H3C VCF User manual
Copyright © 2017, New H3C Technologies Co., Ltd. and its licensors
All rights reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior written
consent of New H3C Technologies Co., Ltd.
Trademarks
H3C, , H3CS, H3CIE, H3CNE,Aolynk, , H3Care, , IRF, NetPilot, Netflow, SecEngine,
SecPath, SecCenter, SecBlade, Comware, ITCMM and HUASAN are trademarks of New H3C Technologies
Co., Ltd.
All other trademarks that may be mentioned in this manual are the property of their respective owners
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Preface
This installation guide describes the procedure for installing and removing the VCF OpenStack
plug-ins.
This preface includes the following topics about the documentation:
•Audience.
•Conventions.
•Obtaining documentation.
•Technical support.
•Documentation feedback.
Audience
This documentation is intended for:
•Network planners.
•Field technical support and servicing engineers.
•Network administrators working with H3C VCF controllers.
Conventions
This section describes the conventions used in the documentation.
Command conventions
Convention Description
Boldface Bold text represents commands and keywords that you enter literally as shown.
Italic Italic text represents arguments that you replace with actual values.
[ ] Square brackets enclose syntax choices (keywords or arguments) that are optional.
{ x | y | ... }
Braces enclose a set of required syntax choices separated by vertical bars, from which
you select one.
[ x | y | ... ]
Square brackets enclose a set of optional syntax choices separated by vertical bars,
from which you select one or none.
{ x | y | ... } *
Asterisk marked braces enclose a set of required syntax choices separated by vertical
bars, from which you select at least one.
[ x | y | ... ] *
Asterisk marked square brackets enclose optional syntax choices separated by vertical
bars, from which you select one choice, multiple choices, or none.
&<1-n> The argument or keyword and argument combination before the ampersand (&) sign
can be entered 1 to n times.
# A line that starts with a pound (#) sign is comments.
GUI conventions
Convention Description
Boldface Window names, button names, field names, and menu items are in Boldface. For
example, the New User window appears; click OK.
Convention Description
> Multi-level menus are separated by angle brackets. For example, File > Create >
Folder.
Symbols
Convention Description
WARNING! An alert that calls attention to important information that if not understood or followed
can result in personal injury.
CAUTION: An alert that calls attention to important information that if not understood or followed
can result in data loss, data corruption, or damage to hardware or software.
IMPORTANT: An alert that calls attention to essential information.
NOTE: An alert that contains additional or supplementary information.
TIP: An alert that provides helpful information.
Obtaining documentation
To access the most up-to-date H3C product documentation, go to the H3C website at
http://www.h3c.com.hk
To obtain information about installation, configuration, and maintenance, click
http://www.h3c.com.hk/Technical_Documents
To obtain software version information such as release notes, click
http://www.h3c.com.hk/Software_Download
Technical support
service@h3c.com
http://www.h3c.com.hk
Documentation feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.
i
Contents
Overview·········································································································1
VCF Neutron plug-ins ········································································································································1
Preparing for installation·················································································2
Hardware requirements ·····································································································································2
Software requirements·······································································································································2
Installing OpenStack plug-ins ·········································································3
Installing the Python tools··································································································································3
Installing the VCF Neutron plug-ins ···················································································································3
Prerequisites··············································································································································3
Installation procedure·································································································································3
Verifying the installation·····························································································································6
Parameters and fields································································································································7
Removing the VCF Neutron plug-ins ···············································································································11
Upgrading the VCF Neutron plug-ins···············································································································11
1
Overview
This document describes how to install the virtual converged framework (VCF) Neutron plug-ins that
are compatible with OpenStack on SUSE.
VCF Neutron plug-ins
Neutron is a type of OpenStack services used to manage all virtual networking infrastructures (VNIs)
in an OpenStack environment. It provides virtual network services to the devices managed by
OpenStack computing services.
VCF Neutron plug-ins are developed for VCF controller based on the OpenStack framework. VCF
Neutron plug-ins can obtain network configuration from OpenStack through REST APIs and
synchronize the configuration to the VCF controllers. They can obtain settings for the tenants'
networks, subnets, routers, ports, FW, LB, or VPN. Different types of VCF Neutron plug-ins can
provide the following features for tenants:
•VCF Neutron Core plug-in—Allows tenants to use basic network communication for cores,
including networks, subnets, routers, and ports.
