This presentation includes the OVSvApp solution for ESX based deployments, when a cloud operator wants to use OpenStack with vSphere using open source elements, he/she can only do so by relying on nova-network. Currently, there is no viable open source reference implementation for supporting ESX deployments that would help the cloud operator to leverage some of the advanced networking capabilities that Neutron provides. Here, we talk about providing cloud operators with a Neutron supported solution for vSphere deployments in the form of a service VM called OVSvApp VM which steers the ESX tenant VMs' traffic through it.

1. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The OpenStack TM attribution statement should used: The
OpenStack wordmark and the Square O Design, together or part, are trademarks or registered trademarks of OpenStack Foundation in the United States and other countries, and are used with the
OpenStack Foundation’s permission.
Vancouver OpenStack®
Summit

2. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Bringing ESX Deployments
into native Openstack
(OVSvApp)
Romil Gupta romilg@hp.com
Vivekanandan Narasimhan vivekanandan.narasimhan@hp.com
May 20, 2015

3. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3
What is OVSvApp ?
• A Service VM that is deployed on a ESX Host to provides L2 Connectivity as a service
(Service Function) .
• Supports both VLAN and VXLAN underlying infrastructure for tenant VMs communication.
• Uses Open vSwitch based Firewall driver providing access control for tenant VMs on the
ESX Host (sec-groups).
• Aligned to OpenStack Kilo release. Also available for OpenStack Juno Stable release.
• Available upstream in OpenStack Neutron under project “stackforge/networking-
vsphere”.

4. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4
OVSvApp Benefits
• Allows vendors to migrate their invested ESX workloads to cloud.
• Allows vendors to deploy ESX-based Clouds with native Openstack, with less (or) no
learning curve.
• Allows vendors to leverage some of the advanced networking capabilities that Neutron
provides.
• Not required to rely on nova-network (which is deprecated).
• Does not require special licenses to deploy, run and manage.

5. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5
Architecture of OVSvApp solution
• Neutron Server - Provides Tenant Network and
Port information to OVSvApp Agent. Also
runs OVSvApp Ml2 mechanism driver.
• Nova compute - Manages vCenter and
spawns VMs, contains OVSvApp VCDriver.
• OVSvApp VM - Hosts OVSvApp agent which
provisions artifacts (FLOWs, PortGroups) to
provide VLAN, VXLAN and Security Groups.
• One OVSvApp VM per ESXi Host.
• VDS Switches : 1st switch - connects to VMs
and 2nd switch - connects to uplink.
• Tenant VMs booted on VDS1 - VM traffic is
trunked to OVSvApp VM – Traffic forwarded to
uplink (VDS-2).

6. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6
Components of OVSvApp VM
• OVSvApp VM - VM with Open vSwitch installed,
runs an OVSvApp agent, has 3 OVS bridges:
Security Group Bridge (br-sec),Integration Bridge
(br-int) and Physical Bridges (br-ethX) in case of
VLAN, and Tunnel Bridge (br-tun) in case of VXLAN.
• Operates on cluster events: “VM_CREATE”,
"VM_DELETE" and "VM_UPDATE”, programs
Open vSwitch with FLOW information from neutron.
• Open vSwitch based Firewall Driver - Security
Groups functionality.

7. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7
Sequence Diagram - VLAN

8. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8
Sequence Diagram - VXLAN

9. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9
Deployment
1. Using Devstack
https://github.com/stackforge/networking-vsphere/tree/master/devstack
2. Automated OVSvApp VM installer.
• Supports 2 modes:
• Fully automated(green field).
• Manual (pre-existing DVS and portgroups – brown field).
• Installation process:
• Upload the OVSvApp image (.ova) to one of the ESX hosts in a data center .
• VMWare admin/tenant admin to input values at ovs_vapp.ini file .
• Add settings to the configuration file so that the OVSvApp deployment script can
clone the file on each host .
• Run deployment script .
• Uninstall, update and upgrade OVSvApp deployments supported.

10. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10
Future Plans
• Upstream Automated OVSvApp VM Installer.
• Distributed Virtual Router support for OVSvApp.
• OVSvApp support to work with upstream L2-Gateway.
• Intra-host VM access control (Security-Group) .
• Have parity between ML2 OVS Neutron Agent and OVSvApp Agent
features.

11. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11
References:
• Source Code: https://github.com/stackforge/networking-vsphere
• Wiki: https://wiki.openstack.org/wiki/Neutron/Networking-vSphere
• OVSvApp Solution White Paper: https://github.com/hp-
networking/ovsvapp/blob/master/OVSvApp_Solution.pdf
• OVSvApp Solution: ESX with VLAN https://github.com/stackforge/networking-
vsphere/blob/master/specs/kilo/ovsvapp_esx_vlan.rst
• OVSvApp Solution : ESX with VXLAN https://github.com/stackforge/networking-
vsphere/blob/master/specs/kilo/ovsvapp_esx_vxlan.rst
• Open vSwitch-based Security Groups: Open vSwitch Implementation of
FirewallDriver: https://blueprints.launchpad.net/neutron/+spec/ovs-firewall-driver

12. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12
Q&A

13. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The OpenStack TM attribution statement should used: The
OpenStack wordmark and the Square O Design, together or part, are trademarks or registered trademarks of OpenStack Foundation in the United States and other countries, and are used with the
OpenStack Foundation’s permission.
Thank You