The Nicira NVP plugin adds Nicira NVP as one of the available SDN implementations in CloudStack. With the plugin an exisiting Nicira NVP setup can be used by CloudStack to implement isolated guest networks and to provide additional services like routing and NAT.
The following table lists the CloudStack network services provided by the Nicira NVP Plugin.
|Network Service||CloudStack version||NVP version|
|Virtual Networking||>= 4.0||>= 2.2.1|
|Source NAT||>= 4.1||>= 3.0.1|
|Static NAT||>= 4.1||>= 3.0.1|
|Port Forwarding||>= 4.1||>= 3.0.1|
Table: Supported Services
The Virtual Networking service was originally called ‘Connectivity’ in CloudStack 4.0
The following hypervisors are supported by the Nicira NVP Plugin.
Table: Supported Hypervisors
Please refer to the Nicira NVP configuration guide on how to prepare the hypervisors for Nicira NVP integration.
Before enabling the Nicira NVP plugin the NVP Controller needs to be configured. Please review the NVP User Guide on how to do that.
Make sure you have the following information ready:
The gateway service uuid is optional and is used for Layer 3 services only (SourceNat, StaticNat and PortForwarding)
CloudStack needs to have at least one physical network with the isolation method set to “STT”. This network should be enabled for the Guest traffic type.
The Guest traffic type should be configured with the traffic label that matches the name of the Integration Bridge on the hypervisor. See the Nicira NVP User Guide for more details on how to set this up in XenServer or KVM.
The Nicira NVP provider is disabled by default. Navigate to the “Network Service Providers” configuration of the physical network with the STT isolation type. Navigate to the Nicira NVP provider and press the “Enable Provider” button.
CloudStack 4.0 does not have the UI interface to configure the Nicira NVP plugin. Configuration needs to be done using the API directly.
In CloudStack a Nicira NVP setup is considered a “device” that can be added and removed from a physical network. To complete the configuration of the Nicira NVP plugin a device needs to be added to the physical network. Press the “Add NVP Controller” button on the provider panel and enter the configuration details.
Using the Nicira NVP plugin requires a network offering with Virtual Networking enabled and configured to use the NiciraNvp element. Typical use cases combine services from the Virtual Router appliance and the Nicira NVP plugin.
Table: Isolated network offering with regular services from the Virtual Router.
The tag in the network offering should be set to the name of the physical network with the NVP provider.
Isolated network with network services. The virtual router is still required to provide network services like dns and dhcp.
Table: Isolated network offering with network services
The Nicira NVP plugin supports CloudStack VPC to a certain extent. Starting with CloudStack version 4.1 VPCs can be deployed using NVP isolated networks.
It is not possible to use a Nicira NVP Logical Router for as a VPC Router
It is not possible to connect a private gateway using a Nicira NVP Logical Switch
To allow a VPC to use the Nicira NVP plugin to provision networks, a new VPC offering needs to be created which allows the Virtual Networking service to be implemented by NiciraNVP.
This is not currently possible with the UI. The API does provide the proper calls to create a VPC offering with Virtual Networking enabled. However due to a limitation in the 4.1 API it is not possible to select the provider for this network service. To configure the VPC offering with the NiciraNVP provider edit the database table ‘vpc_offering_service_map’ and change the provider to NiciraNvp for the service ‘Connectivity’
It is also possible to update the default VPC offering by adding a row to the ‘vpc_offering_service_map’ with service ‘Connectivity’ and provider ‘NiciraNvp’
When creating a new VPC offering please note that the UI does not allow you to select a VPC offering yet. The VPC needs to be created using the API with the offering UUID.
The VPC needs specific network offerings with the VPC flag enabled. Otherwise these network offerings are identical to regular network offerings. To allow VPC networks with a Nicira NVP isolated network the offerings need to support the Virtual Networking service with the NiciraNVP provider.
In a typical configuration two network offerings need to be created. One with the loadbalancing service enabled and one without loadbalancing.
Table: VPC Network Offering with Loadbalancing
The plugin maintains several references in the CloudStack database to items created on the NVP Controller.
Every guest network that is created will have its broadcast type set to Lswitch and if the network is in state “Implemented”, the broadcast URI will have the UUID of the Logical Switch that was created for this network on the NVP Controller.
The Nics that are connected to one of the Logical Switches will have their Logical Switch Port UUID listed in the nicira_nvp_nic_map table
All devices created on the NVP Controller will have a tag set to domain-account of the owner of the network, this string can be used to search for items in the NVP Controller.
The following tables are added to the cloud database for the Nicira NVP Plugin
|id||auto incrementing id|
|logicalswitch||uuid of the logical switch this port is connected to|
|logicalswitchport||uuid of the logical switch port for this nic|
|nic||the CloudStack uuid for this nic, reference to the nics table|
|id||auto incrementing id|
|uuid||UUID identifying this device|
|physical_network_id||the physical network this device is configured on|
|device_name||display name for this device|
|host_id||reference to the host table with the device configuration|
|id||auto incrementing id|
|logicalrouter_uuid||uuid of the logical router|
|network_id||id of the network this router is linked to|
nicira_nvp_router_map is only available in CloudStack 4.1 and above