# How to Make a Disguise Fabric in ~~6~~ 7 Easy Steps Disguise Fabric is a preconfigured Mellanox 100 Gigabit network switch sold by disguise in order to reduce support inquries. For disguise's less technically inclined customers who want to simply deploy Renderstream, or IP VFC Cards (albeit in a very limited capacity) the fabric represents a turnkey solution, however it offers little value to Fuse due to its inflexible (Locked) configuration, small port capacity, and high price point. In this document I will outline what configuration goes into a fabric switch, provide steps and hints on how to recreate this configuration, and then provide an additional set of configuration advice/options that I feel are lacking in disguise's offering. ## 1. Acquire Switches As far as 100 gigabit class switches go, Mellanox (Now owned by NVIDIA) is a good choice for the entertainment industry. Mellanox switches have a Web UI, which is unusal in this class of switches where most devices are command line only. While I'm perfectly happy to configure switches via command line, I find that especially in our industry having a web UI is a useful feature, especially for providing at a glance understanding of issues and troubleshooting with less experienced technicians and operators. ### Switch Models Mellanox Switches are available in a wide variety however this guide will focus on devices that use the Spectrum 2 chipset, specifically the following models: **SN2100** 1/2 Rack Width 16@ 100G Ports (This is what a disguise Fabric is) **SN2010** 1/2 Rack Width 18@ 25G Ports, 4@ 100G Ports **SN2700** Full Rack Width 32@ 100G Ports (Can be licensed to have only 16 active ports) ### Switch Brands These switches are sold under at least 3 brands, **NVIDIA, Mellanox, and HP**. At some point HP had a product offering called StoreNext where they sold turnkey SAN systems that used rebranded Mellanox Switches. In my experience (I have 2 HP Branded Switches) there is no difference between any of these switches other than branding. I was easily able to upgrade even my oddball HP units to the latest NVIDIA branded firmware, however the Brand graphic in the upper left Still says Hewlett Packard. ### Switch OS When buying switches it is important to understand what OS the switch is running. Since these things are basically linux servers the switches are generally available in 3 configurations 1. Mellanox Onyx This is the one we want, and is what disguise fabric runs, and has a web UI 2. Cumulus Linux This is a specially licensed version of Linux used as a Network Operating System (NOS) While this may work, I have not explored any configuration options 3. ONIE An ONIE switch is effectively a bare metal switch running a bootloader that the customer can install any NOS on. This switch will not work out of the box. We need switches running **ONYX** so it is best to buy those, however, I do have a procedure for wiping a switch back to ONIE (Bare Metal Config) and then installing Onyx overtop of it, however im unsure of the licensing implications of doing this and I have not had the courage to test this on any of the $2000 + switches I have. ### Switch Airflow The other configuration variable in these units is the airflow direction. Mellanox offers 2 airflow options P2C and C2P on the P2C cool air comes in the side with the ports where as with C2P the airflow is reversed. The fans are modular on the 2700 but not on the 21XX units so if the wrong ones were ordered they may be able to be changed on the 2700 ## Step 2: Breaking and Entering Depending on where the switch comes from, you may need to factory default the unit in order to any configuration. In this case, you will need the following: * Paperclip * USB Rollover Cable ### Factory Reset: To factory reset the switch power the unit up holding a paper clip in the reset port. NOTE: Doing this to a disguise fabric will destroy the configuration and at that point it will have to be sent back to disguise to be reconfigured. Or you can use this guide to reconfigure your fabric to being a fabric (minus the password) so if you've done this to your fabric congratulations you're in the right place! ### Serial Connectivity Once you've factory reset your switch you will need to connect to it over a serial terminal emulator such as realTerm or putty using the rollover cable. Plug the RJ5 end into the serial console port on the switch that has the |O|O| marking on it and is inexplicably in different places on all 3 switches. On the SN2100 and SN2010 the Serial Port and OOB MGMT port are both on the front left, however they are reversed from one another which is incredibly confusing. On the 2700 The OOB and Serial Ports are on the rear of the unit, there are 2 OOB ports and 1 Serial Port and a USB Port To establish connectivity, set the terminal program to Baud Rate/parity etc of 115200 8N1.  