Blog Article:

Towards VMware NSX integration with OpenNebula

Ángel L. Moya

Senior Cloud Engineer at OpenNebula Systems

Nov 22, 2019

OpenNebula 5.10 “Boomerang”, whose stable release will be available in a matter of days, is the first version that officially supports VMware’s software-defined networking platform NSX in its two designs: NSX-T and NSX-V. This integration already covers logical switches, but it will also include support for security groups and edge services in the near future.

Architecture

Let’s start from the beginning—but don’t worry, we won’t be talking about Alan Turing today! 😉 There are two main components involved in the integration of VMware NSX into the forthcoming 5.10 release of OpenNebula:

  • The NSX driver
  • The Hook Subsystem

The NSX driver is the component that’s in charge of connecting OpenNebula and the NSX Manager API, sending through all the required actions. This driver implements all the necessary functions and objects that are required to manage the different NSX components.

The Hook Subsystem, on the other hand, enables the execution of custom scripts tied to a change of state in a particular resource or API call. As part of the NSX integration, the Hook Subsystem is used to create and delete networks. It does that through two hooks, that are automatically created when a vCenter Server is imported into OpenNebula.

Here you have an example illustrating the different elements in the NSX architecture:

The diagram shows how a logical switch is created in OpenNebula, but let’s review the process step by step:

  • First, onevnet create is executed to create a network.
  • This command invokes the one.vn.allocate API call.
  • The vcenter_net_create hook is waiting for one.vn.allocate calls. It launches the vcenter/create_vcenter_net.rb command when that API call is invoked.
  • The create_vcenter_net.rb script implements the needed NSX driver components to create a logical switch on NSX Manager and then return the corresponding details.
  • The network created on OpenNebula is updated with the information received by the hook.

NSX Driver

Some of the components of the NSX driver have already been developed, while others are currently in development. Here you have a diagram to help you navigate all these different components and understand how they relate to each other:

image 1
NSX Driver classes

Hooks

Now, the other essential element of this integration: let’s have a closer look at the two hooks that are involved in the NSX integration. These hooks are created at VMware vCenter import time.

One of them is create_vcenter_net.tmpl:

NAME = vcenter_net_create
TYPE = api
COMMAND = vcenter/create_vcenter_net.rb
CALL = "one.vn.allocate"
ARGUMENTS = "$API"
ARGUMENTS_STDIN = yes

The other one is delete_vcenter_net.tmpl:

NAME = vcenter_net_delete
TYPE = api
COMMAND = vcenter/delete_vcenter_net.rb
CALL = "one.vn.delete"
ARGUMENTS = "$API"
ARGUMENTS_STDIN = yes

If you want to check if you have those hooks already created, you can always use the following command:

$ onehook list

You should see an output like this:

image
 

What’s next?

Curious about the next steps along the roadmap of the NSX integration into OpenNebula? Here you have a sneak peek:

  • We are planning to implement the distributed firewall to be able to integrate OpenNebula security groups. This is needed in order to achieve network microsegmentation.
  • We will also implement several edge services, including NAT, DHCP, routing, FW, load balancing, and others.

The next picture shows the components that will be managed by OpenNebula in the near future:

NSX components managed by OpenNebula

If you want to learn more about using OpenNebula on top of vCenter, you can always have a look at the whitepaper describing our VMware cloud reference architecture. And remember: so far, OpenNebula can only manage logical switches on NSX, but that’s just the first phase of this integration… There’s much more to come, so stay tuned!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *