Jump to: navigation, search

Neutron/ML2/LenovoML2Mechanism

< Neutron‎ | ML2
Revision as of 09:11, 18 January 2018 by Liuxw9 (talk | contribs) (Lenovo Networking Openstack Neutron Plug-in)

Lenovo Networking Openstack Neutron Plug-in

Here you will find details on the Lenovo vendor code Neutron ML2 Driver for Liberty and Kilo.


Overview


Openstack is an open source infrastructure initiative for creating and managing large groups of virtual private servers in a cloud computing environment. Lenovo’s Networking Neutron ML2 Driver provides a means to orchestrate VLANs on Lenovo’s physical switches. In cloud environments where VMs are hosted by physical servers, the VMs see a new virtual access layer provided by the host machine.

This new access layer can be typically created via many mechanisms e.g. Linux Bridges or a Virtual Switches. The policies of the virtual access layer (virtual network), when set must now be coordinated with the policies set in the hardware switches. Lenovo’s Neutron Plugin helps in coordinating this behavior automatically without any intervention from the administrator. The illustration below provides an architectural overview of how Lenovo’s ML2 Plugin and switches fits into an Openstack deployment.

Lenovo ML2 Plugin Architecture

General Requirements


The following matrix lists the supported components:

Component Newton Requirements Mitaka Requirements Liberty Requirements Kilo Requirements
OpenStack Version Newton Mitaka Liberty Kilo
Lenovo Switches G8272, G8296, G8332, Lenovo ThinkSystem: NE1032, NE1032T, NE1072T, NE10032; G8332, G8272, G8264, G8052 G8264CS, G8124E, G8052, G7052, G7028, CN4093, EN4093R, SI4093 (non-SPAR mode), SI4091 G8272, G8296, G8332, Lenovo ThinkSystem: NE1032, NE1032T, NE1072T, NE10032, NE2572 G8332, G8296, G8272, G8264, G8264CS, G8124E, G8052, G7052, G7028, CN4093, EN4093R, SI4093 (non-SPAR mode), SI4091 G8332, G8272, G8264, G8052
Network OS Version 10.5.1 and later, 8.4.6 and later 10.2 and later 7.9, 8.1 and later, 10.1 and later 7.9, 8.1 and later
Linux Distribution Red Hat RHEL10 (RHOSP10 certification), Ubuntu 16.04 TLS, CentOS7.3 Red Hat RHEL9 (RHOSP9 certification), Ubuntu 14.04 TLS Red Hat RHEL8 (RHOSP8 certification), Ubuntu 14.04 TLS Red Hat RHEL7 (RHOSP7 certification), Ubuntu 14.04 TLS


User Guide


The Lenovo Networking ML2 User Guide is provided to assist with installation and setup of these drivers - Download User Guide


Download Lenovo ML2 Driver Code


The Lenovo Networking ML2 Driver code is located on Github.


Lenovo Networking Products


Learn more about Lenovo Data Center Switches on Lenovo Networking Website


Recommended Network Configurations


The following is an example of Single Port Server attachments where no redundancy is required


Single Server Attachment


When network redundancy is required, Lenovo VLAG is recommended as shown below


Lenovo VLAG Configuration



Using the Lenovo Openstack ML2 Driver


The Lenovo Plug-in will provide dynamic VLAN configuration on access layer switches server facing ports that maps Openstack networks into the physical infrastructure.


1. Lenovo Plug-in Installation

The following are the detailed steps to setup your Openstack deployment with Lenovo Neutron Plugin managing Lenovo Switches.


1.1 Lenovo Plug-in Prerequisites

The following are prerequisites for using the plug-in:

  • Install python pip and git to allow the downloading of files from Github


For Red Hat, use the following:

% sudo yum install python-pip git

For Ubuntu, use the following:

% sudo apt-get install python-pip git
  • Install the ncclient v0.4.2 Python library for NETCONF clients. For more information on ncclient, see http://ncclient.grnet.gr/.
  • Install with the ncclient library by using the pip package manager at your shell prompt:
% sudo pip install ncclient==0.4.2


  • If using SNMP to configure the switch (Liberty release only), then the pysnmp package must also be installed:
% sudo pip install pysnmp


  • Determine the VLAN pool for your Openstack Deployment, for example 1001-2001. This will be required for configuring the uplink ports and the plugin.
  • Configure physical network topology; add the assigned VLAN pool to uplink ports and aggregation switches as required. Other protocols such as ACLs, switch access credential should be configured as needed.
  • SSH needs to be enabled on all Openstack Managed switches. This is required for the NETCONF protocol.
  • In VLAG mode, the ISL and Portchannel/LACP trunk should be created on the relevant switches as the plugin does not configure these attributes.
  • Server NICs connected to VLAG Switches needs to have NIC bonding configured (see Network topology section for examples).
  • Install Openstack Controller and Network nodes. Openstack needs to be running before installing the Lenovo Neutron driver.


