.. Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information# regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. The Nicira NVP Plugin ===================== Introduction to the Nicira NVP Plugin ------------------------------------- The Nicira NVP plugin adds Nicira NVP as one of the available SDN implementations in CloudStack. With the plugin an exisiting Nicira NVP setup can be used by CloudStack to implement isolated guest networks and to provide additional services like routing and NAT. Features of the Nicira NVP Plugin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following table lists the CloudStack network services provided by the Nicira NVP Plugin. .. cssclass:: table-striped table-bordered table-hover +----------------------+----------------------+---------------+ | Network Service | CloudStack version | NVP version | +======================+======================+===============+ | Virtual Networking | >= 4.0 | >= 2.2.1 | +----------------------+----------------------+---------------+ | Source NAT | >= 4.1 | >= 3.0.1 | +----------------------+----------------------+---------------+ | Static NAT | >= 4.1 | >= 3.0.1 | +----------------------+----------------------+---------------+ | Port Forwarding | >= 4.1 | >= 3.0.1 | +----------------------+----------------------+---------------+ Table: Supported Services .. note:: The Virtual Networking service was originally called 'Connectivity' in CloudStack 4.0 The following hypervisors are supported by the Nicira NVP Plugin. .. cssclass:: table-striped table-bordered table-hover +--------------+----------------------+ | Hypervisor | CloudStack version | +==============+======================+ | XenServer | >= 4.0 | +--------------+----------------------+ | KVM | >= 4.1 | +--------------+----------------------+ Table: Supported Hypervisors .. note:: Please refer to the Nicira NVP configuration guide on how to prepare the hypervisors for Nicira NVP integration. Configuring the Nicira NVP Plugin --------------------------------- Prerequisites ~~~~~~~~~~~~~ Before enabling the Nicira NVP plugin the NVP Controller needs to be configured. Please review the NVP User Guide on how to do that. Make sure you have the following information ready: - The IP address of the NVP Controller - The username to access the API - The password to access the API - The UUID of the Transport Zone that contains the hypervisors in this Zone - The UUID of the Gateway Service used to provide router and NAT services. .. note:: The gateway service uuid is optional and is used for Layer 3 services only (SourceNat, StaticNat and PortForwarding) Zone Configuration ~~~~~~~~~~~~~~~~~~ CloudStack needs to have at least one physical network with the isolation method set to "STT". This network should be enabled for the Guest traffic type. .. note:: The Guest traffic type should be configured with the traffic label that matches the name of the Integration Bridge on the hypervisor. See the Nicira NVP User Guide for more details on how to set this up in XenServer or KVM. .. figure:: /_static/images/nvp-physical-network-stt.png :align: center :alt: a screenshot of a physical network with the STT isolation type Enabling the service provider ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Nicira NVP provider is disabled by default. Navigate to the "Network Service Providers" configuration of the physical network with the STT isolation type. Navigate to the Nicira NVP provider and press the "Enable Provider" button. .. note:: CloudStack 4.0 does not have the UI interface to configure the Nicira NVP plugin. Configuration needs to be done using the API directly. .. figure:: /_static/images/nvp-physical-network-stt.png :align: center :alt: a screenshot of an enabled Nicira NVP provider Device Management ~~~~~~~~~~~~~~~~~ In CloudStack a Nicira NVP setup is considered a "device" that can be added and removed from a physical network. To complete the configuration of the Nicira NVP plugin a device needs to be added to the physical network. Press the "Add NVP Controller" button on the provider panel and enter the configuration details. .. figure:: /_static/images/nvp-physical-network-stt.png :align: center :alt: a screenshot of the device configuration popup. Network Offerings ~~~~~~~~~~~~~~~~~ Using the Nicira NVP plugin requires a network offering with Virtual Networking enabled and configured to use the NiciraNvp element. Typical use cases combine services from the Virtual Router appliance and the Nicira NVP plugin. .. cssclass:: table-striped table-bordered table-hover +----------------------+-----------------+ | Service | Provider | +======================+=================+ | VPN | VirtualRouter | +----------------------+-----------------+ | DHCP | VirtualRouter | +----------------------+-----------------+ | DNS | VirtualRouter | +----------------------+-----------------+ | Firewall | VirtualRouter | +----------------------+-----------------+ | Load Balancer | VirtualRouter | +----------------------+-----------------+ | User Data | VirtualRouter | +----------------------+-----------------+ | Source NAT | VirtualRouter | +----------------------+-----------------+ | Static NAT | VirtualRouter | +----------------------+-----------------+ | Post Forwarding | VirtualRouter | +----------------------+-----------------+ | Virtual Networking | NiciraNVP | +----------------------+-----------------+ Table: Isolated network offering with regular services from the Virtual Router. .. figure:: /_static/images/nvp-physical-network-stt.png :align: center :alt: a screenshot of a network offering. .. note:: The tag in the network offering should be set to the name of the physical network with the NVP provider. Isolated network with network services. The virtual router is still required to provide network services like dns and dhcp. .. cssclass:: table-striped table-bordered table-hover +----------------------+-----------------+ | Service | Provider | +======================+=================+ | DHCP | VirtualRouter | +----------------------+-----------------+ | DNS | VirtualRouter | +----------------------+-----------------+ | User Data | VirtualRouter | +----------------------+-----------------+ | Source NAT | NiciraNVP | +----------------------+-----------------+ | Static NAT | NiciraNVP | +----------------------+-----------------+ | Post Forwarding | NiciraNVP | +----------------------+-----------------+ | Virtual Networking | NiciraNVP | +----------------------+-----------------+ Table: Isolated network offering with network services Using the Nicira NVP plugin with VPC ------------------------------------ Supported VPC features ~~~~~~~~~~~~~~~~~~~~~~ The Nicira NVP plugin supports CloudStack VPC to a certain extent. Starting with CloudStack version 4.1 VPCs can be deployed using NVP isolated networks. It is not possible to use a Nicira NVP Logical Router for as a VPC Router It is not possible to connect a private gateway using a Nicira NVP Logical Switch VPC Offering with Nicira NVP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To allow a VPC to use the Nicira NVP plugin to provision networks, a new VPC offering needs to be created which allows the Virtual Networking service to be implemented by NiciraNVP. This is not currently possible with the UI. The API does provide the proper calls to create a VPC offering with Virtual Networking enabled. However due to a limitation in the 4.1 API it is not possible to select the provider for this network service. To configure the VPC offering with the NiciraNVP provider edit the database table 'vpc\_offering\_service\_map' and change the provider to NiciraNvp for the service 'Connectivity' It is also possible to update the default VPC offering by adding a row to the 'vpc\_offering\_service\_map' with service 'Connectivity' and provider 'NiciraNvp' .. figure:: /_static/images/nvp-physical-network-stt.png :align: center :alt: a screenshot of the mysql table. .. note:: When creating a new VPC offering please note that the UI does not allow you to select a VPC offering yet. The VPC needs to be created using the API with the offering UUID. VPC Network Offerings ~~~~~~~~~~~~~~~~~~~~~ The VPC needs specific network offerings with the VPC flag enabled. Otherwise these network offerings are identical to regular network offerings. To allow VPC networks with a Nicira NVP isolated network the offerings need to support the Virtual Networking service with the NiciraNVP provider. In a typical configuration two network offerings need to be created. One with the loadbalancing service enabled and one without loadbalancing. .. cssclass:: table-striped table-bordered table-hover +----------------------+--------------------+ | Service | Provider | +======================+====================+ | VPN | VpcVirtualRouter | +----------------------+--------------------+ | DHCP | VpcVirtualRouter | +----------------------+--------------------+ | DNS | VpcVirtualRouter | +----------------------+--------------------+ | Load Balancer | VpcVirtualRouter | +----------------------+--------------------+ | User Data | VpcVirtualRouter | +----------------------+--------------------+ | Source NAT | VpcVirtualRouter | +----------------------+--------------------+ | Static NAT | VpcVirtualRouter | +----------------------+--------------------+ | Post Forwarding | VpcVirtualRouter | +----------------------+--------------------+ | NetworkACL | VpcVirtualRouter | +----------------------+--------------------+ | Virtual Networking | NiciraNVP | +----------------------+--------------------+ Table: VPC Network Offering with Loadbalancing Troubleshooting the Nicira NVP Plugin ------------------------------------- UUID References ~~~~~~~~~~~~~~~ The plugin maintains several references in the CloudStack database to items created on the NVP Controller. Every guest network that is created will have its broadcast type set to Lswitch and if the network is in state "Implemented", the broadcast URI will have the UUID of the Logical Switch that was created for this network on the NVP Controller. The Nics that are connected to one of the Logical Switches will have their Logical Switch Port UUID listed in the nicira\_nvp\_nic\_map table .. note:: All devices created on the NVP Controller will have a tag set to domain-account of the owner of the network, this string can be used to search for items in the NVP Controller. Database tables ~~~~~~~~~~~~~~~ The following tables are added to the cloud database for the Nicira NVP Plugin .. cssclass:: table-striped table-bordered table-hover +---------------------+--------------------------------------------------------------+ | id | auto incrementing id | +---------------------+--------------------------------------------------------------+ | logicalswitch | uuid of the logical switch this port is connected to | +---------------------+--------------------------------------------------------------+ | logicalswitchport | uuid of the logical switch port for this nic | +---------------------+--------------------------------------------------------------+ | nic | the CloudStack uuid for this nic, reference to the nics table| +---------------------+--------------------------------------------------------------+ Table: nicira\_nvp\_nic\_map .. cssclass:: table-striped table-bordered table-hover +-------------------------+-------------------------------------------------------------+ | id | auto incrementing id | +-------------------------+-------------------------------------------------------------+ | uuid | UUID identifying this device | +-------------------------+-------------------------------------------------------------+ | physical\_network\_id | the physical network this device is configured on | +-------------------------+-------------------------------------------------------------+ | provider\_name | NiciraNVP | +-------------------------+-------------------------------------------------------------+ | device\_name | display name for this device | +-------------------------+-------------------------------------------------------------+ | host\_id | reference to the host table with the device configuration | +-------------------------+-------------------------------------------------------------+ Table: external\_nicira\_nvp\_devices .. cssclass:: table-striped table-bordered table-hover +-----------------------+----------------------------------------------+ | id | auto incrementing id | +-----------------------+----------------------------------------------+ | logicalrouter\_uuid | uuid of the logical router | +-----------------------+----------------------------------------------+ | network\_id | id of the network this router is linked to | +-----------------------+----------------------------------------------+ Table: nicira\_nvp\_router\_map .. note:: nicira\_nvp\_router\_map is only available in CloudStack 4.1 and above Revision History ---------------- 0-0 Wed Oct 03 2012 Hugo Trippaers hugo@apache.org Documentation created for 4.0.0-incubating version of the NVP Plugin 1-0 Wed May 22 2013 Hugo Trippaers hugo@apache.org Documentation updated for CloudStack 4.1.0 .. | nvp-physical-network-stt.png: a screenshot of a physical network with the STT isolation type | image:: ./images/nvp-physical-network-stt.png .. | nvp-physical-network-stt.png: a screenshot of an enabled Nicira NVP provider | image:: ./images/nvp-enable-provider.png .. | nvp-physical-network-stt.png: a screenshot of the device configuration popup. | image:: ./images/nvp-add-controller.png .. | nvp-physical-network-stt.png: a screenshot of a network offering. | image:: ./images/nvp-network-offering.png .. | nvp-physical-network-stt.png: a screenshot of the mysql table. | image:: ./images/nvp-vpc-offering-edit.png