Once the switch has finished spewing its boot up commands at you it should say "login:"" or something to that effect and you can enter username of username: 'admin' and hit enter  then when prompted for the password, enter 'admin' again.  Upon entering configuration for the first time the switch will ask you if you want to do the wizard which I would reccomend. The wizard will ask you some simple questions that allow you to set the host name of the switch (be creative and use Mellanox Puns), and more importantly set the MGMT IP address. At this point the easiest thing is to set a static IP here, however if you have a system with a viable DHCP server, we will need to get the management port on DHCP later for Docker config. You will also be asked to change the password, so do with that what you will.Regardless, complete the wizard, and now you can use a network connection to get to the Web UI. The Below screenshot shows an example run through the wizard.  ### Accessing the Web UI In order to access the web UI you will need to be plugged into the MGMT 0 Port on the front or back of the unit, and then enter https://[The IP Address of the Switch] you MUST enter HTTPS or the website will not load. Your browser will (correctly) complain about the lack of security certs here but just plow on through, While we have money, we dont have "buying a private certificate" money.  Enter the admin credentials you set in the wizard.  Congratulations, you now have a factory reset switch. Note that certain configration changes are not possible in the web UI, most notably, port splitting and PTP settings.  ### Accessing the Command Line Unlike the web UI, all configuration changes can be made from the command line. You can connect to the command line interface either with the serial cable as above, or using SSH, which comes preinstalled on mac and now even windows 10 includes an ssh program directly from the terminal. To connect via SSH open a command prompt and type "ssh admin@[Switch MGMT IP]" You will be asked to provide the password and it will not show the letters as you type them.  Once entered hit enter and you should be in the switch's command line interface. The prompt will say something like "hostname [ standalone:master] >"  ### Switch Syntax: Enable If you've created a different user than admin, you can use those credentials here instead. By default, in the command line you will be unable to make changes. To be able to make changes you must enable the command line. To enable the command line type 'enable' and hit enter this will take you into Enable mode ("Indicated by a # on the command line")  ### Switch Syntax: Configure Terminal Even though you are enabled there is not neccesarily much you can change in this mode. In order to change most switch settings you will need to be in configure mode. to enter configure mode, type "configure terminal" in this mode, you now have the aility to actually affect settings in the switch  ### That new switch feeling: Welcome to your new switch, at this point nothing is setup. If you are not trying to create a disguise faric, you are free to go change settings to your hearts content. Do note that any changes you make need to be saved or else they will be lost when you reboot. This includes all the settings you made in the wizard,so I'd reccomend saving at this point by clicking the Burgundy/Red-ish??? floppy disk icon in the upper right of the web UI. if you're in a command terminal saving is acomplished by typing the command "write memory" ## Step 3: Firmware Its worth understanding what firmware you are on. Generally these switches shipped with firmware from 2018 on them. Youll recognize this because the web UI has a blue color theme and generally looks like a windows 98 program. At some point on newer firmwares the UI became NVIDIA green and now feels like its targeted at PROFESSIONAL GAMERS but also some of the icons got redesigned to look slightly less windowsy so thats nice. REGARDLESS in order to do the docker steps later on in this guide you will need to be on a fairly recent (March 2023) firmware or else the switch's docker instance seems to have problems authenticating with the dockerhub (package manager) and throws cryptic errors. ### Firmware Availability In order to update firmware, you need to know what version you are going from and what version you are going to, then you need an NVIDIA enterprise support