1.2 ML2 Installation Procedure

This section will cover the installation procedure for Lenovo Networking Openstack ML2 Driver plug-in in a Multi Node environment with Redhat Enterprise Linux Openstack 7/8/10, Ubuntu 14.04/16.04 LTS or CentOS7.3:

Download Lenovo ML2 driver

The ML2 installation files can be downloaded from Lenovo Stackforge Github site with “git clone” as shown below

% sudo git clone https://github.com/lenovo/networking-lenovo.git


Setup Lenovo ML2 Plug-in

The next step is to install the plug-in

% cd  networking-lenovo
% sudo python setup.py install 

This concludes the Lenovo ML2 driver (vendor code) installation step.


1.2.1 Redhat Openstack Setup

The following steps are required for Kilo based installations such as Redhat Openstack Release 7 Environments.

Step 1 is to uninstall the current neutron on the system as follows:

% sudo pip uninstall neutron;

Once the current neutron has been uninstalled, Step 2 is to download the kilo neutron code for Lenovo from Github as follows

% sudo git clone https://github.com/lenovo/neutron.git 

Once the files are downloaded, install the Lenovo Neutron driver as follows

% cd neutron
% sudo git checkout staging/kiloplus
% sudo python setup.py install

At this point the Lenovo ML2 driver for Kilo has been installed.


Use the following steps for Liberty based installations such as Redhat Openstack Release 8 Environments, or Newton based installations such as Redhat Openstack Release 10 Environments.

Step 1 is to download the liberty neutron code for Lenovo from Github as follows

For Newton/Ocata:
% sudo git clone https://github.com/lenovo/networking-lenovo.git -b newton-ocata
For Mitaka and eariler:
% sudo git clone https://github.com/lenovo/networking-lenovo.git 

Once the files are downloaded, install the Lenovo Neutron driver as follows

% cd networking-lenovo
% sudo python setup.py install

At this point the Lenovo ML2 driver for Liberty has been installed.


Update ML2 Configuration

Now it is time to edit the ml2 configuration files with some basic information on the use of VLANs for networking and add local switch information.

%  cd /etc/neutron/plugins/ml2

Change the file ml2_conf.ini as follows

% sudo vi ml2_conf.ini,
*      change tenant_network_types = vlan
*      change mechanism_drivers = openvswitch,lenovo
*      configure network_vlan_ranges = xxxx:10:2000
*      copy everything in ml2_conf_lenovo.ini, and concatenate to ml2_conf.ini, 

change this section according to network setup requirements, add the IP address of switch(es), Connection details and change the hostname for servers

(See more details on this step in section 2. Plugin Configuration)


Neutron Database Migration

% sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file  /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head

Start/Restart the Neutron Server – Exiting the mysql is required for this step:

% sudo systemctl start neutron-server.service 

If any issues are observed please check the section “3. Troubleshooting the Installation”.


1.2.2 Ubuntu Openstack Setup

The following steps are required for Kilo based installations in Ubuntu 14.x Environments. The first step is to uninstall the current neutron on the system as follows:

% sudo pip uninstall neutron

Once the current neutron has been uninstalled, we need to download the kilo neutron code for Lenovo from Github as follows

% sudo git clone https://github.com/lenovo/neutron.git 

Once the files are downloaded, install the Lenovo Neutron code as follows

% cd neutron
% git checkout staging/kiloplus
% sudo python setup.py install

At this point the Lenovo ML2 driver has been installed and Neutron for Kilo Replaced.


The following steps are required for Liberty based installations in Ubuntu 14.x Environments, or Newton based installations in Ubuntu 16.04/14.04 Environments.

