Difference between revisions of "Neutron/NEC OpenFlow Plugin"
(→Havana & Icehouse) |
m (→= [ovs] section) |
||
Line 95: | Line 95: | ||
** '''insecure_ssl''' (default: <code>false</code>): Disable SSL certificate verification. (Since Icehouse) | ** '''insecure_ssl''' (default: <code>false</code>): Disable SSL certificate verification. (Since Icehouse) | ||
− | ===== [ovs] section ==== | + | ===== [ovs] section ===== |
* '''integration_bridge''' (default: <code>br-int</code>) : This is the name of the OVS integration bridge. There is one per hypervisor. The integration bridge acts as a virtual "patch port". All VM VIFs are attached to this bridge and then "patched" according to their network connectivity. Recommend not to change this parameter unless you have a good reason to. | * '''integration_bridge''' (default: <code>br-int</code>) : This is the name of the OVS integration bridge. There is one per hypervisor. The integration bridge acts as a virtual "patch port". All VM VIFs are attached to this bridge and then "patched" according to their network connectivity. Recommend not to change this parameter unless you have a good reason to. | ||
Revision as of 17:34, 21 April 2014
Contents
Abstract
NEC OpenFlow plugin talks to OpenFlow Controller and each Neutron would be mapped to an virtual layer-2 network slice on an OpenFlow enabled network. The interface between the Neutron plugin and OpenFlow Controller is RESTful API. This API is supported by two implementations:Tream Sliceable Switch (OSS) and NEC ProgrammableFlow Controller (NEC Commercial Product).
This plugin consists of two components: "Plugin" and "Agent".
- Plugin: It processes Neutron API calls and controls OpenFlow controller to handle logical networks on OpenFlow enabled network.
- Agent: It runs on each compute node. It gathers a mapping beween a VIF and a switch port from local Open vSwitch and reports it to the plugin.
Requirements
- OpenFlow Controller: Trema with Sliceable Switch (distributed under GPL2), or an OpenFlow Controller that has the same functionalities and REST API available at https://github.com/trema/apps/wiki/Sliceable-Network-Management-API .
Design
Communication between plugin and agent
This plugin uses "common-rpc" in openstack-common for the agents to communicate with the plugin and will conform to the convention for scalable-agent-comms. The topic name for RPC will be set to "neutron.plugin" as proposed in the blueprint scalable-agent-comms.
Integration with Nova
There are no need for additional features in Nova. This implementation utilizes a current libvirt VIF driver and linux-net interface driver.
How to run this plugin
Using devstack
Devstack support of NEC OpenFlow plugin is a part of the official devstack (http://github.com/openstack-dev/devstack) from Grizzly.
Detail instruction and sample devstack configuration examples (localrc) are available at https://github.com/nec-openstack/devstack-neutron-nec-openflow/wiki .
Before Grizzly
Devstack for this plugin is available at https://github.com/nec-openstack/devstack-neutron-nec-openflow .
- This installs Tream Sliceable Switch (OSS OpenFlow Controller) and run devstack for this plugin.
- Sample localrc files are available in samples/nec-openflow:
- Controller node with OpenFlow controller : samples/nec-openflow/localrc
- Compute node : samples/nec-openflow/localrc-hv
- Branches
- folsom for stable/folsom release
- develop for trunk (next release)
Using Ubuntu packages
To be written.
How to get
- Folsom or later : Merged into the mainline of Neutron https://github.com/openstack/neutron
- Previous releases (before merged into the mainline) are available at https://github.com/nec-openstack/quantum-openflow-plugin (essex and diablo)
Configuration
Havana & Icehouse
neutron.conf
- core_plugin: Needs to be configured to
neutron.plugins.nec.nec_plugin.NECPluginV2
to use NEC OpenFlow plugin as core plugin.-
core_plugin = neutron.plugins.nec.nec_plugin.NECPluginV2
-
- service_plugins: NEC OpenFlow plugin provides L3 router feature as part of the core plugin. Thus L3 router service plugin should NOT be contained in service_plugin. Other service plugins (LBaaS, FWaaS, VPNaaS, metering) are verified to work with NEC OpenFlow plugin.
plugin specific configuration
It is usually placed at /etc/neutron/plugins/nec/nec.ini.
Section "'[OFC]"' is particular configurations to NEC OpenFlow plugin. We describe [OFC] section first and then describe other sections.
[OFC] section
- North-bound REST API of OpenFlow controller
- host: Host IP address of OpenFlow Controller where its north-bound REST API is listening to. Example:
127.0.0.1
- port: Port number of OpenFlow Controller where its north0bound REST API is listening to. Example:
8888
- driver: Shortcut name or full class path of OpenFlow controller driver. The appropriate driver needs to be specified depending on your back-end OpenFlow controller. The following drivers are available. The default value is
trema
.- NEC ProgrammableFlow OpenFlow controller
- pfc : Alias for the latest ProgrammableFlow release. pfc_v51 in Icehouse, pfc_v5 in Havana.
