VMware vSphere plugin

The VMware vSphere plugin leverages the VMware vSphere distributed vSwitch architecture to support management of the fabric directly from the VMware vCenter and ensures that the fabric responds to the networking needs of the environment.

The VMware vSphere plugin provides the following advantages and capabilities:

  • Direct integration into the network management workflow of VMware vCenter.
  • The use of the common distributed vSwitches and port groups for both regular Virtual Machine NICs as well as SR-IOV use cases.
  • Supports the following VLAN types for port groups.
    • None: Vlan 0
    • VLAN: (1-4094)
  • Automatic provisioning of the fabric based on where the virtual machines require the connectivity.
  • Support advanced workflows through the EDA-managed solution, including for VNF use cases with features like QoS, ACLs, and BGP PE-CE.
  • Interconnectivity between different cloud environments, allowing for flexible network configurations.

Supported versions

  • VMware vSphere 7
  • VMware vSphere 8

Prerequisites

Before installing or deploying the VMware vSphere plugin components, ensure that the Cloud Connect Core application is properly installed in the cluster.

Architecture

The VMware vSphere plugin consists of two components:
  • VMware vSphere plugin app
  • VMware vSphere plugin

VMware vSphere plugin app

This app runs in EDA and manages the lifecycle of the VMware vSphere plugins. It does so in the standard app model where a custom resource is used to manage the VMware vSphere plugins.

VMware vSphere plugin

The plugin itself is responsible for connecting and monitoring the VMware vCenter environment for changes. The plugin listens to the events of the following objects:

  • Distributed vSwitch (dvS)
  • Distributed port groups (dvPG)
  • Host to dvS associations
  • Custom attributes

Supported features

The following are some of the supported VMware vSphere features:

  • CMS-managed integration mode

  • EDA-managed integration mode

  • Optimally configure subinterfaces to minimize configuration and security footprint of network services

  • LAG/LACP interfaces

  • SRIOV interfaces

  • Audits

Deployment

To deploy the VMware vSphere plugin, complete the following tasks:
  1. Deploy the plugin app.
  2. Deploy the plugin.

Plugin app deployment

The VMware vSphere plugin app is an application in the EDA app eco-system. You can install it using the app Store UI.

Installation using Kubernetes API

If you prefer installing the Connect Core using the Kubernetes API, you can do so by creating the following Workflow resource: 
apiVersion: core.eda.nokia.com/v1 
kind: Workflow 
metadata: 
  name: vmware-plugin 
  namespace: eda-system 
spec: 
  input: 
    app: vmware-plugin 
    catalog: eda-catalog-builtin-apps 
    operation: install 
    vendor: nokia 
    version: 
      type: semver 
      value: v2.0.0 
  type: app-installer

Plugin deployment

A prerequisite for creating a vmwarePluginInstance resource is a Secret with username and password fields that contain the account information for an account that can connect to the VMware vCenter environment and has read-only access to the cluster so that it can monitor the necessary resources.

See the following example:
apiVersion: v1 
kind: Secret 
type: Opaque 
metadata: 
  name: my-vmware-creds 
  namespace: eda-system 
data: 
  username: YWRtaW4K # base64 encoded 
  password: YWRtaW4K # base64 encoded

As the VMware vSphere plugins are managed through the operator, you can use the EDA UI to create a new VmwarePluginInstance resource under the System Administration > Connect > VMware Plugins menu item.

Alternatively, you can create the same VmwarePluginInstance resource using the following custom resource example. Make sure to replace the specified values with their relevant content.

apiVersion: vmware.eda.nokia.com/v1 
kind: VmwarePluginInstance 
metadata: 
  name: my-vmware-plugin-instance # A unique name for the plugin resource (can be the same as the spec.name, or different) 
  namespace: eda-system 
spec: 
  externalId: example-external-id # A unique Identifier for the plugin (can be same as the name) 
  heartbeatInterval: 30 
  name: example-vSphere # A unique name for the plugin 
  vcsaHost: example-host # The IP address of the vCenter Server 
  vcsaTlsVerify: true # To verify TLS of the VCSA. 
  vcsaCertificate: "" # If the VCSA certificate is self signed, add it here to be able to verify from the plugin 
  authSecretRef: my-vmware-creds # Credentials are hosted in a seperate Secret.

