Neutron/ML2/LenovoML2Mechanism

Lenovo Networking Openstack Neutron Plug-in
Here you will find details on the Lenovo vendor code Neutron ML2 Driver for Liberty and Kilo.


 * Free software: Apache license
 * Documentation: https://github.com/lenovo/networking-lenovo
 * Source: https://github.com/lenovo/networking-lenovo
 * Bugs: http://bugs.launchpad.net/networking-lenovo

Overview

Openstack is an open source infrastructure initiative for creating and managing large groups of virtual private servers in a cloud computing environment. Lenovo’s Networking Neutron ML2 Driver provides a means to orchestrate VLANs on Lenovo’s physical switches. In cloud environments where VMs are hosted by physical servers, the VMs see a new virtual access layer provided by the host machine.

This new access layer can be typically created via many mechanisms e.g. Linux Bridges or a Virtual Switches. The policies of the virtual access layer (virtual network), when set must now be coordinated with the policies set in the hardware switches. Lenovo’s Neutron Plugin helps in coordinating this behavior automatically without any intervention from the administrator. The illustration below provides an architectural overview of how Lenovo’s ML2 Plugin and switches fits into an Openstack deployment.



General Requirements

The following matrix lists the supported components:

User Guide

The Lenovo Networking ML2 User Guide is provided to assist with installation and setup of these drivers - Download User Guide

Download Lenovo ML2 Driver Code

The Lenovo Networking ML2 Driver code is located on Github.

Lenovo Networking Products

Learn more about Lenovo Data Center Switches on Lenovo Networking Website

- Recommended Network Configurations

The following is an example of Single Port Server attachments where no redundancy is required



When network redundancy is required, Lenovo VLAG is recommended as shown below



When VXLAN is required, following network scenario is showing below



VXLAN scenario Description : Consider the above network scenario, where all OpenStack Compute and Network Nodes are connected to Data Center Interconnection (DCI) switches. If network nodes and controller nodes are installed together, connect these nodes to the switches as well. The DCI switches are connected to each other through a VXLAN Tunnel Endpoint (VTEP) in a Layer 3 routed network. A configuration file is shown for this scenario below. -- Using the Lenovo Openstack ML2 Driver -

The Lenovo Plug-in will provide dynamic VLAN configuration on access layer switches server facing ports that maps Openstack networks into the physical infrastructure.

1.	Lenovo Plug-in Installation

The following are the detailed steps to setup your Openstack deployment with Lenovo Neutron Plugin managing Lenovo Switches.

1.1	Lenovo Plug-in Prerequisites

The following are prerequisites for using the plug-in:


 * Install python pip and git to allow the downloading of files from Github

For Red Hat, use the following:

% sudo yum install python-pip git

For Ubuntu, use the following:

% sudo apt-get install python-pip git

Note: From Newton and Ocata OpenStack releases, NETCONF based communication to ENOS switches is not supported. Use SNMP instead.
 * Install the ncclient v0.4.2 Python library for NETCONF clients. For more information on ncclient, see http://ncclient.grnet.gr/.
 * Install with the ncclient library by using the pip package manager at your shell prompt:

% sudo pip install ncclient==0.4.2

% sudo pip install pysnmp
 * If using SNMP to configure the switch (Liberty release only), then the pysnmp package must also be installed:


 * Determine the VLAN pool for your Openstack Deployment, for example 1001-2001. This will be required for configuring the uplink ports and the plugin.


 * Configure physical network topology; add the assigned VLAN pool to uplink ports and aggregation switches as required. Other protocols such as ACLs, switch access credential should be configured as needed.


 * SSH needs to be enabled on all Openstack Managed switches. This is required for the NETCONF protocol.


 * In VLAG mode, the ISL and Portchannel/LACP trunk should be created on the relevant switches as the plugin does not configure these attributes.


 * Server NICs connected to VLAG Switches needs to have NIC bonding configured (see Network topology section for examples).


 * Install Openstack Controller and Network nodes. Openstack needs to be running before installing the Lenovo Neutron driver.

1.2	ML2 Installation Procedure

This section will cover the installation procedure for Lenovo Networking Openstack ML2 Driver plug-in in a Multi Node environment with Redhat Enterprise Linux Openstack 7/8/10, Ubuntu 14.04/16.04 LTS or CentOS7.3:

Download Lenovo ML2 driver

The ML2 installation files can be downloaded from Lenovo Stackforge Github site with “git clone” as shown below

% sudo git clone https://github.com/lenovo/networking-lenovo.git

Setup Lenovo ML2 Plug-in

The next step is to install the plug-in % cd networking-lenovo % sudo python setup.py install

This concludes the Lenovo ML2 driver (vendor code) installation step.

1.2.1	Redhat Openstack Setup

The following steps are required for Kilo based installations such as Redhat Openstack Release 7 Environments.

