Contenu connexe Similaire à Bringing ESX Deployments into native OpenStack OVSvApp (20) Bringing ESX Deployments into native OpenStack OVSvApp1. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The OpenStack TM attribution statement should used: The
OpenStack wordmark and the Square O Design, together or part, are trademarks or registered trademarks of OpenStack Foundation in the United States and other countries, and are used with the
OpenStack Foundation’s permission.
Vancouver OpenStack®
Summit
2. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Bringing ESX Deployments
into native Openstack
(OVSvApp)
Romil Gupta romilg@hp.com
Vivekanandan Narasimhan vivekanandan.narasimhan@hp.com
May 20, 2015
3. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3
What is OVSvApp ?
• A Service VM that is deployed on a ESX Host to provides L2 Connectivity as a service
(Service Function) .
• Supports both VLAN and VXLAN underlying infrastructure for tenant VMs communication.
• Uses Open vSwitch based Firewall driver providing access control for tenant VMs on the
ESX Host (sec-groups).
• Aligned to OpenStack Kilo release. Also available for OpenStack Juno Stable release.
• Available upstream in OpenStack Neutron under project “stackforge/networking-
vsphere”.
4. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4
OVSvApp Benefits
• Allows vendors to migrate their invested ESX workloads to cloud.
• Allows vendors to deploy ESX-based Clouds with native Openstack, with less (or) no
learning curve.
• Allows vendors to leverage some of the advanced networking capabilities that Neutron
provides.
• Not required to rely on nova-network (which is deprecated).
• Does not require special licenses to deploy, run and manage.
5. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5
Architecture of OVSvApp solution
• Neutron Server - Provides Tenant Network and
Port information to OVSvApp Agent. Also
runs OVSvApp Ml2 mechanism driver.
• Nova compute - Manages vCenter and
spawns VMs, contains OVSvApp VCDriver.
• OVSvApp VM - Hosts OVSvApp agent which
provisions artifacts (FLOWs, PortGroups) to
provide VLAN, VXLAN and Security Groups.
• One OVSvApp VM per ESXi Host.
• VDS Switches : 1st switch - connects to VMs
and 2nd switch - connects to uplink.
• Tenant VMs booted on VDS1 - VM traffic is
trunked to OVSvApp VM – Traffic forwarded to
uplink (VDS-2).
6. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6
Components of OVSvApp VM
• OVSvApp VM - VM with Open vSwitch installed,
runs an OVSvApp agent, has 3 OVS bridges:
Security Group Bridge (br-sec),Integration Bridge
(br-int) and Physical Bridges (br-ethX) in case of
VLAN, and Tunnel Bridge (br-tun) in case of VXLAN.
• Operates on cluster events: “VM_CREATE”,
"VM_DELETE" and "VM_UPDATE”, programs
Open vSwitch with FLOW information from neutron.
• Open vSwitch based Firewall Driver - Security
Groups functionality.
7. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7
Sequence Diagram - VLAN
8. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8
Sequence Diagram - VXLAN
9. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9
Deployment
1. Using Devstack
https://github.com/stackforge/networking-vsphere/tree/master/devstack
2. Automated OVSvApp VM installer.
• Supports 2 modes:
• Fully automated(green field).
• Manual (pre-existing DVS and portgroups – brown field).
• Installation process:
• Upload the OVSvApp image (.ova) to one of the ESX hosts in a data center .
• VMWare admin/tenant admin to input values at ovs_vapp.ini file .
• Add settings to the configuration file so that the OVSvApp deployment script can
clone the file on each host .
• Run deployment script .
• Uninstall, update and upgrade OVSvApp deployments supported.
10. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10
Future Plans
• Upstream Automated OVSvApp VM Installer.
• Distributed Virtual Router support for OVSvApp.
• OVSvApp support to work with upstream L2-Gateway.
• Intra-host VM access control (Security-Group) .
• Have parity between ML2 OVS Neutron Agent and OVSvApp Agent
features.
11. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11
References:
• Source Code: https://github.com/stackforge/networking-vsphere
• Wiki: https://wiki.openstack.org/wiki/Neutron/Networking-vSphere
• OVSvApp Solution White Paper: https://github.com/hp-
networking/ovsvapp/blob/master/OVSvApp_Solution.pdf
• OVSvApp Solution: ESX with VLAN https://github.com/stackforge/networking-
vsphere/blob/master/specs/kilo/ovsvapp_esx_vlan.rst
• OVSvApp Solution : ESX with VXLAN https://github.com/stackforge/networking-
vsphere/blob/master/specs/kilo/ovsvapp_esx_vxlan.rst
• Open vSwitch-based Security Groups: Open vSwitch Implementation of
FirewallDriver: https://blueprints.launchpad.net/neutron/+spec/ovs-firewall-driver
12. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12
Q&A
13. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The OpenStack TM attribution statement should used: The
OpenStack wordmark and the Square O Design, together or part, are trademarks or registered trademarks of OpenStack Foundation in the United States and other countries, and are used with the
OpenStack Foundation’s permission.
Thank You