrator | UDP | 1163, 1263, 1363, 1463, 1563, 1663 | 10 kbps per Skylight element | SNMP traps generated by the managed elements |
Additional Requirements of the 60K profile
Additional communications ports are required when running with a 60K deployment profile. These ports are in addition to the ports listed in Managed Element Requirements (Protocol, Port, Bandwidth).
| Source | Destination | Protocol | Destination Port | Bandwidth | Description |
|---|---|---|---|---|---|
| Skylight elements and Skylight sensor: control | Skylight orchestrator | TCP | 14040, 14140, 14240, 14340, 14440, 14540, 14640, 14740, 14840, 14940, 24040, 24140 | 40 kbps per Skylight element | Metrics Collection stream. |
| Skylight elements and Skylight sensor: control | Skylight orchestrator | TCP | 11021, 11121, 11221, 11321, 11421, 11521, 11621, 11721, 11821, 11921, 21021, 21121 | 5 KB per test report 100 KB per backup 360 MB per Skylight element firmware 1080 MB per Skylight sensor: control firmware | Y.1564 test reports RFC-2544 test reports backups/ Restores and firmware retrieval. |
| Skylight elements and Skylight sensor: control | Skylight orchestrator | TCP | 10021, 10121, 10221, 10321, 10421, 10521, 10621, 10721, 10821, 10921, 20021, 20121 | 5 KB per test report 100 KB per backup 360 MB per Skylight element firmware 1080 MB per Skylight sensor: control firmware | Legacy nodes (4.9) backups/ Restores and firmware retrieval. |
| Skylight elements and Skylight sensor: control | Skylight orchestrator | UDP | 1163, 1263, 1363, 1463, 1563, 1663, 1763, 1863, 1963, 2063, 11163, 11263 | 10 kbps per Skylight element | SNMP traps generated by the managed elements. |
Notes:
Planning guideline only. This metric varies considerably based on the specific configuration of the Metrics Collection agent. Contact Accedian support to get a more precise expected throughput based on your configuration.
Legacy nodes use passive FTP sessions for file transfers. Firewalling these sessions requires a state-aware firewall with support for Passive FTP. Skylight orchestrator’s FTP control channel is located on port 10,021. Because this is passive FTP, the devices will negotiate a second connection to Skylight orchestrator for the data channel used to transfer the file. This second connection is on a random source and destination port.
OSS Communications
OSS communications cover the network requirements to ensure that Skylight orchestrator interoperates correctly with northbound OSS systems. This section describes these network requirements for the current release of Skylight orchestrator.
Metrics Collection - Network Requirements
The data exchange is done by means of Comma Separated Value (CSV) files that are transferred from Skylight orchestrator to the northbound system.
- FTP connection from Skylight orchestrator to the OSS system for orchestrator metrics collection CSV file transfer
- SFTP connection from Skylight orchestrator to the OSS system for orchestrator metrics collection CSV file transfer
- Rsync connection from Skylight orchestrator to the OSS system for orchestrator metrics collection CSV file transfer.
The choice of flow is driven by user configuration. Also driven by user configuration is the choice to compress the CSV files before transmission. This is highly recommended as it considerably decreases the volume of data to transfer.
Since the volume and frequency of files to transfer will be high, the connection is permanent. Skylight orchestrator maintains an active connection pool to the northbound system.
The following table summarizes the network requirements for OSS communications.
| Source | Destination | Protocol | Destination Port | Bandwidth | Description |
|---|---|---|---|---|---|
| Skylight orchestrator | External PM System | TCP | 21 | 40 kbps per machine (uncompressed) | FTP export of PM data. |
| Skylight orchestrator | External PM System | TCP | 22 | 6 kbps per machine(compressed) | Rsync (recommended) or SFTP export of PM data. |
Northbound Alarms - Network Requirements
Skylight orchestrator can forward alarm information to northbound OSS systems using SNMP v2 or v3 notifications and informs.
The following table summarizes the network requirements for northbound alarms.
| Source | Destination | Protocol | Destination Port | Bandwidth | Description |
|---|---|---|---|---|---|
| Skylight orchestrator | External Alarm OSS | UDP | 162 1 | 64 kbps | SNMP v2 or v3 Notifications and Informs from EMS to Alarm OSS. |
| External Alarm OSS | Skylight orchestrator | UDP | >1024 2 | 64 kbps | Inform confirmations from OSS back to Skylight orchestrator. |
Notes:
This value is configurable.
This is the same port used by Skylight orchestrator to transmit the inform message to the Alarm OSS. This port has a dynamic value and must be greater than 1024.
Infrastructure Communications - Network Requirements
This category of communication requirements cover Skylight orchestrator needs for generic infrastructure systems, including communication to DNS servers, NTP servers and so on.
