Neutron ML2 Driver For Cisco Nexus Devices Ocata Release

From DocWiki

Jump to: navigation, search

Contents

Overview

The Cisco Nexus ML2 mechanism driver implements the ML2 Plugin Mechanism Driver API. The Cisco Nexus ML2 mechanism driver manages multiple types of Cisco Nexus switches.

Note: This software is provided "as is," and in no event does Cisco warrant that the software is error free or that customer will be able to operate the software without problems or interruptions.

Ocata Release Changes

There are a couple of noticeable changes in the Ocata Release:

  • A REST API Driver was developed. For details on enabling this improved configuration driver, refer to the section 'REST API Configuration Driver'.
  • An anomaly was discovered with the existing ssh driver where it stopped working with more current Nexus images. The error seen in neutron log file is SessionCloseError. A correction for this issue has been included in this release.

Prerequisites

Nexus switch support requires the following OS versions and packages:

  • Cisco NX-OS 7.0(3)I5 (needed for new REST API Driver).
  • One of two supported OSes:
    • RHEL 6.1 or above
    • Ubuntu 14.04 or above
  • Package: python-configobj-4.6.0-3.el6.noarch (or later)
  • Package: python-routes-1.12.3-2.el6.noarch (or later)
  • Package: pip install mysql-python
  • TripleO with Nexus and UCSM is supported in the RHEL OSP7

If using the default ssh driver to configure the Nexus device, the following is also needed:

  • Paramiko library, the SSHv2 protocol library for Python
  • The ncclient v0.4.2 Python library for NETCONF clients. See the following for instructions on how to download the modified library. For more information on ncclient, see http://ncclient.grnet.gr/.


Get the ncclient library by using the pip package manager at your shell prompt:

pip install ncclient == 0.4.2

Your Nexus switch must be configured as described in the next section, Nexus Switch Setup.

Nexus Switch Setup

  • Your Nexus switch must be connected to a management network separate from the OpenStack data network. The plugin communicates with the switch over this network to set up your data flows.
  • If the new Rest API Driver is configured, nxapi feature must be enabled on the switch; otherwise, the switch must have ssh login enabled for the legacy/default ssh driver to be successful.
  • When host_key_checks is enabled (used only with legacy ssh driver), the switch must be a known host on the controller node before the ML2 Nexus mechanism driver tries to configure the switch. To ensure the switch is a known host, manually log in to the switch from the controller node (using ssh) before creating instances.
  • Each compute host on the cloud must be connected to the switch using an interface dedicated solely to OpenStack data traffic.
  • All other switch configuration not listed in this section, for example configuring interfaces with no shutdown and switchport mode trunk, must be performed by the switch administrator.

Directory Structure

The Cisco Nexus mechanism driver code is located in the following directory:

<neutron_install_dir>/neutron/neutron/plugins/ml2/drivers/cisco/nexus

The Cisco Nexus mechanism configuration template is located at:

<neutron_install_dir>/neutron/etc/neutron/plugins/ml2/ml2_conf_cisco.ini

In both cases, <neutron_install_dir> is the directory where the Neutron project is installed. This is often the home directory of the username assigned to Neutron.

Configuration

VLAN Configuration

To configure the Cisco Nexus ML2 mechanism driver, do the following:

Create a configuration file using the syntax template neutron/etc/neutron/plugins/ml2/ml2_conf_cisco.ini.

Add the Nexus switch information to a configuration file. Include the following information (see the example below):

  • The IP address of the switch
  • The hostname and port of the node that is connected to the switch
  • The switch port that host is connected to
  • The Nexus switch credential username and password


Include the configuration file on the command line when the neutron-server is started. You can configure multiple switches as well as multiple hosts per switch.

# Use section header 'ml2_mech_cisco_nexus:' followed by the IP address of the Nexus switch.
[ml2_mech_cisco_nexus:1.1.1.1]
# Hostname and port used on the switch for this compute host.
# Where 1/2 indicates the "interface ethernet 1/2" port on the switch.
compute-1=1/2
# Port number where the SSH will be running at the Nexus Switch. Default is 22 so this variable
# only needs to be configured if different.
# ssh_port=22
# Provide the Nexus login information
username=admin
password=mySecretPasswordForNexus

TripleO Configuration

The Cisco specific implementation is deployed by modifying the tripleO environment file environments/neutron-ml2-cisco-nexus-ucsm.yaml and updating the contents with the deployment specific content. Note that with TripleO deployment the server names are not known before deployment, so the MAC address of the server must be used in place of the server name.

