Neutron/ML2/LenovoML2Mechanism
Lenovo Networking Openstack Neutron Plug-in
Here you will find details on the Lenovo vendor code Neutron ML2 Driver for Liberty and Kilo.
- Free software: Apache license
- Documentation: https://github.com/lenovo/networking-lenovo
- Source: https://github.com/lenovo/networking-lenovo
- Bugs: http://bugs.launchpad.net/networking-lenovo
Overview
Openstack is an open source infrastructure initiative for creating and managing large groups of virtual private servers in a cloud computing environment. Lenovo’s Networking Neutron ML2 Driver provides a means to orchestrate VLANs on Lenovo’s physical switches. In cloud environments where VMs are hosted by physical servers, the VMs see a new virtual access layer provided by the host machine.
This new access layer can be typically created via many mechanisms e.g. Linux Bridges or a Virtual Switches. The policies of the virtual access layer (virtual network), when set must now be coordinated with the policies set in the hardware switches. Lenovo’s Neutron Plugin helps in coordinating this behavior automatically without any intervention from the administrator. The illustration below provides an architectural overview of how Lenovo’s ML2 Plugin and switches fits into an Openstack deployment.
General Requirements
The following matrix lists the supported components:
Component | Newton/Ocata Requirements | Mitaka Requirements | Liberty Requirements | Kilo Requirements | |
---|---|---|---|---|---|
OpenStack Version | Queens | Newton/Ocata | Mitaka | Liberty | Kilo |
Lenovo Switches | Switches running CNOS - Lenovo ThinkSystem: NE1032, NE1032T, NE1072T, NE10032, G8272, G8296, G8332 Switches running ENOS - G7028, G7052, G8052, G8124E, G8264, G8264CS, G8272, G8296, G8332, CN4093, EN4093R, SI4091 and SI4093 (non-SPAR mode), NE0152T |
Switches running CNOS - Lenovo ThinkSystem: NE1032, NE1032T, NE1072T, NE10032, G8272, G8296, G8332 Switches running ENOS - G7028, G7052, G8052, G8124E, G8264, G8264CS, G8272, G8296, G8332, CN4093, EN4093R, SI4091 and SI4093 (non-SPAR mode) |
Switches running CNOS - Lenovo ThinkSystem: NE1032, NE1032T, NE1072T, NE10032, G8272, G8296, G8332 | Switches running CNOS - G8272 Switches running ENOS - G7028, G7052, G8052, G8124E, G8264, G8264CS, G8272, G8296, G8332, CN4093, EN4093R, SI4091 and SI4093 (non-SPAR mode) |
Switches running ENOS - G8332, G8272, G8264, G8052 |
Network OS Version | CNOS 10.5.1 or later; ENOS 8.4.6.0 or later VXLAN support in CNOS 10.8.1 or later |
CNOS 10.5.1 or later; ENOS 8.4.6.0 or later | NE* switches – 10.4.x or later G8272, G8296 - 10.2.1.0 or later G8332 – 10.3.1.0 or later |
7.9.x or later, 8.1.x or later, 10.1 or later | 7.9.x, 8.1.x or later |
Linux Distribution | Red Hat RHEL 7.5; RHOSP13, Ubuntu 16.04 LTS, Juju 2.3 | Red Hat RHEL 7.5; RHOSP10 Red Hat Certified (Newton); RHOSP11 (Ocata) Ubuntu 16.04 LTS, Juju 2.3 |
Red Hat RHEL 7.3, RHOSP9 Red Hat Certified Ubuntu 14.04 LTS |
Red Hat RHEL 7.2, RHOSP8 Red Hat Certified Ubuntu 14.04 LTS |
Red Hat RHEL 7.1, RHOSP7 Red Hat Certified Ubuntu 14.04 LTS, Juju 1.x |
User Guide
The Lenovo Networking ML2 User Guide is provided to assist with installation and setup of these drivers - Download User Guide
Download Lenovo ML2 Driver Code
The Lenovo Networking ML2 Driver code is located on Github.