•VCF Neutron L3_Routing—Allows tenants to forward traffic to each other at Layer 3.
•VCF Neutron FWaaS plug-in—Allows tenants to create firewall services.
•VCF Neutron LBaaS plug-in—Allows tenants to create LB services.
•VCF Neutron VPNaaS plug-in—Allows tenants to create VPN services.
2
Preparing for installation
Hardware requirements
To install VCF Neutron plug-ins on a server or a virtual machine, make sure the server or virtual
machine meets the hardware requirements in Table 1.
Table 1 Hardware requirements
CPU Memory size Disk space
Single-core and multicore
CPUs 2 GB and above 5 GB and above
Software requirements
Table 2 shows the software requirements for installing the VCF Neutron plug-ins.
Table 2 Software requirements
Item Supported version
OpenStack OpenStack Juno 2014.2 operates on SUSE Linux Enterprise Server 11
SP3 (x86_64)
IMPORTANT:
Before you install the Neutron plug-ins, make sure the following requirements are met:
•Your system has Internet access because the system must first access the Internet to set up the
installation environment.
•Make sure the OpenStack environment is deployed correctly. For example, the /etc/hosts file on
all nodes has the host name-IP address mappings. For information about the OpenStack
environment deployment, see the installation guide for the specific OpenStack version on the
official website.
3
Installing OpenStack plug-ins
Install the VCF Neutron plug-ins on an OpenStack control node. Before installation, you need to
install the Python tools on the associated node.
Installing the Python tools
Before you install the plug-ins, first download the Python tools online and install them.
[root@localhost ~]# zypper install –y python-pip python-setuptools
Installing the VCF Neutron plug-ins
Prerequisites
The VCF Neutron plug-ins are included in the VCF OpenStack package. Perform the following steps
to download the VCF OpenStack package from the H3C website:
1. In the Web browser address bar, enter http://www.h3c.com/cn/Software_Download. Select
SDN > H3C Virtual Converged Framework Controller, and download the VCF OpenStack
package of the required version.
2. Copy the VCF OpenStack package to the installation directory on the server or virtual machine,
or upload it to the installation directory through FTP, TFTP, or SCP.
NOTE:
If you decide to upload the VCF OpenStack package through FTP or TFTP, use the binary mode to
avoid damage to the package.
Installation procedure
Some parameters must be configured with the required values as described in "Parameters and
fields."
To install the VCF Neutron plug-ins:
1. Change the working directory to where the VCF OpenStack package (an .egg file) is saved, and
install the package on the OpenStack control node. The name of the VCF OpenStack package
is VCF_CONTROLLER_PLUGIN-version1_version2-py2.7. version1 represents the version of
the package and version2 represents the version of OpenStack.
In the following example, the VCF OpenStack package is saved to the path /root.
[root@localhost ~]# easy_install --no-deps
VCF_CONTROLLER_PLUGIN-D2156_juno_2014.2-py2.7.egg
Processing VCF_CONTROLLER_PLUGIN-D2156_juno_2014.2-py2.7.egg
creating
/usr/local/lib64/python2.6/site-packages/VCF_CONTROLLER_PLUGIN-D2156_juno_2014.2-
py2.7.egg
Extracting VCF_CONTROLLER_PLUGIN-D2156_juno_2014.2-py2.7.egg to
/usr/local/lib64/python2.6/site-packages
Adding VCF-CONTROLLER-PLUGIN D2156-juno-2014.2 to easy-install.pth file
Installing h3c-vcfplugin script to /usr/local/bin
Installing h3c-agent script to /usr/local/bin
4
Installed
/usr/local/lib64/python2.6/site-packages/VCF_CONTROLLER_PLUGIN-D2156_juno_2014.2-
py2.7.egg
Processing dependencies for VCF-CONTROLLER-PLUGIN==D2156-juno-2014.2
Finished processing dependencies for VCF-CONTROLLER-PLUGIN==D2156-juno-2014.2
IMPORTANT:
For successful installation, you must specify the --no-deps option in the easy_install command
to ignore the software dependencies.