Descriptions of the parameters can be found at https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml


resource_registry:
  OS::TripleO::AllNodesExtraConfig: /usr/share/openstack-tripleo-heat-templates/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
 
parameter_defaults:
  NeutronMechanismDrivers: 'openvswitch,cisco_nexus'
  NetworkNexusConfig: {
    "N9K-9372PX-1": {
        "ip_address": "1.1.1.1", 
        "nve_src_intf": 0, 
        "password": "mySecretPasswordForNexus", 
        "physnet": "datacentre", 
        "servers": {
            "54:A2:74:CC:73:51": {
                "ports": "1/2"
            }
        }, 
        "ssh_port": 22, 
        "username": "admin"
    }
  }
  NetworkNexusManagedPhysicalNetwork: datacentre
  NetworkNexusVlanNamePrefix: 'q-'
  NetworkNexusSviRoundRobin: 'false'
  NetworkNexusProviderVlanNamePrefix: 'p-'
  NetworkNexusPersistentSwitchConfig: 'false'
  NetworkNexusSwitchHeartbeatTime: 30
  NetworkNexusSwitchReplayCount: 3
  NetworkNexusProviderVlanAutoCreate: 'true'
  NetworkNexusProviderVlanAutoTrunk: 'true'
  NetworkNexusVxlanGlobalConfig: 'false'
  NetworkNexusHostKeyChecks: 'false'
  NeutronNetworkVLANRanges: 'datacentre:2000:2500'
  NetworkNexusVxlanVniRanges: '0:0'
  NetworkNexusVxlanMcastRanges: '0.0.0.0:0.0.0.0'

VLAN Configuration in DevStack

The instructions at https://wiki.openstack.org/wiki/Sandbox/CML2MP#Configuring_Devstack_for_the_Cisco_Nexus_Mechanism_Driver describe how to configure DevStack with the Cisco Nexus mechanism driver. To use VLAN with the DevStack configuration, do the following additional configuration step:

In addition to the standard local.conf settings, use the following local.conf file example to configure the Nexus switch for VLAN support.

[[local|localrc]]
Q_PLUGIN=ml2
Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch,cisco_nexus
Q_ML2_TENANT_NETWORK_TYPE=vlan
ML2_VLAN_RANGES=physnet1:100:109
ENABLE_TENANT_TUNNELS=False
ENABLE_TENANT_VLANS=True
PHYSICAL_NETWORK=physnet1
OVS_PHYSICAL_BRIDGE=br-eth1

[ml2_cisco]
switch_hearbeat_time = 30
#nexus_driver = restapi     #Enable if you have latest Nexus image listed in prerequisite section

[ml2_mech_cisco_nexus:192.168.1.1]
ComputeHostA=1/10
username=admin
password=secretPassword
ssh_port=22

[ml2_mech_cisco_nexus:192.168.1.2]
ComputeHostB=1/10
username=admin
password=secretPassword
ssh_port=22

If the DevStack deployment is using Neutron code from the upstream repository, to download the Cisco mechanism driver code from upstream add these two settings to the local.conf file.

enable_service net-cisco
enable_plugin networking-cisco https://github.com/openstack/networking-cisco

Virtual Port Channel (vPC) Configuration

The Cisco mechanism plugin supports multi-homes hosts in a vPC setup. A typical vPC setup is illustrated in the following diagram:
Multi Homed vPC hardware configuration
Prerequisites
  • The vPC interconnect must be set up as described in this document: NXOS vPC configuration. The Cisco plugin will not set up vPC interconnect channels between switches.
  • The data interfaces on the host must be bonded. This bonded interface must be attached to the external bridge.