Lenovo Networking Products
Learn more about Lenovo Data Center Switches on Lenovo Networking Website
Recommended Network Configurations
The following is an example of Single Port Server attachments where no redundancy is required
When network redundancy is required, Lenovo VLAG is recommended as shown below
When VXLAN is required, following network scenario is showing below
VXLAN scenario Description : Consider the above network scenario, where all OpenStack Compute and Network Nodes are connected to Data Center Interconnection (DCI) switches. If network nodes and controller nodes are installed together, connect these nodes to the switches as well. The DCI switches are connected to each other through a VXLAN Tunnel Endpoint (VTEP) in a Layer 3 routed network. A configuration file is shown for this scenario below.
Using the Lenovo Openstack ML2 Driver
The Lenovo Plug-in will provide dynamic VLAN configuration on access layer switches server facing ports that maps Openstack networks into the physical infrastructure.
1. Lenovo Plug-in Installation
The following are the detailed steps to setup your Openstack deployment with Lenovo Neutron Plugin managing Lenovo Switches.
1.1 Lenovo Plug-in Prerequisites
The following are prerequisites for using the plug-in:
- Install python pip and git to allow the downloading of files from Github
For Red Hat, use the following:
% sudo yum install python-pip git
For Ubuntu, use the following:
% sudo apt-get install python-pip git
- Install the ncclient v0.4.2 Python library for NETCONF clients. For more information on ncclient, see http://ncclient.grnet.gr/.
Note: From Newton and Ocata OpenStack releases, NETCONF based communication to ENOS switches is not supported. Use SNMP instead.
- Install with the ncclient library by using the pip package manager at your shell prompt:
% sudo pip install ncclient==0.4.2
- If using SNMP to configure the switch (Liberty release only), then the pysnmp package must also be installed:
% sudo pip install pysnmp
- Determine the VLAN pool for your Openstack Deployment, for example 1001-2001. This will be required for configuring the uplink ports and the plugin.
- Configure physical network topology; add the assigned VLAN pool to uplink ports and aggregation switches as required. Other protocols such as ACLs, switch access credential should be configured as needed.
- SSH needs to be enabled on all Openstack Managed switches. This is required for the NETCONF protocol.
- In VLAG mode, the ISL and Portchannel/LACP trunk should be created on the relevant switches as the plugin does not configure these attributes.
- Server NICs connected to VLAG Switches needs to have NIC bonding configured (see Network topology section for examples).
- Install Openstack Controller and Network nodes. Openstack needs to be running before installing the Lenovo Neutron driver.
1.2 ML2 Installation Procedure
This section will cover the installation procedure for Lenovo Networking Openstack ML2 Driver plug-in in a Multi Node environment with Redhat Enterprise Linux Openstack 7/8/10, Ubuntu 14.04/16.04 LTS or CentOS7.3:
Download Lenovo ML2 driver
The ML2 installation files can be downloaded from Lenovo Stackforge Github site with “git clone” as shown below
% sudo git clone https://github.com/lenovo/networking-lenovo.git
Setup Lenovo ML2 Plug-in
The next step is to install the plug-in
% cd networking-lenovo % sudo python setup.py install
This concludes the Lenovo ML2 driver (vendor code) installation step.
1.2.1 Redhat Openstack Setup
The following steps are required for Kilo based installations such as Redhat Openstack Release 7 Environments.
Step 1 is to uninstall the current neutron on the system as follows:
% sudo pip uninstall neutron;
Once the current neutron has been uninstalled, Step 2 is to download the kilo neutron code for Lenovo from Github as follows
% sudo git clone https://github.com/lenovo/neutron.git
Once the files are downloaded, install the Lenovo Neutron driver as follows
% cd neutron % sudo git checkout staging/kiloplus % sudo python setup.py install
At this point the Lenovo ML2 driver for Kilo has been installed.
Use the following steps for Liberty based installations such as Redhat Openstack Release 8 Environments, or Newton based installations such as Redhat Openstack Release 10 Environments.