2. Install the VCF Neutron plug-ins.
[root@localhost ~]# h3c-vcfplugin controller install
3. Use the vi editor to open the neutron.conf configuration file.
[root@localhost ~]# vi /etc/neutron/neutron.conf
4. Press Ito switch to the insert mode, and set the parameters in the neutron.conf configuration
file. For information about the parameters, see "neutron.conf."
[DEFAULT]
core_plugin = ml2
service_plugins =
h3c_vcfplugin.l3_router.h3c_l3_router_plugin.H3CL3RouterPlugin,firewall,lbaas,vpn
aas
[service_providers]
service_provider=FIREWALL:H3C:h3c_vcfplugin.fw.h3c_fwplugin_driver.H3CFwaasDriver
:default
service_provider=LOADBALANCER:H3C:h3c_vcfplugin.lb.h3c_lbplugin_driver.H3CLbaasPl
uginDriver:default
service_provider=VPN:H3C:h3c_vcfplugin.vpn.h3c_vpnplugin_driver.H3CVpnPluginDrive
r:default
5. Press Esc to quit the insert mode.
6. Enter :wq to exit the vi editor and save the neutron.conf file.
:wq
7. Use the vi editor to open the ml2_conf.ini configuration file.
[root@localhost ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini
8. Press Ito switch to the insert mode, and set the parameters in the ml2_conf.ini configuration
file. For information about the parameters, see "ml2_conf.ini."
[ml2]
type_drivers = vxlan,vlan
tenant_network_types = vxlan,vlan
mechanism_drivers = ml2_h3c
extension_drivers = ml2_extension_h3c
[ml2_type_vlan]
network_vlan_ranges = physicnet1:1000:2999
[ml2_type_vxlan]
vni_ranges = 1:500
9. Press Esc to quit the insert mode.
10. Enter :wq to exit the vi editor and save the ml2_conf.ini file.
:wq
11. Use the vi editor to open the local_settings configuration file.
12. Press Ito switch to the insert mode.
5
Set the values for the LB, FW, and VPN fields in the OPENSTACK_NEUTRON_NETWORK
parameter to enable the associated configuration pages in OpenStack Web. For information
about the fields, see "OPENSTACK_NEUTRON_NETWORK."
[root@localhost ~]# vi /etc/openstack-dashboard/local_settings
OPENSTACK_NEUTRON_NETWORK = {
'enable_lb': True,
'enable_firewall': True,
'enable_quotas': True,
'enable_vpn': True,
# The profile_support option is used to detect if an external router can be
# configured via the dashboard. When using specific plugins the
# profile_support can be turned on if needed.
'profile_support': None,
#'profile_support': 'cisco',
}
13. Press Esc to quit the insert mode.
14. Enter :wq to exit the vi editor and save the local_settings file.
:wq
15. Use the vi editor to open the ml2_conf_h3c.ini configuration file.
[root@localhost ~]# vi /etc/neutron/plugins/ml2/ml2_conf_h3c.ini
16. Press Ito switch to the insert mode, and set the parameters in the ml2_conf_h3c.ini
configuration file. For information about the parameters, see "ml2_conf_h3c.ini."
[VCFCONTROLLER]
url = https://127.0.0.1:8443
username = sdn
password = skyline123
domain = sdn
timeout = 300
retry = 10
vnic_type=ovs
hybrid_vnic = True
default_tenant_mode = False
ip_mac_binding = False
denyflow_age =300
white_list = False
binddefaultrouter = False
auto_create_tenant_to_vcfc = True
router_binding_public_vrf = False
enable_subnet_dhcp = True
dhcp_lease_time = 365
firewall_type = SERVICE_CHAIN
lb_type = GATEWAY
resource_mode = NFV
auto_delete_tenant_to_vcfc = True
auto_create_resource = True
nfv_ha = True
vds_name = VDS1
enable_metadata = False
use_neutron_credential = False
6
enable_security_group = True
disable_internal_l3flow_offload = True
firewall_force_audit = True
enable_l3_router_rpc_notify = False
output_json_log = False
lb_enable_snat = False
empty_rule_action = deny
vendor_rpc_topic = VENDOR_PLUGIN
17. Press Esc to quit the insert mode.
18. Enter :wq to exit the vi editor and save the ml2_conf_h3c.ini file.
:wq
19. If you have set the white_list parameter to True, perform the following tasks:
{Delete the username, password, and domain parameters in the ml2_conf_h3c.ini
configuration file.