account and you can go to their website where you fill in that information and it will tell you an 'update path' that shows you what versions you need to upgrade in order to safely update. Then you can use the NVIDIA enterprise support page to download the required images because they arent publically avaialble. Oh you thought I was just gonna leave you with that its OK I GOTCHU. Ive downloaded every version of the Onyx firmware I can find and made it available [here](https://www.dropbox.com/sh/7by7ojxnli4od9t/AAAvQYA0okaGHhrD9cNybssUa?dl=0) As for the update path look at the below image from NVIDIA and choose the image upgrade closest to the one you are on, and then run through the updates in this order until you are on the latest version you want.  Another reason for doing this firmware is that there was a known problem with the SSD controller in these units where eventually the drive will destroy itself. This was fixed in a specific level of firmware updates, but if you have the NVIDIA Green web UI you are already on a version of the firmware that has resolved this issue. <TBD> What firmware version is on the disguise fabric, and has the SSD issue been patched there?> ### Doing The Upgrades Once you have a pile of firmware images, on your machine you can roll through doing these updates one after another by going into the system tab and going to 'Onyx Upgrade' and choosing to browse the next image from your disk.  When you press **Install Image** it will upload to the switch, and then start updating the boot partition. The switch works with a dual boot partition so it will write the operating system to which ever partition you are not currently booted off of, then the last step it will switch the next boot partition to the one you just moved the new files to.  After this process has completed, you must choose to reboot the switch which will cause you to boot into the new firmware on the new partition. You can then rinse and repeat these steps until you're on the firmware you want to be on. Grab a snack, put some k-pop on your noise cancelling headpones (you ARE wearing noise cancelling headphones, right these things are LOUD) this takes a while. Every once in a while I have a switch that simply wont let me upload the image file. It just sits there copying forever. When this happens I reboot the switch and try copying the file to it again. This advice is only helpful if it freezes during the copy step. Once the web UI shows that the firmware is being installed I'd advice against interrupting it.  ## Step 4: Terminal Only Config There are a few settings we need to make in the terminal **its important to do these settings first as they will replace other settings in the switch**. ### System Profile First, we need to set the switch's system profile. To configure the system profile you must connect to the switch using either the serial console or ssh. Don't forget to enable your command line by typing 'enable' and then 'configure terminal' you now need to enter the following command. ``` system profile eth-ipv4-mc-max ``` The switch will warn you that it will reset the configuration with the following warning: ``` test [standalone: master] (config) # system profile eth-ipv4-mc-max Warning - confirming will cause system reboot and all configuration will be deleted Type `YES` to confirm profile change: ``` Go ahead and type `YES` to confirm. The switch will reboot. Once you complete this change, you may need to connect in with the serial cable again if your static IP address is reset. Also, you will need to go through the setting wizard again. ### Port Mode Setup: The next setting we have to change from the terminal is how your devices will connect to the switch. In mellanox world theres 2 ways a 100G port can be configured. #### Normal Port Configuration: In normal operation a 100G port can be connected to a single Device. That device can be a 100G QSFP style device, or a single 25G 10G or 1G device with a QSFP28 to SFP28 adapter. #### Split Port Configuration: A 100G port can ALSO operate as 4 independent 25G ports through special breakout optics or DAC cables. If you need to use split ports you will need to specifically configure these ports to be split from the command line. It is also possible to split a 100G port into 2 50G ports (I think this is called QSFP56 Electrically) however I do not have any devices that utilize that workflow so Im not strictly sure how that works. #### Model Specific Port Splitting Notes: SN2100 - All Ports are able to be split, thus the total capacity of the switch is either 16 100G Ports or 64 25G Ports (Or a combination in between) SN2010 - All 4 100G Ports are able to be split giving you a total of 34 25G ports SN2700 - Odd Numbered (TOP ROW) ports can be split, however this ALWAYS disables the Below (Even Numbered) Port. Thus this switch has a total capacity of 32 100G Ports or 64 25G Ports. Interestingly this makes the SN2100 and SN2700 have exactly the same capacity at 25G #### Disguise's Defaults: The strategy employed by the disguise fabric is an attempt at a one size fits all config where the first 1-8 (LEFT) ports are not split and the right half 9-16 are quad split. I reccomend that you think about your needs and configure the port splitting first as splitting or unsplitting a port will remove all of its configuration changes, SO if you go change a port split mode later during configuration, you will need to redo all configuration on that port again. ### How to Configure Split Ports: To configure a port's split mode you must connect to the switch using either the serial console or ssh. Don't forget to enable your command line by typing 'enable' and then 'configure terminal' you now need to do the following. **1.)** Shutdown the port you want to split as well as the adjacent port (if on the SN2700) to select a port you need to use the interface command and then understand how the switch numbers ports. to select a port for configuration you can type `interface etherenet [switch number]/[port number]` Because multiple switches can be stacked together and operate as a single logical unit, the first switch number represents which chassis you want to select, however if you are in a single switch the switch number is almost always 1. So to access port one you would type `interface ethernet 1/1` and hit enter. The command line will change to say eth 1/1 indicating you are in that port and any changes you make will apply to only that port. To disable the port type the command" `shutdown` Now we need to shutdown port 2 as well, BUT we are still in port 1. Think of the command line like a menu tree. To go back to the previous menu, type the command: `exit` this will take you to the root of the 'Configure Terminal Menu' (where we started), now you can select the second port with the following command: `Interface ethernet 1/2` and this will take you to port 2's menu. To shut this port down, again, type the following command: `shutdown` exit port 2 by typing: `exit` Of course, port shutting down can ALSO be done in the webUI, so if you're more comfortable you could go into the web UI and uncheck the 'enable' checkbox for any ports affected by the splitting operation you are undertaking. **2.)** Select the port that will be spilt for example `interface ethernet 1/1` **3.)** Split the port enter the command `module-type QSFP-SPLIT-4` The command will remind you that the adjacent port will be disabled and ask you to confirm the split by typing YES. (you must use all caps to respond YES to such questions) Once you split the port you will no longer be in port 1/1 you will now have a new level of numbering represnting the split as well. This means that a port number is now in the format **[Chassis ID]/[Physical Port Number]/[Port Split number (1-4)]** An example would be 1/1/1 is the first split of the first port on the first chassis, where as 1/1/4 is the fourth split on the first port of the first chassis. When selecting ports, you may need to select these seprately so dont forget to use all three numbers once a port has been split. ### Switch Syntax: Port Ranges GOSH that was a lot of steps. We can actually configure most commands on multiple ports at once. Lets look at that. To select multiple ports you can feed commands like the interface command a range of ports. this looks like this: `Interface ethernet 1/1-1/8` Notice that the whole port number including the chassis ID is repetaed twice. This would select ports 1-8 on switch chassis 1. now if you went into that menu, it will show you the range of ports on the command line, and typing `shutdown` would disable ALL of those ports. don't forget to exit when you;re done working in a speciific port or ports. Sadly you cannot split a range of ports, so while you can use the range to disable the ports that need to be split, you will need to go into each port and set the module type on each port. ### Unsplitting Ports: 1.) To unsplit ports you must first shutdown all of the ports that are part of the split. For example, if we split port 1/1 into 1/1/1-1/1/4 we need to shutdown all four ports. To do this select the range of ports by typing the following command: `interface ethernet 1/1/1-1/1/4` 2.) Shut these ports down with the command `shutdown` 3.) type `exit` to return to the configure terminal menu. 4.) Select the first port of the group of split ports that needs to be unsplit. in this case thats `interface ethernet 1/1/1` 5.) recombine the port by using the command `no module-type` 6.) confirm with `YES` as needed this should enable the port as well as any adjacent ports affected by the split operation ### Switch Syntax: Disabling Configurations NOTE that often times turning off a command is achieved by prepending the command with 'no' The way a switch confiugration looks is a list of commands that the switch applys at boot. the 'no' prefix tells the switch to remove that entire configuration line. thus, the default configratuon to that port is applied since there are no configuration lines present anymore to tell the switch to execute that configuration. Similarly to enable a port that has been shutdown, you would give the command: `interface ethernet [PORT NUMBER]` and then run the command: `no shutdown` which removes the shutdown line from the configruation thus restoring the port to the (default) enabled state. ## 5: Normal Switch Config Time to configure your interfaces. By default disguise configures almost all of the interfaces identically but theres no specific reason to. If you wanted to use half the switch for one thing and half for another just create more VLANs and configure accordingly. This guide will assume that you configure all ports identically, except a specific port designated for a PTP clock and a specific port designated for gigabit management traffic. While disguise doesnt do this, ive found that its tricky to plug in those 2 devices without adjusting specific port settings. ### Port speeds: Certain devices require the port link speed to be set to specific settings. While 'auto speed' is a viable option most 25G devices in my experience do not properly set auto speed and the default mode in mellanox is to statically set the port speed to the fastest supported speed which is often not waht we want. #### 1. Master Clock Clocks sometimes support older interfaces, for instance, the Evertz clock I use has a 10G SFP+ slot so we might need to force that port down to 10G instead of its default on the fabric of 100G. This is easily done in the web interface by unchecking the 100g box in the port settings and instead checking 10G and hitting 'apply'.  You cannot have multiple boxes checked at the same time. It is important to make sure that this device plugs **directly** into the switch as going through other switches will prevent PTP from working correctly. this can also be achieved from the command line interface with the following command: (replacing port numbers and speed accordingly for your masterclock) `interface ethernet 1/9 speed 10G force` #### 2.) Management computers In most systems I find it useful to have at least one port set to gigabit for having a management device plugged in to configure the switch, or inspect an NMOS controller, or whatever. This could be a single device plugged into the switch or even a smaller managed/unmanaged switch with multiple devices plugged in. Note that eventually when we get DHCP running on this network, all devices on this subnet will be part of our DHCP server's configuration. In order to connect to the 100G ports, you may need a QSFP28 to SFP Adapter. For lower speed devices, such as management PC's you can use the FS.com adapters, however I find that they do not work at 25 gigabits per second.  In order for these devices to work, you will need to set the chosen port's speed either to 'auto speed' or to '1G' and then clicking 'apply'. You can easily do this from the 'Ports' screen in the Web UI.  this can also be achieved from the command line interface with the following command: (replacing port numbers accordingly) `interface ethernet 1/1 speed 1G force` ### Port MTU The disguise fabric comes preset with every port being set to an MTU of 1500. Practically speaking this means that Jumbo frames are not enabled on this switch. Depending on what you are doing you may or may not want this configuration option, but it is easily set from the 'Ports' screen and typing **1500** in the box (replacing the default of 9216)  This can of course be acheived from the command line by typing the following command for each interface you'd like to configure this way (again feel free to alter the range and type of ports selected as needed, this example is fun it shows a range of split ports!): `interface ethernet 1/9/1-1/9/4 mtu 1500 force` ### Spanning Tree As this device is intended to be used by itself, spanning tree has been disabled. ¯\\_(ツ)_/¯ It's just this checkbox on the 'ETH Mgmt' tab.  