Step 1 is to download the liberty neutron code for Lenovo from Github as follows
For Queens/VXLAN: % sudo git clone https://github.com/lenovo/networking-lenovo.git -b vxlan For Newton/Ocata: % sudo git clone https://github.com/lenovo/networking-lenovo.git -b newton-ocata For Mitaka and eariler: % sudo git clone https://github.com/lenovo/networking-lenovo.git
Once the files are downloaded, install the Lenovo Neutron driver as follows
% cd networking-lenovo % sudo python setup.py install
At this point the Lenovo ML2 driver for Liberty has been installed.
Update ML2 Configuration
Now it is time to edit the ml2 configuration files with some basic information on the use of VLANs for networking and add local switch information.
% cd /etc/neutron/plugins/ml2
Change the file ml2_conf.ini as follows
% sudo vi ml2_conf.ini, * change tenant_network_types = vlan * change mechanism_drivers = openvswitch,lenovo * configure network_vlan_ranges = xxxx:10:2000 * copy everything in ml2_conf_lenovo.ini, and concatenate to ml2_conf.ini,
change this section according to network setup requirements, add the IP address of switch(es), Connection details and change the hostname for servers
(See more details on this step in section 2. Plugin Configuration)
Neutron Database Migration
% sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
Start/Restart the Neutron Server – Exiting the mysql is required for this step:
% sudo systemctl start neutron-server.service
If any issues are observed please check the section “3. Troubleshooting the Installation”.
1.2.2 Ubuntu Openstack Setup
The following steps are required for Kilo based installations in Ubuntu 14.x Environments. The first step is to uninstall the current neutron on the system as follows:
% sudo pip uninstall neutron
Once the current neutron has been uninstalled, we need to download the kilo neutron code for Lenovo from Github as follows
% sudo git clone https://github.com/lenovo/neutron.git
Once the files are downloaded, install the Lenovo Neutron code as follows
% cd neutron % git checkout staging/kiloplus % sudo python setup.py install
At this point the Lenovo ML2 driver has been installed and Neutron for Kilo Replaced.
The following steps are required for Liberty based installations in Ubuntu 14.x Environments, or Newton based installations in Ubuntu 16.04/14.04 Environments.
The first step is to download the liberty neutron code for Lenovo from Github as follows
For Queens/VXLAN: % sudo git clone https://github.com/lenovo/networking-lenovo.git -b vxlan For Newton/Ocata: % sudo git clone https://github.com/lenovo/networking-lenovo.git -b newton-ocata For Mitaka and eariler: % sudo git clone https://github.com/lenovo/networking-lenovo.git
Once the files are downloaded, install the Lenovo Neutron code as follows
% cd networking-lenovo % sudo python setup.py install
At this point the Lenovo ML2 driver for Liberty has been installed.
Update ML2 Configuration
Now it is time to edit the ml2 configuration files with some basic information on the use of VLANs for networking and add local switch information.
% cd /etc/neutron/plugins/ml2
Change the file ml2_conf.ini as follows
% sudo vi ml2_conf.ini, * change tenant_network_types = vlan * change mechanism_drivers = openvswitch,lenovo * configure network_vlan_ranges = xxxx:10:4000 * copy everything in ml2_conf_lenovo.ini, and concatenate to ml2_conf.ini,
change this section according to network setup requirements, add the IP address of switch(es), Connection details and change the hostname for servers
(See more details on this step in section 2. Plugin Configuration)
Neutron Database Migration
% sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
Start the Neutron Server – Exiting the mysql is required for this step:
% sudo service neutron-server restart
If any issues are observed please check the section “3. Troubleshooting the Installation”.
1.2.3 CentOS Openstack Setup
Use the following steps for Newton based installations such as CentOS Release 7.3 Environments.
Step 1 is to download the liberty neutron code for Lenovo from Github as follows
% sudo git clone https://github.com/lenovo/networking-lenovo.git -b newton-ocata
% sudo git clone https://github.com/lenovo/networking-lenovo.git -b vxlan
Once the files are downloaded, install the Lenovo Neutron driver as follows
% cd networking-lenovo % sudo python setup.py install
At this point the Lenovo ML2 driver for Liberty has been installed.
Update ML2 Configuration
Now it is time to edit the ml2 configuration files with some basic information on the use of VLANs for networking and add local switch information.
