The Nuage VSP Plugin

Introduction

The Nuage VSP Plugin is the Nuage Networks SDN implementation in CloudStack, which integrates with Nuage Networks Virtualized Services Platform (VSP). The plugin can be used by CloudStack to leverage the scalability and rich features of advanced SDN being provided by the Nuage VSP SDN Platform and to implement:

  • Isolated Guest Networks
  • Virtual Private Clouds (VPC)
  • Shared Networks

For more information about Nuage Networks, visit www.nuagenetworks.net.

Supported Features

The following table lists the supported Network services in a CloudStack deployment with NuageVsp being the Connectivity/Virtual Networking provider, with their providers and supported CloudStack versions.

Network ServiceIsolated NetworksVPCsShared Networks
Virtual NetworkingNuageVsp (>=4.5)NuageVsp (>=4.5)NuageVsp (>=4.10)
DhcpNuageVsp (>=4.5)NuageVsp (>=4.5)NuageVsp (>=4.10)
SourceNatNuageVsp (>=4.10)NuageVsp (>=4.10)N/A
StaticNatNuageVsp (>=4.5)NuageVsp (>=4.5)N/A
FirewallNuageVsp (>=4.5)N/AN/A
NetworkACLN/ANuageVsp (>=4.5)N/A
UserDataVirtualRouter (>=4.5)VpcVirtualRouter (>=4.5)VirtualRouter (>=4.10)
DnsVirtualRouter (>=4.10)VpcVirtualRouter (>=4.10)N/A
Internal LbN/AInternalLbVm (>=4.9)N/A

Table: Supported Network Services

Note

The Virtual Networking service was originally called ‘Connectivity’ in CloudStack 4.0

Supported Hypervisors

The following hypervisors are supported by the Nuage VSP Plugin, with their supported CloudStack versions.

HypervisorCloudStack version
KVM 7.x>= 4.5
VMware ESXi 5.5>= 4.5
VMware ESXi 6.0>= 4.9

Table: Supported Hypervisors

Supported Nuage VSP SDN Platform Versions

The following Nuage VSP SDN Platform versions are supported by the Nuage VSP Plugin, with their supported CloudStack versions.

Nuage VSP versionCloudStack version
Nuage VSP v3.2>= 4.5
Nuage VSP v4.0>= 4.10

Table: Supported Nuage VSP SDN Platform Versions

Configuring The Nuage VSP Plugin

Prerequisites

Before enabling and using the Nuage VSP Plugin with CloudStack.

  1. Verify that the CloudStack deployment (hypervisors) and Nuage VSP SDN Platform version you intend to use is being supported.

Note

Only the release notes for Nuage VSP contain the most up-to-date information on different supported versions. Please check them to verify that the information in this document is up-to-date.

  1. Prepare and configure the hypervisors for CloudStack integration with Nuage VSP SDN Platform.

Note

Please refer to the Nuage VSP Install Guide on how to prepare the hypervisors for Nuage VSP SDN Platform integration.

Required Nuage VSD Configuration

When configuring Nuage VSP as the network service provider in a CloudStack Zone, a CSP user must be added in Nuage VSD, and this user must be added to the CMS group. See Enable Nuage VSP Network Service Provider.

Note

Nuage VSD is the programmable policy and analytics engine of the Nuage VSP SDN Platform with which the Nuage VSP Plugin interacts.

Zone Configuration

Select VSP Isolation Method

The Nuage VSP solution is NOT supported in Basic zone provisioning mode.

  1. When adding a zone, the CloudStack administrator should select Advanced mode in the zone wizard.
  2. When laying out the physical network configuration during zone provisioning, the Guest network traffic should be put in a separate physical network of its own.
  3. This physical network carrying the Guest traffic should have VSP as the Isolation Method.

../_images/nuage_vsp_isolation_method_setting.png

Setting Isolation Method to VSP

Update Traffic Labels

Guest Traffic Type

Select Edit on the Guest traffic type panel and update the Traffic Label:

  • For KVM, use alubr0 as the KVM Traffic Label.