The plugin name and external ID must comply with the regex check of '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]' and can only contain alphanumerical characters and ., _, and -. It must start with an alphanumerical character.

Functionality

This section describes VMware vSphere plugin operations including startup, event monitoring, and the plugin's operational modes.

Startup

When the plugin is started, the following actions are taken by the plugin:

  • The plugin registers itself with Connect, based on the provided externalID. If a matching ConnectPlugin resource pre-exists, it is reused.
  • The plugin performs an audit where any Connect-related state that was programmed in vCenter while the plugin was not running is synchronized with Connect.

Event monitoring

A plugin connects to a VMware vCenter environment and subscribes to VMware events. The plugin configures Connect and EDA based on the events it receives.

The following table describes the different event triggers and purposes.

Table 1. VMware events
Event trigger Custom resource Purpose

VLAN-tagged distributed PortGroup events

BridgeDomain

In CMS-managed mode, each dvPG results in its own unique bridge domain.

VLAN-tagged distributed PortGroup events

VLAN

Each dvPG with a specific VLAN tag has an EDA VLAN resource so it can be attached to the BridgeDomain.

Host NIC distributed Switch Uplink events

ConnectInterface

Each Host NIC that is added as an Uplink to a dvS triggers the creation of a ConnectInterface which is mapped by Connect Core to an EDA Interface.

The uplink names must comply with the regex check of ^[a-zA-Z0-9][a-zA-Z0-9._-]*[a-zA-Z0-9]$. It can only contain alphanumerical characters and " " (space), . (period), _ (underscore), and - (dash). It must also have a length of 64 characters or less.

Operational modes

The plugin supports the following operational modes:
  • CMS-managed mode
  • EDA-managed mode

These modes can be used simultaneously.

CMS-managed mode

This mode is also referred to as VMware-managed mode. When using this mode, the plugin creates a unique BridgeDomain for each VLAN-tagged dvPG in the VMware vCenter environment.

EDA-managed mode

In EDA-managed mode, a dvPG is given a special custom attribute that refers to an existing EDA BridgeDomain. When the plugin detects this custom attribute, and it refers to an existing BridgeDomain resource in EDA, it does not create a new BridgeDomain but instead associates the dvPG with the existing one. This allows for more advanced configuration of the application networks.

To use the EDA-managed mode:
  1. Create a BridgeDomain resource in EDA with the desired settings.
  2. When creating a distributed PortGroup in vCenter, configure a custom attribute called ConnectBridgeDomain and set its value to the key of the EDA BridgeDomain.
    Note: Both the key of the custom attribute and the value are case sensitive.

You can configure multiple dvPGs with the same BridgeDomain resource.

Switching between operational modes

You can switch between EDA-managed and CMS-managed modes at any time. You can switch back to CMS-managed mode by setting the ConnectBridgeDomain custom attribute to none, or by deleting the custom attribute entirely.

Troubleshooting

Plugin is not running

If an incorrect vCenter hostname or IP is configured in the VmwarePluginInstance resource, the plugin will try to connect for three minutes and crash/restart if it fails to connect. If the credentials are incorrect, the plugin will crash/restart immediately.

Verify the following items:

  • Raised plugin alarms
  • Connectivity from the EDA cluster to vCenter
  • Credentials for vCenter
  • Heartbeat interval is a positive integer
  • Logs of the plugin pod

Plugin is not creating any resources in EDA

Verify the following items:

  • Raised plugin alarms
  • Connectivity from the EDA cluster to vCenter
  • Logs of the plugin pod
  • Heartbeats are being updated
  • Plugin staleness state field

Plugin is not configuring the correct state

Verify the following items:

  • Raised plugin alarms
  • Uplinks for the dvPG in vCenter are configured as active or standby; if there are no active or standby uplinks configured, the plugin will not associate any ConnectInterface with the VLAN
  • Uplink names can only contain alphanumerical characters and ., _, - and must have a length of 64 characters or less
  • VLAN ranges are not supported on dvPGs
  • EDA resources, like VLAN, BridgeDomain and ConnectInterface
  • Logs of the plugin pod