This document is intended as a reference for technical professionals for managing and operating OpenStack Cloud based Infrastructure as a Service (IaaS) using Cisco Nexus 1000V for OpenStack as their virtual switch. This document will guide how OpenStack admin can offer network, storage and compute services to tenant admins. And how tenant admins will consume those services and offer it to their customer within their organization.
Following are the versions being used in this document
For detailed installation instructions, refer to Cisco Nexus 1000V For Ubuntu documentation.
Following is what admin sees when he/she logs into the OpenStack Horizon Dashboard browser based GUI interface.
SSH into Nexus 1000V VSM (Virtual Supervisor Module) and run show version command on the CLI
The Nexus-OS version is 5.2(1)SK1(2.1). "K" in the name indicates KVM Hypervsior version.
Run show module command to display various components
Module 1 and Module 2 are reserved for the Virtual Supervisor Module. The Cisco Nexus 1000V supports VSM high availability. Hence, VSM virtual machine can run in an active/standby high availability mechanism. The output shows that there is only one VSM, that means it is a standalone deployment.
The rest of the modules (6 through 8) are Virtual Ethernet Modules (VEM). As per the network diagram above the VSM is managing the network node and the two compute nodes in the setup. As shown at the bottom of the screen, each VEM corresponds to a node, identified by the server IP address and name. This mapping of virtual line-card to a physical server eases the communication between the network and server team.
Verify the default service-policy, that will be used for instances, created on this VSM. Nexus1000V allows for the segregation of network policy and service policy (ACL or Firewall Services for example). If services such as ACL or firewall were to be applied on an instance, the service-policy would be configured accordingly.
To view the default service-policy used in this lab enter following command
# show run port-profile Client-Policy
To check the restricted service policy configured, run the command
# show running-config port-profile restricted-client-policy
Cloud admin can create network-profile by using OpenStack Horizon dashboard.
Also, notice that the lists of Policy Profiles are reflected in the bottom part of the page. This information is retrieved by OpenStack Controller from Nexus1000V VSM and displayed here. We will be consuming this Policy Profile when we create a new tenant network segment.
Now the admin should complete the creation of Network Profile by entering Name, Segment Type and other information as shown below
Following is what you see on the OpenStack Horizon dashboard after it is done.
The Sub-Type says “Unicast”, although we selected ‘Enhanced” when we were creating the network profile. Enhanced mode is in fact unicast. The normal mode of operation is multicast.
The Nexus 1000V supports an enhanced mode for VXLAN which does not require multicast in the underlay network.
You can also verify it on the Cisco Nexsu 1000V VSM (Virtual Supervisor Module) by ssh into the VSM virtual machine as shown below
# show nsm logical network
Now create networks in the silver-corp project.
Now we will login as silver-corp admin to create network for silver-corp company. This is imp to show that now you can give control to the tenant and he will be able to do the rest from here and can control his own department or orginzation.
Now we will login and silver-admin and following is how it shows on OpenStack dashboard.
In this section, we will perform the following steps:
After the above step, now submit “Create this network”.
Following is what you see after it is successful
Now create another network in the same siver-corp
After the above steps is done, you can click on the create subnet button now.
Now you see the following screen on OpenStack horizon dashboard.