../_images/nuage_kvm_traffic_label.jpg

Specifying the Traffic Type in KVM

  • For VMware ESXi, use the switch name used by dVRS for guest networking as the vSwitch Name, leave the VLAN ID field blank, and select VMware vNetwork Distributed Switch in the vSwitch Type drop down field.

../_images/nuage_vmware_traffic_label.jpg

Specifying the Traffic Type in VMware ESXi

Enable Nuage VSP Network Service Provider

Nuage VSP must be added and enabled as a Network Service Provider in the CloudStack Zone before it can be used.

Step 1:

Select Infrastructure > Zone > [zone name] > Physical Network 2 > Configure Network Service Providers > Nuage Vsp > +, which brings up the Add Nuage Virtualized Services Directory (VSD) panel.

Step 2:

Enter the Nuage VSD Host Name, Username and Password that was previously created.

Step 3:

Specify the Nuage VSD API version by entering the API version in the appropriate field (format: v4_0).

Step 4:

EITHER Add Nuage VSD by clicking the OK button,

OR use Nuage VSP API calls to configure Nuage VSP as a Network Service Provider in the CloudStack Zone; see Configure Nuage VSP API in the Appendix of this document.

../_images/nuage_vsd_device_add.png

Adding Nuage VSD as the Network Service Provider

Step 5:Go to Infrastructure > Zones > [zone name] > Physical Network 2 > Network Service Providers > Nuage Vsp > Devices > Details tab as shown in the figure “Enabling Nuage VSP Network Service Provider” below. This indicates the state of Nuage VSP Network Service Provider. Enable Nuage VSP Network Service Provider by clicking Enable.

../_images/nuage_vsp_nsp_enable.png

Enabling Nuage VSP Network Service Provider

Step 6:(Optional) View the Nuage VSP Network Service Provider status on the list of Network Service Providers on the Infrastructure > Zones > [zone name] > Physical Network 2 > Network Service Providers page;

../_images/nuage_vsp_nsp_status.png

Viewing Network Service Providers Status

Using The Nuage VSP Plugin

Network Offerings

There are three types of Network Offerings that can be created:

  • If Isolated Networks are required, then create a Isolated guest type network offering for use with Isolated Networks.
  • If VPC deployments are required, then create a new Isolated guest type network offering for such deployments.
  • If Shared Networks are required, then create a new Shared guest type network offering for use with Shared Networks.

Note

Per Zone MUST always be selected as the Supported Source NAT type when Source NAT service is being provided by NuageVsp.

Create and Enable Isolated Network Offering

  1. Select Service Offerings > Select Offering: Network Offerings > Add network offering, which brings up the Add network offering.
  2. In the Add network offering panel, add a Name and a Description to the network offering. Select Isolated as the Guest Type. In the Supported Services field select services and providers that are supported by the Nuage VSP Plugin for Isolated Networks, see Supported Features at the beginning of this document.

../_images/nuage_iso_net_off.png

Creating Isolated Network Offering

  1. Click the OK button to create the network offering.
  2. After the network offering has been successfully created, enable it from the Service Offerings - Network Offerings list.

Create and Enable VPC Network Offering

  1. Select Service Offerings > Select Offering: Network Offerings > Add network offering, which brings up the Add network offering.
  2. In the Add network offering panel, add a Name and a Description to the network offering. Select Isolated as the Guest Type. Select the VPC field. In the Supported Services field select services and providers that are supported by the Nuage VSP Plugin for VPCs, see Supported Features at the beginning of this document.

../_images/nuage_vpc_net_off.png

Creating VPC Network Offering

  1. Click the OK button to create the network offering.
  2. After the network offering has been successfully created, enable it from the Service Offerings - Network Offerings list.

Create and Enable Shared Network Offering

  1. Select Service Offerings > Select Offering: Network Offerings > Add network offering, which brings up the Add network offering.
  2. In the Add network offering panel, add a Name and a Description to the network offering. Select Shared as the Guest Type. In the Supported Services field select services and providers that are supported by the Nuage VSP Plugin for Shared Networks, see Supported Features at the beginning of this document.