From the command line, you can use the command: `no spanning-tree` For larger setups with multiple switches this is almost certainly **NOT** the correct choice. ### Telemetry The default fabric configuration disables the auto export of 'what just happened' telemetry. This can be done from the 'Status' Tab under 'What Just Happened' and setting the drop downs on the right to 'disable'  #### Telemetry Commands From the command line, the following commands configure WJH `no what-just-happened auto-export acl enable` `no what-just-happened auto-export buffer enable` `no what-just-happened auto-export forwarding enable` ### VLAN Config We need to create a VLAN for all of our renderstream/ST2110 needs. By default the disguise fabric creates a single VLAN, 211, and assigns it to all the ports. There are certainly reasons to create more VLAN's but we will just go over replicating disguise's config here. From the 'ETH Mgmt' tab, choose 'VLAN' along the left. To create a VLAN enter a number in the box under create VLAN and choose apply.  On the same page, assign the relevant interfaces to the vlan you just created. By default ALL ports are set to the new VLAN. Check each checkbox and set the VLAN to 211  Don't forget that there may be multiple pages of interfaces to change, and when you are done hit 'Apply Changes' at the bottom. ### VLANs at Layer 3 We also need to make sure our VLAN has an IP address in its own subnet. From the 'IP Route' page choose 'IP Interface' from the menu on the left, and in the blank box under 'Create IP L3 Interface' at the top enter the VLAN number and then choose 'Apply'  Once you've done that you can select the interface by clicking on the VLAN in the interface table lower down on this page  Inside this menu you can configure the details of the VLAN interface. This will be the address on the VLAN that the switch is accessible to, so assign it a memorable static IP that will be in the same subnet range you plan on using for your renderstream/2110 devices.  Additionally, set the MTU of the interface to 1500. Don't forget to hit 'Apply' #### VLAN Commands From the command line, you can create a VLAN with the command `vlan 211` and to assign an interface to it `interface ethernet 1/1 switchport access vlan 211` To create the L3 Interface use the following commands: `interface vlan 211` `interface vlan 211 ip address 10.250.222.254/24 primary` `interface vlan 211 mtu 1500` ### Multicast Settings Since the primary use of the fabric is to support multicast video over IP, we need to pay *specific* attention to the multicast settings. The following settings are how disguie configures the fabric for both renderstream AND IP VFC. #### IGMP Snooping From the 'ETH MGMT tab', select the 'IGMP Snooping' menu along the left, then check the box labelled 'IGMP snooping globally enabled', and from the dropdown next to 'IGMP Snooping unregistered Multicast' make sure to choose 'Forward to Mrouter Ports'. Finally click 'Apply'  #### Interface Fast Leave Further down the page choose 'Fast' under 'Leave-Mode' for every interface you want to use with renderstream/IP VFC and hit 'Apply'  Be sure to check the next page of interfaces for more interfaces that may need to be configured #### VLAN Snooping Under 'IGMP Snooping Vlans Status' choose the checkboxes next to the VLAN you configured under 'IGS Enabled' to enable IGMP Snooping on the VLAN level. Hit 'Apply'  #### IGMP Querier Configuration Furthest down on the page, under 'IGMP Snooping Querier Information' choose the checkboxes next to the VLAN ID and 'Querier Present'. This will enable the IGMP querier on this VLAN.  Once you do that, looking at the IGMP Snooping VLANs Status table will show that the querier is running on the VLAN as noted in this screenshot:  #### IGMP Snooping Command Line Syntax The following commands will enable and configure IGMP snooping. Once again adjust the interface numbers to encompass all ports that need the configuration. `ip igmp snooping unregistered multicast forward-to-mrouter-ports` `ip igmp snooping` `vlan 211 ip igmp snooping` `vlan 211 ip igmp snooping querier` `interface ethernet 1/1-1/8 ip igmp snooping fast-leave` ## 6. Docker Configuration The disguise fabric runs 2 containerized services on the switch. Part of the reason for doing this is based on a technical reccomendation from AMWA, the Advanced Media Workflow Association, who produce the NMOS specifciations, which [describes](https://ipshowcase.org/wp-content/uploads/2019/10/1500-Simplifying-JT-NM-TR-1001-1-Deployments-through-Microservices.pdf) containerized microservices as desirable