% cd /etc/neutron/plugins/ml2
Change the file ml2_conf.ini as follows
% sudo vi ml2_conf.ini, * change tenant_network_types = vlan * change mechanism_drivers = openvswitch,lenovo * configure network_vlan_ranges = xxxx:10:4000 * copy everything in ml2_conf_lenovo.ini, and concatenate to ml2_conf.ini,
change this section according to network setup requirements, add the IP address of switch(es), Connection details and change the hostname for servers
(See more details on this step in section 2. Plugin Configuration)
Neutron Database Migration
% sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
Restart the Neutron Server – Exiting the mysql is required for this step:
% sudo systemctl restart neutron-server.service
If any issues are observed please check the section “3. Troubleshooting the Installation”.
2. Lenovo Plug-in Configuration
Two sections of the configuration file will need to be modified in /etc/neutron/plugins/ml2/ml2_conf.ini.
A scripting tool is available to auto-generate the configuration for the Lenovo plug-in. The Readme with instructions for using this tool can be found here - Configuration Script.
The steps to modify the configuration file manually are below:
The first section is in [ml2[ to have Lenovo included in mechanism_drivers, and network_vlan_ranges need to be defined as in ml2_type_vlan section.
[ml2] tenant_network_types = vlan type_drivers = local,flat,vlan,gre,vxlan mechanism_drivers = openvswitch,lenovo # (ListOpt) List of network type driver entrypoints to be loaded from # the neutron.ml2.type_drivers namespace. # # type_drivers = local,flat,vlan,gre,vxlan # Example: type_drivers = flat,vlan,gre,vxlan # (ListOpt) Ordered list of network_types to allocate as tenant # networks. The default value 'local' is useful for single-box testing # But provides no connectivity between hosts. # # tenant_network_types = local # Example: tenant_network_types = vlan,gre,vxlan # (ListOpt) Ordered list of networking mechanism driver entrypoints # to be loaded from the neutron.ml2.mechanism_drivers namespace. # mechanism_drivers = # Example: mechanism_drivers = openvswitch,mlnx # Example: mechanism_drivers = arista # Example: mechanism_drivers = cisco,logger # Example: mechanism_drivers = openvswitch,brocade # Example: mechanism_drivers = linuxbridge,brocade # (ListOpt) Ordered list of extension driver entrypoints # to be loaded from the neutron.ml2.extension_drivers namespace. # extension_drivers = # Example: extension_drivers = anewextensiondriver [ml2_type_vlan] # (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples # specifying physical_network names usable for VLAN provider and # tenant networks, as well as ranges of VLAN tags on each # physical_network available for allocation as tenant networks. # # network_vlan_ranges = # Example: network_vlan_ranges = physnet1:1000:2999,physnet2 network_vlan_ranges = default:1000:1999
The second section is to add Lenovo switch information to the section [ml2_mech_lenovo] of this configuration file.
Include the following information (see the example below):
- The hostname/IP address of the Switch
- The hostname and port of the server(s) that is connected to the switch
- The Lenovo switch credentials username and password
- Portchannel or LACP number for Host connected with VLAG
- SSH Port number for Netconf (Typically 830)
If SNMP is to be used to communicate with the switch (Liberty only), then the SNMP information below is also required:
Note: To ensure maximum security, only SNMP version 3 is supported. Also, the only available SNMPv3 authentication option is SHA-96 and the only available SNMPv3 privacy option is AES-128.
- SNMP port number
- SNMP version number (3)
- SNMP username
- SNMP authentication and privacy keys
- SNMPv3 authentication method (SHA)
- SNMPv2 privacy method (AES-128)
There could be several server to switch port mappings configured per switch. The configuration is only limited by number of available ports.