Step 1 is to uninstall the current neutron on the system as follows:

% sudo pip uninstall neutron;

Once the current neutron has been uninstalled, Step 2 is to download the kilo neutron code for Lenovo from Github as follows

% sudo git clone https://github.com/lenovo/neutron.git

Once the files are downloaded, install the Lenovo Neutron driver as follows

% cd neutron % sudo git checkout staging/kiloplus % sudo python setup.py install

At this point the Lenovo ML2 driver for Kilo has been installed.

Use the following steps for Liberty based installations such as Redhat Openstack Release 8 Environments, or Newton based installations such as Redhat Openstack Release 10 Environments.

Step 1 is to download the liberty neutron code for Lenovo from Github as follows

For Queens/VXLAN: % sudo git clone https://github.com/lenovo/networking-lenovo.git -b vxlan For Newton/Ocata: % sudo git clone https://github.com/lenovo/networking-lenovo.git -b newton-ocata For Mitaka and eariler: % sudo git clone https://github.com/lenovo/networking-lenovo.git

Once the files are downloaded, install the Lenovo Neutron driver as follows

% cd networking-lenovo % sudo python setup.py install

At this point the Lenovo ML2 driver for Liberty has been installed.

Update ML2 Configuration

Now it is time to edit the ml2 configuration files with some basic information on the use of VLANs for networking and add local switch information.

% cd /etc/neutron/plugins/ml2

Change the file ml2_conf.ini as follows

% sudo vi ml2_conf.ini,
 * change tenant_network_types = vlan
 * change mechanism_drivers = openvswitch,lenovo
 * configure network_vlan_ranges = xxxx:10:2000
 * copy everything in ml2_conf_lenovo.ini, and concatenate to ml2_conf.ini,

change this section according to network setup requirements, add the IP address of switch(es), Connection details and change the hostname for servers

(See more details on this step in section 2. Plugin Configuration)

Neutron Database Migration

% sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head

Start/Restart the Neutron Server – Exiting the mysql is required for this step:

% sudo systemctl start neutron-server.service

If any issues are observed please check the section “3. Troubleshooting the Installation”.

1.2.2	Ubuntu Openstack Setup

The following steps are required for Kilo based installations in Ubuntu 14.x Environments. The first step is to uninstall the current neutron on the system as follows: % sudo pip uninstall neutron

Once the current neutron has been uninstalled, we need to download the kilo neutron code for Lenovo from Github as follows % sudo git clone https://github.com/lenovo/neutron.git

Once the files are downloaded, install the Lenovo Neutron code as follows % cd neutron % git checkout staging/kiloplus % sudo python setup.py install

At this point the Lenovo ML2 driver has been installed and Neutron for Kilo Replaced.

The following steps are required for Liberty based installations in Ubuntu 14.x Environments, or Newton based installations in Ubuntu 16.04/14.04 Environments.

The first step is to download the liberty neutron code for Lenovo from Github as follows For Queens/VXLAN: % sudo git clone https://github.com/lenovo/networking-lenovo.git -b vxlan For Newton/Ocata: % sudo git clone https://github.com/lenovo/networking-lenovo.git -b newton-ocata For Mitaka and eariler: % sudo git clone https://github.com/lenovo/networking-lenovo.git

Once the files are downloaded, install the Lenovo Neutron code as follows % cd networking-lenovo % sudo python setup.py install

At this point the Lenovo ML2 driver for Liberty has been installed.

Update ML2 Configuration

Now it is time to edit the ml2 configuration files with some basic information on the use of VLANs for networking and add local switch information.

% cd /etc/neutron/plugins/ml2

Change the file ml2_conf.ini as follows

% sudo vi ml2_conf.ini, change this section according to network setup requirements, add the IP address of switch(es), Connection details and change the hostname for servers
 * change tenant_network_types = vlan
 * change mechanism_drivers = openvswitch,lenovo
 * configure network_vlan_ranges = xxxx:10:4000
 * copy everything in ml2_conf_lenovo.ini, and concatenate to ml2_conf.ini,

(See more details on this step in section 2. Plugin Configuration)

Neutron Database Migration

% sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head

Start the Neutron Server – Exiting the mysql is required for this step:

% sudo service neutron-server restart

If any issues are observed please check the section “3. Troubleshooting the Installation”.

1.2.3	CentOS Openstack Setup

Use the following steps for Newton based installations such as CentOS Release 7.3 Environments.

Step 1 is to download the liberty neutron code for Lenovo from Github as follows

% sudo git clone https://github.com/lenovo/networking-lenovo.git -b newton-ocata

% sudo git clone https://github.com/lenovo/networking-lenovo.git -b vxlan

Once the files are downloaded, install the Lenovo Neutron driver as follows

% cd networking-lenovo % sudo python setup.py install

At this point the Lenovo ML2 driver for Liberty has been installed.

