cloudstack nvp integration - bacd
DESCRIPTION
Slightly modified version of an earlier presentation. This version was presented at the Ghent Build-A-Cloud-Day 2013TRANSCRIPT
SDN in CloudStack
Nicira NVP integration
Thursday, February 7, 13
About me
» Hugo Trippaers– Email: [email protected]– Twitter: @Spark404
» I’ve been working in IT for over two decades, mainly at ISPs.» Mission Critical Engineer at Schuberg Philis for almost 6 years.– Responsible for the 100% availability of our customers application landscapes– Currently part of the internal development team
Thursday, February 7, 13
Our case for SDN
» Schuberg Philis design for a IAAS offering– Flexible, Scalable etc etc
» Compute– XenServer– KVM
» Storage– Nexenta– NetApp
» Networking– VLANs ?!?
Compute Storage Network
Cloud Management System
Thursday, February 7, 13
Our case for SDN
» Current networking stacks– Network admins still use console access?!?– Flexibility and implementation speed?– Heterogeneous environments are common– Hardly any APIs and none of them centralized
» Is the solution SDN and Network Virtualization?
4
Thursday, February 7, 13
A bit about SDN
» Software De"ned Networking– Decoupling the control plane from the data plan. The system that makes decisions about
where data is sent is no longer directly connected to the underlying system that forwards the actual traffic.
– Programmable central control of the network without requiring physical access to the hardware.
» Network Virtualization – Software based administrative entity, a virtual network– but how?• Overlay networks• Control plane, OpenFlow and OpenVswitch
5
Thursday, February 7, 13
Nicira Network Virtualization Platform (NVP)
6
Thursday, February 7, 13
Design criteria for the integration
» Transparent integration– Using Nicira NVP should be no different from using regular networks.– All code is to be part of CloudStack, no external modules.
» Source code available as OpenSource
Thursday, February 7, 13
Phased approach
» Phase one– Getting familiar with the CloudStack sources– L2 Networking (Logical Switch and Logical Switch Port)– API for con"guration
» Phase two– L3 Networking (Logical Routers and Gateway services)– UI elements for con"guration– Support for KVM and VMWare?
» Future?
Thursday, February 7, 13
Nicira NVP integration in CloudStack
» Architecture
Thursday, February 7, 13
Nicira NVP integration in CloudStack
» Nicira NVP plugin
Nicira NVP Plugin
NVP Network-Guru
NVPElement
Nicira NVP Java API wrapper
Hypervisor adjustments for Vif tags
Thursday, February 7, 13
Nicira NVP integration in CloudStack
Nic
ira N
VP P
lugi
n
NVP Guru
NVP Element
Nic
ira N
VP Ja
va A
PI w
rapp
er
Hypervisor adjustments for Vif
Thursday, February 7, 13
How does it work?
» First of all what do we need– Nicira NVP Stack– XenServer or KVM hypervisors– CloudStack
12
Thursday, February 7, 13
How does it work?
» Nicira NVP and hypervisor con"guration– De"ning and con"guring a transport zone
13
Thursday, February 7, 13
How does it work?
» Nicira NVP and hypervisor con"guration– De"ning and con"guring a transport zone– Linking the zone to the hypervisors
14
Thursday, February 7, 13
How does it work?
» CloudStack con"guration– Setup the Network
Service Provider
15
Thursday, February 7, 13
How does it work?
» CloudStack con"guration– Setup the Network Service Provider– Con"gure a Physical Network– Traffic tag links to
“Integration Bridge”
16
Thursday, February 7, 13
How does it work?
» CloudStack con"guration– Setup the Network Service Provider– Con"gure a Physical Network– Traffic tag links to
“Integration Bridge”– Con"gure Service Offerings• L2 Features
17
Only select Virtual Networking;“Connectivity” in 4.0.0
Thursday, February 7, 13
How does it work?
» CloudStack con"guration– Setup the Network Service Provider– Con"gure a Physical Network– Traffic tag links to
“Integration Bridge”– Con"gure Service Offerings• L2 Features• L2 and L3 Features
18
L3 Support for SourceNat, StaticNat and Port Forwarding.
Thursday, February 7, 13
In Action; Provisioning networks
» Tenant allocates a new network– Nothing happens yet, just a check
» Tenant implements a new network (by starting "rst VM)– LogicalSwitch is created in the Nicira Controller
19
Thursday, February 7, 13
In Action; Provisioning networks
» Tenant allocates a new network– Nothing happens yet, just a check
» Tenant implements a new network (by starting "rst VM)– LogicalSwitch is created in the Nicira Controller
20
Thursday, February 7, 13
In Action; Starting Virtual Machines
» Nicira NVP Element creates a port on the logical switch– Attachment type set to UUID with the UUID of the NIC (from CS)
» Hypervisor Resource sets tags on the Vif with the UUID of the NIC– Attached to the “Integration Bridge”
» Nicira NVP Controller matches those uuids and creates any required $ows.
21
Thursday, February 7, 13
In Action; Starting a Virtual Machine
» Nicira NVP Element creates a port on the logical switch– Attachment type set to UUID with the UUID of the NIC (from CS)
» Hypervisor Resource sets tags on the Vif with the UUID of the NIC
» Nicira NVP matches those uuids and creates any required $ows
22
Thursday, February 7, 13
In Action; Start Routing Elements
» Tenant implements a network– Offering with Virtual Networking and SourceNat– Nicira NVP Element creates Logical Router• inside port connected to Logical Switch
• outside port connected to VLAN (via Gateway Service)• allocated public ip set on outside port
– Nicira NVP con"gures “main” SourceNat rule
23
Thursday, February 7, 13
In Action; Start Routing Elements
» Tenant implements a network– Offering with Virtual Networking and SourceNat– Nicira NVP Element creates Logical Router• inside port connected to Logical Switch
• outside port connected to VLAN (via Gateway Service)• allocated public ip set on outside port
– Nicira NVP con"gures “main” SourceNat rule
24
Thursday, February 7, 13
In Action; Static Nat and PortForwarding
» Tenant updates either a rule for static nat or port forwarding– Requires a con"gured Logical Router• Nicira Nvp Element provisions DNAT rule– Difference between StaticNat and PF is one port or 0:65535
• Nicira Nvp Element provisions SNAT rule
– required for outgoing traffic– Nicira NVP picks most speci#c rule #rst (since 2.2.x)
25
Thursday, February 7, 13
Under the hood; Troubleshooting
» Checking consistency between Nicira NVP Manager and CloudStack– network broadcast uri– database references
» References in the database– external_nicira_nvp_devices• Lists all con#gured nicira devices on physical networks
• reference to host id– nicira_nvp_nic_map• mapping between nic uuid and logical router port uuid
– nicira_nvp_router_map• mapping between router uuid and (guest) network id
26
Thursday, February 7, 13
Summary
» Available in 4.0.0– L2 networks (Logical Switches)– Con"guration via API– Supports Nicira NVP version 2.1.x and 2.2.x– Supports XenServer hypervisors
» Available in next release (and in the master branch)– L3 Routing (Logical Routers)• Source Nat, Static Nat and Port Forwarding
– Con"guration via the UI– Supports KVM hypervisors
27
Thursday, February 7, 13
Summary
» Future plans– Support for VPCs– Support for bridged networks (Nicira NVP L2 Gateway)
» More information– CloudStack Plugin Guide for the Nicira NVP Plugin (part of CloudStack documentation)– Nicira (http://nicira.com)
» How to get involved?– Lacking code coverage with unittests– Use it!– Integration with other SDN solutions
28
Thursday, February 7, 13
Thanks!
Thursday, February 7, 13