Jump to: navigation, search

Neutron/ML2/LenovoML2Mechanism

< Neutron‎ | ML2

Lenovo Networking Openstack Neutron Plug-in

Here you will find details on the Lenovo vendor code Neutron ML2 Driver for Liberty and Kilo.


Overview


Openstack is an open source infrastructure initiative for creating and managing large groups of virtual private servers in a cloud computing environment. Lenovo’s Networking Neutron ML2 Driver provides a means to orchestrate VLANs on Lenovo’s physical switches. In cloud environments where VMs are hosted by physical servers, the VMs see a new virtual access layer provided by the host machine.

This new access layer can be typically created via many mechanisms e.g. Linux Bridges or a Virtual Switches. The policies of the virtual access layer (virtual network), when set must now be coordinated with the policies set in the hardware switches. Lenovo’s Neutron Plugin helps in coordinating this behavior automatically without any intervention from the administrator. The illustration below provides an architectural overview of how Lenovo’s ML2 Plugin and switches fits into an Openstack deployment.

Lenovo ML2 Plugin Architecture

General Requirements


The following matrix lists the supported components:

Component Newton/Ocata Requirements Mitaka Requirements Liberty Requirements Kilo Requirements
OpenStack Version Queens Newton/Ocata Mitaka Liberty Kilo
Lenovo Switches Switches running CNOS - Lenovo ThinkSystem: NE1032, NE1032T, NE1072T, NE10032, G8272, G8296, G8332
Switches running ENOS - G7028, G7052, G8052, G8124E, G8264, G8264CS, G8272, G8296, G8332, CN4093, EN4093R, SI4091 and SI4093 (non-SPAR mode), NE0152T
Switches running CNOS - Lenovo ThinkSystem: NE1032, NE1032T, NE1072T, NE10032, G8272, G8296, G8332
Switches running ENOS - G7028, G7052, G8052, G8124E, G8264, G8264CS, G8272, G8296, G8332, CN4093, EN4093R, SI4091 and SI4093 (non-SPAR mode)
Switches running CNOS - Lenovo ThinkSystem: NE1032, NE1032T, NE1072T, NE10032, G8272, G8296, G8332 Switches running CNOS - G8272
Switches running ENOS - G7028, G7052, G8052, G8124E, G8264, G8264CS, G8272, G8296, G8332, CN4093, EN4093R, SI4091 and SI4093 (non-SPAR mode)
Switches running ENOS - G8332, G8272, G8264, G8052
Network OS Version CNOS 10.5.1 or later;
ENOS 8.4.6.0 or later
VXLAN support in CNOS 10.8.1 or later
CNOS 10.5.1 or later; ENOS 8.4.6.0 or later NE* switches – 10.4.x or later
G8272, G8296 - 10.2.1.0 or later
G8332 – 10.3.1.0 or later
7.9.x or later, 8.1.x or later, 10.1 or later 7.9.x, 8.1.x or later
Linux Distribution Red Hat RHEL 7.5; RHOSP13, Ubuntu 16.04 LTS, Juju 2.3 Red Hat RHEL 7.5; RHOSP10 Red Hat Certified (Newton); RHOSP11 (Ocata)
Ubuntu 16.04 LTS, Juju 2.3
Red Hat RHEL 7.3, RHOSP9 Red Hat Certified
Ubuntu 14.04 LTS
Red Hat RHEL 7.2, RHOSP8 Red Hat Certified
Ubuntu 14.04 LTS
Red Hat RHEL 7.1, RHOSP7 Red Hat Certified
Ubuntu 14.04 LTS, Juju 1.x


User Guide


The Lenovo Networking ML2 User Guide is provided to assist with installation and setup of these drivers - Download User Guide


Download Lenovo ML2 Driver Code


The Lenovo Networking ML2 Driver code is located on Github.


