A10 VT VMWARE-ESXi Lib3.3 PDF

Installing vThunder on VMware ESXi
9 November 2018
© 2018 A10 NETWORKS, INC. CONFIDENTIAL AND PROPRIETARY- ALL RIGHTS RESERVED
Information in this document is subject to change without notice.
PATENT PROTECTION
A10 Networks products are protected by patents in the U.S. and elsewhere. The following website is provided to satisfy the virtual patent marking provi-
sions of various jurisdictions including the virtual patent marking provisions of the America Invents Act. A10 Networks' products, including all Thunder
Series products, are protected by one or more of U.S. patents and patents pending listed at:
https://www.a10networks.com/company/legal-notices/a10-virtual-patent-marking
TRADEMARKS
A10 Networks trademarks are listed at:
https://www.a10networks.com/company/legal-notices/a10-trademarks
CONFIDENTIALITY
This document contains confidential materials proprietary to A10 Networks, Inc. This document and information and ideas herein may not be disclosed,
copied, reproduced or distributed to anyone outside A10 Networks, Inc. without prior written consent of A10 Networks, Inc.
A10 NETWORKS INC. SOFTWARE LICENSE AND END USER AGREEMENT

Software for all A10 Networks products contains trade secrets of A10 Networks and its subsidiaries and Customer agrees to treat Software as confidential
information.
Anyone who uses the Software does so only in compliance with the terms of the End User License Agreement (EULA), provided later in this document
or available separately. Customer shall not:
1. Reverse engineer, reverse compile, reverse de-assemble, or otherwise translate the Software by any means.
2. Sub-license, rent, or lease the Software.
DISCLAIMER
This document does not create any express or implied warranty about A10 Networks or about its products or services, including but not limited to fit-
ness for a particular use and non-infringement. A10 Networks has made reasonable efforts to verify that the information contained herein is accurate,
but A10 Networks assumes no responsibility for its use. All information is provided "as-is." The product specifications and features described in this pub-
lication are based on the latest information available; however, specifications are subject to change without notice, and certain features may not be
available upon initial product release. Contact A10 Networks for current information regarding its products or services. A10 Networks’ products and ser-
vices are subject to A10 Networks’ standard terms and conditions.
ENVIRONMENTAL CONSIDERATIONS
Some electronic components may possibly contain dangerous substances. For information on specific component types, please contact the manufac-
turer of that component. Always consult local authorities for regulations regarding proper disposal of electronic components in your area.
FURTHER INFORMATION
For additional information about A10 products, terms and conditions of delivery, and pricing, contact your nearest A10 Networks location, which can be
found by visiting www.a10networks.com.
Table of Contents
Introduction to Installing vThunder on VMware ESXi ................................................................... 5

Minimum System Requirements ...........................................................................................6
Recommended System Requirements..................................................................................7
Global License Manager and Types of vThunder Licenses .................................................8
Interfaces ................................................................................................................................9
Feature Support....................................................................................................................11
Limitations ............................................................................................................................11
Incorrect CPU Display ............................................................................................................................... 11
Non-promiscuous Mode Limitations ..................................................................................................... 12
High Availability Limitations .................................................................................................................... 12
LACP ............................................................................................................................................................. 12
Installing vThunder on VMware ESXi .......................................................................................... 13

Step 1. Downloading the vThunder Image ..........................................................................13
Step 2. Installing the vThunder Instance ............................................................................14
Installing vThunder by Using vSphere Client ....................................................................................... 14
Installing vThunder by Using vCenter Server ....................................................................................... 18
Adding a New ESXi Hypervisor Host to vCenter ........................................................................... 19
Deploying the OVF Template ............................................................................................................ 19
Verifying Configuration of vThunder with VMware Tools ........................................................... 23
VMware Properties Supported ......................................................................................................... 24
Installing vThunder by Using Web Client .............................................................................................. 24
Installing vThunder by Using an ISO Image and vSphere Client ...................................................... 27
Step 3. Modifying the vSwitch Settings ..............................................................................32
Step 4. Accessing the vThunder Instance ..........................................................................34
Login Using the CLI ................................................................................................................................... 34
Login by Using the GUI ............................................................................................................................. 35
Initial vThunder Configuration .................................................................................................... 39

Changing the Admin Password ...........................................................................................39
Saving the Configuration Changes—Write Memory ...........................................................39
Configuring the Management Interface ..............................................................................40
Support for Non-dedicated Management Port Mode .........................................................41
Configuring Non-dedicated Management Port Mode ........................................................................ 41
Guidelines for Non-dedicated Management Port Mode .................................................................... 42
Adding Extra Ethernet Data Interfaces................................................................................43
Adding Extra Port Groups ....................................................................................................44
page 3
Contents
Advanced vThunder Configuration ............................................................................................. 45

About Jumbo Frames...........................................................................................................45
Enabling Jumbo Frames on the Host Side for ESXi ........................................................................... 45
Enabling Jumbo Frames for vThunder ................................................................................................. 45
About System Polling Mode and Interrupt Mode ...............................................................46
Important Information About System Polling Mode and Interrupt Mode ...................................... 46
Enabling System Polling mode ............................................................................................................... 47
Setting the Maximum Limit of Cores for I/O Processing .................................................................. 48
About SR-IOV and DirectPath I/O ........................................................................................49
Prerequisites for Running SR-IOV or DirectPath I/O ........................................................................... 50
Limitations for Running SR-IOV or DirectPath I/O .............................................................................. 50
Configuring SR-IOV .................................................................................................................................... 51
Configuring DirectPath I/O ....................................................................................................................... 52
Configuring vThunder for High Throughput ......................................................................................... 53
Additional Resources—Where to go from here? .................................................................54
page 4
Feedback Installing vThunder on VMware ESXi
Introduction to Installing vThunder on VMware ESXi
vThunder for VMware ESXi is a fully operational, software-only version of the ACOS Series Server Load
Balancer (SLB), Application Delivery Controller (ADC), SSL Insight (SSLi), IPv6 migration device, or a
Carrier-Grade Networking (CGN) device.
The maximum throughput of vThunder for VMware ESXi is variable and depends on which vThunder
software license was purchased. Install vThunder on a hardware platform running VMware ESXi 4.1
Update 2, VMware ESXi 5.0, VMware ESXi 5.5, VMware ESXi 6.0, or VMware ESXi 6.5.
The product name for the ACOS virtual appliance changed from “SoftAX” to “vThunder” beginning with
ACOS 2.7.1-P3 (SLB release) and ACOS 2.8.1 (IPv6 Migration release). This document uses the “vThun-
der” name, but some file names, directory paths, and screenshots may still refer to “SoftAX”.
Figure 1 shows vThunder running on top of commodity servers (which are running the VMware ESXi
hypervisor).
Feedback page 5
FeedbackFF
Minimum System Requirements FFee
e
FIGURE 1 vThunder for VMware ESXi
Minimum System Requirements

Minimal requirements are for configuring ADC, CGN, or TPS for basic testing purposes. These are
defined individually for the host on which vThunder is installed and for the vThunder instance itself.
The host on which vThunder is installed must meet the following minimal requirements:
• 1 CPU (Intel VT-d enabled)
• 16 GB disk space
• 2 Ethernet ports (1 management interface and 1 data interface)
NOTE: vThunder also supports configuring only one network adapter for all
interfaces (both data and management).
page 6
Feedback
Recommended System Requirements
The vThunder instance must meet the following minimum requirements:
• 1 vCPU
• Memory:
• For ACOS 4.1.4, 8 GB RAM memory (more RAM may be needed if you are using memory-inten-
sive features, such as Jumbo Frame or GSLB).
• For earlier ACOS versions, 4 GB RAM (more RAM may be needed if you are using memory-inten-
sive features, such as Jumbo Frame or GSLB).
• Virtual disk image size:
• 10 GB for ACOS 2.7.x and earlier

• 12 GB for ACOS 2.7.1-GR1-Px, 2.7.2-Px and earlier
• 16 GB for ACOS 3.x, 4.x and later
• ACOS software versions:
• For ADC features – ACOS Release 2.7.1, or later

• For CGN features – ACOS Release 2.8.1, or later
• For TPS features – ACOS Release 3.1.0 or later
NOTE: “1 Mgmt + 1 data interface” configuration is supported for TPS TAP

mode only.
• VMware ESXi 4.1 Update 2 client (required unless you plan to install using ovftool)
• Separate port groups for each vThunder interface (see “Adding Extra Port Groups” on page 44),
configured before you begin installing vThunder
Recommended System Requirements

Recommended requirements are for configuring ADC, CGN, or TPS for production purposes. These are
defined individually for the host on which vThunder is installed and for the vThunder instance itself.
The host on which vThunder is installed must meet the following recommended requirements:
• 1 CPU (Intel VT-d enabled)
• 20 GB disk space
• 3 Ethernet ports (1 management interface and 2 data interfaces)
The vThunder instance must meet the following recommended requirements:
page 7
FeedbackFF
Global License Manager and Types of vThunder Licenses FFee
e
• 4 vCPUs
• Memory:
• For ACOS 4.1.4 and later versions, 16 GB RAM memory.