Update ML2 Configuration

Now it is time to edit the ml2 configuration files with some basic information on the use of VLANs for networking and add local switch information.

% cd /etc/neutron/plugins/ml2

Change the file ml2_conf.ini as follows

% sudo vi ml2_conf.ini,
 * change tenant_network_types = vlan
 * change mechanism_drivers = openvswitch,lenovo
 * configure network_vlan_ranges = xxxx:10:4000
 * copy everything in ml2_conf_lenovo.ini, and concatenate to ml2_conf.ini,

change this section according to network setup requirements, add the IP address of switch(es), Connection details and change the hostname for servers

(See more details on this step in section 2. Plugin Configuration)

Neutron Database Migration

% sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head

Restart the Neutron Server – Exiting the mysql is required for this step:

% sudo systemctl restart neutron-server.service

If any issues are observed please check the section “3. Troubleshooting the Installation”.

2. Lenovo Plug-in Configuration

Two sections of the configuration file will need to be modified in /etc/neutron/plugins/ml2/ml2_conf.ini.

A scripting tool is available to auto-generate the configuration for the Lenovo plug-in. The Readme with instructions for using this tool can be found here - Configuration Script.

The steps to modify the configuration file manually are below:

The first section is in [ml2[ to have Lenovo included in mechanism_drivers, and network_vlan_ranges need to be defined as in ml2_type_vlan section.

[ml2] tenant_network_types = vlan type_drivers = local,flat,vlan,gre,vxlan mechanism_drivers = openvswitch,lenovo
 * 1) (ListOpt) List of network type driver entrypoints to be loaded from
 * 2) the neutron.ml2.type_drivers namespace.
 * 3) type_drivers = local,flat,vlan,gre,vxlan
 * 4) Example: type_drivers = flat,vlan,gre,vxlan
 * 1) Example: type_drivers = flat,vlan,gre,vxlan


 * 1) (ListOpt) Ordered list of network_types to allocate as tenant
 * 2) networks. The default value 'local' is useful for single-box testing
 * 3) But provides no connectivity between hosts.
 * 4) tenant_network_types = local
 * 5) Example: tenant_network_types = vlan,gre,vxlan
 * 1) Example: tenant_network_types = vlan,gre,vxlan


 * 1) (ListOpt) Ordered list of networking mechanism driver entrypoints
 * 2) to be loaded from the neutron.ml2.mechanism_drivers namespace.
 * 3) mechanism_drivers =
 * 4) Example: mechanism_drivers = openvswitch,mlnx
 * 5) Example: mechanism_drivers = arista
 * 6) Example: mechanism_drivers = cisco,logger
 * 7) Example: mechanism_drivers = openvswitch,brocade
 * 8) Example: mechanism_drivers = linuxbridge,brocade


 * 1) (ListOpt) Ordered list of extension driver entrypoints
 * 2) to be loaded from the neutron.ml2.extension_drivers namespace.
 * 3) extension_drivers =
 * 4) Example: extension_drivers = anewextensiondriver

[ml2_type_vlan] network_vlan_ranges = default:1000:1999
 * 1) (ListOpt) List of [::] tuples
 * 2) specifying physical_network names usable for VLAN provider and
 * 3) tenant networks, as well as ranges of VLAN tags on each
 * 4) physical_network available for allocation as tenant networks.
 * 5) network_vlan_ranges =
 * 6) Example: network_vlan_ranges = physnet1:1000:2999,physnet2
 * 1) Example: network_vlan_ranges = physnet1:1000:2999,physnet2

The second section is to add Lenovo switch information to the section [ml2_mech_lenovo] of this configuration file.

Include the following information (see the example below):


 * The hostname/IP address of the Switch
 * The hostname and port of the server(s) that is connected to the switch
 * The Lenovo switch credentials username and password
 * Portchannel or LACP number for Host connected with VLAG
 * SSH Port number for Netconf (Typically 830)

If SNMP is to be used to communicate with the switch (Liberty only), then the SNMP information below is also required:

Note: To ensure maximum security, only SNMP version 3 is supported. Also, the only available SNMPv3 authentication option is SHA-96 and the only available SNMPv3 privacy option is AES-128.


 * SNMP port number
 * SNMP version number (3)
 * SNMP username
 * SNMP authentication and privacy keys
 * SNMPv3 authentication method (SHA)
 * SNMPv2 privacy method (AES-128)

There could be several server to switch port mappings configured per switch. The configuration is only limited by number of available ports.

