Jump to: navigation, search

Neutron/NEC OpenFlow Plugin

< Neutron
Revision as of 17:37, 21 April 2014 by Amotoki (talk | contribs) (Nova configuration)

Abstract

NEC OpenFlow plugin talks to OpenFlow Controller and each Neutron would be mapped to an virtual layer-2 network slice on an OpenFlow enabled network. The interface between the Neutron plugin and OpenFlow Controller is RESTful API. This API is supported by two implementations:Tream Sliceable Switch (OSS) and NEC ProgrammableFlow Controller (NEC Commercial Product).

This plugin consists of two components: "Plugin" and "Agent".

  • Plugin: It processes Neutron API calls and controls OpenFlow controller to handle logical networks on OpenFlow enabled network.
  • Agent: It runs on each compute node. It gathers a mapping beween a VIF and a switch port from local Open vSwitch and reports it to the plugin.

Requirements

Design

width=600

Communication between plugin and agent

This plugin uses "common-rpc" in openstack-common for the agents to communicate with the plugin and will conform to the convention for scalable-agent-comms. The topic name for RPC will be set to "neutron.plugin" as proposed in the blueprint scalable-agent-comms.

Integration with Nova

There are no need for additional features in Nova. This implementation utilizes a current libvirt VIF driver and linux-net interface driver.

How to run this plugin

Using devstack

Devstack support of NEC OpenFlow plugin is a part of the official devstack (http://github.com/openstack-dev/devstack) from Grizzly.

Detail instruction and sample devstack configuration examples (localrc) are available at https://github.com/nec-openstack/devstack-neutron-nec-openflow/wiki .

Before Grizzly

Devstack for this plugin is available at https://github.com/nec-openstack/devstack-neutron-nec-openflow .

  • This installs Tream Sliceable Switch (OSS OpenFlow Controller) and run devstack for this plugin.
  • Sample localrc files are available in samples/nec-openflow:
    • Controller node with OpenFlow controller : samples/nec-openflow/localrc
    • Compute node : samples/nec-openflow/localrc-hv
  • Branches
    • folsom for stable/folsom release
    • develop for trunk (next release)

Using Ubuntu packages

To be written.

How to get

Configuration

Havana & Icehouse

neutron.conf

  • core_plugin: Needs to be configured to neutron.plugins.nec.nec_plugin.NECPluginV2 to use NEC OpenFlow plugin as core plugin.
    • core_plugin = neutron.plugins.nec.nec_plugin.NECPluginV2
  • service_plugins: NEC OpenFlow plugin provides L3 router feature as part of the core plugin. Thus L3 router service plugin should NOT be contained in service_plugin. Other service plugins (LBaaS, FWaaS, VPNaaS, metering) are verified to work with NEC OpenFlow plugin.

plugin specific configuration

It is usually placed at /etc/neutron/plugins/nec/nec.ini.

Section "'[OFC]"' is particular configurations to NEC OpenFlow plugin. We describe [OFC] section first and then describe other sections.

