THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Bug Reference
Version 1 (March 2013): Jira-733
Proposed update (July 2014): Jira-6697
Branch
Version 1 (March 2013): kj-bsc-plugin
Update (July 2014): TBD
Introduction
In Mar. 2013 a Big Switch Network (BSN) plugin was implemented in Cloudstack to provide VNS-based connectivity (L2 isolation) service, working with the Big Switch controller at that time: https://issues.apache.org/jira/browse/CLOUDSTACK-733.
Since then, the Big Switch controller has gone through major evolution. This page describes the proposed work to update the BSN plugin to be compatible with the Big Switch controller to date (July 2014), known as the Big Cloud Fabric (BCF) controller. The BCF Controller's basic network entity is called a logical segment; hence, the isolation method proposed by the new plugin will be referred to as a BCF_SEGMENT.
The plugin is scheduled to be included in the Cloudstack 4.6 release.
Purpose
This is functional specification of BigSwitch Network Plugin, which has Jira ID 733
The 2014 update (Jira-6697) addresses the following:
- compatibility with Big Switch's Big Cloud Fabric controller
- HTTPS with sticky/trust-always certificate handling
- provide L2 connectivity across BSN fabric based on CS-allocated VLAN for each tenant network
- updates plugin terminology in package name, code, and GUI to BigSwitchBCF with isolation method referred to as "BCF_SEGMENT"
- assumes compute hosts running lldpd service
The update will work with:
- CS Virtual Router to provide L3 connectivity across tenant networks
References
Document History
Date | Revision | Author | Description of the change |
|---|---|---|---|
1/15/2013 | 0.1 | Kanzhe Jiang | Initial Draft |
| 8/22/2014 | 0.2 | KC Wang | BCF Update |
Glossary
Term | Definition | Notes |
|---|---|---|
| BCF | Big Cloud Fabric | |
BSC | BigSwitch Controller | deprecated |
BVS | Big Virtual Switch | deprecated |
CS | CloudStack |
Feature Specifications
- Feature Summary
BCF is one of the SDN controller application introduced by Big Switch Networks in August 2014. BCF application provides network virtualization, manages isolated virtual networks on top of the underlying physical and virtual switch infrastructure. These virtual networks correspond directly to the groups of VMs, servers, and other devices that need their own secure connectivity. The virtual networks are programmed into the physical and/or virtual switches without having to separately configure individual network devices.
- quality risks (test guidelines)
The BigSwitch networking plugin functions as a REST client to a BSC/Floodlight controller. A running instance of the BCF controller is required in testing the plugin's functionality. The plugin is developed based on v1.1 of the BigSwitch's Orchestration API. The following tests are verified before declaring the feature completion:- Creation of one and more guest networks;
- Deletion of one and more existing guest networks;
- Add VMs to the same guest network and verify connectivity;
- Add VMs to different guest network and verify isolation;
- Delete VMs to ensure the removal of corresponding network interface;
- specify supportability characteristics:
- Debugging and Troubleshooting:
The BCF segment created on the controller uses the cloudstack network UUID as its name, with the user specified network name annotated in a human readable description. The current plugin maps the Cloudstack allocated VLAN and the LLDP-based port-group of the compute hosts to classify VMs into their networks. For each NIC on a VM, en endpoint config is created on the controller. Controller CLI can be used to confirm the correct network membership of VMs.
- Debugging and Troubleshooting:
2014 Update Scope
https support
- UI - add username/password fields to BSN plugin config window (currently have controller address)
- certificate validation - 1) sticky authentication, 2) exact match host cert (optional) 3) CA signed (optional)
- for 2 and 3, default certificate path via management server config (optional)
L2 support
- bootstrap
- lldpd service on each compute host
- compute host - out-of-band configuration of at least one linux bridge for guest networks, vlan tagged dynamically by cloudstack at tenant network creation. Management and storage network are statically configured over either BCF or non-BCF networks.
- Using the BCF plugin:
- Login Cloudstack UI as admin user
- under Service Offerings > Network Offerings, add a new offering, selecting at least the following:
- Virtual Networking by Big Switch BCF
- DHCP by Virtual Router
- (optional) other Virtual Router services such as NAT, Firewall, Port Forwarding.
- Enable the service offering
- Add a new Advanced Zone under Infrastructure > Zones
- For the guest network, choose "BCF_SGEMENT" as the isolation method
- Under the created zone, enter Physical Network > Network X, where Network X is the one you assigned for the guest network. Enter the network provider configuration.
- Enter the BCF network offering you created, click "+" to add your BCF Controller's IP address, username, and password. Then, enable the offering.
- Now you are ready to enable the zone. Once doing that, Cloudstack will start launching a Secondary Storage VM and a Console VM for the zone. Once they are up, you are ready to create new networks and new VMs with NICs in those networks.
Use cases
There won't be any change to the existing CloudStack workflow. In a typical deployment, a physical and/or virtual fabric is managed by the Big Switch BCF controller(s). When a guest network is created, the plugin will create a corresponding segment in the BCF controller. When a guest VM is launched, the VM is automatically assigned to its configured guest network(s). The BCF application will provide network isolation and connectivities among VMs.
Architecture and Design description
CloudStack provides plugin framework that allow different resources to be integrated with the CloudStack core. A Big Switch networking plugin will be developed to add openflow-based network virtualization into cloudstack. There are two main modules in NetworkIng plugin, NetworkGuru and NetworkElement. NetworkGuru is the network abstraction that defines the interfaces that manage the life cycle of a network, and permits implementations of various network isolation technologies and ip address technologies.
Each tenant network in CS will be mapped to a virtual network on the controller. Currently, this isolation method is the same as using VLAN. In CloudStack workflow, each tenant will be assigned a range of VLANs as part of the tenant configuration. When a tenant network is created, a vlan from the tenant's vlan pool is associated with the network. BCF plugin creates a logical segment using cloudstack assigned VLAN as its segment membership rule. Non-VLAN based isolation will not be covered in this release and can be added to the plugin as additional option in the near future.
The plugin will invoke REST APIs to create tenants (corresponding to cloudstack accounts), segments (corresponding to cloudstack networks), and endpoints (for each NIC).
Web Services APIs
None
UI flow
BCF option will be added with Network creation.
Appendix
Pseudo Code for the BVSNetworkGuru
BVSNetworkGuru:design() { if the network isolation type is not BVS, return null; if the controller is not available, return null; return super.design() } BVSNetworkGuru:implement() { create network id; Send a REST request to create the network, http://controllerIp:/quantum/v1.1/tenants/:tenant/networks } BVSNetworkGuru:shutdown() { Send a REST request to delete the network, http://controllerIp:/quantum/v1.1/tenants/:tenant/networks/:network }
Pseudo Code for the BVSNetworkElement
BVSNetworkElement:prepare() { Send a REST request to create the host config for the VM, http://controllerIp:/quantum/v1.1/tenants/:tenant/networks/:network/ports/:port/attachment with vm's MAC } BVSNetworkElement:release() { Send a REST request to delete the host config for the VM, http://controllerIp:/quantum/v1.1/tenants/:tenant/networks/:network/ports/:port/attachment }
Overview
Content Tools
Apps