Avi Networks and Nuage Networks Integration

This article describes the architecture and operation of the Nuage Networks SDN product line and its integration with Avi Vantage Platform. The intent is to provide insights into the underlying interoperation and capabilities from a high level for both products.

Note: IPv6 is not supported for Nuage Networks integration as yet in Avi Vantage.

Nuage Networks Architecture

The Nuage Networks Virtualized Services Platform is composed of three major layers. Each layer has its own form factor.

Nuage VSP

Nuage Networks Virtualized Services Platform (VSP) is a comprehensive solution that makes the network as readily consumable as compute resources across the data center, enterprise WAN and public cloud providers. It does this by providing the missing link to ensure rapid and efficient delivery of highly customizable application services, in and across multi-tenanted data centers.

Nuage Networks VSP components
Figure 1. Nuage VSP architecture

Nuage VSD

The Nuage Networks Virtualized Services Directory (VSD) is a policy & business logic engine that simplifies the definition of network services in an application friendly context. It provides enterprise administrators the freedom to outline the networking requirements of their cloud applications in familiar IT constructs, and establishes policies that ensure the proper scope, security and integrity of application consumption in a manner consistent with enterprise guidelines.

Nuage VRS

The Virtual Routing and Switching (VRS) component is an enhanced Open vSwitch (OVS) implementation that constitutes the network forwarding plane. It encapsulates and de-encapsulates user traffic, enforcing L2-L4 traffic policies as defined by the VSD. The VRS tracks VM creation, migration and deletion events in order to dynamically adjust network connectivity. The VRS supports multiple hypervisors in virtualized server environments. It can operate as a gateway for bare-metal servers or service appliances.

Nuage VSC

Nuage Networks VSC is a software-defined networking (SDN) solution that virtualizes any DC network infrastructure and automatically establishes connectivity between compute resources upon their creation. Leveraging programmable business logic and a powerful policy engine, VSC provides an open and highly responsive solution that scales to meet the stringent needs of massive multi- tenant DCs. VSC is a software solution that can be deployed over existing datacenter network fabrics and to public cloud providers.

OpenStack-to-Nuage Mapping

OpenStack-Nuage Terminology
Figure 2. OpenStack-Nuage terminology

Nuage Networks VSD Integration with Avi Networks

The Avi Vantage Platform takes a software-defined approach to delivering application services beyond load balancing. Avi Vantage enables a distributed data plane with central management.

Avi Vantage and Nuage Integration
Figure 3. Avi Vantage and Nuage integration

  • Deploying the Avi Vantage Platform alongside the Nuage Networks VSP gives you enterprise-grade features:
    • Application availability
    • Visual and actionable insights
    • Security
    • Resiliency
    • Multitenancy
    • Elastic scalability
    • Operational simplicity

Integration Details


The integration effort was done using the following software releases:

  • OpenStack Mitaka
  • Nuage Networks VSP versions 3.x+ and 4.x
  • Avi Vantage releases 16.4.6+ and 17.1.2+

Network Topology — OpenStack View (Avi Vantage)

This is how the network topology would look in Horizon UI once the same is instantiated from Avi Vantage.

OpenStack View (Avi Vantage in Horizon)
Figure 4. OpenStack view (Avi Vantage in Horizon)

Network Topology — Nuage View

Nuage Networks VSP components
Figure 5. Nuage view

Avi Vantage and Nuage Configuration Details & Processing

Configuration Details
  • Configure Nuage VSD credentials on Avi Controller. Read more details in Installing Avi Vantage for OpenStack.
    • Note: VSD credentials are required to directly call into VSD for programming the FIP-to-VIP binding/unbinding.
  • The Avi Controller uses the Avi SEs’ OpenStack UUIDs to automatically look up vPort and domain information using VSD API calls.
  • The Avi Controller automatically creates, configures, and manages the allowed-address-pair. The allowed address pair extension extends the port attribute to enable the specification of arbitrary mac_address/ip_address(CIDR) pairs that are allowed to pass through a port, regardless of the subnet associated with the network, per VIP in VSD through VSD APIs (virtual IP, allowed vPorts). The operator is not expected to manage these allowed-address-pairs. Avi Vantage uses this extension to “place” VIPs on SE data ports, thereby allowing VIP traffic to egress these data ports. OR
  • The Avi Controller automatically creates, configures, and manages one redirection target (a group/collection of vPorts belonging to the same domain) per VIP in VSD through VSD APIs (virtual IP, allowed vPorts). The operator is not expected to manage these redirection targets.

Avi Vantage and Nuage Use Cases

Client in Local Network

  • Client and VIP/Avi SE on the same subnet.
  • Avi SE responds to ARP for (VIP).
  • Avi SE load balances the traffic on the server network.

Clients in Local Network
Figure 6. Client in local network

Client in External Network

  • Client and VIP/Avi SE on the same subnet.
  • Avi SE responds to ARP for (VIP).
  • Avi SE load balances the traffic on the server network.

Clients in External Network
Figure 7. Client in external network

Scale Out with Local Client and External Clients in External Network

  • Client and VIP/Avi SE on different subnets.
  • Primary Avi SE responds to ARP for (VIP).
  • Primary SE load balances the client flows across the scaled-out SEs.
  • Avi SEs load balance the traffic on the server network.

Scale out with local and external clients
Figure 8. Scale out with local and external clients

Multiple Virtual Services per SE

  • When an SE VM is created, each interface gets an IP address allocated by OpenStack.
  • When a virtual service (VS) with a VIP (in local network/subnet is created, Avi adds the VIP as the secondary IP address to the interface on the SE.
  • The Nuage router does not learn unknown mappings.
    • Nuage allocates the interface IPs. Hence, they know the IP/MAC/Port binding.
    • The VIP IP address is configured via LBaaS. Hence, they do not know the MAC/port binding for this IP address.
  • When a virtual service is created, the Avi Controller calls Nuage’s allowed-address-pair/redirection target to create MAC/port binding for the VIP.
    • Avi notifies Nuage about the VIP (secondary IP) and its MAC/port binding. This also enables MAC/ARP learning for the VIP.
    • In case of scale out, Avi programs the allowed-address-pair/redirection-target for relevant ports of all SEs.
    • At any time, only one SE (primary) responds to ARP requests.

    Multiple virtual services per SE
    Figure 9. Multiple virtual services per SE