for the simplification and deployment of this type of infrastructure. To that end we need to setup our switch's onboard docker infrastructure to run two continers for us, a DHCP/DNS server, as well as an NMOS registry. In order to do this we need to do the following: 1.) The switch needs to be on the internet 2.) The switch needs to have an accurate time/date stamp 3.) we need to setup docker 4.) We need to download the images from dockerhub onto the switch and then tell docker when to run them. 5.) Verify and Configure Docker Images ### 1.) Getting Online We need to do a variety of steps to get the switch online. Afterwards these settings could be put back if you desire a static management IP, however for this exercise we must get the mgmt0 interface online. It seems like this is the ONLY way docker can get online to fetch its packages. In the future it may be possible to cache the packages locally so internet is not needed for this step however at the moment this is the reccomended way. First, we need to make sure the mgmt0 interface is set for DHCP. Now would be a good time to switch your laptop over to a connection onto the 211 VLAN on the switch so you can reset the management interface without losing connectivity, otherwise you could also be on the same network as your DHCP and internet comes from as long as that network isn't too locked down. Go into the command line interface of the switch and 'enable' the command line and go to the 'configure terminal' mode. the following 3 commands will activate dhcp and remove your static IP. If you're already using DHCP you shouldn't need these steps. `interface mgmt0` `no ip address` `dhcp` `write memory` The last command will save the changes. We also need to move the mgmt0 interface out of the 'mgmt' VRF and back into the default VRF(this only exists on newer switch firmwares for some reason)This will trigger a reboot of the switch so make sure everything is saved and send the following commands: `exit` (This is so we are at the root of the 'configure terminal menu') `no vrf definition mgmt` You will recieve a message from the switch as follows: `Warning - confirming will cause system reboot and all configuration will be saved Type 'YES' to confirm VRF deletion:` Type 'YES' to confirm and the switch will reboot. At this point, wait for the switch to finish rebooting and log back in via SSH. Your switch should now have a viable internet connection and you can prove this from the command line by entering the command: `ping www.google.com` If you are correctly on the internet you will see ping responses from whatever IP DNS determines google to be at. Otherwise, troubleshoot DNS and routing to make sure your switch's mgmt interface has proper internet access / DNS /etc.  Typing ctrl+c will stop the pinging ### 2.) Time to Set the Time Because docker checks the validity of its package sources with certificates, if the switch has an innacurate clock this check will fail. The easiest way to make sure the clock is set is to make sure NTP is enabled. While NTP is enabled by default, no servers are set. Its possible your DHCP server may serve the switch NTP over DHCP but mine does not, so I need to [manually add an NTP server from the internet](https://www.ntppool.org/en/use.html) We will use 'server 0.pool.ntp.org' we don't need this to be super robust since we will disable NTP later when we setup PTP, but this is the best time to do this step. From the Setup tab of the web UI, choose 'NTP' on the left and enter the NTP server details, under 'Server IP/Hostname', and then choose 'Add NTP Server'  Refresh this page a few times and eventually it will report that the Clock is synchronized.  ### 3.) Docker Setup SSH into the switch and run the following commands to enable docker (be sure to enable the command line, and enter the 'configure terminal' menu): `docker vrf default` `exit` `docker no shutdown` `write memory` ### 4.) Download and setup Docker Containers We need to install 2 packages on our switch, one is made publically available by NVIDIA, however Disguise doesnt make their DNS/DHCP server image public. Thankfully one of their former employees does! #### DNS-DHCP Server Run the following commands to download the images to the switch. `docker pull thyge/dns-dhcp:v1` you should see some activity in the terminal as the switch downloads some packages and builds a filesystem  Next run the following command: `docker start thyge/dns-dhcp v1 dhcp-dns data-path-ready privileged network` This instructs the switch to auto-start the containers during the 'data-path-ready' event, which for all intents and purposes means 'once the