CloudStack NVP Integration

Nicira NVP Integration

Sunday, December 2, 12

About me

» Hugo Trippaers– Email: [email protected]– Twitter: @Spark404

» I’ve been working in IT for over two decades, mainly at ISPs.» Mission Critical Engineer at Schuberg Philis for almost 6 years.– Responsible for the 100% availability of our customers application landscapes– Currently part of the internal development team


CloudStack and me

» Schuberg Philis design for a Cloud offering– Flexible, Scalable etc etc– What about networking?• Nicira NVP solution

» No CloudStack support for Nicira NVP on the roadmaps– What to do?

• Ask for support from Nicira and Citrix• Find developer and do it, thats how OpenSource works


Design criteria for the integration

» Transparent integration– Using Nicira NVP should be no different from using regular networks.– All code is to be part of CloudStack, no external modules.

» Source code available as OpenSource


Phased approach

» Phase one– Getting familiar with the CloudStack sources– L2 Networking (Logical Switch and Logical Switch Port)– API for con"guration

» Phase two– L3 Networking (Logical Routers and Gateway services)– UI elements for con"guration– Support for KVM and VMWare?

» Future?


Nicira NVP integration in CloudStack

» Architecture



» Nicira NVP plugin

Nicira NVP Plugin

NVP Network-Guru

NVPElement

Nicira NVP Java API wrapper

Hypervisor adjustments for Vif tags



Nic

ira N

VP P

lugi

n

NVP Guru

NVP Element

Nic

ira N

VP Ja

va A

PI w

rapp

er

Hypervisor adjustments for Vif


How does it work?

» First of all what do we need– Nicira NVP Stack– XenServer hypervisors– CloudStack

9


How does it work?

» Nicira NVP and hypervisor con"guration– De"ning and con"guring a transport zone

10


How does it work?

» Nicira NVP and hypervisor con"guration– De"ning and con"guring a transport zone– Linking the zone to the hypervisors

11


How does it work?

» CloudStack con"guration– Setup the Network

Service Provider

12


How does it work?

» CloudStack con"guration– Setup the Network Service Provider– Con"gure a Physical Network– Traffic tag links to

“Integration Bridge”

13


How does it work?


“Integration Bridge”– Con"gure Service Offerings• L2 Features

14

Only select Virtual Networking;“Connectivity” in 4.0.0


How does it work?


“Integration Bridge”– Con"gure Service Offerings• L2 Features• L2 and L3 Features

15

L3 Support for SourceNat, StaticNat and Port Forwarding.


In Action; Provisioning networks

» Tenant allocates a new network– Nothing happens yet, just a check

» Tenant implements a new network (by starting "rst VM)– LogicalSwitch is created in the Nicira Controller

16


In Action; Provisioning networks

» Tenant allocates a new network– Nothing happens yet, just a check

» Tenant implements a new network (by starting "rst VM)– LogicalSwitch is created in the Nicira Controller

17


In Action; Starting Virtual Machines

» Nicira NVP Element creates a port on the logical switch– Attachment type set to UUID with the UUID of the NIC (from CS)

» Hypervisor Resource sets tags on the Vif with the UUID of the NIC– Attached to the “Integration Bridge”

» Nicira NVP Controller matches those uuids and creates any required $ows.

18


In Action; Starting a Virtual Machine

» Nicira NVP Element creates a port on the logical switch– Attachment type set to UUID with the UUID of the NIC (from CS)

» Hypervisor Resource sets tags on the Vif with the UUID of the NIC

» Nicira NVP matches those uuids and creates any required $ows

19


In Action; Start Routing Elements

» Tenant implements a network– Offering with Virtual Networking and SourceNat– Nicira NVP Element creates Logical Router• inside port connected to Logical Switch

• outside port connected to VLAN (via Gateway Service)• allocated public ip set on outside port

– Nicira NVP con"gures “main” SourceNat rule

20


In Action; Start Routing Elements

» Tenant implements a network– Offering with Virtual Networking and SourceNat– Nicira NVP Element creates Logical Router• inside port connected to Logical Switch

• outside port connected to VLAN (via Gateway Service)• allocated public ip set on outside port

– Nicira NVP con"gures “main” SourceNat rule

21


In Action; Static Nat and PortForwarding

» Tenant updates either a rule for static nat or port forwarding– Requires a con"gured Logical Router• Nicira Nvp Element provisions DNAT rule– Difference between StaticNat and PF is one port or 0:65535

• Nicira Nvp Element provisions SNAT rule

– required for outgoing traffic– Nicira NVP picks most speci"c rule "rst (since 2.2.x)

22


Under the hood; Troubleshooting

» Checking consistency between Nicira NVP Manager and CloudStack– network broadcast uri– database references

» References in the database– external_nicira_nvp_devices• Lists all con"gured nicira devices on physical networks

• reference to host id– nicira_nvp_nic_map• mapping between nic uuid and logical router port uuid

– nicira_nvp_router_map• mapping between router uuid and (guest) network id

23


Summary

» Available in 4.0.0– L2 networks (Logical Switches)– Con"guration via API– Supports Nicira NVP version 2.1.x and 2.2.x– Supports XenServer hypervisors

» Available in next release (and in the master branch)– L3 Routing • Source Nat, Static Nat and Port Forwarding

• Con"guration via the UI

24


Summary

» Future plans– Support for multiple hypervisors– Support for bridged networks (Nicira NVP L2 Gateway)

» More information– CloudStack Plugin Guide for the Nicira NVP Plugin (part of CloudStack documentation)– Nicira (http://nicira.com)

» How to get involved?– Lacking code coverage with unittests– Use it!– Integration with other SDN solutions

25


http://nicira.com

http://nicira.com

Thanks!


Technology

CloudStack NVP Integration