Plugin Configuration

Configure vPC in the plugin with multiple connections per host. For example, if host 1 is connected to two Nexus switches 1.1.1.1 and 2.2.2.2 over portchannel2:


[ml2_mech_cisco_nexus:1.1.1.1]
# Hostname and port used of the node
host1=port-channel:2
# Port number where the SSH will be running at the Nexus Switch, e.g.: 22 (Default)
ssh_port=22
# Provide the Nexus credentials.
username=admin
password=mySecretPasswordForNexus

[ml2_mech_cisco_nexus:2.2.2.2]
# Hostname and port used of the node
host1=port-channel:2
# Port number where the SSH will be running at the Nexus Switch, e.g.: 22 (Default)
ssh_port=22
# Provide the Nexus credentials.
username=admin
password=mySecretPasswordForNexus

Specify the EtherType (portchannel, etherchannel, etc.) for the vPC setup.

Note: If you do not specify the EtherType, the plugin assumes an EtherType of Ethernet.

No configuration change is required for non-vPC configurations. Non-vpc setups are not affected by this feature.

TripleO Configuration

The Cisco specific implementation is deployed by modifying the tripleO environment file environments/neutron-ml2-cisco-nexus-ucsm.yaml and updating the contents with the deployment specific content. Note that with TripleO deployment the server names are not known before deployment, so the MAC address of the server must be used in place of the server name.

Descriptions of the parameters can be found at https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml

resource_registry:
  OS::TripleO::AllNodesExtraConfig: /usr/share/openstack-tripleo-heat-templates/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
 
parameter_defaults:
  NeutronMechanismDrivers: 'openvswitch,cisco_nexus'
  NetworkNexusConfig: {
    "N9K-9372PX-1": {
        "ip_address": "1.1.1.1", 
        "nve_src_intf": 0, 
        "password": "mySecretPasswordForNexus", 
        "physnet": "datacentre", 
        "servers": {
            "54:A2:74:CC:73:51": {
                "ports": "port-channel:2"
            }
        }, 
        "ssh_port": 22, 
        "username": "admin"
    }
    "N9K-9372PX-2": {
        "ip_address": "2.2.2.2", 
        "nve_src_intf": 0, 
        "password": "mySecretPasswordForNexus", 
        "physnet": "datacentre", 
        "servers": {
            "54:A2:74:CC:73:AB": {
                "ports": "port-channel:2"
            }
        }, 
        "ssh_port": 22, 
        "username": "admin"
    }
  }

  NetworkNexusManagedPhysicalNetwork: datacentre
  NetworkNexusVlanNamePrefix: 'q-'
  NetworkNexusSviRoundRobin: 'false'
  NetworkNexusProviderVlanNamePrefix: 'p-'
  NetworkNexusPersistentSwitchConfig: 'false'
  NetworkNexusSwitchHeartbeatTime: 30
  NetworkNexusSwitchReplayCount: 3
  NetworkNexusProviderVlanAutoCreate: 'true'
  NetworkNexusProviderVlanAutoTrunk: 'true'
  NetworkNexusVxlanGlobalConfig: 'false'
  NetworkNexusHostKeyChecks: 'false'
  NeutronNetworkVLANRanges: 'datacentre:2000:2500'
  NetworkNexusVxlanVniRanges: '0:0'
  NetworkNexusVxlanMcastRanges: '0.0.0.0:0.0.0.0'
 


VXLAN Overlay Configuration

Prerequisites

The Cisco Nexus ML2 driver will not configure those features described in the “Considerations for the Transport Network” section of http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide.pdf. You must perform such configuration before configuring the plugin for VXLAN. Do all of the following that are relevant to your installation:

  • Configure a loopback IP address
  • Configure IP multicast, PIM, and rendezvous point (RP) in the core
  • Configure the default gateway for VXLAN VLANs on external routing devices
  • Configure VXLAN related feature commands: "feature nv overlay" and "feature vn-segment-vlan-based"
  • Configure NVE interface and assign loopback address

Procedure

To support VXLAN configuration on a top-of-rack Nexus switch, add the following configuration settings:

  • Configure an additional setting named physnet under the ml2_mech_cisco_nexus section header, as shown in the following example.

Example:

[ml2_mech_cisco_nexus:192.168.1.1]
# Hostname and port used on the switch for this compute host.
# Where 1/2 indicates the "interface ethernet 1/2" port on the switch.
compute-1=1/2
# Port number where the SSH will be running at the Nexus Switch. Default is 22 so this variable
# only needs to be configured if different.
# ssh_port=22
# Provide the Nexus log in information
username=admin
password=mySecretPasswordForNexus
# Where physnet1 is a physical network name listed in the ML2 VLAN section header [ml2_type_vlan].
physnet=physnet1
  • Configure the VLAN range in the ml2_type_vlan section as shown in the following example. The ml2_type_vlan section header format is defined in the neutron/etc/neutron/plugins/ml2/ml2_conf.ini file.