../_images/nuage_sha_net_off.png

Creating Shared Network Offering

Note

Selecting the Supporting Public Access field in the Shared Network offering enables Public/Internet access to the VMs in the Shared Network.

  1. Click the OK button to create the network offering.
  2. After the network offering has been successfully created, enable it from the Service Offerings - Network Offerings list.

VPC Offerings

Pre-created and Enabled Nuage VSP VPC Offering

A VPC offering by the name Nuage VSP VPC Offering is pre-created and enabled in the list of Service Offerings - VPC Offerings (Select Service Offerings > Select Offering: VPC Offerings) which contains all the services and providers that are supported by the Nuage VSP Plugin for VPCs.

../_images/nuage_vsp_vpc_off.png

Pre-created and Enabled Nuage VSP VPC Offering

(Optional) Create and Enable VPC Offering

  1. Select Service Offerings > Select Offering: VPC Offerings > Add VPC Offering, which brings up the Add VPC Offering.
  2. In the Add VPC Offering panel, add a Name and a Description to the network offering. In the Supported Services field select services and providers that are supported by the Nuage VSP Plugin for VPCs, see Supported Features at the beginning of this document.

../_images/nuage_vpc_off.png

Creating VPC Offering

  1. Click the OK button to create the VPC Offering.
  2. After the VPC Offering has been successfully created, enable it from the Service Offerings - VPC Offerings list.

Dedicated Features Provided by The Nuage VSP Plugin

Nuage VSP Domain Template Feature Support for CloudStack

All the constructs (parameters and abstractions) defined in a Nuage VSD domain template can be made available to domain instances (i.e. networks) created in CloudStack. To do this, configure the Nuage VSP Plugin to use a pre-created Nuage VSD domain template when instantiating domains (i.e. creating networks). Networks created in CloudStack will then use domain instances created from the domain template.

Typical use-cases are:

  • The basic ACLs on the top and bottom that bracket or ‘contain’ the end-user’s ACLs.
  • Leakable domains/GRT Leaking (Nuage VSP feature).

To configure a Nuage VSP domain template for use by CloudStack, use the Nuage VSD Architect (VSP’s GUI) to create a domain template and configure it in the following CloudStack global settings.

ParameterTypeExplanationSupported CloudStack versions
nuagevsp.isolatedntwk.domaintemplate.nameStringName of the Nuage VSP domain template to use for creating domains for isolated networks>= 4.5
nuagevsp.vpc.domaintemplate.nameStringName of the Nuage VSP domain template to use for creating the domain for VPCs>= 4.5
nuagevsp.sharedntwk.domaintemplate.idUUIDUUID of the Nuage VSP domain template to use for creating the domain for Shared Networks>= 4.10

Table: CloudStack Global Settings For Configuring Nuage VSP Domain Template Feature

Nuage VSP Source NAT via the Underlay Feature Support For CloudStack

Supported CloudStack versions: >= 4.10

CloudStack provides Source NAT service to enable guest VMs to send traffic out to the Internet without requiring a Static NAT IP (public IP) assigned to the VM. The Source NAT service must be enabled as part of the network offering used for creating the guest network. When a network is created using this network offering, the first public IP from the assigned public IP range is automatically acquired as the Source NAT IP for the network. All VMs attached to this network then use that Source NAT IP to send traffic to the Internet.

The Nuage VSP Plugin for CloudStack supports CloudStack’s native Source NAT service and enhances it by restricting to a minimum the number of public IP addresses assigned to any given tenant. This is achieved by not allocating a Source NAT IP for every network that is created.

The Source NAT service that Nuage VSP calls the Port Address Translation (PAT) feature uses the hypervisor IP as the Source NAT IP address for all VMs in the hypervisor that need to send traffic out to the Internet. Configure this during Nuage VSP installation using the instructions given in the Nuage VSP Install Guide.