• For earlier ACOS versions, 8 GB RAM.
• Virtual disk image size:
• 10 GB for ACOS 2.7.x and earlier

• 12 GB for ACOS 2.7.1-GR1-Px, 2.7.2-Px and earlier
• 20 GB for ACOS 3.x, 4.x and later
• ACOS software versions:
• For ADC features – ACOS Release 4.1.4-P2 or later

• For CGN features – ACOS Release 4.1.4-P2 or later
• For TPS features – ACOS Release 3.2.2-P5 or later
• VMware ESXi 4.1 Update 2 client (required unless you plan to install using ovftool)
• Separate port groups for each vThunder interface (see “Adding Extra Port Groups” on page 44),
configured before you begin installing vThunder
Global License Manager and Types of vThunder Licenses

The GLM is the master licensing system for A10 Networks. The GLM is managed by A10 Networks and
is the primary portal for license management for A10 products. The GLM provides a GUI where you can
view and manage advanced licensing functions. Creating a GLM account is optional. You can use the
ACOS CLI or GUI to license the ACOS devices. A GLM account enables you to perform advanced licens-
ing functions and, where applicable, view and monitor device usage. The GLM portal is available at
https://glm.a10networks.com. If you do not yet have a GLM account,
contact sales@a10networks.com.
vThunder requires a license. Without a license, the product cannot run production traffic, and the
amount of bandwidth is only sufficient for testing network connectivity. After you have downloaded
and installed the vThunder software, you need a license before you can run live traffic.
A10 Networks offers different types of licenses for your vThunder instance. vThunder supports the
following licensing models:
• Trial license—Create a trial license in the ACOS GUI.

For more information, see Global License Manager User Guide.
• Perpetual license—This licensing model is based on bandwidth. The licenses must be
generated and installed manually. For more information, see Global License Manager User Guide.
page 8
Feedback
Interfaces
• Pay As You Go (PAYG) license—This licensing model is subscription-based. There are two
types of licensing models under PAYG licenses. Both these licensing models require that the
vThunder instance has an Internet access to request the licenses from an A10 license server.
The license models are as follows:
• The Rental Billing Model (RBM) is designed for cloud service providers (CSPs) who offer
Advanced Delivery Controller (ADC) services. This model enables such providers to bill their
customers for a fixed amount of bandwidth, as well as adding surcharges for extra bandwidth
consumed.
• The Utility Billing Model (UBM) is based on actual data usage, in bytes, in which unlimited
vThunder instances can be deployed and in which no bandwidth settings are required.
For more information, see vThunder Pay-as-you-Go Licensing Installation and User Guide.
• Capacity Pool (FlexPool) license—This licensing model enables you to subscribe to a
specific bandwidth pool in the Global License Manager (GLM) for a specific period of time, with
an additional option of automatically renewing your license before the license expiry date. Unlike
previous license models supported by A10 Networks, capacity pool (FlexPool) license is not node
locked. You can configure multiple ACOS devices to share bandwidth from the common license
pool.
For more information refer to Capacity Pool License User Guide.
All licensing documents are available under Licensing User Guides at

https://documentation.a10networks.com/Install/Software/A10_ACOS_Install/index.html.
Interfaces
When installing vThunder from an OVA file, three ports are automatically created (one management
and two data ports). If required, you can add or remove data ports after the vThunder instance is
deployed. The default ports are:
• Management – Dedicated management interface
• Ethernet 1 – Data interface
• Ethernet 2 – Data interface
To connect the vThunder to other devices, you must connect each vThunder interface to a separate
port group on the virtual switch (vSwitch) on the VMware host. In a typical deployment, one of the data
interfaces is connected to the server farm, and the other data interface is connected to the clients.
However, one-arm deployment is also supported which requires one data port and one management
port. You also can add additional data interfaces as needed.
For more information refer to “Adding Extra Ethernet Data Interfaces” on page 43 and “Adding Extra
Port Groups” on page 44.
page 9
FeedbackFF
Interfaces FFee
e
Figure 2 shows an example of vThunder interface connections. Each vThunder interface is connected
to a separate port group on the VMware host’s vSwitch. Each of the port groups is connected to a
separate physical interface (NIC).
FIGURE 2 vThunder for VMware ESXi Interfaces
vThunder also supports management connection to the command line interface (CLI) through the con-
sole in vSphere Client. The console is required for initial configuration. You can access the ACOS device
on the Mgmt (Management), Ethernet 1 (Eth1), and Ethernet 2 (Eth2) interfaces after you configure IP
addresses on them and connect them to a port group on a vSwitch.
page 10
Feedback
Feature Support
Feature Support
vThunder for VMware ESXi supports many of the same features as the Thunder Series hardware-based
models, but the exact set of supported features varies based on whether vThunder is running an ADC
(SLB) release, SSLi, or a CGN (IPv6 Migration) release.
Limitations
vThunder has the following limitations.
Incorrect CPU Display

When the total CPU number is two for vThunder, the command show cpu displays the number as one
control CPU and two data CPUs.
vThunder-1#show cpu
Time: Dec-22-2017, 14:08
1Sec 5Sec 10Sec 30Sec 60Sec
-------------------------------------------------------------------------------
Control1 11% 13% 20% 21% 36%
Data1 0% 0% 0% 0% 0%
Data2 0% 0% 0% 0% 0%
A similar issue is seen when the total CPU number is one for vThunder. An output similar to the follow-
ing is displayed:
vThunder#show version | inc CPU

Number of control CPUs is set to 1
Hardware: 1 CPUs(Stepping 1), Single 20G drive, Free storage is 12G
vThunder#show cpu
Time: Feb-27-2018, 07:58
-------------------------------------------------------------------------------
Control1 5% 20% 12% 6% 5%
Data1 3% 20% 11% 6% 5%
page 11
FeedbackFF
Limitations FFee
e
Non-promiscuous Mode Limitations

vThunder runs in non-promiscuous mode by default in order to achieve slight performance optimiza-
tions. However, the following limitations will apply in non-promiscuous mode:
• VE interfaces can be bound to only 1 tagged/untagged physical interface
• VE MAC address assignment scheme changes are not supported
• The virtualized Network Interface Card (VNIC) in the vSwitch to which the vThunder interface is
attached may also need to be set to non-promiscuous mode for proper functioning.
If these limitations are problematic, you may remove them by re-enabling promiscuous mode. A vThun-
der system that is running in non-promiscuous mode can be transitioned back to promiscuous mode
with the following command:
system promiscuous-mode
NOTE: When making the transition from promiscuous mode to non-promiscu-

ous mode (or vice-versa), the vThunder instance must be reloaded.
High Availability Limitations

The following HA limitations apply:
• HA is supported in releases prior to ACOS 4.0. In-line HA for vThunder is supported in promiscu-
ous mode.
• In ACOS 4.0 and later, HA is no longer supported. Redundancy can only be configured using
VRRP-A.
LACP
LACP trunk groups are not supported in vThunder.
page 12
You can either install vThunder using the vSphere Client, vCenter server, or the Web client. You can
either select an ISO image or an OVF image (OVA file) to install vThunder. Starting from ESXi 6.5,
VMware does not support the vSphere Client.
NOTE: You can also install vThunder using the ESXi CLI; see the VMware CLI
documentation for the procedure.
The workflow is as follows:
• Step 1. Downloading the vThunder Image
• Step 2. Installing the vThunder Instance
• Step 3. Modifying the vSwitch Settings
• Step 4. Accessing the vThunder Instance
Step 1. Downloading the vThunder Image

You can download vThunder either as a trial software or a licensed software.
To download the vThunder software (trial), log into your Global License Manager (GLM) account and
see the following URL: https://glm.a10networks.com/downloads
To download the vThunder software (licensed), see the following URL:

https://www.a10networks.com/support/axseries/software-downloads#vthunder
The A10 sales team should have set up a GLM account for you when you first purchase the product. If
you do not yet have a GLM account, contact sales@a10networks.com.
Feedback page 13
FeedbackFF
Step 2. Installing the vThunder Instance FFee
e
Step 2. Installing the vThunder Instance