Example:

[ml2_type_vlan]
network_vlan_ranges = physnet1:100:109
  • Configure the network VNI ranges and multicast ranges in the ml2_type_nexus_vlan section, as shown in the following example.

The section header [ml2_type_nexus_vxlan] is defined in the neutron/etc/neutron/plugins/ml2/ml2_conf.ini file to provide VXLAN information required by the Nexus switch.

Example:

[ml2_type_nexus_vxlan]
# Comma-separated list of <vni_min>:<vni_max> tuples enumerating
# ranges of VXLAN VNI IDs that are available for tenant network allocation.
vni_ranges=50000:55000

# Multicast groups for the VXLAN interface. When configured, will
# enable sending all broadcast traffic to this multicast group. Comma separated
# list of min:max ranges of multicast IP's 
# NOTE: must be a valid multicast IP, invalid IP's will be discarded
mcast_ranges=225.1.1.1:225.1.1.2

VXLAN Overlay Configuration in DevStack

The instructions at https://wiki.openstack.org/wiki/Sandbox/CML2MP#Configuring_Devstack_for_the_Cisco_Nexus_Mechanism_Driver describe how to configure DevStack with the Cisco Nexus mechanism driver. To use VXLAN with the DevStack configuration, do the following additional configuration step:

In addition to the standard local.conf settings, use the following local.conf file example to configure the Nexus switch for VXLAN Terminal End Point (VTEP) support.

[[local|localrc]]
Q_PLUGIN=ml2
Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch,cisco_nexus
Q_ML2_PLUGIN_TYPE_DRIVERS=nexus_vxlan,vlan
Q_ML2_TENANT_NETWORK_TYPE=nexus_vxlan
ML2_VLAN_RANGES=physnet1:100:109
ENABLE_TENANT_TUNNELS=False
ENABLE_TENANT_VLANS=True
PHYSICAL_NETWORK=physnet1
OVS_PHYSICAL_BRIDGE=br-eth1

[[post-config|/etc/neutron/plugins/ml2/ml2_conf.ini]]
[agent]
minimize_polling=True
tunnel_types=

[ml2_cisco]
switch_hearbeat_time = 30
#nexus_driver = restapi     #Enable if you have latest Nexus image listed in prerequisite section

[ml2_mech_cisco_nexus:192.168.1.1]
ComputeHostA=1/10
username=admin
password=secretPassword
ssh_port=22
physnet=physnet1

[ml2_mech_cisco_nexus:192.168.1.2]
ComputeHostB=1/10
NetworkNode=1/11
username=admin
password=secretPassword
ssh_port=22
physnet=physnet1

[ml2_type_nexus_vxlan]
vni_ranges=50000:55000
mcast_ranges=225.1.1.1:225.1.1.2

[ml2_type_vlan]
network_vlan_ranges = physnet1:100:109

If the DevStack deployment is using Neutron code from the upstream repository, to download the Cisco mechanism driver code from upstream add these two settings to the local.conf file.

enable_service net-cisco
enable_plugin networking-cisco https://github.com/openstack/networking-cisco

Configuration for Non-DHCP Agent Enabled Network Node Topologies

If a DHCP Agent is not running on the network node then the network node physical connection to the Nexus switch must be added to all compute hosts that require access to the network node. As an example if the network node is physically connected to nexus switch 192.168.1.1 port 1/10 then the following configuration is required.

[ml2_mech_cisco_nexus:192.168.1.1]
ComputeHostA=1/8,1/10
ComputeHostB=1/9,1/10
username=admin
password=secretPassword
ssh_port=22
physnet=physnet1

[ml2_mech_cisco_nexus:192.168.1.2]
ComputeHostC=1/10
username=admin
password=secretPassword
ssh_port=22
physnet=physnet1
TripleO configuration

The Cisco specific implementation is deployed by modifying the tripleO environment file environments/neutron-ml2-cisco-nexus-ucsm.yaml and updating the contents with the deployment specific content. Note that with TripleO deployment the server names are not known before deployment, so the MAC address of the server must be used in place of the server name.