For Kilo configuration [ml2 mech Lenovo:10.240.179.65] # Hostname and port used on the switch for this compute host. nova-node-1 = portchannel:64 # Port number where the SSH will be running on the Lenovo switch. Default is 22 so this variable only needs to be configured if different. ssh port = 830 # Provide the switch login information username = admin password = admin [ml2 mech Lenovo:10.240.179.64] # Configuration second switch nova-node-1 = portchannel:64 ssh port = 830 username = admin password = admin [ml2 mech Lenovo:10.240.179.64] # Configuration second server on second switch nova-node-2 = 17 ssh port = 830 username = admin password = admin
For Liberty configuration using SNMP [ml2_mech_Lenovo:1.1.1.1] # Hostname and port used on the switch for this compute host. compute01 = portchannel:64 compute02 = 17 # Port number where the SSH will be running on the Lenovo switch. Default is 22 so this variable only needs to be configured if different. ssh_port = 830 # Provide the switch login information username = user1 password = passw0rd # This is to let the driver know SNMP protocol will be used to communicate with this switch. If not defined then assume Netconf is used. protocol = SNMP # Port number for SNMP snmp_port=161 # SNMP version number snmp_version=3 # SNMP username snmp_user=adminshaaes # SNMP Auth key and Priv key. snmp_authkey=key1 snmp_privkey=key2 # SNMPv3 auth option. snmp_auth=SHA # SNMPv2 priv options. snmp_priv=AES-128
There is a new configure item for Newton/Ocata releases: plugin_mode=compatible
If it is a switch of CNOS release version 10.6.0.20 or later(version 10.6.1),
Or a switch of ENOS release version 8.4.6.4 or later, you need to open this configure item. Otherwise, comment this item. Example configuration to use REST API as driver for a CNOS switch of version 10.6.0.20.
For Newton configuration using REST API [ml2_mech_Lenovo:1.1.1.1] os = cnos protocol = rest # Port number for RestApi. rest_tcp_port = 443 # Hostname and port used on the switch for this compute host. compute01 = portchannel:64 compute02 = port:1/17 # Provide the switch login information username = user1 password = passw0rd #comment below item since the switch version is 10.6.0.20 #plugin_mode = compatible
As more switches and servers are added to the network, the configuration files would need to be updated with these details. Once this configuration is done, it is now time to create networks from the Horizon dashboard or Openstack command line.
VXLAN configuration: If VXLAN is required, additional configuration options is shown as below:
[ml2_type_lenovo_vxlan] vxlan_range_base = xxx "vxlan_range_base" is the start vni that going to be used for ML2 plugin, the end vni depends on the number of vlan id in your Openstack. network_mode = vxlan When "network_mode" is set to vxlan, ML2 will configure vxlan mapping on switches. The default value is vlan. virtuel_interface_ip = 10.10.1.1 "virtuel_interface_ip" is the VETP address of a switch.
Below is an example configuration for vxlan scenario shown as in above picture(Figure 1):
[ml2_type_lenovo_vxlan] vxlan_range_base = 50000 [ml2_mech_lenovo:192.168.1.1] os = cnos protocol = rest rest_tcp_port = 443 username = admin password = admin # plugin_mode = compatible # compute_node_1 is the hostname of compute node 1 in above scenario compute_node_1 = port:1/1,port:1/2 compute_node_2 = port:1/2 compute_node_3 = port:1/2 network_mode = vxlan virtual_interface_ip = 10.10.1.1 [ml2_mech_lenovo:192.168.1.2] os = cnos protocol = rest rest_tcp_port = 443 username = admin password = admin # plugin_mode = compatible compute_node_2 = port:1/2 network_mode = vxlan virtual_interface_ip = 10.10.2.1 [ml2_mech_lenovo:192.168.1.3] os = cnos protocol = rest rest_tcp_port = 443 username = admin password = admin # plugin_mode = compatible compute_node_3 = port:1/3 network_mode = vxlan virtual_interface_ip = 10.10.3.1
3. Troubleshooting the Installation
If the Neutron service does not start:
1. Check the Neutron log file located at /var/log/neutron/server.log.
2. Verify that Lenovo Plugin details are in the mysql database:
% sudo mysql –u root –p –h [your IP] mysql> use neutron; mysql> show tables;
(Verify that the following table is present lenovo_ml2_nosport_bindings)
4. Support Policy
This software is provided as Open source code therefore, Lenovo does not provide any support entitlements for this product. If any issues occur while using this driver with Lenovo Switches, the Openstack launchpad application is a good tool for opening a bug against it and Lenovo may address this on a best effort basis.