Blueprint for OVS and LB agent support

This is a blueprint to enable the standard Open vSwitch and Linux Bridge Neutron agents to integrate with the nova-powervm drivers. Change-Id: I95272f1475f72edc9c07ab923f738a723052dfe4
2016-06-06 17:06:55 -04:00
parent fd68d2ec6d
commit 80967e1e0a
1 changed files with 182 additions and 0 deletions
--- a/specs/newton/lb_and_ovs_support.rst
+++ b/specs/newton/lb_and_ovs_support.rst
@@ -0,0 +1,182 @@
 ..
 This work is licensed under a Creative Commons Attribution 3.0 Unported
 License.
 http://creativecommons.org/licenses/by/3.0/legalcode
 ================================
 Linux Bridge and OVS VIF Support
 ================================
 `Launchpad BluePrint`_
 .. _`Launchpad BluePrint` : https://blueprints.launchpad.net/nova-powervm/+spec/powervm-addl-vif-types
 Currently the PowerVM driver requires a PowerVM specific Neutron agent.  This
 blueprint will add support for additional agent types - specifically the
 Open vSwitch and Linux Bridge agents provided by Neutron.
 Problem description
 ===================
 PowerVM has support for virtualizing an Ethernet port using the Virtual I/O
 Server and Shared Ethernet.  This is provided using networking-powervm
 Shared Ethernet Agent.  This agent provides key PowerVM use cases such as I/O
 redundancy.
 There are a subset of operators that have asked for VIF support in line with
 other hypervisors.  This would be support for the Neutron Linux Bridge Agent
 and Open vSwitch agent.  While these agents do not provide use cases such as
 I/O redundancy, they do enable operators to utilize common upstream networking
 solutions when deploying PowerVM with OpenStack
 Use Cases
 ---------
 An operator should be able to deploy an environment using Linux Bridge or
 Open vSwitch Neutron agents.  In order to do this, the physical I/O must be
 assigned to the NovaLink partition on the PowerVM system (the partition with
 virtualization admin authority).
 A user should be able to do the standard VIF use cases with either of these
 agents:
 - Add NIC
 - Remove NIC
 - Security Groups
 - Multiple Network Types (Flat, VLAN, vxlan)
 - Bandwidth limiting
 The existing Neutron agents should be used without any changes from PowerVM.
 All of the changes that should occur will be in nova-powervm.  Any limitations
 of the agents themselves will be limitations to the PowerVM implementation.
 There is one exception to the use case support.  The Open vSwitch support will
 enable live migration.  There is no plan for Linux Bridges live migration
 support.
 Proposed change
 ===============
 - Create a parent VIF driver for NovaLink based I/O.  This will hold the code
   that is common between the Linux Bridge VIFs and OVS VIFs.  There will be
   common code due to both needing to run on the NovaLink management VM.
 - The VIF drivers should create a Trunk VEA on the NovaLink partition for
   each VIF.  It will be given a unique channel of communication to the VM.
   The device will be named according to the Neutron device name.
 - The OVS VIF driver will use the nova linux_net code to set the metadata on
   the trunk adapter.
 - Live migration will suspend the VIF on the target host until it has been
   treated.  Treating means ensuring that the communication to the VM is on
   a unique channel (its own VLAN on a vSwitch).
 - A private PowerVM virtual switch named 'NovaLinkVEABridge' will be created
   to support the private communication between the trunk adapters and the
   VMs.
 - Live migration on the source will need to clean up the remaining trunk
   adapter for Open vSwitch that is left around on the management VM.
 It should be noted that Hybrid VIF plugging will not be supported.  Instead,
 PowerVM will use the conntrack integration in Ubuntu 16.04/OVS 2.5 to support
 the OVSFirewallDriver.  As of OVS 2.5, that allows the firewall function
 without needing Hybrid VIF Plugging.
 Alternatives
 ------------
 None.
 Security impact
 ---------------
 None.
 End user impact
 ---------------
 None.
 Performance Impact
 ------------------
 Performance will not be impacted for the deployment of VMs.  However, the
 end user performance may change as it is a new networking technology.  Both
 the Linux Bridge and Open vSwitch support should operate with similar
 performance characteristics as other platforms that support these technologies.
 Deployer impact
 ---------------
 The deployer will need to do the following:
 * Attach an Ethernet I/O Card to the NovaLink partition.  Configure the ports
  in accordance with the Open vSwitch or Linux Bridge Neutron Agent's
  requirements.
 * Run the agent on their NovaLink management VM.
 No major changes are anticipated outside of this.  The Shared Ethernet
 Adapter Neutron agent will not work in conjunction with this on the same
 system.
 Developer impact
 ----------------
 None
 Implementation
 ==============
 Assignee(s)
 -----------
 Primary assignee:
  thorst
 Other contributors:
  kriskend
  tjakobs
 Work Items
 ----------
 See Proposed Change
 Dependencies
 ============
 * NovaLink core changes will be needed with regard to the live migration flows.
  This requires NovaLink 1.0.0.3 or later.
 Testing
 =======
 Testing will be done on live systems.  Future work will be done to integrate
 into the PowerVM Third-Party CI, however this will not be done initially as the
 LB and OVS agents are heavily tested.  The SEA Agent continues to need to be
 tested.
 Documentation Impact
 ====================
 Deployer documentation will be built around how to configure this.
 References
 ==========
 `Neutron Networking Guide`_
 .. _`Neutron Networking Guide`: http://docs.openstack.org/liberty/networking-guide/