{Add an authentication-free user to the VCF controller:
On the top navigation bar of the VCF controller Web interface, select Controller > System >
Authentication.
Click Add.
Enter the IP address of the host where openstack-neutron is installed, and specify the role
as Admin.
Click OK.
20. If you have set the binddefaultrouter parameter to True, perform the following steps:
a. On the top navigation bar of the VCF controller Web interface, select vNetwork > vRouter.
b. Click Add vRouter.
Configure the vRouter name as defaultRouter and the tenant as default, and select Public
network VRF.
Click OK.
21. If you have set the use_neutron_credential parameter to True, perform the following steps:
a. On the top navigation bar of the VCF controller Web interface, select Controller > System >
Users.
b. Click Add user.
Configure the username as neutron and the role as Admin, and set the password to the
one that is used with username neutron in OpenStack.
Click OK.
22. Restart the openstack-neutron service.
[root@localhost ~]# service openstack-neutron restart
openstack-neutron stop/waiting
openstack-neutron start/running, process 4583
23. Restart the h3c-agent service.
[root@localhost ~]# service h3c-agent restart
h3c-agent stop/waiting
h3c-agent start/running, process 4678
Verifying the installation
# Verify that the VCF OpenStack package is correctly installed. If the correct software and
OpenStack versions are displayed, the package is successfully installed.
7
[root@localhost ~]# pip freeze | grep VCF
VCF-CONTROLLER-PLUGIN==D2156-juno-2014.2
# Verify that the openstack-neutron service is enabled. The service is enabled if its state is running.
[root@localhost ~]# service openstack-neutron status
openstack-neutron start/running, process 1849
# Verify that the h3c-agent service is enabled. The service is enabled if its state is running.
[root@localhost ~]# service h3c-agent status
h3c-agent start/running, process 4678
Parameters and fields
This section describes parameters in configuration files and fields included in parameters.
neutron.conf
Parameter Required value Description
core_plugin ml2 Used for loading the core plug-in ml2 to
OpenStack.
service_plugins h3c_vcfplugin.l3_router.h3c_l3_rout
er_plugin.H3CL3RouterPlugin,firewa
ll,lbaas,vpnaas
Used for loading the extension plug-ins to
OpenStack.
service_provider
•FIREWALL:H3C:h3c_vcfplugin.
fw.h3c_fwplugin_driver.H3CFw
aasDriver:default
•LOADBALANCER:H3C:h3c_vc
fplugin.lb.h3c_lbplugin_driver.H
3CLbaasPluginDriver:default
•VPN:H3C:h3c_vcfplugin.vpn.h3
c_vpnplugin_driver.H3CVpnPlu
ginDriver:default
Directory where the extension plug-ins are
saved.
ml2_conf.ini
Parameter Required value Description
type_drivers vxlan, vlan Driver type.
vxlan must be specified as the first driver type.
tenant_network_typ
es vxlan, vlan
Type of the networks to which the tenants belong.
vxlan must be specified as the first driver type.
For intranet, only vxlan is available.
For extranet, only vlan is available.
mechanism_drivers ml2_h3c Name of the ml2 driver.
extension_drivers ml2_extension_h3c Name of the ml2 extension driver.
network_vlan_rang
es N/A Value range for the VLAN ID of the extranet, for
example, physicnet1:1000:2999.
vni_ranges 1:500 Value range for the VXLAN ID of the intranet, for
example, 1:500.
8
OPENSTACK_NEUTRON_NETWORK
Field Description
enable_lb Whether to enable or disable the LB configuration page.
•True—Enable.
•False—Disable.
enable_firewall Whether to enable or disable the FW configuration page.
•True—Enable.
•False—Disable.
enable_vpn Whether to enable or disable the VPN configuration page.
•True—Enable.
