The Nicira NVP Plugin

Introduction to the Nicira NVP Plugin

The Nicira NVP plugin adds Nicira NVP as one of the available SDN implementations in CloudStack. With the plugin an exisiting Nicira NVP setup can be used by CloudStack to implement isolated guest networks and to provide additional services like routing and NAT.

Features of the Nicira NVP Plugin

The following table lists the CloudStack network services provided by the Nicira NVP Plugin.

Network Service CloudStack version NVP version
Virtual Networking >= 4.0 >= 2.2.1
Source NAT >= 4.1 >= 3.0.1
Static NAT >= 4.1 >= 3.0.1
Port Forwarding >= 4.1 >= 3.0.1

Table: Supported Services

Note

The Virtual Networking service was originally called ‘Connectivity’ in CloudStack 4.0

The following hypervisors are supported by the Nicira NVP Plugin.

Hypervisor CloudStack version
XenServer >= 4.0
KVM >= 4.1

Table: Supported Hypervisors

Note

Please refer to the Nicira NVP configuration guide on how to prepare the hypervisors for Nicira NVP integration.

Configuring the Nicira NVP Plugin

Prerequisites

Before enabling the Nicira NVP plugin the NVP Controller needs to be configured. Please review the NVP User Guide on how to do that.

Make sure you have the following information ready:

  • The IP address of the NVP Controller
  • The username to access the API
  • The password to access the API
  • The UUID of the Transport Zone that contains the hypervisors in this Zone
  • The UUID of the Gateway Service used to provide router and NAT services.

Note

The gateway service uuid is optional and is used for Layer 3 services only (SourceNat, StaticNat and PortForwarding)

Zone Configuration

CloudStack needs to have at least one physical network with the isolation method set to “STT”. This network should be enabled for the Guest traffic type.

Note

The Guest traffic type should be configured with the traffic label that matches the name of the Integration Bridge on the hypervisor. See the Nicira NVP User Guide for more details on how to set this up in XenServer or KVM.

a screenshot of a physical network with the STT isolation type

Enabling the service provider

The Nicira NVP provider is disabled by default. Navigate to the “Network Service Providers” configuration of the physical network with the STT isolation type. Navigate to the Nicira NVP provider and press the “Enable Provider” button.

Note

CloudStack 4.0 does not have the UI interface to configure the Nicira NVP plugin. Configuration needs to be done using the API directly.

a screenshot of an enabled Nicira NVP provider

Device Management

In CloudStack a Nicira NVP setup is considered a “device” that can be added and removed from a physical network. To complete the configuration of the Nicira NVP plugin a device needs to be added to the physical network. Press the “Add NVP Controller” button on the provider panel and enter the configuration details.

a screenshot of the device configuration popup.

Network Offerings

Using the Nicira NVP plugin requires a network offering with Virtual Networking enabled and configured to use the NiciraNvp element. Typical use cases combine services from the Virtual Router appliance and the Nicira NVP plugin.

Service Provider
VPN VirtualRouter
DHCP VirtualRouter
DNS VirtualRouter
Firewall VirtualRouter
Load Balancer VirtualRouter
User Data VirtualRouter
Source NAT VirtualRouter
Static NAT VirtualRouter
Post Forwarding VirtualRouter
Virtual Networking NiciraNVP

Table: Isolated network offering with regular services from the Virtual Router.

a screenshot of a network offering.

Note

The tag in the network offering should be set to the name of the physical network with the NVP provider.

Isolated network with network services. The virtual router is still required to provide network services like dns and dhcp.

Service Provider
DHCP VirtualRouter
DNS VirtualRouter
User Data VirtualRouter
Source NAT NiciraNVP
Static NAT NiciraNVP
Post Forwarding NiciraNVP
Virtual Networking NiciraNVP

Table: Isolated network offering with network services

Using the Nicira NVP plugin with VPC

Supported VPC features

The Nicira NVP plugin supports CloudStack VPC to a certain extent. Starting with CloudStack version 4.1 VPCs can be deployed using NVP isolated networks.

It is not possible to use a Nicira NVP Logical Router for as a VPC Router

It is not possible to connect a private gateway using a Nicira NVP Logical Switch

VPC Offering with Nicira NVP

To allow a VPC to use the Nicira NVP plugin to provision networks, a new VPC offering needs to be created which allows the Virtual Networking service to be implemented by NiciraNVP.

This is not currently possible with the UI. The API does provide the proper calls to create a VPC offering with Virtual Networking enabled. However due to a limitation in the 4.1 API it is not possible to select the provider for this network service. To configure the VPC offering with the NiciraNVP provider edit the database table ‘vpc_offering_service_map’ and change the provider to NiciraNvp for the service ‘Connectivity’

It is also possible to update the default VPC offering by adding a row to the ‘vpc_offering_service_map’ with service ‘Connectivity’ and provider ‘NiciraNvp’

a screenshot of the mysql table.

Note

When creating a new VPC offering please note that the UI does not allow you to select a VPC offering yet. The VPC needs to be created using the API with the offering UUID.

VPC Network Offerings

The VPC needs specific network offerings with the VPC flag enabled. Otherwise these network offerings are identical to regular network offerings. To allow VPC networks with a Nicira NVP isolated network the offerings need to support the Virtual Networking service with the NiciraNVP provider.

In a typical configuration two network offerings need to be created. One with the loadbalancing service enabled and one without loadbalancing.

Service Provider
VPN VpcVirtualRouter
DHCP VpcVirtualRouter
DNS VpcVirtualRouter
Load Balancer VpcVirtualRouter
User Data VpcVirtualRouter
Source NAT VpcVirtualRouter
Static NAT VpcVirtualRouter
Post Forwarding VpcVirtualRouter
NetworkACL VpcVirtualRouter
Virtual Networking NiciraNVP

Table: VPC Network Offering with Loadbalancing

Troubleshooting the Nicira NVP Plugin

UUID References

The plugin maintains several references in the CloudStack database to items created on the NVP Controller.

Every guest network that is created will have its broadcast type set to Lswitch and if the network is in state “Implemented”, the broadcast URI will have the UUID of the Logical Switch that was created for this network on the NVP Controller.

The Nics that are connected to one of the Logical Switches will have their Logical Switch Port UUID listed in the nicira_nvp_nic_map table

Note

All devices created on the NVP Controller will have a tag set to domain-account of the owner of the network, this string can be used to search for items in the NVP Controller.

Database tables

The following tables are added to the cloud database for the Nicira NVP Plugin

id auto incrementing id
logicalswitch uuid of the logical switch this port is connected to
logicalswitchport uuid of the logical switch port for this nic
nic the CloudStack uuid for this nic, reference to the nics table

Table: nicira_nvp_nic_map

id auto incrementing id
uuid UUID identifying this device
physical_network_id the physical network this device is configured on
provider_name NiciraNVP
device_name display name for this device
host_id reference to the host table with the device configuration

Table: external_nicira_nvp_devices

id auto incrementing id
logicalrouter_uuid uuid of the logical router
network_id id of the network this router is linked to

Table: nicira_nvp_router_map

Note

nicira_nvp_router_map is only available in CloudStack 4.1 and above

Revision History

0-0 Wed Oct 03 2012 Hugo Trippaers hugo@apache.org Documentation created for 4.0.0-incubating version of the NVP Plugin 1-0 Wed May 22 2013 Hugo Trippaers hugo@apache.org Documentation updated for CloudStack 4.1.0