Configuring Nuage SDN

Nuage SDN and OKD

Nuage Networks Virtualized Services Platform (VSP) provides virtual networking and software-defined networking (SDN) infrastructure to container environments that simplifies IT operations and expands OKD’s native networking capabilities.

Nuage Networks VSP supports Docker-based applications running on OKD to accelerate the provisioning of virtual networks between pods and traditional workloads, and to enable security policies across the entire cloud infrastructure. VSP allows for the automation of security appliances to include granular security and microsegmentation policies for container applications.

Integrating VSP with the OKD application workflow allows business applications to be quickly turned up and updated by removing the network lag faced by DevOps teams. VSP supports different workflows with OKD in order to accommodate scenarios where users can choose ease-of-use or complete control using policy-based automation.

See Networking for more information on how VSP is integrated with OKD.

Developer Workflow

This workflow is used in developer environments and requires little input from the developer in setting up the networking. In this workflow, nuage-openshift-monitor is responsible for creating the VSP constructs (Zone, Subnets, etc.) needed to provide appropriate policies and networking for pods created in an OKD project. When a project is created, a default zone and default subnet for that project are created by nuage-openshift-monitor. When the default subnet created for a given project gets depleted, nuage-openshift-monitor dynamically creates additional subnets.

A separate VSP Zone is created for each OKD project ensuring isolation amongst the projects.

Operations Workflow

This workflow is used by operations teams rolling out applications. In this workflow, the network and security policies are first configured on the VSD in accordance with the rules set by the organization to deploy applications. Administrative users can potentially create multiple zones and subnets and map them to the same project using labels. While spinning up the pods, the user can use the Nuage Labels to specify what network a pod needs to attach to and what network policies need to be applied to it. This allows for deployments where inter- and intra-project traffic can be controlled in a fine-grained manner. For example, inter-project communication is enabled on a project by project basis. This may be used to connect projects to common services that are deployed in a shared project.

Installation

The VSP integration with OKD works for both virtual machines (VMs) and bare metal OKD installations.

An environment with High Availability (HA) can be configured with multiple masters and multiple nodes.

Nuage VSP integration in multi-master mode only supports the native HA configuration method described in this section. This can be combined with any load balancing solution, the default being HAProxy. The inventory file contains three master hosts, the nodes, an etcd server, and a host that functions as the HAProxy to balance the master API on all master hosts. The HAProxy host is defined in the [lb] section of the inventory file enabling Ansible to automatically install and configure HAProxy as the load balancing solution.

In the Ansible nodes file, the following parameters need to be specified in order to setup Nuage VSP as the network plug-in:

  1.  # Create and OSEv3 group that contains masters, nodes, load-balancers, and etcd hosts
  2.  masters
  3.  nodes
  4.  etcd
  5.  lb
  7.  # Nuage specific parameters
  8.  openshift_use_openshift_sdn=False
  9.  openshift_use_nuage=True
  10.  os_sdn_network_plugin_name='nuage/vsp-openshift'
  11.  openshift_node_proxy_mode='userspace'
  13.  # VSP related parameters
  14.  vsd_api_url=https://192.168.103.200:8443
  15.  vsp_version=v4_0
  16.  enterprise=nuage
  17.  domain=openshift
  18.  vsc_active_ip=192.168.103.201
  19.  vsc_standby_ip=192.168.103.202
  20.  uplink_interface=eth0
  22.  # rpm locations
  23.  nuage_openshift_rpm=http://location_of_rpm_server/openshift/RPMS/x86_64/nuage-openshift-monitor-4.0.X.1830.el7.centos.x86_64.rpm
  24.  vrs_rpm=http://location_of_rpm_server/openshift/RPMS/x86_64/nuage-openvswitch-4.0.X.225.el7.x86_64.rpm
  25.  plugin_rpm=http://location_of_rpm_server/openshift/RPMS/x86_64/vsp-openshift-4.0.X1830.el7.centos.x86_64.rpm
  27.  # Required for Nuage Monitor REST server and HA
  28.  openshift_master_cluster_method=native
  29.  openshift_master_cluster_hostname=lb.nuageopenshift.com
  30.  openshift_master_cluster_public_hostname=lb.nuageopenshift.com
  31.  nuage_openshift_monitor_rest_server_port=9443
  33.  # Optional parameters
  34.  nuage_interface_mtu=1460
  35.  nuage_master_adminusername='admin's user-name'
  36.  nuage_master_adminuserpasswd='admin's password'
  37.  nuage_master_cspadminpasswd='csp admin password'
  38.  nuage_openshift_monitor_log_dir=/var/log/nuage-openshift-monitor
  40.  # Required for brownfield install (where a {product-title} cluster exists without Nuage as the networking plugin)
  41.  nuage_dockker_bridge=lbr0
  43.  # Specify master hosts
  44.  [masters]
  45.  fqdn_of_master_1
  46.  fqdn_of_master_2
  47.  fqdn_of_master_3
  49.  # Specify load balancer host
  50.  [lb]
  51.  fqdn_of_load_balancer