Remediation of networks, network sets, and logical interconnects

Remediation converts a noncompliant health state of an HPE OneView resource to a compliant health state with APIC policy definitions.

Fabric Manager supports remediation of inconsistent resources associated with End-Point Groups that have intra EPG isolation and micro segmentation configurations. The support for intra EPG isolation and micro segmentation requires PVLAN on the interconnect modules.

The following conditions prevent the fabric manager from synchronizing with network policies:

  • One or more networks connected across uplink sets in a logical interconnect within HPE Synergy have the same VLAN tag.

  • The two networks are shared across tenants.

When a fabric manager is non compliant with APIC network policies, a software remediation enables a fabric manager to synchronize with network policies. A compliance report is generated immediately after adding a fabric manager and is updated again after remediation. The compliance report details actions that you can perform to remediate inconsistencies. There are indicators for compliant, noncompliant, acknowledged, and compliance-check progress for each resource.

Every tenant might have a list of consistent and inconsistent details based on the compliance records generated for a tenant. Each inconsistency is attributed with a resolution action. A configurable option is available for every Fabric Manager to remediate the inconsistency (eligible for auto remediation) of its tenants automatically or with user confirmation. An inconsistency appears in the form of an alert that is cleared when the reported inconsistency is resolved automatically or manually.

Individual inconsistency of a tenant can be acknowledged to avoid consistency tracking, alert raising, and remediation process. To exclude a tenant from consistency tracking, the desired tenant must be removed from the monitored list of tenants. A fabric manager is compliant only when all the resource inconsistencies are either acknowledged or remediated.

IMPORTANT:
  • To avoid inconsistency alerts with fabric manager initiated remediation on the logical interconnect, Hewlett Packard Enterprise recommends that the consistency option be Not checked for the referenced logical interconnect group.

  • Network set must not be used in the logical interconnect uplink sets for ACI integration.

    Network set may be used in the logical interconnect group uplink sets with the recommendation that the consistency checking option as Not checked. A logical interconnect can have different network configuration than logical interconnect group without any inconsistency alert. In this case, the Update from group action does not erase the existing logical interconnect configurations done through fabric manager.

    The server profile template can use the same network set used with the logical interconnect group uplink set.

  • Logical interconnect group must not use the consistency checking option as Exact Match because the Update from group action erases the logical interconnect configuration done through fabric manager.

  • When an EPG is removed from a tenant or its VLAN configuration is changed at APIC, the referenced network is removed from the uplink set, but the network removed from the uplink set is not added to the internal networks. If the network is not used by any HPE OneView resource, the network is deleted. So if the same VLAN is used with other EPG, the name of the network created follows the naming convention based on the new EPG configuration.

Auto remediation fails in the following conditions:
  • HPE OneView configuration conflict with the fabric manager remediation and thereafter remediation is reported as manual due to detection of conflicting configuration. You have to either resolve or acknowledge the conflict manually to restore consistency.

  • HPE OneView resource manager in a state (such as a busy state), which makes it unable to accept the remediation request. The next attempt of the remediation would be successful. Until the remediation is not successfully delivered, the remediation action is seen in the inconsistency details for the respective fabric manager.

More Information

Fabric managers

Remediation of network sets on existing downlink connections