The first step is to download the liberty neutron code for Lenovo from Github as follows

For Newton/Ocata:
% sudo git clone https://github.com/lenovo/networking-lenovo.git -b newton-ocata
For Mitaka and eariler:
% sudo git clone https://github.com/lenovo/networking-lenovo.git 

Once the files are downloaded, install the Lenovo Neutron code as follows

% cd networking-lenovo
% sudo python setup.py install

At this point the Lenovo ML2 driver for Liberty has been installed.


Update ML2 Configuration

Now it is time to edit the ml2 configuration files with some basic information on the use of VLANs for networking and add local switch information.

%  cd /etc/neutron/plugins/ml2

Change the file ml2_conf.ini as follows

% sudo vi ml2_conf.ini,
*     change tenant_network_types = vlan
*     change mechanism_drivers = openvswitch,lenovo
*     configure  network_vlan_ranges = xxxx:10:4000
*     copy everything in ml2_conf_lenovo.ini, and concatenate to ml2_conf.ini, 

change this section according to network setup requirements, add the IP address of switch(es), Connection details and change the hostname for servers

(See more details on this step in section 2. Plugin Configuration)


Neutron Database Migration

% sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file  /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head

Start the Neutron Server – Exiting the mysql is required for this step:

% sudo service neutron-server restart 

If any issues are observed please check the section “3. Troubleshooting the Installation”.


1.2.3 CentOS Openstack Setup

Use the following steps for Newton based installations such as CentOS Release 7.3 Environments.

Step 1 is to download the liberty neutron code for Lenovo from Github as follows

% sudo git clone https://github.com/lenovo/networking-lenovo.git -b newton-ocata

Once the files are downloaded, install the Lenovo Neutron driver as follows

% cd networking-lenovo
% sudo python setup.py install

At this point the Lenovo ML2 driver for Liberty has been installed.


Update ML2 Configuration

Now it is time to edit the ml2 configuration files with some basic information on the use of VLANs for networking and add local switch information.

%  cd /etc/neutron/plugins/ml2

Change the file ml2_conf.ini as follows

% sudo vi ml2_conf.ini,
*      change tenant_network_types = vlan
*      change mechanism_drivers = openvswitch,lenovo
*      configure  network_vlan_ranges = xxxx:10:4000
*      copy everything in ml2_conf_lenovo.ini, and concatenate to ml2_conf.ini, 

change this section according to network setup requirements, add the IP address of switch(es), Connection details and change the hostname for servers

(See more details on this step in section 2. Plugin Configuration)


Neutron Database Migration

% sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file  /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head

Restart the Neutron Server – Exiting the mysql is required for this step:

% sudo systemctl restart neutron-server.service 

If any issues are observed please check the section “3. Troubleshooting the Installation”.


2. Lenovo Plug-in Configuration

Two sections of the configuration file will need to be modified in /etc/neutron/plugins/ml2/ml2_conf.ini.

A scripting tool is available to auto-generate the configuration for the Lenovo plug-in. The Readme with instructions for using this tool can be found here - Configuration Script.

The steps to modify the configuration file manually are below:

The first section is in [ml2[ to have Lenovo included in mechanism_drivers, and network_vlan_ranges need to be defined as in ml2_type_vlan section.

[ml2]
tenant_network_types = vlan
type_drivers = local,flat,vlan,gre,vxlan
mechanism_drivers = openvswitch,lenovo
# (ListOpt) List of network type driver entrypoints to be loaded from
# the neutron.ml2.type_drivers namespace.
#
# type_drivers = local,flat,vlan,gre,vxlan
# Example: type_drivers = flat,vlan,gre,vxlan

# (ListOpt) Ordered list of network_types to allocate as tenant
# networks. The default value 'local' is useful for single-box testing
# But provides no connectivity between hosts.
#
# tenant_network_types = local
# Example: tenant_network_types = vlan,gre,vxlan

# (ListOpt) Ordered list of networking mechanism driver entrypoints
# to be loaded from the neutron.ml2.mechanism_drivers namespace.
# mechanism_drivers =
# Example: mechanism_drivers = openvswitch,mlnx
# Example: mechanism_drivers = arista
# Example: mechanism_drivers = cisco,logger
# Example: mechanism_drivers = openvswitch,brocade
# Example: mechanism_drivers = linuxbridge,brocade

# (ListOpt) Ordered list of extension driver entrypoints
# to be loaded from the neutron.ml2.extension_drivers namespace.
# extension_drivers =
# Example: extension_drivers = anewextensiondriver

[ml2_type_vlan]
# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples
# specifying physical_network names usable for VLAN provider and
# tenant networks, as well as ranges of VLAN tags on each
# physical_network available for allocation as tenant networks.
#
# network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999,physnet2
network_vlan_ranges = default:1000:1999

The second section is to add Lenovo switch information to the section [ml2_mech_lenovo] of this configuration file.

