The document discusses the integration of Nicira NVP with CloudStack, highlighting the benefits of Software Defined Networking (SDN) for enhancing networking flexibility and scalability. It outlines a phased approach for implementing this integration, which includes configurations for Layer 2 and Layer 3 networking, and details how to provision networks and manage resources. Future plans include support for additional networking features and bridging networks.

1. SDN in CloudStack
Nicira NVP integration
Thursday, February 7, 13

2. About me
» Hugo Trippaers
– Email: htrippaers@schubergphilis.com
– Twitter: @Spark404
» I’ve been working in IT for over two decades, mainly at ISPs.
» Mission Critical Engineer at Schuberg Philis for almost 6 years.
– Responsible for the 100% availability of our customers application landscapes
– Currently part of the internal development team
Thursday, February 7, 13

3. Our case for SDN
» Schuberg Philis design for a IAAS offering
– Flexible, Scalable etc etc
» Compute Cloud Management System
– XenServer
– KVM
» Storage Compute Storage Network
– Nexenta
– NetApp
» Networking
– VLANs ?!?
Thursday, February 7, 13

4. Our case for SDN
» Current networking stacks
– Network admins still use console access?!?
– Flexibility and implementation speed?
– Heterogeneous environments are common
– Hardly any APIs and none of them centralized
» Is the solution SDN and Network Virtualization?
4
Thursday, February 7, 13

5. A bit about SDN
» Software Defined Networking
– Decoupling the control plane from the data plan. The system that makes decisions about
where data is sent is no longer directly connected to the underlying system that forwards the
actual traffic.
– Programmable central control of the network without requiring physical access to the
hardware.
» Network Virtualization
– Software based administrative entity, a virtual network
– but how?
• Overlay networks
• Control plane, OpenFlow and OpenVswitch
5
Thursday, February 7, 13

6. Nicira Network Virtualization Platform (NVP)
6
Thursday, February 7, 13

7. Design criteria for the integration
» Transparent integration
– Using Nicira NVP should be no different from using regular networks.
– All code is to be part of CloudStack, no external modules.
» Source code available as OpenSource
Thursday, February 7, 13

8. Phased approach
» Phase one
– Getting familiar with the CloudStack sources
– L2 Networking (Logical Switch and Logical Switch Port)
– API for configuration
» Phase two
– L3 Networking (Logical Routers and Gateway services)
– UI elements for configuration
– Support for KVM and VMWare?
» Future?
Thursday, February 7, 13

9. Nicira NVP integration in CloudStack
» Architecture
Thursday, February 7, 13

10. Nicira NVP integration in CloudStack
» Nicira NVP plugin
Nicira NVP Plugin
NVP NVP
Network- Element
Guru
Nicira NVP Java API wrapper
Hypervisor
adjustments for
Vif tags
Thursday, February 7, 13

11. Nicira NVP integration in CloudStack
Nicira NVP Java API wrapper
Nicira NVP Plugin
NVP Guru
NVP Element
Hypervisor
adjustments for Vif
Thursday, February 7, 13

12. How does it work?
» First of all what do we need
– Nicira NVP Stack
– XenServer or KVM hypervisors
– CloudStack
12
Thursday, February 7, 13

13. How does it work?
» Nicira NVP and hypervisor configuration
– Defining and configuring a transport zone
13
Thursday, February 7, 13

14. How does it work?
» Nicira NVP and hypervisor configuration
– Defining and configuring a transport zone
– Linking the zone to the hypervisors
14
Thursday, February 7, 13

15. How does it work?
» CloudStack configuration
– Setup the Network
Service Provider
15
Thursday, February 7, 13

16. How does it work?
» CloudStack configuration
– Setup the Network Service Provider
– Configure a Physical Network
– Traffic tag links to
“Integration Bridge”
16
Thursday, February 7, 13

17. How does it work?
» CloudStack configuration
– Setup the Network Service Provider
– Configure a Physical Network
– Traffic tag links to
“Integration Bridge”
Only select Virtual Networking;
– Configure Service Offerings “Connectivity” in 4.0.0
• L2 Features
17
Thursday, February 7, 13

