cloudstack nvp integration
DESCRIPTION
Presentation given at CloudStack collaboration conference 2012TRANSCRIPT
Nicira NVP Integration
Sunday, December 2, 12
About me
» Hugo Trippaers– Email: [email protected]– Twitter: @Spark404
» I’ve been working in IT for over two decades, mainly at ISPs.» Mission Critical Engineer at Schuberg Philis for almost 6 years.– Responsible for the 100% availability of our customers application landscapes– Currently part of the internal development team
Sunday, December 2, 12
CloudStack and me
» Schuberg Philis design for a Cloud offering– Flexible, Scalable etc etc– What about networking?• Nicira NVP solution
» No CloudStack support for Nicira NVP on the roadmaps– What to do?
• Ask for support from Nicira and Citrix• Find developer and do it, thats how OpenSource works
Sunday, December 2, 12
Design criteria for the integration
» Transparent integration– Using Nicira NVP should be no different from using regular networks.– All code is to be part of CloudStack, no external modules.
» Source code available as OpenSource
Sunday, December 2, 12
Phased approach
» Phase one– Getting familiar with the CloudStack sources– L2 Networking (Logical Switch and Logical Switch Port)– API for con"guration
» Phase two– L3 Networking (Logical Routers and Gateway services)– UI elements for con"guration– Support for KVM and VMWare?
» Future?
Sunday, December 2, 12
Nicira NVP integration in CloudStack
» Architecture
Sunday, December 2, 12
Nicira NVP integration in CloudStack
» Nicira NVP plugin
Nicira NVP Plugin
NVP Network-Guru
NVPElement
Nicira NVP Java API wrapper
Hypervisor adjustments for Vif tags
Sunday, December 2, 12
Nicira NVP integration in CloudStack
Nic
ira N
VP P
lugi
n
NVP Guru
NVP Element
Nic
ira N
VP Ja
va A
PI w
rapp
er
Hypervisor adjustments for Vif
Sunday, December 2, 12
How does it work?
» First of all what do we need– Nicira NVP Stack– XenServer hypervisors– CloudStack
9
Sunday, December 2, 12
How does it work?
» Nicira NVP and hypervisor con"guration– De"ning and con"guring a transport zone
10
Sunday, December 2, 12
How does it work?
» Nicira NVP and hypervisor con"guration– De"ning and con"guring a transport zone– Linking the zone to the hypervisors
11
Sunday, December 2, 12
How does it work?
» CloudStack con"guration– Setup the Network
Service Provider
12
Sunday, December 2, 12
How does it work?
» CloudStack con"guration– Setup the Network Service Provider– Con"gure a Physical Network– Traffic tag links to
“Integration Bridge”
13
Sunday, December 2, 12
How does it work?
» CloudStack con"guration– Setup the Network Service Provider– Con"gure a Physical Network– Traffic tag links to
“Integration Bridge”– Con"gure Service Offerings• L2 Features
14
Only select Virtual Networking;“Connectivity” in 4.0.0
Sunday, December 2, 12
How does it work?
» CloudStack con"guration– Setup the Network Service Provider– Con"gure a Physical Network– Traffic tag links to
“Integration Bridge”– Con"gure Service Offerings• L2 Features• L2 and L3 Features
15
L3 Support for SourceNat, StaticNat and Port Forwarding.
Sunday, December 2, 12
In Action; Provisioning networks
» Tenant allocates a new network– Nothing happens yet, just a check
» Tenant implements a new network (by starting "rst VM)– LogicalSwitch is created in the Nicira Controller
16
Sunday, December 2, 12
In Action; Provisioning networks
» Tenant allocates a new network– Nothing happens yet, just a check
» Tenant implements a new network (by starting "rst VM)– LogicalSwitch is created in the Nicira Controller
17
Sunday, December 2, 12
In Action; Starting Virtual Machines
» Nicira NVP Element creates a port on the logical switch– Attachment type set to UUID with the UUID of the NIC (from CS)
» Hypervisor Resource sets tags on the Vif with the UUID of the NIC– Attached to the “Integration Bridge”
» Nicira NVP Controller matches those uuids and creates any required $ows.
18
Sunday, December 2, 12
In Action; Starting a Virtual Machine
» Nicira NVP Element creates a port on the logical switch– Attachment type set to UUID with the UUID of the NIC (from CS)
» Hypervisor Resource sets tags on the Vif with the UUID of the NIC
» Nicira NVP matches those uuids and creates any required $ows
19
Sunday, December 2, 12
In Action; Start Routing Elements
» Tenant implements a network– Offering with Virtual Networking and SourceNat– Nicira NVP Element creates Logical Router• inside port connected to Logical Switch
• outside port connected to VLAN (via Gateway Service)• allocated public ip set on outside port
– Nicira NVP con"gures “main” SourceNat rule
20
Sunday, December 2, 12
In Action; Start Routing Elements
» Tenant implements a network– Offering with Virtual Networking and SourceNat– Nicira NVP Element creates Logical Router• inside port connected to Logical Switch
• outside port connected to VLAN (via Gateway Service)• allocated public ip set on outside port
– Nicira NVP con"gures “main” SourceNat rule
21
Sunday, December 2, 12
In Action; Static Nat and PortForwarding
» Tenant updates either a rule for static nat or port forwarding– Requires a con"gured Logical Router• Nicira Nvp Element provisions DNAT rule– Difference between StaticNat and PF is one port or 0:65535
• Nicira Nvp Element provisions SNAT rule
– required for outgoing traffic– Nicira NVP picks most speci"c rule "rst (since 2.2.x)
22
Sunday, December 2, 12
Under the hood; Troubleshooting
» Checking consistency between Nicira NVP Manager and CloudStack– network broadcast uri– database references
» References in the database– external_nicira_nvp_devices• Lists all con"gured nicira devices on physical networks
• reference to host id– nicira_nvp_nic_map• mapping between nic uuid and logical router port uuid
– nicira_nvp_router_map• mapping between router uuid and (guest) network id
23
Sunday, December 2, 12
Summary
» Available in 4.0.0– L2 networks (Logical Switches)– Con"guration via API– Supports Nicira NVP version 2.1.x and 2.2.x– Supports XenServer hypervisors
» Available in next release (and in the master branch)– L3 Routing • Source Nat, Static Nat and Port Forwarding
• Con"guration via the UI
24
Sunday, December 2, 12
Summary
» Future plans– Support for multiple hypervisors– Support for bridged networks (Nicira NVP L2 Gateway)
» More information– CloudStack Plugin Guide for the Nicira NVP Plugin (part of CloudStack documentation)– Nicira (http://nicira.com)
» How to get involved?– Lacking code coverage with unittests– Use it!– Integration with other SDN solutions
25
Sunday, December 2, 12
Thanks!
Sunday, December 2, 12