If you are installing ACOS version 4.1.4-P2, you have the option of using VMware Tools. For VMware
Tools, you must deploy the OVA image by using VMware vCenter and on ESXi version 6.5. If you do not
intend to use VMware Tools, you can install the vThunder image for ACOS 4.1.4-P2 by using the Web
client. Note that vSphere Client is not supported from ESXi 6.5 onwards.
If you are installing an ACOS version earlier than 4.1.4-P2, VMware Tools is not supported. You can use
either an OVA image or an ISO image to install vThunder for ESXi. Also, for such ACOS images, earlier
versions of ESXi is also supported.
To download a specific vThunder image, login to the support portal at

https://www.a10networks.com/support and select a vThunder image from the SOFTWARE &
DOCUMENTATION tab.
After creating the VM, it might take some time for the VM to come up. This is expected behavior.
Based on the ACOS version, you can choose any of the following installation methods to install vThun-
der on ESXi:
• “Installing vThunder by Using vSphere Client” on page 14
• “Installing vThunder by Using vCenter Server” on page 18
• “Installing vThunder by Using Web Client” on page 24
• “Installing vThunder by Using an ISO Image and vSphere Client” on page 27
Installing vThunder by Using vSphere Client

This section describes the process of installing a vThunder image on a vSphere client by using an OVA
file.
NOTE: vSphere Client is not supported from ESXi 6.5 onwards
1. Download or copy the vThunder OVA archive file into the virtual machine store folder.
2. Select File > Deploy OVF Template.
3. Click Browse and navigate to the vThunder OVA file, and then click Open.
4. Click Next.
The OVF Template Details screen is displayed.
page 14
Feedback
FIGURE 3 OVF Template Details Screen
5. Click Next to view the End User License Agreement screen.

6. Review the license agreement, and if the terms are acceptable, click Accept.
7. Click Next to view the Name and Location screen.
8. If required, edit the default name of the vThunder template
9. Click Next.
The Resource Pool screen is displayed.
10.Select the resource pool where you would like to deploy the template.
page 15
FeedbackFF
e
FIGURE 4 Name and Location Screen
NOTE: If a vThunder template is already installed using the default template

name, you need to edit a new name for the new template to avoid a
conflict.
11.Click Next.
The Disk Format screen is displayed.
12.Select Thick provisioned format. This option provides better performance than Thin
provisioned format.
13.The Network Mapping screen is displayed.
14.Map each vThunder network interface (Management, Ethernet 1, and Ethernet 2) to a separate
port group in the Destination Networks column.
15.To map a network interface, select a vThunder interface in the Source Networks column, and then
select the port group from the drop-down list in the Destination Networks column. For example,
select source network "Management" and destination network "Mgmt".
16.The actual names of the port groups may differ. Assign the names when you create them as a
prerequisite for vThunder installation.
page 16
Feedback
FIGURE 5 Deploy OVF Template - Network Mapping
17.Click Next to proceed. The Ready To Complete screen is displayed.
FIGURE 6 Ready to Complete Screen
page 17
FeedbackFF
e
18.Verify that all settings are correct, and click Finish. The vSphere Client deploys the new vThunder
virtual machine.
19.Open vSphere Client, if not already open.
20.In the virtual machines inventory, select the vThunder virtual machine.
21.From the menu bar, select Inventory > Virtual Machine > Power > Power On.
Installing vThunder by Using vCenter Server

This section applies to installing ACOS 4.1.4-P2 on ESXi 6.5 with VMware Tools. If you are using an
older version of the ESXi hypervisor, use a version of ACOS earlier than ACOS 4.1.4-P2. Note that earlier
ACOS versions do not support VMware Tools. VMware Tools provide the option to configure important
network properties during the VM boot-up process.
NOTE: The VMware Tools properties are available with the OVA file. To utilize
VMware Tools, download the vThunder image only as an OVA file. To
configure VMware Tools properties, use vCenter server to launch
vThunder.
page 18
Feedback
Adding a New ESXi Hypervisor Host to vCenter

1. Create a new data center using any of the following options:
• File > New > Data Center.
• Right click on the Server in the Navigator pane. Select Create a new Data Center.
2. Right click on the Data Center DC1 in the Navigator pane.
3. Select Add a Host to add a new host to the Data Center.
4. Enter the IP address for the host. and click OK.
A new host is created.
Deploying the OVF Template

1. Download or copy the vThunder OVA file into the vCenter server.
2. Deploy OVF Template on the new host. Launch the vThunder VM from vCenter using any of
the following options:
• Right click on Host and select Deploy OVF Template.
FIGURE 7 Deploy OVF Template from VM tab in Actions Pane
page 19
FeedbackFF
e
• Click Deploy OVF Template on the VMs tab in the Host - Actions Pane.
FIGURE 8 Deploy OVF Template from Host
3. Click Browse and navigate to the vThunder OVA file, and then click Open.
4. Click Next to open the Select template screen.
5. Select name and location in the Deploy OVF Template screen.
6. Click Next to open the Accept license agreements screen.
7. Review the license agreement, and if the terms are acceptable, click Accept.
8. Click Next to open the Name and Location screen. If required, edit the default name of the
vThunder template.
NOTE: If a vThunder template is already installed using the default template

name, you need to edit a new name for the new template to avoid a
conflict.
9. Click Next to open the Storage screen.

10.Select the networks from Select networks screen, where you want to deploy the template.
11.Click Next to open the Customize Template options. For information on the supported
parameters see VMware Properties Supported.
page 20
Feedback
FIGURE 9 VM Tools Properties
12.Customize the IP allocation settings and update the network properties.
FIGURE 10 Customize OVF Template - Network properties
page 21
FeedbackFF
e
13.Click Next to proceed.

The Ready To Complete screen is displayed with details of all the
configured network addresses and properties.
14.Verify that all settings are correct, and click Finish.
The vCenter Server deploys the new vThunder virtual machine.
15.In the virtual machines inventory, select the vThunder virtual machine.
FIGURE 11 Deployment Completed Screen
16.From the menu bar, select Inventory > Virtual Machine > Power > Power On.
page 22
Feedback
Verifying Configuration of vThunder with VMware Tools

To verify the vThunder configuration:
1. Login to vCenter.
2. Open the vThunder CLI console by clicking the CLI icon on the Summary tab of vCenter.
FIGURE 12 Open vThunder CLI Console
3. Open the command prompt for CLI. Check if the version and interfaces are configured according
to the user specified values in vThunder, using the following commands, the IP address of
management interface is configured on vThunder.
vThunder(NOLICENSE)# show interfaces brief
Port Link Dupl Speed Trunk Vlan MAC IP Address IP Name

------------------------------------------------------------------------------------
mgmt Up Full 1000 N/A N/A 0050.5691.6c89 10.1.0.171/24 1
1 Disb None None None 1 0050.5691.eb8d 0.0.0.0/0 0
2 Disb None None None 1 0050.5691.858a 0.0.0.0/0 0
Global Throughput: 0 bits/sec (0 bytes/sec)

Throughput: 0 bits/sec (0 bytes/sec)
vThunder(NOLICENSE)# sh run
!Current configuration: 146 bytes

!Configuration last updated at 01:44:22 GMT Wed Dec 13 2017
!Configuration last saved at 22:18:34 GMT Tue Dec 5 2017
!64-bit Advanced Core OS (ACOS) version 4.1.4, build 211 (Dec-04-2017,05:32)
!
page 23
FeedbackFF
e
interface management
ip address 10.1.0.171 255.255.255.0
ip default-gateway 10.1.0.1
enable
!
VMware Properties Supported

The following VMware Tools configuration parameters are supported for vThunder:
TABLE 1 VMware Tools Configuration Properties

Required/
Configuration Properties Optional Dependencies and Limitations
Management Interface IP address Required Related properties to be configured:
• Management network mask

• Management IP allocation type properties
Management subnet gateway IP address Optional N/A
Management IP allocation type Required Only static configuration is supported.
(static/DHCP)
Management network CIDR (Classless Optional N/A
Inter-Domain Routing)
Management subnet/network mask for Required N/A
the interface configuration
Data interface(s) IP address Required Related properties to be configured:
• Data subnet IP allocation type.