Lenovo Networking Products


Learn more about Lenovo Data Center Switches on Lenovo Networking Website


Recommended Network Configurations


The following is an example of Single Port Server attachments where no redundancy is required


Single Server Attachment


When network redundancy is required, Lenovo VLAG is recommended as shown below


Lenovo VLAG Configuration


When VXLAN is required, following network scenario is showing below


Lenovo VXLAN Configuration

VXLAN scenario Description : Consider the above network scenario, where all OpenStack Compute and Network Nodes are connected to Data Center Interconnection (DCI) switches. If network nodes and controller nodes are installed together, connect these nodes to the switches as well. The DCI switches are connected to each other through a VXLAN Tunnel Endpoint (VTEP) in a Layer 3 routed network. A configuration file is shown for this scenario below.


Using the Lenovo Openstack ML2 Driver


The Lenovo Plug-in will provide dynamic VLAN configuration on access layer switches server facing ports that maps Openstack networks into the physical infrastructure.


1. Lenovo Plug-in Installation

The following are the detailed steps to setup your Openstack deployment with Lenovo Neutron Plugin managing Lenovo Switches.


1.1 Lenovo Plug-in Prerequisites

The following are prerequisites for using the plug-in:

  • Install python pip and git to allow the downloading of files from Github


For Red Hat, use the following:

% sudo yum install python-pip git

For Ubuntu, use the following:

% sudo apt-get install python-pip git
  • Install the ncclient v0.4.2 Python library for NETCONF clients. For more information on ncclient, see http://ncclient.grnet.gr/.

Note: From Newton and Ocata OpenStack releases, NETCONF based communication to ENOS switches is not supported. Use SNMP instead.

  • Install with the ncclient library by using the pip package manager at your shell prompt:
% sudo pip install ncclient==0.4.2


  • If using SNMP to configure the switch (Liberty release only), then the pysnmp package must also be installed:
% sudo pip install pysnmp


  • Determine the VLAN pool for your Openstack Deployment, for example 1001-2001. This will be required for configuring the uplink ports and the plugin.
  • Configure physical network topology; add the assigned VLAN pool to uplink ports and aggregation switches as required. Other protocols such as ACLs, switch access credential should be configured as needed.
  • SSH needs to be enabled on all Openstack Managed switches. This is required for the NETCONF protocol.
  • In VLAG mode, the ISL and Portchannel/LACP trunk should be created on the relevant switches as the plugin does not configure these attributes.
  • Server NICs connected to VLAG Switches needs to have NIC bonding configured (see Network topology section for examples).
  • Install Openstack Controller and Network nodes. Openstack needs to be running before installing the Lenovo Neutron driver.


1.2 ML2 Installation Procedure

This section will cover the installation procedure for Lenovo Networking Openstack ML2 Driver plug-in in a Multi Node environment with Redhat Enterprise Linux Openstack 7/8/10, Ubuntu 14.04/16.04 LTS or CentOS7.3:

Download Lenovo ML2 driver

The ML2 installation files can be downloaded from Lenovo Stackforge Github site with “git clone” as shown below

% sudo git clone https://github.com/lenovo/networking-lenovo.git


Setup Lenovo ML2 Plug-in

The next step is to install the plug-in

% cd  networking-lenovo
% sudo python setup.py install 

This concludes the Lenovo ML2 driver (vendor code) installation step.


1.2.1 Redhat Openstack Setup

The following steps are required for Kilo based installations such as Redhat Openstack Release 7 Environments.

Step 1 is to uninstall the current neutron on the system as follows:

% sudo pip uninstall neutron;

Once the current neutron has been uninstalled, Step 2 is to download the kilo neutron code for Lenovo from Github as follows

% sudo git clone https://github.com/lenovo/neutron.git 

Once the files are downloaded, install the Lenovo Neutron driver as follows

% cd neutron
% sudo git checkout staging/kiloplus
% sudo python setup.py install

At this point the Lenovo ML2 driver for Kilo has been installed.


Use the following steps for Liberty based installations such as Redhat Openstack Release 8 Environments, or Newton based installations such as Redhat Openstack Release 10 Environments.

Step 1 is to download the liberty neutron code for Lenovo from Github as follows

For Queens/VXLAN:
% sudo git clone https://github.com/lenovo/networking-lenovo.git -b vxlan
For Newton/Ocata:
% sudo git clone https://github.com/lenovo/networking-lenovo.git -b newton-ocata
For Mitaka and eariler:
% sudo git clone https://github.com/lenovo/networking-lenovo.git 

Once the files are downloaded, install the Lenovo Neutron driver as follows

% cd networking-lenovo
% sudo python setup.py install

At this point the Lenovo ML2 driver for Liberty has been installed.


