You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Pedro Roque Marques <pe...@gmail.com> on 2013/09/17 00:11:42 UTC
contrail virtual network controller
Myself and a few others in the Contrail team have been working on a cloudstack network plugin that interfaces with the contrail VNC (http://www.opencontrail.org). At the moment the plugin provides isolated guest networks (and a virtualized "Public" network) as an overlay that is capable of interconnecting directly with routers/switches that implement the existing standard for network virtualization (RFC 4364).
We would like to contribute this code to CloudStack. We intend to continue to enhance it in order to add full support for functionality one would expect out of the EC2 VPN API.
What is the process to do that ?
thanks,
Pedro.
Re: contrail virtual network controller
Posted by Pedro Roque Marques <pe...@gmail.com>.
Radhika,
There are several aspects that need to be documented:
1) How to build the software (OpenContrail + hypervisor support).
2) How to install the software (Starting the multiple components of the contrail solution).
3) How to provision a zone to use the contrail plugin.
4) Usage: document any deltas when using this plugin when it comes to the user API (network, etc).
When it comes to building OpenContrail, we currently have that we distribute as devstack fork (https://github.com/dsetia/devstack/tree/master/contrail) that builds and starts the OpenContrail configuration, control and virtual-router components. This script needs to be split out such that we can separate from OpenStack and can be use to build and start the OpenContrail components independently. Deepinder is working on this but it is not complete yet.
For a XenServer hypervisor, one also needs to build the virtual-router components on a DDK VM, so that this can then be executed on the target.
The management server must have a file "contrail.properties" with the following content:
api.hostname = localhost
api.port = 8082
This is how the management server plugin locates the contrail API server.
Provisioning a zone is relatively simple process:
1. create a zone (networktype: Advanced)
2. create Pods/Clusters as required
3. create physical network using the following parameters:
args = {'name': 'ip-fabric',
'zoneid': zone_id,
'isolationmethods': 'L3VPN'}
response = client.request('createPhysicalNetwork', args)
4. setup the Public network parameters:
response = client.request('listNetworks',
{'issystem': 'true',
'traffictype': 'Public'})
uuid = response['listnetworksresponse']['network'][0]['id']
args = {'networkid': uuid,
'zoneid': zone_id,
'vlan': 'untagged',
'startip': PARAMS['public_net']['startip'],
'endip': PARAMS['public_net']['endip'],
'gateway': PARAMS['public_net']['gateway'],
'netmask': PARAMS['public_net']['netmask']}
response = client.request('createVlanIpRange', args)
5. Enable the providers JuniperContrailRouter and JuniperContrailVpcRouter (uncommited):
args = {'name': provider,
'physicalnetworkid': physnet}
response = client.request('addNetworkServiceProvider', args)
Step 3 above uses the new isolation mechanism (L3VPN) which is uncommitted. This was a change requested during the plugin code review that is being tested but not yet upstreamed.
When it comes to usage:
a) The public network is virtualized.
The admin of the DC is expected to configure a gateway between the virtualized domain and the "outside world"
One of the main goal of the OpenContrail design is to enable DC operators to run the network as a pure IP underlay. This means no VLAN support. The advantage is that one can run network topologies that provide a much higher throughput; but you still need a gateway to the outside world. One can use a RFC 4364 compliant router/switch for this task (it also need to support RFC 4023). The OpenContrail project also provides an option to run the virtual-router software as a gateway; this is for testing purposes only since it is not a cost effective solution for high traffic volumes.
Having a gateway in place, one needs to configure the OpenContrail controller and the gateway to speak to each other. This step is independent of CloudStack itself and is the same on OpenStack.
b) Guest networks work as expected;
c) Static IP is supported (implemented directly on the vrouter);
d) VPC code is not upstreamed yet... you should see the code review requests soon; it can be used for a tenant to exchange traffic between its networks without having the traffic flow through a DomainRouter.
e) SourceNAT (1:n NAT) requires a virtual machine appliance...
f) We don't have today a cloudstack API to allow a tenant network to connect to another tenant (or admin) network; One of the main features of OpenContrail is that it enables this sort of communication to go directly without having to flow through a DomainRouter VM; this is very useful when the admin is providing services to the tenant (e.g. think database-as-a-service).
There is a lot of ground to cover... I would also like us to put together a test rig like devstack where all of these pieces can come together.
Pedro.
On Dec 1, 2013, at 9:29 PM, Radhika Puthiyetath <ra...@citrix.com> wrote:
> Hi Pedro,
>
> Is there a documentation exist on this feature ? If not, I am interested to work on it.