• Data network mask for the interface
configuration.
Data subnet IP allocation type Required Only static allocation is supported.
(static/DHCP)
Data network CIDR Optional N/A
Data network mask for the interface Required N/A
configuration
Network type (management/data) Optional N/A
Labels for the interfaces Optional N/A
Installing vThunder by Using Web Client

You can install vThunder by using the web client. This method is suitable for all ESXi versions and all
ACOS versions. However, VMware Tools is not supported for ACOS 4.1.4-P2 if you install by using the
web client.
Prior to running the installation, ensure that the appropriate vSwitches, port groups, and interfaces are
created. In this example, three interfaces are created, out of which one is a management interface
while the rest of the two interfaces are data interfaces.
page 24
Feedback
For the management interface, the Adapter type must be set to E1000. All data plane interfaces must
be set to Adapter type VMXNET3. For the Network option beside each vNIC, select the network to
which the vNIC is attached. Ensure Connect at Power On is checked for all the interfaces.
NOTE: Setting up a vSwitch and port groups are beyond the scope of this docu-
ment. Refer to the VMware documentation for more details.
Perform the following steps:
1. Navigate to the host URL and launch the Web client.

2. Click Virtual Machines and then click Create/Register VM.
FIGURE 13 Create/Register VM
3. In the New Virtual machine window, click Deploy a virtual machine from an OVF or OVA
file. Click Next.
4. In the Select OVF and VMDK files window, enter the name of the virtual machine.
5. Click the designated area to select the file and then browse to the OVA image. Click Open.
6. After the file is displayed in the box, click Next.
page 25
FeedbackFF
e
FIGURE 14 Select OVF and VMDK Files
7. In the Select Storage window, select an appropriate datastore and click Next.
8. In the license agreements window, scroll to the bottom of the license to click I Agree and then
click Next.
9. In the Deployment options screen, complete the network mappings. Ensure Power on auto-
matically is selected. Click Next.
FIGURE 15 Deployment options
10.Skip the additional settings window by clicking Next.

11.In the Ready to complete window, review the VM properties and click Finish. Click Back to
make any last-minute changes.
The VM deployment takes some time.
page 26
Feedback
12.After the VM is created, click the VM and then open the console.
FIGURE 16 Open the Console
13.Log into vThunder with the default username admin and the default password a10.
login as: admin
Welcome to vThunder
Using keyboard-interactive authentication.
Password:***
type ? for help]
Installing vThunder by Using an ISO Image and vSphere Client

To install vThunder by using an ISO image and vSphere Client, perform the following steps:
1. Click on the ESX host (IP shown), then select the Configuration tab.
2. Navigate to Hardware > Storage and from the available datastores, right-click the required
datastore to select Browse Datastore. The Datastore Browser window is displayed.
page 27
FeedbackFF
e
FIGURE 17 Browse Datastore
3. In the Datastore Browser window, click the Upload icon and then click Upload File.
FIGURE 18 Upload File to Datastore
4. Browse to the location where you have saved the vThunder ISO image and select the image.
The vThunder ISO image is uploaded.
page 28
Feedback
5. Close the Datastore Browser window.

Proceed to install ACOS using vSphere Client.
6. In vSphere Client, to create a new vThunder virtual machine, perform any of the following steps:
• Select Create a new virtual machine from the Getting Started page of the host.
• Select File > New > Virtual Machine.
• Press CTRL+N.
FIGURE 19 Create a New VM
7. In the installation wizard, update the screens as follows:

a. Configuration—Select Typical.
b. Name and Location—Enter a name for the VM.
If you have VMware vCenter installed, you are prompted to select a folder where the vThunder
instance is deployed.
c. Storage—Select the datastore on which you are going to install the vThunder instance.
d. Guest Operating System—Select Other and the version as Other (64-bit).
e. Network—Under Create Network Connections, select the number of virtual network
adapters to create.
In Figure 20, three interfaces are created, out of which one is a management interface while the
rest of the two interfaces are data interfaces.
page 29
FeedbackFF
e
For the management interface, the Adapter type must be set to E1000. All data place
interfaces must be set to Adapter type VMXNET3. For the Network option beside each vNIC,
select the network to which the vNIC is attached.
Ensure Connect at Power On is checked for all the interfaces.
NOTE: Setting up a vSwitch and port groups are beyond the scope of this
document. Refer to the VMware documentation for more details.
FIGURE 20 Create Network Connections
f. Create a Disk—Enter the virtual disk size and select Thick Provisioned Lazy Zeroed.
g. Ready to Complete—To edit the settings further before creating the vThunder VM, check the
Edit the virtual machine settings before completion checkbox and click Continue.
8. Under the Virtual Machine properties window, make the following edits:
a. Under Hardware, select Memory and specify the size.
Select CPUs and specifiy the number.
page 30
Feedback
FIGURE 21 Configure the vCPUs
b. Select New CD/DVD (adding) and ensure Connect at power on is checked. Under Device
Type, for Datastore ISO File, click Browse and select your vThunder ISO image.
c. (Optional) Select New Floppy (adding) and click Remove.
9. Click Finish.
10.Power on the virtual machine and the system boots to the ISO image in the CD/DVD drive.
11.After the installation is complete, log in by using the following credentials:
localhost login: install and Password: password
12.Type YesS at the prompt to verify the installation.
page 31
FeedbackFF
Step 3. Modifying the vSwitch Settings FFee
e
FIGURE 22 Enter YesS
13.Log into vThunder with the default username admin and the default password a10.
login as: admin
Welcome to vThunder
Password:***
[type ? for help]
Step 3. Modifying the vSwitch Settings

By default, VMware only allows packets that are addressed to a virtual machine (such as the vThunder)
to be forwarded to the virtual switch (vSwitch) ports connected to that virtual machine. However, for
proper operation, the vThunder must also be able to receive packets that are not addressed to it, such
as packets addressed to load-balanced servers.
NOTE: The procedure below only applies to VMware's vSwitch. If you are using
a third-party virtual switch, such as the Cisco Nexus or Catalyst Series,
this procedure may not be necessary.
If the vThunder network interfaces are in a tagged VLAN, tagged VLAN mode also must be enabled on
the vSwitch. By default, tagged VLAN support is disabled.
1. Open vSphere Client, if not already open.

2. In the virtual machines inventory, select the host machine on which the vThunder is installed.
page 32
Feedback
Step 3. Modifying the vSwitch Settings
3. Click the Configuration tab.

4. In the Hardware section, click Networking.
5. Click Properties next to the virtual machine to which the vThunder is connected.
6. Click the Port tab.
7. Select the interface.
8. Click Edit.
9. If the vThunder network interfaces are in a tagged VLAN, enter 4095 in the VLAN ID field to enable
tagging. Otherwise, leave the VLAN ID set to None.
NOTE: If you set enter 4095 in the VLAN ID field, both tagged and untagged
packets with any VLAN ID is received by vThunder. If the field is set to
None(0) in the VLAN ID field, only untagged packets are received by
vThunder.
10.Click OK.
11.Click Close to close the Properties tab.
page 33
FeedbackFF
Step 4. Accessing the vThunder Instance FFee
e
Step 4. Accessing the vThunder Instance

Initial configuration of vThunder requires the console. Using the console, you can configure the IP
addresses on the management and data interfaces.
When you access vThunder by using the ESXi console, vThunder initially boots up with an IP address of
172.31.31.31/24. You can access the vThunder instance remotely by using the management interface,
which is also the first interface assigned in VMware. You can access vThunder remotely by using either
the CLI or the GUI.
To access the vThunder instance by using the console, perform the following steps:
1. In the virtual machines inventory, select the vThunder virtual machine.

2. Click the Console tab or right-click and select Open Console.
The Console window is displayed.
3. Click on the console window to activate keyboard support for the console window.
NOTE: While keyboard support is active for a console window, you cannot
interact with other windows. To escape the console, press Ctrl+Alt.
4. You are ready to make the initial configuration changes.

