The Cisco Nexus
® family of switches has been a staple in data centers since its introduction in 2008. The Cisco Nexus plug-in for OpenStack Neutron allows customers to easily build their infrastructure-as-a-service (IaaS) networks using the industry's leading networking platform, delivering performance, scalability, and stability with the familiar manageability and control you expect from Cisco
The Cisco Nexus plug-in for OpenStack Neutron provides operational simplicity by enabling configuration of both physical and virtual switches deployed across multiple hosts. The updated plug-in for the OpenStack Havana release provides new features and flexibility for network connectivity of OpenStack clusters.
The Cisco Nexus plug-in for OpenStack can configure VLANs on Cisco Nexus switches through OpenStack Neutron. It efficiently and intelligently uses VLAN ID assignment on switch ports by provisioning and deprovisioning VLANs across switches as virtual machines connected to tenant networks are created and destroyed. Moreover, connectivity from the compute hosts to the physical network is trunked to allow traffic only from the VLANs configured on the host by the virtual switch.
Layer 3 Gateway Configuration
The plug-in also supports configuration of logical Layer 3 interfaces using switch virtual interfaces (SVIs) on the Cisco Nexus switch. This support allows a Cisco Nexus switch connected to compute hosts to be configured as the default gateway for tenant virtual machine traffic while maintaining tenant isolation on the physical network. This approach delivers the performance and simplicity of the familiar physical network, while replacing the complex software agents found in OpenStack's host-based networking.
Multihomed Host Deployments
Highly available OpenStack network configurations are now possible using virtual PortChannels (vPCs). The plug-in provisions and deprovisions tenant VLANs dynamically and efficiently on Cisco Nexus PortChannel interfaces. Hosts using vPCs can provide network high availability in the event of link failure and offer better overall link utilization. The ports connected to hosts are configured as vPC ports with the correct VLAN to provide tenant network isolation.
Support for OpenStack Neutron Provider Networks
The Cisco Nexus plug-in also supports the new OpenStack Neutron provider network extension APIs. Provider networks allow administrators to explicitly manage the relationship between OpenStack Neutron virtual networks and underlying physical mechanisms such as VLANs for virtual machine network connectivity. Using these APIs, the Cisco Nexus plug-in controls VLAN creation as well as trunking on the Cisco Nexus switch.
Cisco Nexus Plug-in and Modular Layer 2 Cisco Nexus Driver
OpenStack Neutron provides an extensible architecture that supports a variety of plug-ins for configuring physical networks. However, chosing a network plug-in restricts configuration of only that plug-in's target technology. The Cisco plug-in architecture solved this problem in the OpenStack Grizzly release by enabling use of multiple plug-ins simultaneously. The Cisco plug-in accepts OpenStack Neutron API calls, and it directly configures Cisco Nexus switches as well as the virtual switch running on the hypervisor. Additionally, with the OpenStack Havana release, the Cisco plug-in added limited support (programming VLANs) for the Cisco Nexus driver in the Modular Layer 2 (ML2) OpenStack Neutron plug-in. This support enables configuration of Cisco Nexus switches using the ML2 Cisco Nexus type driver for deployments in which ML2 is the core OpenStack Neutron plug-in instead of the Cisco plug-in.
Support for Cisco Nexus 3000, 5000, 6000, and 7000 Series Switches
The Cisco Nexus plug-in provides a driver interface to communicate with Cisco Nexus switches. The driver uses the standard Network Configuration Protocol (Netconf) interface to send configuration requests to program the switches. It supports the Cisco Nexus 3000, 5000, 6000, and 7000 Series Switches, which run Cisco NX-OS Software.
Figure 1 shows how the Cisco Nexus plug-in configures both physical and virtual switching infrastructure, including programming of VLANs on Ethernet and PortChannel interfaces.
Figure 1. Network Configuration with Cisco Nexus Plug-in for OpenStack Neutron
The Cisco Nexus plug-in is open source and part of the OpenStack Havana release. Table 1 summarizes the ways in which the plug-in helps operators meet networking challenges.
Table 1. Cisco Nexus Plug-in for OpenStack Neutron
Cisco Nexus Plug-in Resolution
Layer 3 configuration on tenant networks
Using compute hosts as layer 3 default gateways for tenant networks burdens operators with additional configuration complexity and limits network performance.
A default gateway IP address is assigned on the Top of Rack (ToR) switch on top of the tenant VLAN, providing multitenancy as well as physical network hardware support for all outgoing traffic from the tenant's subnet.
Efficient use of VLAN IDs
Static provisioning of VLAN IDs on every switch rapidly consumes all available VLAN IDs, limiting scalability and making the network more vulnerable to broadcast storms.
The plug-in efficiently and intelligently uses VLAN IDs by provisioning and deprovisioning VLANs across switches as tenant virtual machines are activated and deactivated on compute hosts.
Extension of tenant VLANs across virtualization hosts
VLANs must be configured on both physical and virtual networks. OpenStack Neutron supports only a single plug-in at a time. The operator must choose which parts of the networks to manually configure.
The plug-in accepts networking API calls and configures both physical and virtual switches.
Network link-level high availability
Hosts are typically connected by a single link to the top of the rack (ToR), resulting in a single point of failure and loss of network connectivity for virtual machines on that host in the event of a link failure.
Connecting multiple links from the hosts to a pair of ToR switches and bundling them as a single link provides protection against loss of network connectivity in the event of a link failure.
Provider network API support
OpenStack Neutron networks can be created that map directly to physical networks in data center.
Cisco Nexus supports the provider extension API and allows administrators to explicitly manage the relationship between OpenStack Neutron virtual networks and underlying physical mechanisms such as VLANs.