>
> Please let me know how we can collaborate developing content.
>
> Regards
> -Radhika
>
> -----Original Message-----
> From: Pedro Roque Marques [mailto:pedro.r.marques@gmail.com]
> Sent: Tuesday, September 17, 2013 3:42 AM
> To: dev@cloudstack.apache.org
> Subject: contrail virtual network controller
>
> Myself and a few others in the Contrail team have been working on a cloudstack network plugin that interfaces with the contrail VNC (http://www.opencontrail.org). At the moment the plugin provides isolated guest networks (and a virtualized "Public" network) as an overlay that is capable of interconnecting directly with routers/switches that implement the existing standard for network virtualization (RFC 4364).
>
> We would like to contribute this code to CloudStack. We intend to continue to enhance it in order to add full support for functionality one would expect out of the EC2 VPN API.
>
> What is the process to do that ?
>
> thanks,
> Pedro.
RE: contrail virtual network controller
Posted by Radhika Puthiyetath <ra...@citrix.com>.
Hi Pedro,
Is there a documentation exist on this feature ? If not, I am interested to work on it.
Please let me know how we can collaborate developing content.
Regards
-Radhika
-----Original Message-----
From: Pedro Roque Marques [mailto:pedro.r.marques@gmail.com]
Sent: Tuesday, September 17, 2013 3:42 AM
To: dev@cloudstack.apache.org
Subject: contrail virtual network controller
Myself and a few others in the Contrail team have been working on a cloudstack network plugin that interfaces with the contrail VNC (http://www.opencontrail.org). At the moment the plugin provides isolated guest networks (and a virtualized "Public" network) as an overlay that is capable of interconnecting directly with routers/switches that implement the existing standard for network virtualization (RFC 4364).
We would like to contribute this code to CloudStack. We intend to continue to enhance it in order to add full support for functionality one would expect out of the EC2 VPN API.
What is the process to do that ?
thanks,
Pedro.
Re: contrail virtual network controller
Posted by Pedro Roque Marques <pe...@gmail.com>.
On Sep 17, 2013, at 5:17 PM, Chip Childers wrote:
>
>
> On Sep 17, 2013, at 7:05 PM, Pedro Roque Marques <pe...@gmail.com> wrote:
>
>> On Sep 17, 2013, at 10:30 AM, Chip Childers wrote:
>>>
>>> Ideally, we would have a design document on the wiki that would help
>>> everyone understand the implementation. We're not looking for a design
>>> doc for Contrail / OpenContrail... we're looking for information about
>>> the integration itself. This is both for other devs, tech writers that
>>> may choose to help document this, and for users to get a better feel for
>>> the feature.
>>
>> Is the following a bit more reasonable ?
>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Contrail+network+plugin
>>
>> Pedro.
>>
>
> LGTM. Can you get the code up on review board so that we can look at it (and have something to start the donation process with)?
Will do. It will probably take us a few days to to sync from from our 4.2 based branch to master.
>
> IMO design questions / debate can happen after we have the initial code agreed as something to accept (into a feature branch). Work can continue here in the community from that point on to get it ready for master.
Great.
Thanks,
Pedro.
Re: contrail virtual network controller
Posted by Chip Childers <ch...@sungard.com>.
On Sep 17, 2013, at 7:05 PM, Pedro Roque Marques <pe...@gmail.com>
wrote:
On Sep 17, 2013, at 10:30 AM, Chip Childers wrote:
Ideally, we would have a design document on the wiki that would help
everyone understand the implementation. We're not looking for a design
doc for Contrail / OpenContrail... we're looking for information about
the integration itself. This is both for other devs, tech writers that
may choose to help document this, and for users to get a better feel for
the feature.
Is the following a bit more reasonable ?
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Contrail+network+plugin
Pedro.
LGTM. Can you get the code up on review board so that we can look at it
(and have something to start the donation process with)?
IMO design questions / debate can happen after we have the initial code
agreed as something to accept (into a feature branch). Work can continue
here in the community from that point on to get it ready for master.
Re: contrail virtual network controller
Posted by Pedro Roque Marques <pe...@gmail.com>.
On Sep 17, 2013, at 10:30 AM, Chip Childers wrote:
>
> Ideally, we would have a design document on the wiki that would help
> everyone understand the implementation. We're not looking for a design
> doc for Contrail / OpenContrail... we're looking for information about
> the integration itself. This is both for other devs, tech writers that
> may choose to help document this, and for users to get a better feel for
> the feature.