Update ML2 Configuration

Now it is time to edit the ml2 configuration files with some basic information on the use of VLANs for networking and add local switch information.

%  cd /etc/neutron/plugins/ml2

Change the file ml2_conf.ini as follows

% sudo vi ml2_conf.ini,
*      change tenant_network_types = vlan
*      change mechanism_drivers = openvswitch,lenovo
*      configure network_vlan_ranges = xxxx:10:2000
*      copy everything in ml2_conf_lenovo.ini, and concatenate to ml2_conf.ini, 

change this section according to network setup requirements, add the IP address of switch(es), Connection details and change the hostname for servers

(See more details on this step in section 2. Plugin Configuration)


Neutron Database Migration

% sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file  /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head

Start/Restart the Neutron Server – Exiting the mysql is required for this step:

% sudo systemctl start neutron-server.service 

If any issues are observed please check the section “3. Troubleshooting the Installation”.


1.2.2 Ubuntu Openstack Setup

The following steps are required for Kilo based installations in Ubuntu 14.x Environments. The first step is to uninstall the current neutron on the system as follows:

% sudo pip uninstall neutron

Once the current neutron has been uninstalled, we need to download the kilo neutron code for Lenovo from Github as follows

% sudo git clone https://github.com/lenovo/neutron.git 

Once the files are downloaded, install the Lenovo Neutron code as follows

% cd neutron
% git checkout staging/kiloplus
% sudo python setup.py install

At this point the Lenovo ML2 driver has been installed and Neutron for Kilo Replaced.


The following steps are required for Liberty based installations in Ubuntu 14.x Environments, or Newton based installations in Ubuntu 16.04/14.04 Environments.

The first step is to download the liberty neutron code for Lenovo from Github as follows

For Queens/VXLAN:
% sudo git clone https://github.com/lenovo/networking-lenovo.git -b vxlan
For Newton/Ocata:
% sudo git clone https://github.com/lenovo/networking-lenovo.git -b newton-ocata
For Mitaka and eariler:
% sudo git clone https://github.com/lenovo/networking-lenovo.git 

Once the files are downloaded, install the Lenovo Neutron code as follows

% cd networking-lenovo
% sudo python setup.py install

At this point the Lenovo ML2 driver for Liberty has been installed.


Update ML2 Configuration

Now it is time to edit the ml2 configuration files with some basic information on the use of VLANs for networking and add local switch information.

%  cd /etc/neutron/plugins/ml2

Change the file ml2_conf.ini as follows

% sudo vi ml2_conf.ini,
*     change tenant_network_types = vlan
*     change mechanism_drivers = openvswitch,lenovo
*     configure  network_vlan_ranges = xxxx:10:4000
*     copy everything in ml2_conf_lenovo.ini, and concatenate to ml2_conf.ini, 

change this section according to network setup requirements, add the IP address of switch(es), Connection details and change the hostname for servers

(See more details on this step in section 2. Plugin Configuration)


Neutron Database Migration

% sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file  /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head

Start the Neutron Server – Exiting the mysql is required for this step:

% sudo service neutron-server restart 

If any issues are observed please check the section “3. Troubleshooting the Installation”.


1.2.3 CentOS Openstack Setup

Use the following steps for Newton based installations such as CentOS Release 7.3 Environments.

Step 1 is to download the liberty neutron code for Lenovo from Github as follows

% sudo git clone https://github.com/lenovo/networking-lenovo.git -b newton-ocata
% sudo git clone https://github.com/lenovo/networking-lenovo.git -b vxlan

Once the files are downloaded, install the Lenovo Neutron driver as follows

% cd networking-lenovo
% sudo python setup.py install

At this point the Lenovo ML2 driver for Liberty has been installed.


Update ML2 Configuration

Now it is time to edit the ml2 configuration files with some basic information on the use of VLANs for networking and add local switch information.