•False—Disable.
ml2_conf_h3c.ini
Parameter Description
url HTTPS URL address of the VCF controller, for example,
https://127.0.0.1:8443.
username Username for logging in to the VCF controller, for example, sdn. You
do not need to configure a username if the use_neutron_credential
parameter is set to True.
password Password for logging in to the VCF controller, for example,
skyline123. You do not need to configure a password if the
use_neutron_credential parameter is set to True.
domain Name of the domain where the VCF controller resides, for example,
sdn.
timeout Time period that the Neutron server waits for a response from the VCF
controller in seconds, for example, 300 seconds.
retry Maximum times for sending connection requests from the Neutron
server to the VCF controller, for example, 10.
vnic_type Type of the virtual NIC that the virtual machine supports, for example,
ovs.
hybrid_vnic
Whether to enable or disable the feature of mapping OpenStack VLAN
to VCF controller VXLAN.
•True—Enable.
•False—Disable.
default_tenant_mode
Whether to enable or disable the default tenant mode.
•True—Enable.
•False—Disable.
All tenants use the virtualized network function (VNF) resources for the
default tenant after the default tenant mode is enabled.
ip_mac_binding Whether to enable or disable IP-MAC binding.
•True—Enable.
•False—Disable.
denyflow_age Anti-spoofing flow table aging time for the virtual distributed switch
(VDS), an integer in the range of 1 to 3600 seconds, for example, 300
seconds.
white_list Whether to enable or disable the authentication-free user feature on
OpenStack.
9
Parameter Description
•
True—Enable.
•False—Disable.
binddefaultrouter
Whether to enable or disable the feature of binding networks to the
VCF controller default router.
•True—Enable.
•False—Disable.
auto_create_tenant_to_vcfc
Whether to enable or disable the feature of automatically creating
tenants on the VCF controller.
•True—Enable.
•False—Disable.
router_binding_public_vrf Whether to use the public network VRF for creating a vRouter.
•True—Use.
•False—Do not use.
enable_subnet_dhcp Whether to disable or enable DHCP for creating a vSubnet.
•True—Enable.
•False—Disable.
dhcp_lease_time Valid time for vSubnet IP addresses obtained from the DHCP address
pool in days, for example, 365 days.
firewall_type
Mode of the firewall created on the VCF controller.
•SERVICE_CHAIN—Service chain type firewall, which is
available only when the value of the resource_mode parameter
is set to NFV.
•CGSR—Gateway service type firewall, which is available only
when the value of the resource_mode parameter is set to
CORE_GATEWAY. Each CGSR type firewall uses an
independent context.
lb_type
Mode of the load balancer created on the VCF controller.
•GATEWAY—Gateway type load balancer, which is available only
when the value of the resource_mode parameter is set to NFV.
•SERVICE_CHAIN—Service chain type load balancer, which is
available only when the value of the resource_mode parameter
is set to NFV. SERVICE_CHAIN load balancers that belong to
one tenant share the same VNF. SERVICE_CHAIN load
balancers that belong to different tenants use different VNFs.
•CGSR—Gateway service type load balancer, which is available
only when the value of the resource_mode parameter is set to
CORE_GATEWAY. CGSR type load balancers that belong to one
tenant use the same context. CGSR type load balancers that
belong to different tenants use different contexts.
resource_mode
Type of the resource created on the VCF controller. The available
values are as follows:
•SELF_GATEWAY—Independent gateway resource.
•NFV—VNF resource.
•CORE_GATEWAY—Gateway service resource.
auto_delete_tenant_to_vcfc
Whether to enable or disable the feature of automatically removing
tenants from the VCF controller.
•True—Enable.
•False—Disable.
auto_create_resource Whether to enable or disable the feature of automatically creating
resources.
•True—Enable.
10
Parameter Description
•
False—Disable.
nfv_ha Whether configure the NFV resources to support stack.
•True—Support.
•False—Do not support.
vds_name
Name of the VDS, for example, VDS1.
After deleting a VDS and recreating a VDS with the same name, you
must perform the following tasks on the controller node for the new
VDS to take effect:
•Reboot the neutron-server service.
•Reboot the h3c-agent service.
enable_metadata
Whether to enable or disable metadata for OpenStack.
•True—Enable.
•False—Disable.
If you enable this feature, you must set the
enable_l3_router_rpc_notify parameter to True.
use_neutron_credential
Whether to use the OpenStack Neutron username and password to
communicate with the VCF controller.
•True—Use.