switch has booted and its network interfaces are up'. Note this container is not yet running because the switch will need a reboot. #### Now we can download and install the NMOS registry. Same commands with slightly different package names: `docker pull rhastie/nmos-cpp:latest` `docker start rhastie/nmos-cpp latest nmos data-path-ready privileged network` Go ahead and Save by typing `write memory` and then reboot the switch by typing `reload` and confirm the prompts to reboot ### 5.) Verify and Configure Docker Containers Once the switch finishes rebooting you have 2 new web UI's you can access on the switch #### NMOS Registry Configuration 1.) NMOS Registry - http://[Switch-IP-Address]:8010 Visit this page to make sure the NMOS registry is running. The NMOS registry should greet you with a page that looks like this:  To access the Registry click on "/admin/" and it will take you to a page that looks like this  I don't currently have any settings that need to be changed for the NMOS registry, so thats done. #### DNS-DHCP Config 2.) DNS-DHCP - http://[Switch-IP-Address]:8080 The config for the DNS/DHCP server is a bit more interesting. It's based on and old version of disguise's server image so lets just immediately update its settings with ones from an actual fabric. Navigate to this address and you will be greeted with a page that looks like this:  This is a web based UI for the DNSmasq service which is a popular open source DNS and DHCP server. The window on the left is an editor that allows you to edit the configuration, with buttons along the left to save the configuration and then restart the server. We will load the following configuration into the server. `interface=swid0_eth.211 dhcp-range=vlan211,10.250.222.5,10.250.222.250,255.255.255.0,48h port=53 domain-needed bogus-priv strict-order expand-hosts no-resolv domain=textile local=/textile/ address=/textile.textile/10.250.222.254 address=/switch.textile/10.250.222.254 listen-address=127.0.0.1 /# Disable default gateway dhcp-option=3` The wiki seems to mangle my text, but it should look exactly like this, line by line  When you are done editing, hit the 'SAVE' then 'RESTART' buttons At this point reboot any devices on your renderstream/IPVFC network and the devices should start pulling addresses from this server, and you will see in the log on the right what devices/MAC addresses pull which IP which is SUPER HELPFUL for troubleshooting. Additionally, now that you're running a DNS server, devices will be accessible in the 'textile' domain. For example, you should be able to access the NMOS registry from "http://switch.textile:8010" Clearly theres plenty to configure here, you can change what VLAN the server runs on, what range of addresses it hands out, and the domain name, just to start. ## 7.) Time for PTP PTP is what gives our system its reference timing. PTP synchrnoizes clocks across all devices in our signal path including the network switches, thus we must be sure to configure PTP on our switch. #### Disable NTP To enable PTP we must first disable NTP. From the 'Setup' page of the web UI, chose NTP along the left and uncheck the box 'Enable NTP Time Synchrnoization'  You can also delete the NTP server we added earlier by checking its box in the table and choosing 'Remove Association'  #### Enable PTP Globally We can now go into the command line interface of the switch, and from an enabled command line from the 'Configure Terminal' menu enter the following commands: `protocol ptp` `ptp vrf default enable` `interface vlan 211 ptp enable` Don't for get to Save! `write memory` #### Enable PTP on Ports We will need to add each port to have PTP enabled. You could do them individually like this `interface ethernet 1/1 ptp enable` OR: you could do a range command, which on my SN2010 looks like this: `interface ethernet 1/1-1/22 ptp enable` Don't forget to save! `write memory` #### Verify PTP To verify PTP, you can type 'show ptp' and it will give you a screen like this. Any port that says 'master' is a device that **this switch** is the master clock for, and any port that says slave should be the port where the grandmaster or upstream clock is connected.  Additionally Commands that are useful are: `show ptp status` This shows the offset (in nanoseconds of this clock from its grandmaster reference)Since my clock isnt connected to PTP it shows nothing (Note to self get better screenshots!)  Finally, to see what clock is the GM run the following command: `show ptp clock foreign-masters`  This will show the properties of the upstream master clocks, helpful for making sure the correct clock in your chain is the GM.