The Advanced Networking service is currently powered by a legacy driver (MidoNet). This driver has been deprecated, and the Nectar Cloud is migrating to a modern driver (OVN). Through this guide below, we request you to migrate your project to use the new modern driver, so the legacy driver can be decommissioned.
Resources affected
The following Advanced Networking resources will be affected:
- Networks
- Subnets
- Routers
- Load Balancers
- Floating IPs
- Instance ports
If you use any of these resources, you will need to migrate them.
Before you start
Identify the Advanced Networking resources (as above) in your project which will be affected. To do this, you can use a helpful script we have created. Further detailed instructions on using the script are below, under "Using the script".
You can also manually identify resources via the Dashboard or via OpenStack CLI.
Delete any resources that are not in use. This will reduce the number of resources you need to migrate.
If you rely on DNS to resolve a name to your Floating IPs, it will be a good idea to set the TTL (time to live) to a low value (e.g. 30 secs), so propagation of changes do not take as long. If you are using Nectar DNS service, refer to the DNS tutorial. If unsure you can contact the Nectar Cloud Help Desk.
FAQ
Please see the Frequently Asked Questions page which will be updated as migration progresses.
What you need to do
Video tutorial
The whole process has been documented in a YouTube video with Part 1 here (using & setting up the Virtual Desktop Service), and Part 2 here (downloading the script and completing the migration).
Switch Project to use modern networking
First of all, you will need to switch your project from legacy to modern networking. This switch will enable new resources to be created in modern networking.
Existing resources in legacy networking will continue working. You will also be able to switch back to legacy networking at any time in the interim, in the future it will be decommissioned.
You can switch your project using one of the options below.
- Nectar Helper Script - see below
- Command Line Interface - see below
- Email the Nectar Help Desk for support.
Recreate resources using modern networking
You will need to recreate affected resources, which you previously had in legacy networking, in the new modern networking setup. Follow these steps:
- Create Tenant Networks and Subnets, similar to existing ones you currently have, which were in legacy networking. These newly created networks will be created in modern networking. You can check by viewing the `provider:network-type` field. For legacy networking, it will have the value ‘midonet’. For modern networking, it will have the value ‘geneve’.
- Create Routers and add the new subnets to them, mirroring existing ones. Set the external gateway of each router to an external network of the same name. (Note: provider network uuids have changed. See more details under ‘External Networks’.)
- Create new Floating IPs, mirroring existing ones.
Switch Instances to modern networks
If you have multiple networks, it is recommended to do one network at a time. For each legacy network:
- Identify Instances (Instances) connected to the legacy network
- Detach each Instance from the old legacy network and attach it to the new modern network. Network access to the Instance will be disrupted in this step. If a Instance is connected to multiple legacy networks, leave the other networks alone for now.
- Attach new Floating IPs to Instance
- Update any DNS
- Repeat for remaining legacy networks
Test
Test if everything is working as expected
Cleanup
If you have completed the previous steps, all legacy network resources should now be unused. Delete the unused legacy networking resources. Follow these steps:
- Delete Loadbalancers
- Detach legacy Networks from Routers
- Delete legacy Networks
- Unset external gateways from Routers
- Delete Routers
- Delete Floating IPs
Congratulations! You have successfully migrated to the modern networking system!
Advanced Networking Tutorials
For additional instructions/help about Advanced Networking functions, view the tutorial here.
Support
If you need help on any of the steps, please create a support ticket here.
Using the Script (detailed guide)
The helper script can be downloaded from https://github.com/NeCTAR-RC/advanced-networking-migration. There is also a download command you can use below. It requires python3.6 and openstack client libraries. If you do not have them or are a windows user, you can use our Virtual Desktop Service as your base machine to run the commands (this already has python and the command line tools installed). For that, we recommend the ubuntu image. Alternatively you can follow the instructions at our OpenStack CLI tutorial to install the clients.
Whatever you use as your base machine, you need to set up your credentials as well, which allows you to "log in" and connect to your Nectar Cloud project, through the command line interface.
Command to download script
Note: you may need to add python3 to the beginning of your command - for example: python3 ./migrate.py check
$ wget https://raw.githubusercontent.com/NeCTAR-RC/advanced-networking-migration/master/migrate.py
Check resources
$ python3 migrate.py check
Project: pt-87
Networking: legacy
Checking resources. This might take a while...
Project pt-87 needs to switch to modern networking. The following resources needs to be migrated:
+------------+--------------------------------------+-----------------+------------------------------+
| Type | ID | Name | Recommendation |
+------------+--------------------------------------+-----------------+------------------------------+
| Network | 9930ce70-bf7a-44d7-a2e8-eda28c07984d | mido | Replace |
| Router | 0b38c592-4ec6-4bf1-a52f-29141b575f43 | mido | Replace |
| Router | 903ae9d8-b522-41e6-8888-d7c1e17b40be | nonetworks | No networks attached, Delete |
| Floatingip | 2ecf324b-0a80-49d2-8132-da128ff23322 | 128.250.168.156 | Replace |
| Floatingip | 95d3b9c1-e345-45f4-90f1-89c6861d168b | 128.250.168.136 | Unused, Delete |
| Server | e7e0a656-bebc-423c-a986-ce730a431d62 | instance3 | Switch to modern network |
+------------+--------------------------------------+-----------------+------------------------------+
Switch to modern networking
$ python3 migrate.py switch modern
Switching project networking
Project set to modern networking.
Please wait 2 minutes for changes to propagate to all services.
Check resources again
If you run a check immediately you may see this
python3 migrate.py check
Project networking may have been recently switched. Please wait for 2 minutes and try again.