Is the following a bit more reasonable ?
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Contrail+network+plugin
Pedro.
Re: contrail virtual network controller
Posted by Chip Childers <ch...@sungard.com>.
On Tue, Sep 17, 2013 at 10:18:29AM -0700, Pedro Roque Marques wrote:
> Chip,
> A couple of questions...
>
> On Sep 17, 2013, at 9:54 AM, Chip Childers wrote:
>
> > I think the best way for this to happen, is for the code to be published
> > in a couple of logical patches to reviews.apache.org as a way to get
> > community agreement that we should bring it into the codebase.
> >
> > See:
> > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Review+Board+Guidelines
> >
> > You should re-base against master first.
>
> Should we submit the review as feature branch, rather than a patch against mainline ?
> Would this allow an incremental review / comment process... ?
Reviewboard is rather basic on this front. Tag the reviews as belonging
to master, so that they are tested against master. We'll just commit to a
feature branch when we have dealt with the legal acceptance of the code.
>
> >
> > Once we have the review(s) available, I can start a formal VOTE to
> > accept the donation (I assume that this is a large chunk of work), and
> > then I can work with you as the sponsor of the donation to the ASF.
> >
> > Once the IP assignment is handled, we would likely commit the code into a
> > feature branch, so that tests could be added (if they aren't in the initial
> > donation) before we bring it into master.
>
> We have an integration test which requires spawning a "mysql" db, initialize it and then go through the process of creating a zone, etc.
> This allows us to test the plugin against the API. The drawback is that this test takes a bit to spawn the mysql db...
> Does anyone have a recipe to run against an in-memory database for testing purposes ?
Prasanna - cc'ed you to see if you have any suggestions on this front.
>
> >
> > Pedro, does this work for you?
> Do we need to submit a design doc for the plugin ? Or is the documentation available at opencontrail.org sufficient ?
Ideally, we would have a design document on the wiki that would help
everyone understand the implementation. We're not looking for a design
doc for Contrail / OpenContrail... we're looking for information about
the integration itself. This is both for other devs, tech writers that
may choose to help document this, and for users to get a better feel for
the feature.
AFAICT, I'm not sure if the opencontrail.org site has anything that
answers the questions that the CloudStack community needs to have
documented... but I may just not have found it.
-chip
>
> >
> > -chip
> >
> > On Tue, Sep 17, 2013 at 05:05:33AM +0000, Animesh Chaturvedi wrote:
> >> Pedro
> >>
> >> We are excited to learn about Contrail's plugin for CloudStack. Let me pass on few links to get you started
> >>
> >> [1] https://cwiki.apache.org/confluence/display/CLOUDSTACK/OnBoarding
> >> [2] https://cwiki.apache.org/confluence/display/CLOUDSTACK/Adding+new+features+and+design+documents
> >>
> >>
> >> It seems the plugin is already under development and would have to go through IP Clearance to get accepted by Apache. The process is described here http://incubator.apache.org/ip-clearance/.
> >>
> >>
> >> Which release are you targeting the Contrail plugin? Apache CloudStack is on a 4 month release cycle and we are just concluding the current release. The next release is ACS 4.3.0 and for which tentative feature freeze date is October 31st. Let us know if you have any questions
> >>
> >>
> >> Thanks
> >> Animesh
> >>
> >>
> >>
> >>> -----Original Message-----
> >>> From: Pedro Roque Marques [mailto:pedro.r.marques@gmail.com]
> >>> Sent: Monday, September 16, 2013 3:12 PM
> >>> To: dev@cloudstack.apache.org
> >>> Subject: contrail virtual network controller
> >>>
> >>> Myself and a few others in the Contrail team have been working on a
> >>> cloudstack network plugin that interfaces with the contrail VNC
> >>> (http://www.opencontrail.org). At the moment the plugin provides
> >>> isolated guest networks (and a virtualized "Public" network) as an
> >>> overlay that is capable of interconnecting directly with
> >>> routers/switches that implement the existing standard for network
> >>> virtualization (RFC 4364).
> >>>
> >>> We would like to contribute this code to CloudStack. We intend to
> >>> continue to enhance it in order to add full support for functionality
> >>> one would expect out of the EC2 VPN API.
> >>>
> >>> What is the process to do that ?
> >>>
> >>> thanks,
> >>> Pedro.
> >>
>
>
Re: contrail virtual network controller
Posted by Pedro Roque Marques <pe...@gmail.com>.