Base Communications - Network Requirements
For explanations of the numbered notes in the table, see below.
| Source | Destination | Protocol | Destination Port | Bandwidth | Description |
|---|---|---|---|---|---|
| End User Station | Skylight orchestrator | TCP | 22 | 64 Kbps | SSH port for OS shell access. |
| End User Station | Skylight orchestrator | TCP | 2200 | 64 Kbps | SSH port for console access. |
| Browser | Skylight orchestrator | HTTPS/TCP | 443 | - | Main user interface |
| SNMP Manager | Skylight orchestrator | UDP | 161 | - | SNMP agent on Skylight orchestrator. 1 |
| Skylight orchestrator | NTP | UDP | 123 | - | NTP time sync (optional) |
| Skylight orchestrator | DNS | UDP | 53 | - | DNS services |
| Skylight orchestrator | Backup Server | TCP | 22 | Up to 1 GiB per hour | Optional remote destination for Skylight orchestrator backups. |
| Skylight orchestrator | Skylight orchestrator | TCP | 22 | Up to 1 GiB per hour | Data store backups for standby orchestrator. |
| Skylight orchestrator | Skylight orchestrator | TCP | 7788 | 100 Mbps | Hot standby replication traffic on the replication link. |
| Skylight orchestrator | Skylight orchestrator | TCP | 7789 | Hot standby replication traffic on the replication link. Default values. 2 | |
| Skylight orchestrator | Skylight orchestrator | UDP | 5406 | Hot standby monitoring connection on the replication link. | |
| Skylight orchestrator | Skylight orchestrator | TCP | 6969 | 100 Mbps | Hot standby management on the monitor link. |
| Skylight orchestrator | Skylight orchestrator | UDP | 5405 | Hot standby monitoring connection on the monitor link. Default value. 3 | |
| Skylight orchestrator | RADIUS Server | UDP | 18124 | - | Authentication requests to RADIUS Server. |
Notes:
1 The SNMP agent can be used to remotely monitor the Skylight orchestrator for CPU, memory and file system usage. Temperature sensor information is also available. See SNMP Alarm Forwarding for the MIBs that can be used to provide this information.
2 and 3 Other ports can be used provided they are not used for other purposes.
4 Default value. Can be configured in the Skylight orchestrator web interface.
Network Address Translation (NAT)
Network Address Translation (NAT) is a process by which one IP address (the internal address) is mapped or translated to another IP address (the external address). This translation happens in both data traffic directions such that the translated address is the only one that is visible to the outside world. The translation process is typically handled by a router or firewall. It is handled at the IP layer where packet IP headers are inspected and modified to switch the destination or source IP as required.
There are two basic NAT modes:
- 1:1 translation where each external address is mapped onto one internal address.
This mode is often used when there is address duplication in the network (due to consolidation). NAT is used in this case to give hosts a unique external IP. - 1:N translation mode where one external address is mapped to multiple internal addresses.
This mode is used mostly to solve the issue of address exhaustion. The most common example is a residential home router, where one Internet Service Provider (ISP) address is mapped to multiple internal IPs. This allows the home to have multiple devices in its private network, but only present a single public IP address to the external world.
Skylight orchestrator supports 1:1 NAT of IP addresses for Skylight elements, and the Skylight sensor: control. A Skylight element or Skylight sensor: control can be configured with an internal IP address that remains unknown to the management plane. The external address is used to provision Skylight orchestrator and from its perspective, all communications are going to and coming from the public external IP address of the Skylight element or Skylight sensor: control.
Skylight orchestrator also supports 1:1 NAT for its own address. The IP addresses configured on a Skylight orchestrator are translated and hidden from the Skylight elements and Skylight sensor: control that it manages.
The use of 1:N NAT is not supported for Skylight elements, Skylight sensor: control and Skylight orchestrator addresses. These NAT techniques should not be used in Skylight orchestrator deployments.
Deployment Profile
An important part of the installation and deployment process is the determination of the physical resources that must be assigned to the virtual machine for its proper operation. Skylight orchestrator 21.08 and later ships with four deployment profiles that allow it to run in small, large and very large networks. Larger profiles require more disk, CPU and memory to run. The larger profiles also have additional networking requirements.
CAUTION: If you install the Skylight sensor: control on the same server you must disable hyper-threading. CPU (vCPU) requirements of the profiles remain the same with or without hyper-threading enabled.
For more information, see Deployment Profile Configuration.
Deployment Considerations
For specific deployment considerations, see the Release Notes.
Virtual Machine Disk
The virtual machine ships pre-configured. It has a 5K profile and a single 150 GB disk (vmdk for VMware, QCOW2 file for KVM), referred to as the OS disk. In this default configuration, the application can handle up to 1,000 performance sessions running at one-minute intervals, or up to 100 network elements.
For more information, see Virtual Machine Disk Configuration.
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks
Was this article helpful?