Avi LBaaS Driver Installation Instructions for Contrail

This article details installation of the Avi LBaaS driver in an OpenStack + Contrail  environment. There are two mutually exclusive modes:

  1. Neutron-based Avi LBaaS driver: In this mode, the Avi LBaaS driver derives off Neutron and resides in the Neutron-server process. This mode allows multiple Neutron LBaaS providers to co-exist.
  2. Contrail-based Avi LBaaS driver. In this mode, the Avi LBaaS driver derives off Contrail and resides in the service-monitor process. This mode allows multiple Contrail LBaaS providers to co-exist. supported with Avi LBaaS v2 only

The Avi Vantage cloud configuration is exactly the same in both modes. Note that in a Contrail environment, you cannot have a mix of Contrail LBaaS and Neutron LBaaS; and thus must pick a mode that is compatible with the current environment.

Avi LBaaS v2 Neutron Driver Installation Instructions for Contrail

The following steps are to be performed on Neutron-server host.

  1. Determine Contrail plugin version:

    $ contrail-version neutron-plugin-contrail
     Package Version
  2. Adjust neutron.conf database connection URL:

    $ vi /etc/neutron/neutron.conf
     # if using mysql
     connection = mysql+pymysql://neutron:c0ntrail123@
  3. Populate/upgrade Neutron database schema:

    # to upgrade to head
     $ neutron-db-manage upgrade head
     # to upgrade to a specific version
     $ neutron-db-manage --config-file /etc/neutron/neutron.conf upgrade liberty
  4. Drop foreign key constraints:

    # obtain current mysql token
     $ cat /etc/contrail/mysql.token
     $ mysql -u root -p
     Enter password: fabe17d9dd5ae798f7ea
     mysql> use neutron;
     mysql> show create table vips;
     # CONSTRAINT `vips_ibfk_1` FOREIGN KEY (`port_id`) REFERENCES `ports` (`id`) - ports table is not used by Contrail
     mysql> alter table vips drop FOREIGN KEY vips_ibfk_1;
     mysql> show create table lbaas_loadbalancers;
     # CONSTRAINT `fk_lbaas_loadbalancers_ports_id` FOREIGN KEY (`vip_port_id`) REFERENCES `ports` (`id`)
     mysql> alter table lbaas_loadbalancers drop FOREIGN KEY fk_lbaas_loadbalancers_ports_id;
  5. Continue with steps from README file for the Avi LBaaS plugin installation.

    a. For a local installation:

     <pre><code class="language-lua"># LBaaS v1 driver
     $ ./install.sh --aname avi_adc --aip <controller_ip|controller_vip> --auser <avi-admin-tenant-user> --apass <avi-admin-tenant-password>
     # LBaaS v2 driver 
     $ ./install.sh --aname avi_adc_v2 --aip <controller_ip|controller_vip> --auser <avi-admin-tenant-user> --apass <avi-admin-tenant-password> --v2

    b. For manual steps:

     <pre><code class="language-lua"># LBaaS v1 driver
     $ vi /etc/neutron/neutron.conf
     #service_plugins = neutron_plugin_contrail.plugins.opencontrail.loadbalancer.plugin.LoadBalancerPlugin
     service_plugins = neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin
     service_provider = LOADBALANCER:Avi_ADC:neutron_lbaas.services.loadbalancer.drivers.avi.avi_driver.AviLbaaSDriver
     # LBaaS v2 driver
     $ vi /etc/neutron/neutron.conf
     #service_plugins = neutron_plugin_contrail.plugins.opencontrail.loadbalancer.plugin.LoadBalancerPlugin
     service_plugins = neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
     service_provider = LOADBALANCERV2:avi_adc_v2:neutron_lbaas.drivers.avi.driver.AviDriver
     $ service neutron-server restart
     $ neutron service-provider-list</code></pre>  

Avi LBaaS v2 Contrail Driver Installation Instructions for Contrail

These steps are exclusive of Neutron-LBaaS mode and thus any changes from that mode would need to be undone apriori. The following steps should be performed on the Neutron-server/Contrail api-server host.