Descriptions of the parameters can be found at https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml

resource_registry:
  OS::TripleO::AllNodesExtraConfig: /usr/share/openstack-tripleo-heat-templates/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
 
parameter_defaults:
  NeutronMechanismDrivers: 'openvswitch,cisco_nexus'
  NetworkNexusConfig: {
    "N9K-9372PX-1": {
        "ip_address": "192.168.1.1", 
        "nve_src_intf": 0, 
        "password": "secretPassword", 
        "physnet": "datacentre", 
        "servers": {
            "54:A2:74:CC:73:51": {
                "ports": "1/10"
            }
        }, 
        "ssh_port": 22, 
        "username": "admin"
    }
    "N9K-9372PX-2": {
        "ip_address": "192.168.1.2", 
        "nve_src_intf": 0, 
        "password": "secretPassword", 
        "physnet": "datacentre", 
        "servers": {
            "54:A2:74:CC:73:AB": {
                "ports": "1/10"
            }
           "54:A2:74:CC:73:CD": {
                "ports": "1/11"
            }
        }, 
        "ssh_port": 22, 
        "username": "admin"
    }
  }

  NetworkNexusManagedPhysicalNetwork: datacentre
  NetworkNexusVlanNamePrefix: 'q-'
  NetworkNexusSviRoundRobin: 'false'
  NetworkNexusProviderVlanNamePrefix: 'p-'
  NetworkNexusPersistentSwitchConfig: 'false'
  NetworkNexusSwitchHeartbeatTime: 30
  NetworkNexusSwitchReplayCount: 3
  NetworkNexusProviderVlanAutoCreate: 'true'
  NetworkNexusProviderVlanAutoTrunk: 'true'
  NetworkNexusVxlanGlobalConfig: 'false'
  NetworkNexusHostKeyChecks: 'false'
  NeutronNetworkVLANRanges: 'physnet1:100:109'
  NetworkNexusVxlanVniRanges: '50000:55000'
  NetworkNexusVxlanMcastRanges: '225.1.1.1:225.1.1.2'
 
Config Notes
  1. If setting NetworkNexusManagedPhysicalNetwork, the per-port "physnet" value needs to be the same.

Replay Configuration

If you define the attribute switch_heartbeat_time [ml2_cisco] in the file ml2_conf_cisco.ini, it will enable configuration replay. To be backward compatible, this attribute is set to 0 for disabled. For replay operation, 30 seconds has been found suitable and is the recommended value. This attribute configures the amount of time in seconds that the ML2 Nexus driver checks the connectivity to each configured Nexus switch. If it is determined the switch is no longer reachable, it continues to check it until successful. Once active, all configuration related to the failed switch will be replayed. If neutron restarts, then the configuration for all known Nexus switches is replayed once connectivity is established to each switch.

switch_heartbeat_time = 30

REST API Configuration Driver

When enabled, it takes the place of the preexisting ncclient ssh driver. This driver results in better performance and eliminates the limitation of Nexus session limits. Configuration must be added to enable this new driver since the legacy ssh driver is still the default. The REST API depends on more current Nexus switch images (see prereq section) so the legacy ssh driver is left as the default to allow smoother transition from older releases of Nexus switch images.

If you define the attribute nexus_driver = restapi beneath the tag [ml2_cisco] in the file ml2_conf_cisco.ini or local.conf file, it will enable the rest api driver. To be backward compatible, this attribute defaults to ncclient.

nexus_driver = restapi

Configuring Devstack for the Cisco Nexus Mechanism Driver

VLAN Configuration

For general Devstack configuration, see the ML2 main page at https://wiki.openstack.org/wiki/Neutron/ML2#ML2_Configuration.

As described in the ML2 main page, set the devstack localrc variable Q_ML2_PLUGIN_MECHANISM_DRIVERS to the required mechanism drivers. For the Cisco Nexus MD the required drivers are:

Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch,cisco_nexus

Create the file /home/openstack/ml2_conf_cisco.ini and add the Nexus switch information. The configuration file syntax is described in the #Configuration section above.

Rating: 0.0/5 (0 votes cast)

Personal tools