•False—Do not use.
enable_security_group
Whether to enable or disable the feature of deploying security group
rules to the VCF controller.
•True—Enable.
•False—Disable.
disable_internal_l3flow_offload
Whether to enable or disable the gateway to forward traffic inside the
Overlay network.
•True—Disable.
•False—Enable.
firewall_force_audit
Whether to audit firewall policies synchronized to the VCF controller by
OpenStack.
•True—Audits firewall policies synchronized to the VCF controller
by OpenStack. The auditing state of the synchronized policies on
the controller is True (audited).
•False—Does not audit firewall policies synchronized to the VCF
controller by OpenStack. The synchronized policies on the
controller retain their previous auditing state.
enable_l3_router_rpc_notify
Whether to enable or disable the feature of sending Layer 3 routing
events through RPC.
•True—Enable.
•False—Disable.
output_json_log
Whether to output REST API messages to the OpenStack operating
logs in JSON format for communication between the VCF Neutron
plugins and VCF controller.
•True—Enable.
•False—Disable.
lb_enable_snat
Whether to enable Source Network Address Translation (SNAT) for
load balancers on the VCF controller.
•True—Enable.
•False—Disable.
empty_rule_action Set the action for security policies that do not contain any ACL rules on
11
Parameter Description
the VCF controller. In the current software version, only the deny
action is supported.
vendor_rpc_topic
RPC topic of the vendor. This parameter is required when the vendor
needs to obtain Neutron data from the VCF Neutron plug-ins. The
available values are as follows:
•VENDOR_PLUGIN—Default value, which means that the
parameter does not take effect.
•DP_PLUGIN—RPC topic of DPtech.
The value of this parameter must be negotiated by the vendor and
H3C.
Removing the VCF Neutron plug-ins
You must remove the VCF Neutron plug-ins before removing the VCF OpenStack package.
To remove the VCF Neutron plug-ins:
1. Remove the VCF Neutron plug-ins by using either of the following methods:
{Enter yto remove the database for the VCF Neutron plug-ins at the same time.As a best
practice, remove the configurations for the SERVICE_CHAIN type firewalls, or GATEWAY
or SERVICE_CHAIN type load balancers on OpenStack before you remove the plug-ins.
{Enter nto retain the database. When you install new VCF Neutron plug-ins, the plug-ins
automatically read the configuration file from the database.
[root@localhost ~]# h3c-vcfplugin controller uninstall
Uninstall the neutron plugin
whether to drop database tables:(y/n):
2. Remove the VCF OpenStack package.
[root@localhost ~]# pip uninstall VCF-CONTROLLER-PLUGIN
Uninstalling VCF-CONTROLLER-PLUGIN:
/usr/local/lib64/python2.6/site-packages/
VCF_CONTROLLER_PLUGIN-D2156_juno_2014.2-py2.7.egg
Proceed (y/n)? y
Successfully uninstalled VCF-CONTROLLER-PLUGIN
Upgrading the VCF Neutron plug-ins
CAUTION:
Services might be interrupted during the Neutron plug-ins upgrade procedure.
To upgrade the VCF Neutron plug-ins, you need to remove the current version first, and install the
new version. For information about installing the VCF Neutron plug-ins, see "Installing the VCF
Neutron plug-ins." For information about removing the VCF Neutron plug-ins, see "Removing the
VCF Neutron plug-ins."
Table of contents
Other H3C Controllers manuals
H3C
H3C WBC580 G2 User manual
H3C
H3C WX Series Installation manual
H3C
H3C WX User manual
H3C
H3C WX5002 User manual
H3C
H3C WX5004 User manual
H3C
H3C WX3000H series User manual
H3C
H3C LS8M1WCMA0-OVS User manual
H3C
H3C WX3500H series User manual
H3C
H3C OpenStack SeerEngine-DC User manual
H3C
H3C SeerEngine-DC User manual
Popular Controllers manuals by other brands
National Instruments
National Instruments SCXI NI 1357 installation guide
Barco
Barco TransForm A series user manual
Motoman
Motoman NX100 Function manual
Vacon
Vacon X5EIP01 installation manual
Allen-Bradley
Allen-Bradley Studio 5000 Logix Emulate Programming manual
TOPP
TOPP TOPP Installation and use instructions