%  cd /etc/neutron/plugins/ml2

Change the file ml2_conf.ini as follows

% sudo vi ml2_conf.ini,
*      change tenant_network_types = vlan
*      change mechanism_drivers = openvswitch,lenovo
*      configure  network_vlan_ranges = xxxx:10:4000
*      copy everything in ml2_conf_lenovo.ini, and concatenate to ml2_conf.ini, 

change this section according to network setup requirements, add the IP address of switch(es), Connection details and change the hostname for servers

(See more details on this step in section 2. Plugin Configuration)


Neutron Database Migration

% sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file  /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head

Restart the Neutron Server – Exiting the mysql is required for this step:

% sudo systemctl restart neutron-server.service 

If any issues are observed please check the section “3. Troubleshooting the Installation”.


2. Lenovo Plug-in Configuration

Two sections of the configuration file will need to be modified in /etc/neutron/plugins/ml2/ml2_conf.ini.

A scripting tool is available to auto-generate the configuration for the Lenovo plug-in. The Readme with instructions for using this tool can be found here - Configuration Script.

The steps to modify the configuration file manually are below:

The first section is in [ml2[ to have Lenovo included in mechanism_drivers, and network_vlan_ranges need to be defined as in ml2_type_vlan section.

[ml2]
tenant_network_types = vlan
type_drivers = local,flat,vlan,gre,vxlan
mechanism_drivers = openvswitch,lenovo
# (ListOpt) List of network type driver entrypoints to be loaded from
# the neutron.ml2.type_drivers namespace.
#
# type_drivers = local,flat,vlan,gre,vxlan
# Example: type_drivers = flat,vlan,gre,vxlan

# (ListOpt) Ordered list of network_types to allocate as tenant
# networks. The default value 'local' is useful for single-box testing
# But provides no connectivity between hosts.
#
# tenant_network_types = local
# Example: tenant_network_types = vlan,gre,vxlan

# (ListOpt) Ordered list of networking mechanism driver entrypoints
# to be loaded from the neutron.ml2.mechanism_drivers namespace.
# mechanism_drivers =
# Example: mechanism_drivers = openvswitch,mlnx
# Example: mechanism_drivers = arista
# Example: mechanism_drivers = cisco,logger
# Example: mechanism_drivers = openvswitch,brocade
# Example: mechanism_drivers = linuxbridge,brocade

# (ListOpt) Ordered list of extension driver entrypoints
# to be loaded from the neutron.ml2.extension_drivers namespace.
# extension_drivers =
# Example: extension_drivers = anewextensiondriver

[ml2_type_vlan]
# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples
# specifying physical_network names usable for VLAN provider and
# tenant networks, as well as ranges of VLAN tags on each
# physical_network available for allocation as tenant networks.
#
# network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999,physnet2
network_vlan_ranges = default:1000:1999

The second section is to add Lenovo switch information to the section [ml2_mech_lenovo] of this configuration file.

Include the following information (see the example below):

  • The hostname/IP address of the Switch
  • The hostname and port of the server(s) that is connected to the switch
  • The Lenovo switch credentials username and password
  • Portchannel or LACP number for Host connected with VLAG
  • SSH Port number for Netconf (Typically 830)

If SNMP is to be used to communicate with the switch (Liberty only), then the SNMP information below is also required:
Note: To ensure maximum security, only SNMP version 3 is supported. Also, the only available SNMPv3 authentication option is SHA-96 and the only available SNMPv3 privacy option is AES-128.

  • SNMP port number
  • SNMP version number (3)
  • SNMP username
  • SNMP authentication and privacy keys
  • SNMPv3 authentication method (SHA)
  • SNMPv2 privacy method (AES-128)


There could be several server to switch port mappings configured per switch. The configuration is only limited by number of available ports.