- pfc_v51 : ProgrammableFlow Controller V5.1. Supported in Icehouse (or NEC customized version of Havana Neutron https://github.com/nec-openstack/neutron/tree/havana-nec).
- pfc_v5 : ProgrammableFlow Controller V5.0. Supported in Havana or later.
- pfc_v4 : ProgrammableFlow Controller V4.0.
- pfc_v3 : ProgrammableFlow Controller V3.0.
- Trema Sliceable Switch
- trema: Trema Slieable Switch. Alias for trema_port.
- trema_port : Virtual networks are identified based on OpenFlow port. Each port of virtual network is identified by datapath_id, port_no and (optional) vlan_id.
- trema_portmac : Similar to trema_port. In addition MAC address is also considered when identify a port of virtual network.
- trema_mac : Virtual networks are identified based on received MAC address.
- NEC ProgrammableFlow OpenFlow controller
- enable_packet_filter: Specified whether NEC plugin specific PacketFilter extension is enabled. This features is supported in all OpenStack releases for Trema Sliceable Switch and since Icehouse for ProgrammableFlow Controller. The default value is
true
. - api_max_attempts (default: 3): Maximum attempts per OFC API request. NEC plugin retries API request to OFC when OFC returns ServiceUnavailable (503). The value must be greater than 0. (Since Icehouse)
- path_prefix (default: empty string): Base URL of OpenFlow Controller REST API. It is prepended to a path of each API request. (Since Icehouse)
- host: Host IP address of OpenFlow Controller where its north-bound REST API is listening to. Example:
- SSL configuration for OpenFlow controller north bound API. It is only available for ProgrammableFlow Controller.
- use_ssl (default:
false
): Specify whether SSL is used to connection a back-end OpenFlow controller or not. - key_file: Key file
- cert_file: Certificate file
- insecure_ssl (default:
false
): Disable SSL certificate verification. (Since Icehouse)
- use_ssl (default:
[ovs] section
- integration_bridge (default:
br-int
) : This is the name of the OVS integration bridge. There is one per hypervisor. The integration bridge acts as a virtual "patch port". All VM VIFs are attached to this bridge and then "patched" according to their network connectivity. Recommend not to change this parameter unless you have a good reason to.
[agent] section
- root_helper: Recommended to be configured to
sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
- polling_interval (default: 2): Agent's polling interval in seconds
[securitygroup] section
- firewall_driver: Firewall driver for realizing neutron security group function. Needs to configured to
neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
- enable_security_group (default: true): Controls if neutron security group is enabled or not. It should be false when you use nova security group.
[provider] section
NEC OpenFlow plugin supported multiple back-end for router implementation.
- default_router_provider (default: l3-agent): Default router provider to use. l3-agent or openflow can be specified.
- router_providers (default: l3-agent,openflow): List of enabled router providers. If a configured OpenFlow backed does not support router implementation, openflow provider will be disabled automatically and all routers will be created using l3-agent.
Neutron plugin agent
- neutron plugin agent configuration : needs to use OVSInterfaceDriver to use DHCP agent (dhcp_agent.ini), L3 agent (l3_agent.ini) and other service agent (such as LBaaS HAProxy agent).
interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver ovs_use_veth = True
Nova configuration
- Havana: libvirt_vif_driver needs to be configured.
- In Icehouse no configuration for libvirt_vif_driver is required.
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
Grizzly
In quantum.conf, `core_plugin` needs to be configured to use NEC OpenFlow plugin.
# Quantum plugin provider module core_plugin = quantum.plugins.nec.nec_plugin.NECPluginV2 # Path to the extensions. # It must be abosolute path (or relative path from the directory where quantum-server is invoked) api_extensions_path = /opt/stack/quantum/quantum/plugins/nec/extensions/
- Plugin specific configurations /etc/quantum/plugins/nec/nec.ini . Section "[OFC]" is particular configurations to NEC OpenFlow plugin.
[OFC] # OpenFlow Controller Host and Port to connect. host = 127.0.0.1 port = 8888 # Drivers are in quantum/plugins/nec/drivers/ . driver = trema # PacketFilter is available when it's enabled in this configuration # and supported by the driver. enable_packet_filter = true
- quantum agent configuration : needs to use OVSInterfaceDriver to use DHCP agent (dhcp_agent.ini), L3 agent (l3_agent.ini), and LBaaS HAproxy agent (lbaas.ini).
interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver ovs_use_veth = True
- nova.conf : same as OVS plugin
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
Related websites
- Github repositories of NEC OpenStack team : https://github.com/nec-openstack/
- Trema - Full-Stack OpenFlow Framework in Ruby and C : https://github.com/trema/trema
- Trema Sliceable Switch : https://github.com/trema/apps/tree/master/sliceable_switch
(Contact: Ryota Mibu, Akihiro Motoki, NEC)