See “Initial vThunder Configuration” on page 39.
Use the following information to log into the vThunder virtual appliance with for the first time when
using the CLI or GUI, as discussed in the next two sections.
• Default management IP address—172.31.31.31 /24

• Default admin username and password—admin, a10
• Default enable password required for configuration access—blank (Press Enter)
Login Using the CLI

1. On a PC connected to a network that can access the vThunder management interface, open an
SSH client.
2. SSH to the vThunder management IP address.
3. Log into vThunder with the default username admin and the default password a10.
login as: admin
Welcome to vThunder
Password:***
[type ? for help]
page 34
Feedback
4. Generally, if this the first time the SSH client has accessed the vThunder instance, the SSH client
displays a security warning. Read the warning carefully, then acknowledge the warning to
complete the connection.
5. Press Enter.
The command prompt for the User EXEC level of the CLI is displayed:
vThunder(NOLICENSE)>
The User EXEC level allows you to enter a few basic commands, including some show commands
as well as ping and traceroute.
NOTE: The vThunder prompt indicates that the vThunder instance is not
licensed.
6. To access the Privileged EXEC level of the CLI and allow access to all configuration levels, enter
the enable command.
7. At the Password: prompt, press Enter.
The command prompt for the Privileged EXEC level of the CLI is displayed as follows:
vThunder(NOLICENSE)#
8. To access the global configuration level, enter the configure command. The following command
prompt is displayed:
vThunder(config)(NOLICENSE)#
9. It is strongly suggested that a Privileged EXEC enable password be set up as follows:

vThunder(config)#enable-password newpassword
Login by Using the GUI

Web access to the vThunder instance is supported on the Web browsers listed in Table 2.
TABLE 2 GUI Browser Support

Browser Windows Linux MAC
IE 10.0 and higher Supported N/A N/A
Firefox 40.0.3 and higher Supported Supported N/A
Safari 3.0 and higher Not Supported N/A Supported
Chrome 45.0.2454.93 and higher Supported Supported Supported
A screen resolution of at least 1024x768 is recommended.
To access the vThunder instance by using the GUI, perform the following steps:
1. Open a supported web browser.

2. In the URL field, enter the IP address of the management interface of the vThunder instance.
3. If the browser displays a certificate warning, select the option to continue to the server (the ACOS
device).
page 35
FeedbackFF
e
NOTE: To prevent the certificate warning from appearing in the future, you can
install a certificate signed by a Certificate Authority.
A login page is displayed as shown in Figure 23. The name and appearance of the dialog depends
on the browser you are using and the specific device which you are trying to access.
FIGURE 23 Example GUI Login Dialog
4. Enter your default username admin and default password A10 and click Login.
The Dashboard is displayed as shown in Figure 24, showing at-a-glance information for your
vThunder instance. You can access this page again at any time while using the GUI by selecting
Dashboard. Refer to the GUI online help for detailed information about this and all other GUI
screens.
page 36
Feedback
FIGURE 24 Dashboard
NOTE: GUI management sessions are not automatically terminated when you
close the browser window. The session remains in effect until it times
out. To immediately terminate a GUI session, click the Sign Out icon in
the menu bar.
page 37
FeedbackFF
e
page 38
Initial vThunder Configuration
This chapter provides information about the initial vThunder configuration.
The procedure for applying a license to a vThunder instance depends on the type of license that you
have and is documented separately in the licensing guides. For more information, see “Global License
Manager and Types of vThunder Licenses” on page 8.
Changing the Admin Password

A10 Networks recommends that you change the admin password immediately for security.
vThunder(config)#admin admin password newpassword

vThunder(config-admin:admin)#
The vThunder is now network accessible for configuration under the new IP address and admin
password.
NOTE: By default, Telnet access is disabled on all interfaces, including the

management interface. SSH, HTTP, HTTPS, and SNMP access are
enabled by default on the management interface only, and disabled by
default on all data interfaces.
Saving the Configuration Changes—Write Memory

Configuration changes must be saved to system memory to take effect the next time the vThunder is
powered on. Otherwise, the changes are lost if the vThunder virtual machine or its host machine are
powered down.
To write the current configuration to system memory, run the following command:
vThunder(config)# write memory

Building configuration...
[OK]
Feedback page 39
FeedbackFF
Configuring the Management Interface FFee
e
Configuring the Management Interface

The following procedure discusses the assignment of an IP to the management interface of the
vThunder:
1. Configure the management interface IP address and default gateway. Starting with ACOS release
4.1.0, ACOS obtains an IP address for the management interface in the following order:
a. If there is a management port IP configuration (either a static IP address or DHCP) in the active
startup-config file, then ACOS either assigns the static IP to the vThunder management
interface or attempts to get the IP address from the DHCP server.
b. If there is no management port IP configuration (neither a static IP address nor DHCP), then
vThunder attempts to get an IP address from an accessible DHCP server.
c. If vThunder cannot obtain an IP address from a DHCP server, then the default static IP address
of 172.31.31.31/24 is used.
NOTE: The management interface is an out-of-band interface and should not be

on the same subnet as any of the data interfaces. If the management
interface and the data interfaces are not kept in separate IP subnets,
some operations such as pinging may not perform as expected.
In the following example, the IP address for the management interface is 192.168.2.228. None of
the data interfaces should have an IP address of 192.168.2.x.
vThunder(config)#interface management
vThunder(config-if:management)#ip address 192.168.2.228 /24
vThunder(config-if:management)#ip default-gateway 192.168.2.1
2. Verify the interface IP address change:

vThunder(config-if:management)#show interface management
GigabitEthernet 0 is up, line protocol is up.
Hardware is GigabitEthernet, Address is xxxx.yyyy.zzzz
Internet address is 192.168.2.228, Subnet mask is 255.255.255.0
...
3. Optionally, configure the ACOS device to use the management interface as the source interface for
automated management traffic generated by the ACOS device:
ACOS(config-if:management)#ip control-apps-use-mgmt-port
(For more information, see the “Management Interface as Source for Automated Management Traffic"
chapter in the System Configuration and Administration Guide.)
vThunder(config-if:management)#exitvThunder(config)#
page 40
Feedback
Support for Non-dedicated Management Port Mode
Support for Non-dedicated Management Port Mode

Beginning with release 2.7.2-P4, ACOS offers the ability to run vThunder for VMware in “non-dedicated
management port mode”. While in this mode, only one network adapter (VMXNET3 device driver) is
used for all the interfaces (both data and management). This ability is in contrast to previous releases,
in which the E1000 device driver was typically used as the driver for a dedicated management interface
and a different driver was used for the data ports.
In releases prior to 2.7.2-P4, it was typical for a regular vThunder for VMware instance to have drivers
assigned to ports as shown in Table 3 below. The interfaces could have different drivers assigned to
the different interfaces.
TABLE 3 Drivers Assigned to Ports

Mgmt and data ports use different drivers All ports use VMXNET3 driver
Eth1 – E1000 Eth1 – VMXNET3
Eth2 – VMXNET3 Eth2 – VMXNET3
Eth3 – VMXNET3 Eth3 – VMXNET3
When all interfaces use the VMXNET3 driver, there is non-dedicated management interface, and any
random port can be used to provide management access. Non-dedicated management port mode can
be helpful if you are running vThunder for VMware in an environment where it may not be possible to
have a dedicated management port.
Configuring Non-dedicated Management Port Mode

Non-dedicated management port mode cannot be enabled or disabled through the CLI or GUI. Instead,
the feature is enabled automatically by a new algorithm in the code.
This new algorithm runs a check whenever a new vThunder for VMware instance is booting. The
algorithm checks for the presence of a dedicated management interface (“eth0”), and if it does not
exist, then ACOS automatically enables the “non-dedicated management port mode”.
As ACOS is performing this check during bootup, the algorithm also checks the startup config file. If the
startup config file is empty, then ACOS populates the config file with the configuration shown below.
This config file defines the interface and allows it to receive an IP address from a DHCP server.
The following is an example of a config file if the admin had created a vThunder instance with 3
interfaces. The number of interfaces in the config file can vary as needed.
interface ethernet 1
enable
ip address dhcp
!
page 41
FeedbackFF
Support for Non-dedicated Management Port Mode FFee
e
enable
ip address dhcp
!
enable
ip address dhcp
!
enable-management service ssh ethernet 1 to 3
enable-management service http ethernet 1 to 3
enable-management service https ethernet 1 to 3
enable-management service snmp ethernet 1 to 3
Guidelines for Non-dedicated Management Port Mode

• If a vThunder instance is running in “non-dedicated management port mode,” then a DHCP server
should be set up for at least one of the interfaces to ensure that management access is possible.
• The auto-populated contents of the config file that is automatically created when the “non-dedi-
cated management port mode” is enabled (i.e., the sample shown above) should not be deleted
or modified, or this may cause the feature to stop working.
• This feature applies to vThunder for VMware and does not apply to any other hypervisor flavors
upon which vThunder can run.
• This feature is supported in the following releases: ACOS 2.7.2-P4 through 2.7.2-P9, and ACOS
4.1.1 and later.
page 42
Feedback
Adding Extra Ethernet Data Interfaces
Adding Extra Ethernet Data Interfaces

The vThunder has two data interfaces by default. You can add more data interfaces as needed. Before
adding an interface, see “Adding Extra Port Groups” on page 44.
NOTE: vThunder does not support hot-swapping Ethernet ports. To add a new
data port, you must stop the running instance, add the new port or delete
an existing port, and then restart the vThunder instance.
To add a data interface:
1. In the virtual machines inventory, select the vThunder virtual machine.