18. How does it work?
» CloudStack configuration
– Setup the Network Service Provider
– Configure a Physical Network L3 Support for SourceNat,
StaticNat and Port Forwarding.
– Traffic tag links to
“Integration Bridge”
– Configure Service Offerings
• L2 Features
• L2 and L3 Features
18
Thursday, February 7, 13

19. In Action; Provisioning networks
» Tenant allocates a new network
– Nothing happens yet, just a check
» Tenant implements a new network (by starting first VM)
– LogicalSwitch is created in the Nicira Controller
19
Thursday, February 7, 13

20. In Action; Provisioning networks
» Tenant allocates a new network
– Nothing happens yet, just a check
» Tenant implements a new network (by starting first VM)
– LogicalSwitch is created in the Nicira Controller
20
Thursday, February 7, 13

21. In Action; Starting Virtual Machines
» Nicira NVP Element creates a port on the logical switch
– Attachment type set to UUID with the UUID of the NIC (from CS)
» Hypervisor Resource sets tags on the Vif with the UUID of the NIC
– Attached to the “Integration Bridge”
» Nicira NVP Controller matches those uuids and creates
any required flows.
21
Thursday, February 7, 13

22. In Action; Starting a Virtual Machine
» Nicira NVP Element creates a port on the logical switch
– Attachment type set to UUID with the UUID of the NIC (from CS)
» Hypervisor Resource sets tags on the Vif with the UUID of the NIC
» Nicira NVP matches those uuids and creates any required flows
22
Thursday, February 7, 13

23. In Action; Start Routing Elements
» Tenant implements a network
– Offering with Virtual Networking and SourceNat
– Nicira NVP Element creates Logical Router
• inside port connected to Logical Switch
• outside port connected to VLAN (via Gateway Service)
• allocated public ip set on outside port
– Nicira NVP configures “main” SourceNat rule
23
Thursday, February 7, 13

24. In Action; Start Routing Elements
» Tenant implements a network
– Offering with Virtual Networking and SourceNat
– Nicira NVP Element creates Logical Router
• inside port connected to Logical Switch
• outside port connected to VLAN (via Gateway Service)
• allocated public ip set on outside port
– Nicira NVP configures “main” SourceNat rule
24
Thursday, February 7, 13

25. In Action; Static Nat and PortForwarding
» Tenant updates either a rule for static nat or port forwarding
– Requires a configured Logical Router
• Nicira Nvp Element provisions DNAT rule
– Difference between StaticNat and PF is one port or 0:65535
• Nicira Nvp Element provisions SNAT rule
– required for outgoing traffic
– Nicira NVP picks most specific rule first (since 2.2.x)
25
Thursday, February 7, 13

26. Under the hood; Troubleshooting
» Checking consistency between Nicira NVP Manager and CloudStack
– network broadcast uri
– database references
» References in the database
– external_nicira_nvp_devices
• Lists all configured nicira devices on physical networks
• reference to host id
– nicira_nvp_nic_map
• mapping between nic uuid and logical router port uuid
– nicira_nvp_router_map
• mapping between router uuid and (guest) network id
26
Thursday, February 7, 13

27. Summary
» Available in 4.0.0
– L2 networks (Logical Switches)
– Configuration via API
– Supports Nicira NVP version 2.1.x and 2.2.x
– Supports XenServer hypervisors
» Available in next release (and in the master branch)
– L3 Routing (Logical Routers)
• Source Nat, Static Nat and Port Forwarding
– Configuration via the UI
– Supports KVM hypervisors
27
Thursday, February 7, 13

28. Summary
» Future plans
– Support for VPCs
– Support for bridged networks (Nicira NVP L2 Gateway)
» More information
– CloudStack Plugin Guide for the Nicira NVP Plugin (part of CloudStack documentation)
– Nicira (http://nicira.com)
» How to get involved?
– Lacking code coverage with unittests
– Use it!
– Integration with other SDN solutions
28
Thursday, February 7, 13

29. Thanks!
Thursday, February 7, 13