Prasana,
On Oct 2, 2013, at 9:18 PM, Prasanna Santhanam wrote:
> On Tue, Sep 17, 2013 at 10:18:29AM -0700, Pedro Roque Marques wrote:
>>
>> We have an integration test which requires spawning a "mysql" db,
>> initialize it and then go through the process of creating a zone,
>> etc. This allows us to test the plugin against the API. The
>> drawback is that this test takes a bit to spawn the mysql db...
>> Does anyone have a recipe to run against an in-memory database for
>> testing purposes ?
>>
>
> Does the mysqldb contain fixture data from when contrail is deployed
> on a cloudstack cloud? I presume then the integration test can run
> without the contrail device added to cloudstack?
mysql is required for the *Dao objects necessary to simulate zone create, physical network and guest network creation. The contrail API server is being mocked.
>
> --
> Prasanna.,
>
> ------------------------
> Powered by BigRock.com
>
Re: contrail virtual network controller
Posted by Prasanna Santhanam <ts...@apache.org>.
On Tue, Sep 17, 2013 at 10:18:29AM -0700, Pedro Roque Marques wrote:
>
> We have an integration test which requires spawning a "mysql" db,
> initialize it and then go through the process of creating a zone,
> etc. This allows us to test the plugin against the API. The
> drawback is that this test takes a bit to spawn the mysql db...
> Does anyone have a recipe to run against an in-memory database for
> testing purposes ?
>
Does the mysqldb contain fixture data from when contrail is deployed
on a cloudstack cloud? I presume then the integration test can run
without the contrail device added to cloudstack?
--
Prasanna.,
------------------------
Powered by BigRock.com
Re: contrail virtual network controller
Posted by Pedro Roque Marques <pe...@gmail.com>.
Chip,
A couple of questions...
On Sep 17, 2013, at 9:54 AM, Chip Childers wrote:
> I think the best way for this to happen, is for the code to be published
> in a couple of logical patches to reviews.apache.org as a way to get
> community agreement that we should bring it into the codebase.
>
> See:
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Review+Board+Guidelines
>
> You should re-base against master first.
Should we submit the review as feature branch, rather than a patch against mainline ?
Would this allow an incremental review / comment process... ?
>
> Once we have the review(s) available, I can start a formal VOTE to
> accept the donation (I assume that this is a large chunk of work), and
> then I can work with you as the sponsor of the donation to the ASF.
>
> Once the IP assignment is handled, we would likely commit the code into a
> feature branch, so that tests could be added (if they aren't in the initial
> donation) before we bring it into master.
We have an integration test which requires spawning a "mysql" db, initialize it and then go through the process of creating a zone, etc.
This allows us to test the plugin against the API. The drawback is that this test takes a bit to spawn the mysql db...
Does anyone have a recipe to run against an in-memory database for testing purposes ?
>
> Pedro, does this work for you?
Do we need to submit a design doc for the plugin ? Or is the documentation available at opencontrail.org sufficient ?
>
> -chip
>
> On Tue, Sep 17, 2013 at 05:05:33AM +0000, Animesh Chaturvedi wrote:
>> Pedro
>>
>> We are excited to learn about Contrail's plugin for CloudStack. Let me pass on few links to get you started
>>
>> [1] https://cwiki.apache.org/confluence/display/CLOUDSTACK/OnBoarding
>> [2] https://cwiki.apache.org/confluence/display/CLOUDSTACK/Adding+new+features+and+design+documents
>>
>>
>> It seems the plugin is already under development and would have to go through IP Clearance to get accepted by Apache. The process is described here http://incubator.apache.org/ip-clearance/.
>>
>>
>> Which release are you targeting the Contrail plugin? Apache CloudStack is on a 4 month release cycle and we are just concluding the current release. The next release is ACS 4.3.0 and for which tentative feature freeze date is October 31st. Let us know if you have any questions
>>
>>
>> Thanks
>> Animesh
>>
>>
>>
>>> -----Original Message-----
>>> From: Pedro Roque Marques [mailto:pedro.r.marques@gmail.com]
>>> Sent: Monday, September 16, 2013 3:12 PM
>>> To: dev@cloudstack.apache.org
>>> Subject: contrail virtual network controller
>>>
>>> Myself and a few others in the Contrail team have been working on a
>>> cloudstack network plugin that interfaces with the contrail VNC
>>> (http://www.opencontrail.org). At the moment the plugin provides
>>> isolated guest networks (and a virtualized "Public" network) as an
>>> overlay that is capable of interconnecting directly with
>>> routers/switches that implement the existing standard for network
>>> virtualization (RFC 4364).