2. Click the Getting Started tab, if the page is not already displayed.
3. On the Getting Started page, select Edit virtual machines settings.
The Virtual Machine Properties dialog is displayed.
4. Click Add.
The Add Hardware dialog is displayed.
5. Select Ethernet Adapter and click Next.
6. In the Adapter Type section, select vmxnet3 from the Type drop-down list.
If not available, manually add it first.
NOTE: The type for data interfaces is “vmxnet3”, and the type for the
management interface is “e1000”.
NOTE: To enable “non-dedicated management port mode”, make sure the

management interface type is set to “vmxnet3” and not “e1000”. All
interfaces should be set to the same driver/adapter (“vmxnet3”). See
“Support for Non-dedicated Management Port Mode” on page 41 for
information.
7. In the Network Connection section, select the vSwitch for the new vThunder interface, and click
Next.
8. Review the configuration information to ensure it is correct, and then click Finish.
The vThunder interface is added to the port group on the vSwitch.
9. Reboot the vThunder virtual machine by performing the following steps:
a. In the virtual machines inventory, select the vThunder virtual machine.
b. From the menu bar, select Inventory > Virtual Machine > Power > Reset.
page 43
FeedbackFF
Adding Extra Port Groups FFee
e
CAUTION: You must reboot the vThunder instance after adding/deleting an

Ethernet port, or performance issues may occur.
10.To verify the new interfaces, log onto the vThunder instance using the CLI and enter the following
command:
show interface brief
Compare the MAC addresses of the ACOS interfaces with the MAC addresses on the network
interfaces configured in VMware for the vThunder. They should match.
Adding Extra Port Groups

vThunder requires a separate port group for each vThunder interface (Management, Ethernet 1, and
Ethernet 2), configured before you begin vThunder installation. If the port groups are not already cre-
ated in your ESXi, create them using the steps below.
To add a port group to a vSwitch:
1. Start vSphere Client and log onto the VMware host system.
2. In the Inventory, select the host.
3. Click the Configuration tab and select Networking.
4. In the right column, select Properties next to the virtual switch (vSwitch) name.
5. Click Add.
6. Select Virtual Machine as the connection type, and click Next.
7. Edit the name in the Network Label field.
This is the name you will select in “Step 2. Installing the vThunder Instance” on page 14.
8. If your ESXi physical interface is not tagged, leave the VLAN ID set to 0. If your ESXi physical inter-
face is tagged, set the VLAN ID to the VLAN tag number.
9. Click Next, then click Finish.
10.Repeat for each port group.
The vThunder interfaces must be in separate port groups.
11.Click Close.
page 44
Advanced vThunder Configuration
This chapter provides details on how to configure specific advanced features for vThunder.
About Jumbo Frames

A jumbo frame is an Ethernet frame with a payload greater than the standard maximum transmission
unit (MTU) of 1,500 bytes. This modification improves vThunder throughput and performance.
Additional advantages of enabling jumbo frames include reduced interrupts and lower RAM utilization.
For vThunder, jumbo frames are supported on ACOS versions 2.7.x, 2.8.x and 4.x.
The following is a list of limitations and requirements for running jumbo frames on vThunder:
• The vThunder instance must be running on top of an Intel 10Gb Ethernet Controller.
• Jumbo frames are not supported on 1Gb NICs.
• Supported jumbo frame packet types include: ICMP, UDP and TCP
• vThunder can support jumbo frame packets up to a maximum size of 9216 bytes.
• Memory assigned to the VM must be greater than 8 GB if using Jumbo Frames.
Enabling Jumbo Frames on the Host Side for ESXi

Before you enable Jumbo Frames on vThunder, see the documentation about Enabling Jumbo Frames
at https://pubs.vmware.com.
Enabling Jumbo Frames for vThunder

By default, Jumbo Frame support is disabled. Use the following appropriate CLI command to enable
Jumbo Frame support on a vThunder data interface:
• For ACOS version 2.7.x: enable-jumbo
• For ACOS version 4.1.x: system-jumbo-global enable-jumbo
Set the MTU size on the vThunder data interface to a value ranging from 1500 to 9216 bytes. The
configured value must be larger than any jumbo packet expected to arrive on that data interface. The
command is mtu bytes.
Feedback page 45
FeedbackFF
About System Polling Mode and Interrupt Mode FFee
e
You can enable jumbo support on a global basis. In this case, the MTU is not automatically changed on
any interfaces, but you can increase the MTU on individual interfaces.
About System Polling Mode and Interrupt Mode

Previous ACOS releases support Interrupt mode, but beginning with ACOS 4.1.1, vThunder also offers
support for System Polling mode.
NOTE: Starting from ACOS 4.1.4-P2, all vThunder instances running on VMware
ESXi support only Poll mode. Interrupt mode is not supported.
Both Interrupt mode and System Polling mode are features designed to handle I/O events generated
from the devices. The basic difference between the two modes is that Interrupt mode is hardware-
triggered only when a device requires the attention of the CPU, whereas System Polling mode is a
protocol that enables constant polling of the devices at regular intervals. In general, System Polling
mode tends to be faster than the Interrupt mode for most applications.
System Polling mode uses the Intel Data Plane Development Kit (DPDK), which is a set of data plane
libraries and network interface drivers that can be used to accelerate fast-packet processing. DPDK
maximizes throughput and minimizes packet processing time through several methods, such as
bypassing the kernel, processing packets in the user space, and using polling instead of interrupts.
For more information, refer to the following:
• To enable or disable System Polling mode, refer to “Enabling System Polling mode” on page 47.
• If you have System Polling mode enabled, you can dynamically set the maximum upper limit of
cores dedicated to
I/O processing. Refer to “Setting the Maximum Limit of Cores for I/O Processing” on page 48.
• For the Support Matrix for System Polling mode, refer to the vThunder Feature Matrix.
Important Information About System Polling Mode and Interrupt Mode

• Starting from ACOS 414-P2, only Poll mode is supported.
• The CPU utilization on the host running vThunder is high for the following scenarios:
• For vThunder running ACOS version earlier than ACOS 4.1.4-P2, with four or more vCPUs, and
poll mode enabled through the CLI.
• For vThunder running ACOS version later than or equal to ACOS 4.1.4-P2, with four or more
vCPUs or with less than four vCPUs but with high incoming traffic to the VM.
• The CPU Round Robin feature is not supported for vThunder instances running on Interrupt
mode. The CPU Round Robin feature is enabled by default on all ACOS systems. If you are run-
page 46
Feedback
About System Polling Mode and Interrupt Mode
ning vThunder in Interrupt mode, run the following command in configuration mode to disable
the CPU Round Robin feature: system cpu-load-sharing disable
• Starting with ACOS versions 411-P3 and 412-P1 and till 414-P1, vThunder instances with four or
more vCPUs run in polled mode by default and switch to interrupt mode for less than 4 vCPUs.
For earlier ACOS versions, the default mode for vThunder instances is interrupt mode. If a
vThunder instance is upgraded, it continues to run in the same configuration as before.
• If you are planning to switch to Interrupt mode or reduce the number of vCPUs to less than 4, you
must first disable Jumbo Frames. To disable Jumbo Frames, run the command no system-
jumbo-global enable-jumbo.
• Depending on the platform, vThunder instances may experience high latency when directly
connected to a Linux server by a virtual switch. Interrupt Mode has higher latency than System
Polling mode, but System Polling mode has slightly higher latency than the ACOS hardware
platforms.
Enabling System Polling mode
NOTE: This procedure is not supported for ACOS 414-P2 and later versions.
For those ACOS versions for which system polling mode is disabled by default, run the following
procedure to enable System Polling mode:
1. Use the following CLI command from global config mode:

vThunder(config)#system-poll-mode enable
2. Exit global config mode and reboot the vThunder instance using the following command:
vThunder(config)#exit
vThunder#reboot
After vThunder finishes rebooting, System Polling Mode will be enabled.