Include the following information (see the example below):

  • The hostname/IP address of the Switch
  • The hostname and port of the server(s) that is connected to the switch
  • The Lenovo switch credentials username and password
  • Portchannel or LACP number for Host connected with VLAG
  • SSH Port number for Netconf (Typically 830)


If SNMP is to be used to communicate with the switch (Liberty only), then the SNMP information below is also required:
Note: To ensure maximum security, only SNMP version 3 is supported. Also, the only available SNMPv3 authentication option is SHA-96 and the only available SNMPv3 privacy option is AES-128.

  • SNMP port number
  • SNMP version number (3)
  • SNMP username
  • SNMP authentication and privacy keys
  • SNMPv3 authentication method (SHA)
  • SNMPv2 privacy method (AES-128)


There could be several server to switch port mappings configured per switch. The configuration is only limited by number of available ports.

For Kilo configuration 
[ml2 mech Lenovo:10.240.179.65]
# Hostname and port used on the switch for this compute host.
nova-node-1 = portchannel:64

# Port number where the SSH will be running on the Lenovo switch.  Default is 22 so this variable only needs to be configured if different.
ssh port = 830

# Provide the switch login information
username = admin
password = admin

[ml2 mech Lenovo:10.240.179.64]
# Configuration second switch
nova-node-1 = portchannel:64
ssh port = 830
username = admin
password = admin

[ml2 mech Lenovo:10.240.179.64]
# Configuration second server on second switch
nova-node-2 = 17
ssh port = 830
username = admin
password = admin


For Liberty configuration using SNMP
[ml2_mech_Lenovo:1.1.1.1]
# Hostname and port used on the switch for this compute host.
compute01 = portchannel:64
compute02 = 17

# Port number where the SSH will be running on the Lenovo switch.  Default is 22 so this variable only needs to be configured if different.
ssh_port = 830

# Provide the switch login information
username = user1
password = passw0rd

# This is to let the driver know SNMP protocol will be used to communicate with this switch.  If not defined then assume Netconf is used.
protocol = SNMP

# Port number for SNMP
snmp_port=161

# SNMP version number
snmp_version=3

# SNMP username
snmp_user=adminshaaes

# SNMP Auth key and Priv key. 
snmp_authkey=key1
snmp_privkey=key2

#  SNMPv3 auth option.
snmp_auth=SHA

# SNMPv2 priv options.
snmp_priv=AES-128

There is a new configure item for Newton/Ocata releases: plugin_mode=compatible

If it is a switch of CNOS release version 10.6.0.20 or later(version 10.6.1),

Or a switch of ENOS release version 8.4.6.4 or later, you need to open this configure item. Otherwise, comment this item. Example configuration to use REST API as driver for a CNOS switch of version 10.6.0.20.

For Newton configuration using REST API
[ml2_mech_Lenovo:1.1.1.1]
os = cnos
protocol = rest
# Port number for RestApi.
rest_tcp_port = 443
# Hostname and port used on the switch for this compute host.
compute01 = portchannel:64
compute02 = port:1/17

# Provide the switch login information
username = user1
password = passw0rd

#comment below item since the switch version is 10.6.0.20
#plugin_mode = compatible

As more switches and servers are added to the network, the configuration files would need to be updated with these details. Once this configuration is done, it is now time to create networks from the Horizon dashboard or Openstack command line.


3. Troubleshooting the Installation

If the Neutron service does not start:

1. Check the Neutron log file located at /var/log/neutron/server.log.

2. Verify that Lenovo Plugin details are in the mysql database:

% sudo mysql –u root –p –h [your IP]

mysql> use neutron;
               
mysql>  show tables;

(Verify that the following table is present lenovo_ml2_nosport_bindings)


4. Support Policy


This software is provided as Open source code therefore, Lenovo does not provide any support entitlements for this product. If any issues occur while using this driver with Lenovo Switches, the Openstack launchpad application is a good tool for opening a bug against it and Lenovo may address this on a best effort basis.