[OFC] section
  • North-bound REST API of OpenFlow controller
    • host: Host IP address of OpenFlow Controller where its north-bound REST API is listening to. Example: 127.0.0.1
    • port: Port number of OpenFlow Controller where its north0bound REST API is listening to. Example: 8888
    • driver: Shortcut name or full class path of OpenFlow controller driver. The appropriate driver needs to be specified depending on your back-end OpenFlow controller. The following drivers are available. The default value is trema.
      • NEC ProgrammableFlow OpenFlow controller
        • pfc : Alias for the latest ProgrammableFlow release. pfc_v51 in Icehouse, pfc_v5 in Havana.
        • pfc_v51 : ProgrammableFlow Controller V5.1. Supported in Icehouse (or NEC customized version of Havana Neutron https://github.com/nec-openstack/neutron/tree/havana-nec).
        • pfc_v5 : ProgrammableFlow Controller V5.0. Supported in Havana or later.
        • pfc_v4 : ProgrammableFlow Controller V4.0.
        • pfc_v3 : ProgrammableFlow Controller V3.0.
      • Trema Sliceable Switch
        • trema: Trema Slieable Switch. Alias for trema_port.
        • trema_port : Virtual networks are identified based on OpenFlow port. Each port of virtual network is identified by datapath_id, port_no and (optional) vlan_id.
        • trema_portmac : Similar to trema_port. In addition MAC address is also considered when identify a port of virtual network.
        • trema_mac : Virtual networks are identified based on received MAC address.
    • enable_packet_filter: Specified whether NEC plugin specific PacketFilter extension is enabled. This features is supported in all OpenStack releases for Trema Sliceable Switch and since Icehouse for ProgrammableFlow Controller. The default value is true.
    • api_max_attempts (default: 3): Maximum attempts per OFC API request. NEC plugin retries API request to OFC when OFC returns ServiceUnavailable (503). The value must be greater than 0. (Since Icehouse)
    • path_prefix (default: empty string): Base URL of OpenFlow Controller REST API. It is prepended to a path of each API request. (Since Icehouse)
  • SSL configuration for OpenFlow controller north bound API. It is only available for ProgrammableFlow Controller.
    • use_ssl (default: false): Specify whether SSL is used to connection a back-end OpenFlow controller or not.
    • key_file: Key file
    • cert_file: Certificate file
    • insecure_ssl (default: false): Disable SSL certificate verification. (Since Icehouse)
[ovs] section
  • integration_bridge (default: br-int) : This is the name of the OVS integration bridge. There is one per hypervisor. The integration bridge acts as a virtual "patch port". All VM VIFs are attached to this bridge and then "patched" according to their network connectivity. Recommend not to change this parameter unless you have a good reason to.
[agent] section
  • root_helper: Recommended to be configured to sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
  • polling_interval (default: 2): Agent's polling interval in seconds
[securitygroup] section
  • firewall_driver: Firewall driver for realizing neutron security group function. Needs to configured to neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
  • enable_security_group (default: true): Controls if neutron security group is enabled or not. It should be false when you use nova security group.
[provider] section

NEC OpenFlow plugin supported multiple back-end for router implementation.

  • default_router_provider (default: l3-agent): Default router provider to use. l3-agent or openflow can be specified.
  • router_providers (default: l3-agent,openflow): List of enabled router providers. If a configured OpenFlow backed does not support router implementation, openflow provider will be disabled automatically and all routers will be created using l3-agent.

Neutron plugin agent

  • neutron plugin agent configuration : needs to use OVSInterfaceDriver to use DHCP agent (dhcp_agent.ini), L3 agent (l3_agent.ini) and other service agent (such as LBaaS HAProxy agent).
interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
ovs_use_veth = True

Nova configuration

  • Icehouse: no configuration specific to this plugin.
  • Havana: libvirt_vif_driver needs to be configured:
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

Grizzly

In quantum.conf, `core_plugin` needs to be configured to use NEC OpenFlow plugin.

# Quantum plugin provider module
core_plugin = quantum.plugins.nec.nec_plugin.NECPluginV2
# Path to the extensions.
# It must be abosolute path (or relative path from the directory where quantum-server is invoked)
api_extensions_path = /opt/stack/quantum/quantum/plugins/nec/extensions/
  • Plugin specific configurations /etc/quantum/plugins/nec/nec.ini . Section "[OFC]" is particular configurations to NEC OpenFlow plugin.
[OFC]
# OpenFlow Controller Host and Port to connect.
host = 127.0.0.1
port = 8888
# Drivers are in quantum/plugins/nec/drivers/ .
driver = trema
# PacketFilter is available when it's enabled in this configuration
# and supported by the driver.
enable_packet_filter = true
  • quantum agent configuration : needs to use OVSInterfaceDriver to use DHCP agent (dhcp_agent.ini), L3 agent (l3_agent.ini), and LBaaS HAproxy agent (lbaas.ini).
interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
ovs_use_veth = True
  • nova.conf : same as OVS plugin
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

Related websites

(Contact: Ryota Mibu, Akihiro Motoki, NEC)