For Kilo configuration [ml2 mech Lenovo:10.240.179.65] nova-node-1 = portchannel:64
 * 1) Hostname and port used on the switch for this compute host.

ssh port = 830
 * 1) Port number where the SSH will be running on the Lenovo switch.  Default is 22 so this variable only needs to be configured if different.

username = admin password = admin
 * 1) Provide the switch login information

[ml2 mech Lenovo:10.240.179.64] nova-node-1 = portchannel:64 ssh port = 830 username = admin password = admin
 * 1) Configuration second switch

[ml2 mech Lenovo:10.240.179.64] nova-node-2 = 17 ssh port = 830 username = admin password = admin
 * 1) Configuration second server on second switch

For Liberty configuration using SNMP [ml2_mech_Lenovo:1.1.1.1] compute01 = portchannel:64 compute02 = 17
 * 1) Hostname and port used on the switch for this compute host.

ssh_port = 830
 * 1) Port number where the SSH will be running on the Lenovo switch.  Default is 22 so this variable only needs to be configured if different.

username = user1 password = passw0rd
 * 1) Provide the switch login information

protocol = SNMP
 * 1) This is to let the driver know SNMP protocol will be used to communicate with this switch.  If not defined then assume Netconf is used.

snmp_port=161
 * 1) Port number for SNMP

snmp_version=3
 * 1) SNMP version number

snmp_user=adminshaaes
 * 1) SNMP username

snmp_authkey=key1 snmp_privkey=key2
 * 1) SNMP Auth key and Priv key.

snmp_auth=SHA
 * 1)  SNMPv3 auth option.

snmp_priv=AES-128 There is a new configure item for Newton/Ocata releases: plugin_mode=compatible
 * 1) SNMPv2 priv options.

If it is a switch of CNOS release version 10.6.0.20 or later(version 10.6.1),

Or a switch of ENOS release version 8.4.6.4 or later, you need to open this configure item. Otherwise, comment this item. Example configuration to use REST API as driver for a CNOS switch of version 10.6.0.20.

For Newton configuration using REST API [ml2_mech_Lenovo:1.1.1.1] os = cnos protocol = rest rest_tcp_port = 443 compute01 = portchannel:64 compute02 = port:1/17
 * 1) Port number for RestApi.
 * 1) Hostname and port used on the switch for this compute host.

username = user1 password = passw0rd
 * 1) Provide the switch login information


 * 1) comment below item since the switch version is 10.6.0.20
 * 2) plugin_mode = compatible

As more switches and servers are added to the network, the configuration files would need to be updated with these details. Once this configuration is done, it is now time to create networks from the Horizon dashboard or Openstack command line.

VXLAN configuration: If VXLAN is required, additional configuration options is shown as below: [ml2_type_lenovo_vxlan] vxlan_range_base = xxx "vxlan_range_base" is the start vni that going to be used for ML2 plugin, the end vni depends on the number of vlan id in your Openstack.

network_mode = vxlan When "network_mode" is set to vxlan, ML2 will configure vxlan mapping on switches. The default value is vlan.

virtuel_interface_ip = 10.10.1.1 "virtuel_interface_ip" is the VETP address of a switch.

Below is an example configuration for vxlan scenario shown as in above picture(Figure 1): [ml2_type_lenovo_vxlan] vxlan_range_base = 50000 [ml2_mech_lenovo:192.168.1.1] os = cnos protocol = rest rest_tcp_port = 443 username = admin password = admin compute_node_1 = port:1/1,port:1/2 compute_node_2 = port:1/2 compute_node_3 = port:1/2 network_mode = vxlan virtual_interface_ip = 10.10.1.1 [ml2_mech_lenovo:192.168.1.2] os = cnos protocol = rest rest_tcp_port = 443 username = admin password = admin compute_node_2 = port:1/2 network_mode = vxlan virtual_interface_ip = 10.10.2.1 [ml2_mech_lenovo:192.168.1.3] os = cnos protocol = rest rest_tcp_port = 443 username = admin password = admin compute_node_3 = port:1/3 network_mode = vxlan virtual_interface_ip = 10.10.3.1
 * 1) plugin_mode = compatible
 * 2) compute_node_1 is the hostname of compute node 1 in above scenario
 * 1) plugin_mode = compatible
 * 1) plugin_mode = compatible

3.	Troubleshooting the Installation

If the Neutron service does not start:

1.	Check the Neutron log file located at /var/log/neutron/server.log.

2.	Verify that Lenovo Plugin details are in the mysql database:

% sudo mysql –u root –p –h [your IP]

mysql> use neutron; mysql> show tables;

(Verify that the following table is present lenovo_ml2_nosport_bindings)

4. Support Policy

This software is provided as Open source code therefore, Lenovo does not provide any support entitlements for this product. If any issues occur while using this driver with Lenovo Switches, the Openstack launchpad application is a good tool for opening a bug against it and Lenovo may address this on a best effort basis.