Jump to: navigation, search

Neutron/VMware NSX plugins

< Neutron
Revision as of 10:28, 6 July 2016 by Garyk (talk | contribs) (Overview)

Overview

The NSX plugins can be found at the following repository: https://github.com/openstack/vmware-nsx The following plugins are supported:

  • NSX MH - provides support for multi-hypervisors
  • NSXv - plugin for vSphere. In order for this plugin to work correctly with stable/kilo version the following two Nova patches are needed:
   * vNIC index support - https://review.openstack.org/#/c/209372/
   * Metadata support - https://review.openstack.org/#/c/209374/
  • Simple DVS - the provides simple support for distributed switches. It does not have any security group or floating IP support
  • NSXv3 - provides support for multi-hypervisors. In order for this plugin to work correctly with stable/liberty version the following two Nova patch is needed:
   * Opaque Network Support - https://review.openstack.org/#/c/238208/

Admin Utility

The NSXv and the NSXv3 support the nsxadmin utility. This enables and administrator to determine and rectify inconsistencies between the Neutron DB and the NSX. usage: nsxadmin -r <resources> -o <operation>

NSXv

The following resources are supported: 'security-groups', 'edges', 'networks', 'firewall-sections', 'orphaned-edges', 'spoofguard-policy', 'missing-edges', 'backup-edges', 'nsx-security-groups', 'dhcp-binding' and 'metadata'

  • Edge Datastore HA: This admin utility can be used on upgrade after the customer added ha_datastore_id to the nsx.ini configuration, in order to update the deployment of existing edges. The new edge appliances configuration will be taken from the nsx.ini, including the datastrore_id, ha_datastore_id, edge_ha. The edge current resource pool & appliance size will not change.
   * nsxadmin -r edges -o nsx-update --property edge-id=<edge-id> --property appliances=True
  • List missing edges on NSX. This includes missing networks on those edges.
   * nsxadmin -r missing-edges -o list
  • Ability to update or get the teaming policy for a DVS
  * nsxadmin -r networks -o nsx-update --property dvs-id=<id> --property teamingpolicy=<policy>
  • Security groups. This adds support to list security-groups mappings and miss-matches between the mappings and backend resources as: firewall-sections and nsx-security-groups.
  * nsxadmin --resource security-groups --operation list
  * nsxadmin -r nsx-security-groups -o {list, list-missmatches}
  * nsxadmin -r firewall-sections -o {list, list-missmatches}
  • Support getting network morefs
  * nsxadmin -r networks -o list
  • Spoofguard support
  * nsxadmin -r spoofguard-policy -o list-mismatches
  * nsxadmin -r spoofguard-policy -o clean --property policy-id=spoofguardpolicy-10
  * nsxadmin -r spoofguard-policy -o list --property reverse (entries defined on NSXv and not in Neutron)
  • Update the size of an edge:
  * nsxadmin -r edges -o nsx-update --property edge-id=edge-55 --property size=compact 
  • Update DHCP bindings on an edge
  * nsxadmin -r dhcp-binding -o nsx-update --property edge-id=edge-15
  • Delete backup edge
  * nsxadmin -r backup-edges -o clean --property edge-id=edge-9
  • List backup edges
  * nsxadmin -r backup-edges -o list

NSXv3

The following resources are supported: 'security-groups', 'routers', 'networks', 'nsx-security-groups', 'dhcp-binding' and 'ports'.

  • List missing networks:
   * nsxadmin -r networks -o list-mismatches 
  • List missing routers:
   * nsxadmin -r routers -o list-mismatches
  • List missing ports:
   * nsxadmin -r ports -o list-mismatches