This feature is supported for both VPCs and Isolated Networks. In the case of VPCs, Source NAT is applied at the Nuage VSP domain level, therefore there is no customization on the individual VPC network (tier) level.

All VPCs and Isolated networks that are created from a Nuage VSP Source NAT-enabled network offering have this feature enabled automatically. An example Nuage VSP Source NAT-enabled network offering is shown in the figure “Nuage VSP Source NAT-enabled Network Offering” below.

../_images/nuage_source_nat_net_off.png

Nuage VSP Source NAT-enabled Network Offering

Nuage VSP Static NAT via the Underlay Feature Support For CloudStack

Supported CloudStack versions: >= 4.10

Static NAT is supported in Nuage VSP as FIP (Floating IP). Prior to Nuage VSP v3.2, FIP in Nuage VSP required a VXLAN GW/PE to be present in the data center. In Nuage VSP v3.2 and above FIP is supported via the underlay, which removes the requirement for a GW/PE in the DC.

For the Static NAT without GW/PE feature to be operational in the CloudStack plugin, FIP in Nuage VSP must be configured to use the underlay. This operation takes place during Nuage VSP installation; instructions can be found in the Nuage VSP Install Guide.

A new API called nuageunderlayvlaniprange has been introduced to enable/disable Static NAT via the Underlay feature support for CloudStack public IP ranges being used for Static NAT service. This API specifies whether the FIP to underlay support is required for the corresponding FIP subnet in Nuage VSD since there is no GW/PE in the data center. When the nuageunderlayvlaniprange API has been enabled/disabled for a public IP range and Static NAT is enabled on at-least one of its Public IPs, the plugin creates the corresponding shared FIP subnet in Nuage VSD using the sharednetworkresources API with the underlay flag set accordingly. The nuageunderlayvlaniprange API usage is shown in the figure “nuageunderlayvlaniprange API Usage” below.

../_images/nuage_underlay_api_usage.png

nuageunderlayvlaniprange API Usage

By default, the Nuage VSP Plugin creates the corresponding shared FIP subnet in Nuage VSD with the underlay flag set to false (disabled). There is no support for the nuageunderlayvlaniprange API from the CloudStack UI.

Note

Enabling/disabling the nuageunderlayvlaniprange API for CloudStack public IP ranges is supported only before the Nuage VSP plugin creates the corresponding shared FIP subnet in Nuage VSD. After a shared FIP subnet is created in Nuage VSD, its underlay flag cannot be changed. To change the underlay flag for a given shared FIP subnet, delete the Public vLanIPRange, recreate it and enable/disable the nuageunderlayvlaniprange API for it.

Running The Nuage VSP Plugin Specific Marvin Tests

The Nuage VSP Plugin specific Marvin tests can be found under the directory test/integration/plugins/nuagevsp/ in the cloudstack tree.

Here is the list of required Python packages and dependencies to run The Nuage VSP Plugin specific Marvin tests:

  • marvin
  • vspk
  • libVSD
  • pyyaml
  • netaddr
  • futures

Note

vspk is a Python SDK for Nuage VSP’s VSD and libVSD is a library that wraps vspk package, which are open sourced and can be found at https://github.com/nuagenetworks.

Here is an example nosetests command to run The Nuage VSP Plugin specific Marvin tests:

  1. nosetests --with-marvin --marvin-config=path-to-marvin-config-file/nuage_marvin.cfg path-to-marvin-tests/test/integration/plugins/nuagevsp/test_nuage_vsp.py

Note

For an example Marvin config file (i.e. nuage_marvin.cfg) required to run The Nuage VSP Plugin specific Marvin tests, refer Nuage VSP Marvin Config File Format in the Appendix of this document.

Appendix

Configure Nuage VSP API

To configure Nuage VSP as a Network Service Provider in the CloudStack Zone.

