Earlier this month, I shared a post about my experiences with deploying VIO, VMware integrated OpenStack. One of the issues I highlighted was the fact that when I tried to create a network, it failed with a very unhelpful error message. The reason the network creation failed was due to a limitation with using a distributed switch (VDS). Instead I had to create what was known as a “provider network”, which is a special step needed for VDS networking. I am in the midst of an OpenStack training, and I’m trying to relate what I am learning on the training class to my VIO deployment. What I’m finding is that there are a number of limitations when using VIO with a distributed switch, which is making it difficult to try out some of the concepts and lab exercises covered in the training class.
For example, if you deploy VIO with a VDS-based network, tenants (projects) do not have the ability to create their own private L2 networks (as we have already seen). However, with VDS-based networking, you do not have the ability to deliver L3 and higher networking services such as virtual routers, security groups, and floating IPs.
Quickly, it might be worth explaining what a floating IP is. Think of a scenario where there are a bunch of VMs in a private network, but they pass through a router which NATs their IPs to an external IP address so that they can gain access to the external/public network. These external IPs on the NAT/router are referred to as floating IPs. The IP addresses that the VMs have on the private network are referred to as fixed IPs (although they may have been allocated by DHCP). Hopefully the diagram below shows this in a bit more detail.
If you try to create a router with a VDS based VIO deployment, it will fail as follows with “Error: There was an error submitting the form. Please try again”:
If you try to create a security group (similar to firewall functionality), it will fail as follows with “Error: Unable to create security group”.
As you can see, VDS networking is quite limiting, and prevents any real-life OpenStack deployment that requires network overlays and additional network services using VIO. However, if you are simply looking to get started with OpenStack, and don’t have any pressing need for network virtualization and overlay networks, VIO with VDS will give you an opportunity to quickly stand-up OpenStack on an existing vSphere environment with a flat network.
For me to continue, it looks like that I’ll need to deploy NSX-V if I want such features in my VMware Integrated OpenStack deployment. I guess that will be my next step.
If you’re wondering how KVM manages to implement these networking features in their OpenStack distribution, they use Open vSwitch. it was actually the Nicira (now NSX) team who initially created Open vSwitch.