  1. Determine Contrail-plugin version:

    $ contrail-version neutron-plugin-contrail
     Package Version
     ------------------------- ------------
  2. Driver installation:

    # LBaaS v2 driver
     $ ./install.sh --aname ocavi_adc_v2 --aip <controller_ip|controller_vip> --auser  --apass  --v2 --no-restart --no-confmodify
  3. Setup service-appliance-set:

    $ /opt/contrail/utils/service_appliance_set.py --api_server_ip --api_server_port 8082 --oper add --admin_user admin --admin_password contrail123 --admin_tenant_name admin --name ocavi_adc_v2 --driver "neutron_lbaas.drivers.avi.avi_ocdriver.OpencontrailAviLoadbalancerDriver" --properties '{"address": "", "user": "admin", "password": "avi123", "cloud": "Default-Cloud"}'

    Note: In the event ‘neutron_lbaas’ doesn’t exist on the api-server node, the driver path should be adjusted to the correct path spec.

  4. Delete service-appliance-set:

    $ /opt/contrail/utils/service_appliance_set.py --api_server_ip --api_server_port 8082 --oper del --admin_user admin --admin_password contrail123 --admin_tenant_name admin --name ocavi_adc_v2

Avi Controller Configuration

  1. If OpenStack endpoints are private IPs and Contrail provides a public/front-end IP to those endpoints, then use iptables to DNAT.

    # on AviController only - perform iptable nat to reach the private IPs.
     $ iptables -t nat -I OUTPUT --dest -j DNAT --to-dest
  2. Cloud configuration:

During cloud configuration, select the “Integration with Contrail” checkbox and provide the endpoint URL of the Contrail VNC api-server. The Keystone credentials from the OpenStack configuration will be used to authenticate with the api-server service.

Configuration Settings Example

: > show cloud jcos
    | Field                     | Value                                      |
    | uuid                      | cloud-104bb7e6-a9d2-4b34-a4c5-d94be659bb91 |
    | name                      | jcos                                       |
    | vtype                     | CLOUD_OPENSTACK                            |
    | openstack_configuration   |                                            |
    |   username                | admin                                      |
    |   admin_tenant            | demo                                       |
    |   keystone_host           |                               |
    |   mgmt_network_name       | mgmtnw                                     |
    |   privilege               | WRITE_ACCESS                               |
    |   use_keystone_auth       | True                                       |
    |   region                  | RegionOne                                  |
    |   hypervisor              | KVM                                        |
    |   tenant_se               | True                                       |
    |   import_keystone_tenants | True                                       |
    |   anti_affinity           | True                                       |
    |   port_security           | False                                      |
    |   security_groups         | True                                       |
    |   allowed_address_pairs   | True                                       |
    |   free_floatingips        | True                                       |
    |   img_format              | OS_IMG_FMT_AUTO                            |
    |   use_admin_url           | True                                       |
    |   use_internal_endpoints  | False                                      |
    |   config_drive            | True                                       |
    |   insecure                | True                                       |
    |   intf_sec_ips            | False                                      |
    |   external_networks       | False                                      |
    |   neutron_rbac            | True                                       |
    |   nuage_port              | 8443                                       |
    |   contrail_endpoint       |                   |
    | apic_mode                 | False                                      |
    | dhcp_enabled              | True                                       |
    | mtu                       | 1500 bytes                                 |
    | prefer_static_routes      | False                                      |
    | enable_vip_static_routes  | False                                      |
    | license_type              | LIC_CORES                                  |
    | tenant_ref                | admin                                      |

Installing Avi LBaaS Driver

Installing/Upgrading LBaaS driver using script

Avi Networks provides a script for installing or upgrading the LBaaS plugin driver (v1 or v2). The script makes the necessary OpenStack configuration changes automatically. Download the Avi LBaaS driver installation package (avi_openstack_package.tar.gz) from the Avi Networks portal website ( https://portal.avinetworks.com).


  1. If preferred, the LBaaS driver can be installed alone without the virtual environment files and with the script. (For more information and instructions, refer README file in the avi_openstack_package.tar.gz package.)
  2. An account with root privileges for the Neutron API server is required. This account is different from the account used by the Controller to access the OpenStack infrastructure.

Following are the steps to install Avi LBaas driver:

  1. Copy the package onto the OpenStack Neutron API host.
  2. Log into the Neutron API server.
  3. On the OpenStack Neutron API server, backup neutron.conf.
  4. Unzip and untar the driver package: tar -xzf avi_openstack_package.tar.gz
  5. Run the Avi LBaaS installation script.

To install LBaaS v2 driver, specify the option “–v2” to the following install command. In the following example of v1 driver installation, is the IP address for the Avi Controller cluster. The login credentials for the Controller are admin/avinetworks. Ensure that you replace the IP address in the example with the cluster IP address.

Note: If you are installing only the driver without the virtual environment files, refer README file in the avi_openstack_package.tar.gz on the Avi Networks customer portal.