3. To verify System Polling Mode is enabled on the vThunder instance, check the output from the
show version command:
vThunder(config)#show version
Thunder Series Unified Application Service Gateway vThunder
Copyright 2007-2016 by A10 Networks, Inc. All A10 Networks products are
protected by one or more of the following US patents:
9294503, 9294467, 9270774, 9270705, 9258332, 9253152, 9219751, 9215275
9154584, 9154577, 9124550, 9122853, 9118620, 9118618, 9106561, 9094364
9060003, 9032502, 8977749, 8943577, 8918857, 8914871, 8904512, 8897154
8868765, 8849938, 8826372, 8813180, 8782751, 8782221, 8595819, 8595791
8595383, 8584199, 8464333, 8423676, 8387128, 8332925, 8312507, 8291487
8266235, 8151322, 8079077, 7979585, 7804956, 7716378, 7665138, 7647635
7627672, 7596695, 7577833, 7552126, 7392241, 7236491, 7139267, 6748084
6658114, 6535516, 6363075, 6324286, RE44701, 8392563, 8103770, 7831712
7606912, 7346695, 7287084, 6970933, 6473802, 6374300
page 47
FeedbackFF
About System Polling Mode and Interrupt Mode FFee
e
64-bit Advanced Core OS (ACOS) version 4.1.1, build 193 (Sep-09-2016,01:04)

Booted from Hard Disk primary image
Licenses: Bandwidth
Serial Number: vThunder1000023595
aFleX version: 2.0.0
aXAPI version: 3.0
Hard Disk primary image (default) version 4.1.1, build 193
Hard Disk secondary image version 4.1.1, build 183
Last configuration saved at Sep-9-2016, 17:53
Virtualization type: <hypervisor-name>
System Polling Mode :On <-- indicates System Poll Mode is enabled.
Build Type: Internal
Hardware: 4 CPUs(Stepping 5), Single 12G Hard disk
Memory 4043 Mbyte, Free Memory 1745 Mbyte
Hardware Manufacturing Code: N/A
Current time is Sep-9-2016, 21:59
The system has been up 0 day, 0 hour, 10 minutes
4. (Optional) You can disable System Polling Mode using the “no” form of the command, as shown
below.
Then, reboot the vThunder instance:
vThunder(config)#no system-poll-mode enable
vThunder#reboot
Setting the Maximum Limit of Cores for I/O Processing

For vThunder devices that are running with System Polling Mode enabled and with ACOS version 4.1.1-
P2 or later, you can dynamically set the maximum upper limit of cores dedicated to I/O processing.
ACOS allocates the available CPUs for performing Control, Packet Processing, and for Packet I/O. In
some situations, such as for handling SSL traffic, it may make more sense to limit the number of CPUs
allocated to Packet I/O. This is because SSL traffic tends to be more bound to the Data CPUs and less
bound for the I/O CPUs. Therefore, with heavy SSL traffic, restricting the number of I/O cores will free
up more Data CPUs, and this will achieve better throughput.
ACOS 4.1.1-P1 and prior releases do not support the ability to set the maximum number of I/O CPU
cores. Therefore, before downgrading from 4.1.1-P2 to 4.1.1-P1, A10 recommends changing the I/O
CPU core number back to its default value to prevent disruption. (Bug 371266).
NOTE: You must reboot the vThunder instance after running the system io-
cpu max-cores command to activate the configuration.
After you have enabled System Polling Mode per the instructions above, you can set the max I/O cores
as follows:
1. Use the following CLI command from global config mode:

vThunder(config)# system io-cpu max-cores <number range is system-dependent>
page 48
Feedback
About SR-IOV and DirectPath I/O
2. Exit global config mode and reboot the vThunder instance using the following command:
vThunder#reboot
After vThunder finishes rebooting, System Polling Mode will be enabled, with the new upper limit
for I/O cores in place.
3. You can check that the Max I/O cores config is in effect by using the following show command:
vThunder(config)# show cpu
Time: 10:54:29 UTC Wed Feb 22 2017
--------------------------------------------------------
Control1 5% 4% 4% 10% 27%
Data1 0% 0% 0% 0% 0%
Data2 0% 0% 0% 0% 0%
I/O1 0% 0% 0% 0% 0%
Details:
• As a minimum requirement for using System Poll Mode with vThunder for VMware, the server
must be running VMware ESXi 5.0, Update 1 (or newer).
• The vThunder vCPU can be in either System Poll Mode or Interrupt Mode. If the vThunder
instance is using the newer System Poll Mode, and if the interface driver is VMXNET3, then
Jumbo Frames are not supported. However, Jumbo Frames are supported if the vThunder
instance is using Interrupt Mode.
• For Direct Passthrough and SR-IOV, only polling mode is supported.

Starting from the 4.1.2 P1 release, you can configure vThunder instances running on ESXi for Single
Root I/O Virtualization (SR-IOV) or DirectPath I/O. SR-IOV enables a single supported NIC to be
assigned as separate logical NICs for multiple vThunder instances. DirectPath I/O enables a supported
NIC to be assigned exclusively to a single vThunder instance.
Both SR-IOV and DirectPath I/O are recommended for running applications with very high packets and
low latency requirements. Both of these features do not support some key virtualization functions. For
more information on the limitations, refer to vmware.com/support/pubs.
For more information, refer to the following:
• To understand the prerequisites for vThunder, refer to “Prerequisites for Running SR-IOV or
DirectPath I/O” on page 50.
• To configure SR-IOV for a vThunder instance, refer to “Configuring SR-IOV” on page 51.
page 49
FeedbackFF
About SR-IOV and DirectPath I/O FFee
e
• To configure DirectPath I/O for a vThunder instance, refer to “Configuring DirectPath I/O” on
page 52.
• For more information on SR-IOV and DirectPath I/O and how to configure these for ESXi, refer to
vmware.com/support/pubs.
Prerequisites for Running SR-IOV or DirectPath I/O

Ensure the following list of prerequisites are met for enabling SR-IOV or DirectPath I/O on vThunder:
• The hardware platform supports Intel VT-d or IOMMU.
• The NIC selected for either SR-IOV or DirectPath I/O belongs of one of the following types:
• Intel 82599 10 GbE Controller

• Intel Ethernet Converged Network Adapter X710 and XL710 (starting from ACOS 414)
• The vThunder instance is configured with four or more CPUs.
• The NIC and BIOS settings are enabled for either SR-IOV or DirectPath I/O. Refer to your platform
and NIC documentation for more information.
• For SR-IOV, the supported ESXi version is 5.1 or higher.
For DirectPath I/O, the supported ESXi version is 4.0 or higher.
Limitations for Running SR-IOV or DirectPath I/O

The following are the list of limitations for running SR-IOV or DirecPath I/O:
• For 82599 and X710, SR-IOV and DirectPath I/O for VMware ESXi is not supported in Interrupt
mode. Configure Poll mode to support SR-IOV. XL710 supports both Poll mode and Interrupt
mode.
• Tagged VLANs may not work if you configure SR-IOV for X710 and XL710. To resolve the issue,
upgrade the ESXi host to 6.5 or newer and reboot the vThunder instance. Upgrade the ESXi host
side i40e driver to version 2.0.6 or newer and reboot. Refer to https://my.vmware.com/web/
vmware/details?downloadGroup=DT-ESXI60-INTEL-I40E-206&productId=491 and
https://kb.vmware.com/s/article/2137853. Finally, remove the existing i40en driver and reboot
the system by using the command esxcli software vib remove -n i40en.
• For X710 and 82599, interfaces must be deleted in the reverse order of their addition.
For example, in an example vThunder system, the following interfaces are available:
eth1— 0000:06:00.0
eth2— 0000:06:01.0
eth3— 0000:06:02.0
eth4— 0000:06:03.0
page 50
Feedback
If eth3 is added at first, followed by eth2 and eth1, the following order is expected:
eth3— 0000:06:03.0
eth2— 0000:06:01.0
eth1— 0000:06:00.0
However, the interface order is auto-changed as follows:

