CloudStack NVP Integration

Nicira NVP Integration

Sunday, December 2, 12

About me

» Hugo Trippaers
– Email: htrippaers@schubergphilis.com
– Twitter: @Spark404

» I’ve been working in IT for over two decades, mainly at ISPs.
» Mission Critical Engineer at Schuberg Philis for almost 6 years.
– Responsible for the 100% availability of our customers application landscapes
– Currently part of the internal development team


CloudStack and me

» Schuberg Philis design for a Cloud oﬀering
– Flexible, Scalable etc etc
– What about networking?
• Nicira NVP solution

» No CloudStack support for Nicira NVP on the roadmaps
– What to do?
• Ask for support from Nicira and Citrix
• Find developer and do it, thats how OpenSource works


Design criteria for the integration

» Transparent integration
– Using Nicira NVP should be no diﬀerent from using regular networks.
– All code is to be part of CloudStack, no external modules.

» Source code available as OpenSource


Phased approach

» Phase one
– Getting familiar with the CloudStack sources
– L2 Networking (Logical Switch and Logical Switch Port)
– API for configuration

» Phase two
– L3 Networking (Logical Routers and Gateway services)
– UI elements for configuration
– Support for KVM and VMWare?

» Future?


Nicira NVP integration in CloudStack

» Architecture



» Nicira NVP plugin

Nicira NVP Plugin
NVP NVP
Network- Element
Guru

Nicira NVP Java API wrapper

Hypervisor
adjustments for
Vif tags



Nicira NVP Java API wrapper
Nicira NVP Plugin
NVP Guru

NVP Element

Hypervisor
adjustments for Vif


How does it work?

» First of all what do we need
– Nicira NVP Stack
– XenServer hypervisors
– CloudStack

9

How does it work?

» Nicira NVP and hypervisor configuration
– Defining and configuring a transport zone

10

How does it work?

» Nicira NVP and hypervisor configuration
– Defining and configuring a transport zone
– Linking the zone to the hypervisors

11

How does it work?

» CloudStack configuration
– Setup the Network
Service Provider

12

How does it work?

– Setup the Network Service Provider
– Configure a Physical Network
– Traﬃc tag links to
“Integration Bridge”

13

How does it work?

– Configure a Physical Network
Only select Virtual Networking;
– Configure Service Oﬀerings “Connectivity” in 4.0.0

• L2 Features

14

How does it work?

– Configure a Physical Network L3 Support for SourceNat,
StaticNat and Port Forwarding.
– Configure Service Oﬀerings
• L2 Features
• L2 and L3 Features

15

In Action; Provisioning networks

» Tenant allocates a new network
– Nothing happens yet, just a check

» Tenant implements a new network (by starting first VM)
– LogicalSwitch is created in the Nicira Controller

16

In Action; Provisioning networks

» Tenant allocates a new network
– Nothing happens yet, just a check

» Tenant implements a new network (by starting first VM)
– LogicalSwitch is created in the Nicira Controller

17

In Action; Starting Virtual Machines

» Nicira NVP Element creates a port on the logical switch
– Attachment type set to UUID with the UUID of the NIC (from CS)

» Hypervisor Resource sets tags on the Vif with the UUID of the NIC
– Attached to the “Integration Bridge”

» Nicira NVP Controller matches those uuids and creates
any required flows.

18

In Action; Starting a Virtual Machine

» Nicira NVP Element creates a port on the logical switch
– Attachment type set to UUID with the UUID of the NIC (from CS)

» Hypervisor Resource sets tags on the Vif with the UUID of the NIC

» Nicira NVP matches those uuids and creates any required flows

19

In Action; Start Routing Elements

» Tenant implements a network
– Oﬀering with Virtual Networking and SourceNat
– Nicira NVP Element creates Logical Router
• inside port connected to Logical Switch
• outside port connected to VLAN (via Gateway Service)
• allocated public ip set on outside port
– Nicira NVP configures “main” SourceNat rule

20

In Action; Start Routing Elements

» Tenant implements a network
– Oﬀering with Virtual Networking and SourceNat
– Nicira NVP Element creates Logical Router
• inside port connected to Logical Switch
• outside port connected to VLAN (via Gateway Service)
• allocated public ip set on outside port
– Nicira NVP configures “main” SourceNat rule

21

In Action; Static Nat and PortForwarding

» Tenant updates either a rule for static nat or port forwarding
– Requires a configured Logical Router
• Nicira Nvp Element provisions DNAT rule
– Diﬀerence between StaticNat and PF is one port or 0:65535
• Nicira Nvp Element provisions SNAT rule
– required for outgoing traﬃc
– Nicira NVP picks most specific rule first (since 2.2.x)

22

Under the hood; Troubleshooting

» Checking consistency between Nicira NVP Manager and CloudStack
– network broadcast uri
– database references

» References in the database
– external_nicira_nvp_devices
• Lists all configured nicira devices on physical networks
• reference to host id
– nicira_nvp_nic_map
• mapping between nic uuid and logical router port uuid
– nicira_nvp_router_map
• mapping between router uuid and (guest) network id

23

Summary

» Available in 4.0.0
– L2 networks (Logical Switches)
– Configuration via API
– Supports Nicira NVP version 2.1.x and 2.2.x
– Supports XenServer hypervisors

» Available in next release (and in the master branch)
– L3 Routing
• Source Nat, Static Nat and Port Forwarding
• Configuration via the UI

24

Summary

» Future plans
– Support for multiple hypervisors
– Support for bridged networks (Nicira NVP L2 Gateway)

» More information
– CloudStack Plugin Guide for the Nicira NVP Plugin (part of CloudStack documentation)
– Nicira (http://nicira.com)

» How to get involved?
– Lacking code coverage with unittests
– Use it!
– Integration with other SDN solutions

25

Thanks!


CloudStack NVP Integration

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to CloudStack NVP Integration

Similar to CloudStack NVP Integration (20)

Recently uploaded

Recently uploaded (20)

CloudStack NVP Integration