  1. Add Nuage VSP as a Network Service Provider in the Physical Network 2:
  1. cloudmonkey add networkserviceprovider name=NuageVsp physicalnetworkid=<physicalNetwork2Id>
  1. Add the Nuage VSD as a Nuage VSP Device in the Physical Network 2:
  1. cloudmonkey add nuagevspdevice physicalnetworkid=<physicalNetwork2Id> hostname=<hostnameOfNuageVsp> username=<usernameOfNuageVspUser> password=<passwordOfNuageVspUser> port=<portUsedByNuageVsp> apiversion=<apiVersionOfNuageVsp> retrycount=<nrOfRetriesOnFailure> retryinterval=<intervalBetweenRetries>

Nuage VSP Marvin Config File Format

Format for the Marvin config file required to run The Nuage VSP Plugin specific Marvin tests.

  1. {
  2.  "zones": [
  3.      {
  4.          "name": "ZONE1NAME",
  5.          "physical_networks": [
  6.              {
  7.                  "name": "Physical Network 1",
  8.                  "isolationmethods": [
  9.                      "VLAN"
  10.                  ]
  11.              },
  12.              {
  13.                  "name": "Physical Network 2",
  14.                  "isolationmethods": [
  15.                      "VSP"
  16.                  ],
  17.                  "providers": [
  18.                      {
  19.                          "name": "NuageVsp",
  20.                          "devices": [
  21.                              {
  22.                                  "username": "VSDUSERNAME",
  23.                                  "retryinterval": "60",
  24.                                  "hostname": "VSDSERVER",
  25.                                  "apiversion": "VSDVERSION",
  26.                                  "retrycount": "4",
  27.                                  "password": "VSDUSERPASSWORD",
  28.                                  "port": VSDPORT
  29.                              }
  30.                          ]
  31.                      }
  32.                  ]
  33.              }
  34.          ],
  35.          "dcInternetConnectivityInfo" : {
  36.              "available": "INTERNETAVAILABLE",
  37.              "httpProxy": "HTTPPROXY",
  38.              "httpsProxy": "HTTPSPROXY"
  39.          }
  40.      },
  41.      {
  42.          "name": "ZONE2NAME",
  43.          "physical_networks": [
  44.              {
  45.                  "name": "Physical Network 1",
  46.                  "isolationmethods": [
  47.                      "VLAN"
  48.                  ]
  49.              },
  50.              {
  51.                  "name": "Physical Network 2",
  52.                  "isolationmethods": [
  53.                      "VSP"
  54.                  ],
  55.                  "providers": [
  56.                      {
  57.                          "name": "NuageVsp",
  58.                          "devices": [
  59.                              {
  60.                                  "username": "VSDUSERNAME",
  61.                                  "retryinterval": "60",
  62.                                  "hostname": "VSDSERVER",
  63.                                  "apiversion": "VSDVERSION",
  64.                                  "retrycount": "4",
  65.                                  "password": "VSDUSERPASSWORD",
  66.                                  "port": VSDPORT
  67.                              }
  68.                          ]
  69.                      }
  70.                  ]
  71.              }
  72.          ],
  73.          "dcInternetConnectivityInfo" : {
  74.              "available": "INTERNETAVAILABLE",
  75.              "httpProxy": "HTTPPROXY",
  76.              "httpsProxy": "HTTPSPROXY"
  77.          }
  78.      }
  79.  ],
  80.  "dbSvr": {
  81.      "dbSvr": "DBSERVER",
  82.      "passwd": "DBPASSWORD",
  83.      "db": "cloud",
  84.      "port": 3306,
  85.      "user": "DBUSERNAME"
  86.  },
  87.  "logger":
  88.      {
  89.          "LogFolderPath": "/tmp/LOGFOLDERNAME"
  90.      },
  91.  "mgtSvr": [
  92.      {
  93.          "mgtSvrIp": "MGNTSERVERIP",
  94.          "port": 8096,
  95.          "user": "MGNTUSERNAME",
  96.          "passwd": "MGNTPASSWORD"
  97.      }
  98.  ]
  99.  }