For Kilo configuration 
[ml2 mech Lenovo:10.240.179.65]
# Hostname and port used on the switch for this compute host.
nova-node-1 = portchannel:64

# Port number where the SSH will be running on the Lenovo switch.  Default is 22 so this variable only needs to be configured if different.
ssh port = 830

# Provide the switch login information
username = admin
password = admin

[ml2 mech Lenovo:10.240.179.64]
# Configuration second switch
nova-node-1 = portchannel:64
ssh port = 830
username = admin
password = admin

[ml2 mech Lenovo:10.240.179.64]
# Configuration second server on second switch
nova-node-2 = 17
ssh port = 830
username = admin
password = admin


For Liberty configuration using SNMP
[ml2_mech_Lenovo:1.1.1.1]
# Hostname and port used on the switch for this compute host.
compute01 = portchannel:64
compute02 = 17

# Port number where the SSH will be running on the Lenovo switch.  Default is 22 so this variable only needs to be configured if different.
ssh_port = 830

# Provide the switch login information
username = user1
password = passw0rd

# This is to let the driver know SNMP protocol will be used to communicate with this switch.  If not defined then assume Netconf is used.
protocol = SNMP

# Port number for SNMP
snmp_port=161

# SNMP version number
snmp_version=3

# SNMP username
snmp_user=adminshaaes

# SNMP Auth key and Priv key. 
snmp_authkey=key1
snmp_privkey=key2

#  SNMPv3 auth option.
snmp_auth=SHA

# SNMPv2 priv options.
snmp_priv=AES-128

There is a new configure item for Newton/Ocata releases: plugin_mode=compatible

If it is a switch of CNOS release version 10.6.0.20 or later(version 10.6.1),

Or a switch of ENOS release version 8.4.6.4 or later, you need to open this configure item. Otherwise, comment this item. Example configuration to use REST API as driver for a CNOS switch of version 10.6.0.20.

For Newton configuration using REST API
[ml2_mech_Lenovo:1.1.1.1]
os = cnos
protocol = rest
# Port number for RestApi.
rest_tcp_port = 443
# Hostname and port used on the switch for this compute host.
compute01 = portchannel:64
compute02 = port:1/17

# Provide the switch login information
username = user1
password = passw0rd

#comment below item since the switch version is 10.6.0.20
#plugin_mode = compatible

As more switches and servers are added to the network, the configuration files would need to be updated with these details. Once this configuration is done, it is now time to create networks from the Horizon dashboard or Openstack command line.

VXLAN configuration: If VXLAN is required, additional configuration options is shown as below:

[ml2_type_lenovo_vxlan]
vxlan_range_base = xxx
"vxlan_range_base" is the start vni that going to be used for ML2 plugin, the end vni depends on the number of vlan id in your Openstack.

network_mode = vxlan
When "network_mode" is set to vxlan, ML2 will configure vxlan mapping on switches. The default value is vlan.

virtuel_interface_ip = 10.10.1.1
"virtuel_interface_ip" is the VETP address of a switch.

Below is an example configuration for vxlan scenario shown as in above picture(Figure 1):

[ml2_type_lenovo_vxlan]
vxlan_range_base = 50000
[ml2_mech_lenovo:192.168.1.1]
os = cnos
protocol = rest
rest_tcp_port = 443
username = admin
password = admin
# plugin_mode = compatible
# compute_node_1 is the hostname of compute node 1 in above scenario
compute_node_1 = port:1/1,port:1/2
compute_node_2 = port:1/2
compute_node_3 = port:1/2
network_mode = vxlan
virtual_interface_ip = 10.10.1.1
[ml2_mech_lenovo:192.168.1.2]
os = cnos
protocol = rest
rest_tcp_port = 443
username = admin
password = admin
# plugin_mode = compatible
compute_node_2 = port:1/2
network_mode = vxlan
virtual_interface_ip = 10.10.2.1
[ml2_mech_lenovo:192.168.1.3]
os = cnos
protocol = rest
rest_tcp_port = 443
username = admin
password = admin
# plugin_mode = compatible
compute_node_3 = port:1/3
network_mode = vxlan
virtual_interface_ip = 10.10.3.1

3. Troubleshooting the Installation

If the Neutron service does not start:

1. Check the Neutron log file located at /var/log/neutron/server.log.

2. Verify that Lenovo Plugin details are in the mysql database:

% sudo mysql –u root –p –h [your IP]

mysql> use neutron;
               
mysql>  show tables;

(Verify that the following table is present lenovo_ml2_nosport_bindings)


4. Support Policy


This software is provided as Open source code therefore, Lenovo does not provide any support entitlements for this product. If any issues occur while using this driver with Lenovo Switches, the Openstack launchpad application is a good tool for opening a bug against it and Lenovo may address this on a best effort basis.