>>>
>>> We would like to contribute this code to CloudStack. We intend to
>>> continue to enhance it in order to add full support for functionality
>>> one would expect out of the EC2 VPN API.
>>>
>>> What is the process to do that ?
>>>
>>> thanks,
>>> Pedro.
>>
Re: contrail virtual network controller
Posted by Chip Childers <ch...@sungard.com>.
I think the best way for this to happen, is for the code to be published
in a couple of logical patches to reviews.apache.org as a way to get
community agreement that we should bring it into the codebase.
See:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Review+Board+Guidelines
You should re-base against master first.
Once we have the review(s) available, I can start a formal VOTE to
accept the donation (I assume that this is a large chunk of work), and
then I can work with you as the sponsor of the donation to the ASF.
Once the IP assignment is handled, we would likely commit the code into a
feature branch, so that tests could be added (if they aren't in the initial
donation) before we bring it into master.
Pedro, does this work for you?
-chip
On Tue, Sep 17, 2013 at 05:05:33AM +0000, Animesh Chaturvedi wrote:
> Pedro
>
> We are excited to learn about Contrail's plugin for CloudStack. Let me pass on few links to get you started
>
> [1] https://cwiki.apache.org/confluence/display/CLOUDSTACK/OnBoarding
> [2] https://cwiki.apache.org/confluence/display/CLOUDSTACK/Adding+new+features+and+design+documents
>
>
> It seems the plugin is already under development and would have to go through IP Clearance to get accepted by Apache. The process is described here http://incubator.apache.org/ip-clearance/.
>
>
> Which release are you targeting the Contrail plugin? Apache CloudStack is on a 4 month release cycle and we are just concluding the current release. The next release is ACS 4.3.0 and for which tentative feature freeze date is October 31st. Let us know if you have any questions
>
>
> Thanks
> Animesh
>
>
>
> > -----Original Message-----
> > From: Pedro Roque Marques [mailto:pedro.r.marques@gmail.com]
> > Sent: Monday, September 16, 2013 3:12 PM
> > To: dev@cloudstack.apache.org
> > Subject: contrail virtual network controller
> >
> > Myself and a few others in the Contrail team have been working on a
> > cloudstack network plugin that interfaces with the contrail VNC
> > (http://www.opencontrail.org). At the moment the plugin provides
> > isolated guest networks (and a virtualized "Public" network) as an
> > overlay that is capable of interconnecting directly with
> > routers/switches that implement the existing standard for network
> > virtualization (RFC 4364).
> >
> > We would like to contribute this code to CloudStack. We intend to
> > continue to enhance it in order to add full support for functionality
> > one would expect out of the EC2 VPN API.
> >
> > What is the process to do that ?
> >
> > thanks,
> > Pedro.
>
RE: contrail virtual network controller
Posted by Animesh Chaturvedi <an...@citrix.com>.
Pedro
We are excited to learn about Contrail's plugin for CloudStack. Let me pass on few links to get you started
[1] https://cwiki.apache.org/confluence/display/CLOUDSTACK/OnBoarding
[2] https://cwiki.apache.org/confluence/display/CLOUDSTACK/Adding+new+features+and+design+documents
It seems the plugin is already under development and would have to go through IP Clearance to get accepted by Apache. The process is described here http://incubator.apache.org/ip-clearance/.
Which release are you targeting the Contrail plugin? Apache CloudStack is on a 4 month release cycle and we are just concluding the current release. The next release is ACS 4.3.0 and for which tentative feature freeze date is October 31st. Let us know if you have any questions
Thanks
Animesh
> -----Original Message-----
> From: Pedro Roque Marques [mailto:pedro.r.marques@gmail.com]
> Sent: Monday, September 16, 2013 3:12 PM
> To: dev@cloudstack.apache.org
> Subject: contrail virtual network controller
>
> Myself and a few others in the Contrail team have been working on a
> cloudstack network plugin that interfaces with the contrail VNC
> (http://www.opencontrail.org). At the moment the plugin provides
> isolated guest networks (and a virtualized "Public" network) as an
> overlay that is capable of interconnecting directly with
> routers/switches that implement the existing standard for network
> virtualization (RFC 4364).
>
> We would like to contribute this code to CloudStack. We intend to
> continue to enhance it in order to add full support for functionality
> one would expect out of the EC2 VPN API.
>
> What is the process to do that ?
>
> thanks,
> Pedro.