THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Bug Reference
Branch
4.4
Introduction
CloudStack automatically configures each guest virtual machine’s networking and storage settings. But what about the physical switches(like Juniper EX, QFX)? This feature is about a Cloudstack network-element plugin(called Juniper NetworkGuru plugin) to orchestrate Juniper's switches when VMs are created and attached to Network. As a first-cut, we are purely focussing on L2 services. We will provide tenant isolation via VLAN.
Purpose
This is functional specification of Juniper Network Plugin, which has Jira ID 5398
References
Document History
Date | Revision | Author | Description of the change |
|---|---|---|---|
12/10/2013 | 0.1 | Pradeep H Krishnamurthy | Initial Draft |
Glossary
Term | Definition |
|---|---|
NDAPI | Network Director API Application - a JUNOS Space Application |
CS | CloudStack |
NETCONF | An IETF network management protocol |
Feature Specifications
- Feature Summary
This feature is about a Cloudstack network-element plugin(called Juniper NetworkGuru plugin) to automatically orchestrate Juniper's switches to provide tenant isolation. As a first-cut, we are purely focussing on L2 services. When Isolated networks are created from Cloudstack and allocated VLAN, the same VLANs need to be propagated to the switches as well, so that when a VLAN-tagged packet arrives on a switch-port, the switch know which ports to flood the packet.
The Juniper NetworkGuru Plugin can orchestrate Juniper's switches using one of the following mechanisms:- directly using NETCONF;
- functioning as a REST client to Juniper's Orchestration API(ver 1.5) called NetworkDirectorAPI;
To figure out which switch-ports are connected to the hypervisor hosts, the plugin uses one of the following mechanisms(based on user specification): - LLDP information on the switches;
- user has to manually specify the traffic-label to switch-port mapping;
- configuration characteristics:
There will be property file which will have information mainly related to:- Details of Network-Director API application (like URL, Username/Password) in case of using Network-Director API;
- Details of Juniper switches (like IP Address, Username/Password) in case of using NETCONF directly;
- To specify whether the plugin needs to use LLDP to figure out the switch-ports connected to the host or manually specify the traffic-label to switch-port mapping;
- quality risks (test guidelines)
Specify the required information in the property file (JuniperNetworkGuru.properties) as described above. You may also need to setup the JUNOS Space Network-Director API application server. The following tests should be verified before declaring the feature completion:- create an isolated network and attach a VM to it. Verify that the Juniper switch(es) are configured with the appropriate VLAN membership for the relevant switch-ports;
- Add VMs to the same guest network but on different hosts and verify connectivity;
- Delete isolated network and ensure the removal of corresponding VLAN membership on the switch-ports;
- interoperability and compatibility requirements
- KVM Hypervisor, VMWare (as supported by Cloudstack);
- NetworkDirector-API (version 1.5 if user prefers to use NetworkDirector-API application);
- Juniper's EX,QFX-switches running JUNOS 13.2 (and above);
- marketing specifications
Our customers need this plugin in Cloudstack deployments to automatically orchestrate the Juniper switches to create Virtual Networks. Without this plugin, there will be a manual intervention needed to configure the switches
Use cases
There won't be any change to the existing CloudStack workflow. In a typical deployment, when an Isolated Network is created and the first VM is attached to it, the Network is allocated a VLAN ID. This VLAN will be configured on the switches as well.
Architecture and Design description
A typical Cloudstack deployment will have hypervisor, L2/L3 switches, Routers, Storage devices etc. The Cloudstack Management server manages the resources like hypervisor hosts , storage devices etc. Also, Cloudstack has a plugin framework through which we can orchestrate the physical switches(like Juniper EX, QFX).
To provide a virtualized network in the cloud, traffic originating from the VMs of tenants must be isolated. The isolation of traffic can done using VLANs. These VLANs needs to be configured both at the hypervisor hosts and the physical switch. CloudStack automatically creates and destroys interfaces bridged to VLANs on the hypevisor hosts. Juniper NetworkGuru Plugin will be focused on providing guest traffic isolation via VLANs by propagating the same to the Juniper switches. Because of this configuration, the Juniper switches will know which ports to flood the packets tagged with specific VLAN
To orchestrate Juniper's switches, the plugin leverages Network-Director API which is a JUNOS space application for configuring juniper equipment. It uses NETCONF protocol to control the juniper device configuration and exposes REST APIs for integration with other application. The plugin also has the ability to directly orchestrate the Juniper's switches using NETCONF protocol.
The plugin introduces a new class called JuniperNetworkGuru which extends the GuestNetworkGuru (of Cloudstack) and extends the implement() method to orchestrate the Juniper's switches.
The plugin can also use lldp information on the switch to figure out the switch-ports that are connected to the hypervisor hosts and configure those switch-ports with the relevant VLAN membership.
Web Services APIs
None
IP Clearance
We will include the Netconf.jar (a java library) developed by Juniper. We will take the Legal clearance from Juniper.
Appendix
We will create a new table to maintain information, mapping the network created in Cloudstack to Network-Director API articats
Overview
Content Tools
Apps