eth1— 0000:06:00.0
eth2— 0000:06:01.0
eth3— 0000:06:03.0
• Before importing a vThunder instance as an OVF template, remove the SR-IOV or Direct
Passthrough interfaces from the vThunder instance.
• For vThunder in ESXi host, a mixture of SR-IOV or Direct Passthrough and VMXNET3 data inter-
faces are not supported. As a workaround, delete the last interface and then add it again.
• Promiscuous mode is not allowed in a VF.
• For X710 and 82599, the mulicast packets received by the ESXi Host NIC are dropped when SR-
IOV is enabled for the two VFs created from one physical NIC. However, vThunder can send out
the multicast packets.
• Jumbo Frames are not supported for the vThunder instance installed with the 82599 card and
with DPDK and SR-IOV enabled.
• VCS, VRRP, and IPv6 functions are not supported for the vThunder instance installed with the
X710 card and SR-IOV enabled. RIP, OSPF, ISIS, and BGP routing protocols are not supported.
However, unicast modes, such as VRRP-A unicast is supported.
• Tagged VLAN traffic does not work for the vThunder instance configured with the 82599 SR-IOV
interface.
Configuring SR-IOV
Configuring SR-IOV is a two-step process. First, you must define the virtual functions of the NIC by
using the ESXi CLI. Next, you must add the virtual function to the vThunder instance. A virtual function
can be mapped to only one vThunder instance.
Before configuring SR-IOV, check that your system meets the prerequisites outlined in “Prerequisites
for Running SR-IOV or DirectPath I/O” on page 50. Perform the following steps to configure SR-IOV:
1. Log into the ESXi shell and run the following command to get the current configuration of your
vmnic:
esxcli system module parameters list -m NIC_Driver_Module
For example, for the i40e vmnic, the command is:
esxcli system module parameters list -m i40e
2. Run the following command to define the maximum number of virtual functions for the vmnic:
esxcli system module parameters set -m NIC_Driver_Module -p "max_vfs=n"
page 51
FeedbackFF
About SR-IOV and DirectPath I/O FFee
e
For example, for the i40e vmnic, to enable two virtual functions each for the seventh and eighth
vmnics, the
command is as follows:
esxcli system module parameters set -m i40e -p "max_vfs=0,0,0,0,0,0,2,2"
3. Run the esxcli system module parameters list -m i40e command to check if the settings are
correct.
4. Restart the ESXi host for the changes to take effect.
5. Select the vThunder instance in the vSphere client.
Do not power on the VM.
6. Right-click the VM and select Edit Settings.
The Virtual Machines Properties window is displayed.
7. In the Virtual Machines Properties window, select Add.
The Add Hardware window is displayed.
8. In the Add Hardware window, select PCI Device and click Next.
The Choose PCI device window is displayed.
NOTE: Do not select Ethernet Adapter for adding a SR-IOV NIC.
9. In the Specify the physical PCI/PCIe Device to connect to drop-down menu, select the
virtual function and click Next and then Finish.
There are four virtual functions listed in the drop-down menu according to the configuration you
specified in step 2.
In the Virtual Machines Properties window, you see an addition under New PCI Device.
10.Click OK.
11.Power on the VM for the changes to take affect.
Configuring DirectPath I/O

Configuring DirectPath I/O is a two-step process. First you must activate the DirectPath I/O NIC in the
ESXi host and then add the device to the vThunder instance.
NOTE: Direct Passthrough is not supported with interrupt mode.
Before configuring DirectPath I/O, check that your system meets the prerequisites outlined in
“Prerequisites for Running SR-IOV or DirectPath I/O” on page 50.
Perform the following steps to configure DirectPath I/O:
1. Select the ESXi host from the vSphere client.
page 52
Feedback
2. In the Configuration tab, click Hardware Advanced Settings.

The Configuration page lists all available DirectPath I/O devices.
A DirectPath I/O device with a green icon is enabled and active. A DirectPath I/O device with an
orange icon is disabled. Reboot the host to enable the device.
3. Click Edit.
4. Select the NIC for DirectPath I/O and click OK.
5. Restart the ESXi host for the NIC to become active as a DirectPath I/O device.
6. Select the vThunder instance in the vSphere Client. Do not power on the VM.
7. Right-click the VM and select Edit Settings.
The Virtual Machines Properties window is displayed.
8. In the Virtual Machines Properties window, select Add.
The Add Hardware window is displayed.
9. In the Add Hardware window, select PCI Device and click Next.
The Choose PCI device window is displayed.
NOTE: Do not select Ethernet Adapter for adding a DirectPath I/O device.
10.In the Specify the physical PCI/PCIe Device to connect to drop-down menu, select the
virtual function and click Next and then Finish.
11.In the Virtual Machines Properties window, you see an addition under New PCI Device.
12.Click OK.
13.Power on the VM for the changes to take affect.
Configuring vThunder for High Throughput

vThunder supports 40G XL710 NIC cards that can be used to provide a throughput of about 100 Gbps.
The following configuratons must be supported for installing a minimum of four 40G XL710 NIC cards:
• A minimum of 16 vCPUS.
• A minimum of 16 GB memory and 20 GB hard drive space
• Set the interface type to PCI Passthrough.
• Disable hyperthreading.
Refer to your system manual for specific information to disable hyperthreading.
• Enable CPU pinning and static allocation.
The procedure is dependent on your operating system, refer to your operating system manual.
page 53
FeedbackFF
Additional Resources—Where to go from here? FFee
e
• Configure ACOS in poll mode.

For more information, see Enabling System Polling mode.
• If the host is a dual-socket machine, it is recommeded to pin the cores from both NUMA nodes
equally.
Additional Resources—Where to go from here?

After you have logged into the vThunder GUI or CLI, you may be in need of assistance to configure the
device. More information can be found in the latest ACOS Release Notes. This document has a list of
new features, known issues, and other information to help get you started.
It is also highly recommended to use the basic deployment instructions that appear in the System
Configuration and Administration Guide.
Feature information is available for ACOS products in the ACOS documents, which are available on the
A10 Networks support site.
Some relevant links included are:
• vThunder datasheet: https://www.a10networks.com/sites/default/files/A10-DS-vThunder.pdf
• vThunder Trial license: https://glm.a10networks.com/trials/new
• A10 Networks documentation: https://documentation.a10networks.com/
page 54
vThunder on VMware ESXi
page 55
CONTACT US
5 a10networks.com/contact
VTHUNDER ON VMWARE ESXI 9 NOVEMBER 2018

A10 VT VMWARE-ESXi Lib3.3 PDF

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

A10 VT VMWARE-ESXi Lib3.3 PDF

Transféré par

Droits d'auteur :

Formats disponibles

Installing vThunder on VMware ESXi

A10 NETWORKS INC. SOFTWARE LICENSE AND END USER AGREEMENT

Introduction to Installing vThunder on VMware ESXi ................................................................... 5

Installing vThunder on VMware ESXi .......................................................................................... 13

Initial vThunder Configuration .................................................................................................... 39

Advanced vThunder Configuration ............................................................................................. 45

Introduction to Installing vThunder on VMware ESXi

FIGURE 1 vThunder for VMware ESXi

Minimum System Requirements

• 1 CPU (Intel VT-d enabled)

• 2 Ethernet ports (1 management interface and 1 data interface)

The vThunder instance must meet the following minimum requirements:

• 10 GB for ACOS 2.7.x and earlier

• For ADC features – ACOS Release 2.7.1, or later

NOTE: “1 Mgmt + 1 data interface” configuration is supported for TPS TAP

Recommended System Requirements

• 1 CPU (Intel VT-d enabled)

• 3 Ethernet ports (1 management interface and 2 data interfaces)

The vThunder instance must meet the following recommended requirements:

• For ACOS 4.1.4 and later versions, 16 GB RAM memory.

• 10 GB for ACOS 2.7.x and earlier

• For ADC features – ACOS Release 4.1.4-P2 or later

Global License Manager and Types of vThunder Licenses

• Trial license—Create a trial license in the ACOS GUI.

All licensing documents are available under Licensing User Guides at

• Management – Dedicated management interface

• Ethernet 1 – Data interface

• Ethernet 2 – Data interface

FIGURE 2 vThunder for VMware ESXi Interfaces

Incorrect CPU Display

vThunder#show version | inc CPU

Data1 3% 20% 11% 6% 5%

Non-promiscuous Mode Limitations

• VE interfaces can be bound to only 1 tagged/untagged physical interface

• VE MAC address assignment scheme changes are not supported

NOTE: When making the transition from promiscuous mode to non-promiscu-

High Availability Limitations

Installing vThunder on VMware ESXi

The workflow is as follows:

• Step 1. Downloading the vThunder Image

• Step 2. Installing the vThunder Instance

• Step 3. Modifying the vSwitch Settings

• Step 4. Accessing the vThunder Instance

Step 1. Downloading the vThunder Image

To download the vThunder software (licensed), see the following URL:

Step 2. Installing the vThunder Instance

To download a specific vThunder image, login to the support portal at

• “Installing vThunder by Using vSphere Client” on page 14

• “Installing vThunder by Using vCenter Server” on page 18

• “Installing vThunder by Using Web Client” on page 24

• “Installing vThunder by Using an ISO Image and vSphere Client” on page 27

Installing vThunder by Using vSphere Client

NOTE: vSphere Client is not supported from ESXi 6.5 onwards

FIGURE 3 OVF Template Details Screen

5. Click Next to view the End User License Agreement screen.

FIGURE 4 Name and Location Screen

NOTE: If a vThunder template is already installed using the default template

FIGURE 5 Deploy OVF Template - Network Mapping

17.Click Next to proceed. The Ready To Complete screen is displayed.

FIGURE 6 Ready to Complete Screen

Installing vThunder by Using vCenter Server

Adding a New ESXi Hypervisor Host to vCenter

Deploying the OVF Template