Refresh until this message is gone.
Well done!
The instructions below are if you wish to do this manually without the script.
Command Line Interface
You will need to have the OpenStack CLI installed. Please follow the instructions on the OpenStack CLI tutorial.
You will also need the Tenant Manager role on your project.
Check resources
Project
To check if your project is using legacy or modern networking, view the tags of your project. If it has a tag ‘legacy-networking’, it is on legacy networking, if not it is on modern.
$ openstack project show ncs-demo -c id -c name -c tags
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | c3dbe1f7dfc147768ab26ba9b65c9728 |
| name | ncs-demo |
| tags | ['legacy-networking'] |
+-------+----------------------------------+
To switch from legacy to modern networking, unset the ‘legacy-networking’ tag. Replace ‘c3dbe1f7dfc147768ab26ba9b65c9728’ with your project id (see previous example).
$ OS_TOKEN=`openstack token issue -f value -c id`; curl -g -i -X DELETE -H "X-Auth-Token: ${OS_TOKEN}" "https://keystone.rc.nectar.org.au:5000/v3/projects/c3dbe1f7dfc147768ab26ba9b65c9728/tags/legacy-networking"
HTTP/1.1 204 NO CONTENT
Date: Tue, 08 Aug 2023 04:35:52 GMT
Server: Apache
Vary: X-Auth-Token
x-openstack-request-id: req-6955f8f7-2b2b-4a94-bd69-724b662c1cc2$ openstack project show ncs-demo -c id -c name -c tags
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | c3dbe1f7dfc147768ab26ba9b65c9728 |
| name | ncs-demo |
| tags | [] |
+-------+----------------------------------+
To switch a project back to legacy networking, set the ‘legacy-networking’ tag
$ OS_TOKEN=`openstack token issue -f value -c id`; curl -g -i -X PUT -H "X-Auth-Token: ${OS_TOKEN}" "https://keystone.rc.nectar.org.au:5000/v3/projects/c3dbe1f7dfc147768ab26ba9b65c9728/tags/legacy-networking"Network
To check if a Network is legacy, look at the provider:network_type.
$ openstack network show 6a9d7032-5302-4e1d-9c81-d0cd68f60dc1 -c id -c name -c provider:network_type
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 6a9d7032-5302-4e1d-9c81-d0cd68f60dc1 |
| name | daisy_mgmt |
| provider:network_type | midonet |
+-----------------------+--------------------------------------+
provider:network_type of ‘midonet’ is legacy, ‘geneve’ is modern.
Router
Check the Networks that the router is attached to. If the attached networks are legacy, it is a legacy router.
To do that, first list the interfaces on a router.
$ openstack router show 380d2183-56d6-456b-9065-f15e304ee83c -c id -c name -c interfaces_info
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------+
| id | 380d2183-56d6-456b-9065-f15e304ee83c |
| interfaces_info | [{"port_id": "93e6ab71-3090-4832-a175-bc346a47e158", "ip_address": "192.168.66.1", "subnet_id": "350e5c64-58df-455a-a439-f369d3a8e386"}] |
| name | daisy_mgmt |
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------+
For each of the ports, get the network it belongs to
$ openstack port show 93e6ab71-3090-4832-a175-bc346a47e158 -c id -c network_id
+------------+--------------------------------------+
| Field | Value |
+------------+--------------------------------------+
| id | 93e6ab71-3090-4832-a175-bc346a47e158 |
| network_id | 6a9d7032-5302-4e1d-9c81-d0cd68f60dc1 |
+------------+--------------------------------------+
You can now use the Network check to see if this is a legacy network.
Loadbalancer
Check the VIP Network that the Loadbalancer is attached to. If the attached network is legacy, it is a legacy loadbalancer.
$ openstack loadbalancer show c84c3829-f0e0-47df-b728-15382f711bad -c id -c vip_network_id +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | id | c84c3829-f0e0-47df-b728-15382f711bad | | vip_network_id | 1529e811-fc01-499a-8027-2aef95b67a5e | +----------------+--------------------------------------+
You can now use the Network check to see if this is a legacy network.
Floating IP
To check if a Floating IP is legacy, check the ‘Floating Network’ id
$ openstack floating ip list -c ID -c 'Floating IP Address' -c 'Floating Network'
+--------------------------------------+---------------------+--------------------------------------+
| ID | Floating IP Address | Floating Network |
+--------------------------------------+---------------------+--------------------------------------+
| 2bec6b42-ecb9-419b-bec5-19b1d4335e7a | 103.6.252.141 | e48bdd06-cc3e-46e1-b7ea-64af43c74ef8 |
+--------------------------------------+---------------------+--------------------------------------+
Find the network id (e48bdd06-cc3e-46e1-b7ea-64af43c74ef8) in the ‘External Networks’ section.
External Networks
External Networks have changed. Here is a list of network ids, names, and the driver they are using.
| Network ID | Network Name | Subnet | Networking |
|---|---|---|---|
| 60e0be0e-5021-4574-8650-dbf92e1a9cfe | auckland | 130.216.218.0/23 | legacy |
| f0bae700-c52c-42d7-a112-2a897050f6e6 | auckland | 130.216.254.0/24 | ovn |
| e48bdd06-cc3e-46e1-b7ea-64af43c74ef8 | melbourne | 103.6.252.0/24 115.146.80.128/25 | legacy |
| b71c9fb5-e0c9-479f-a095-0eff9f6cc490 | melbourne | 128.250.224.0/23 | modern |
| e201aa30-59aa-4475-b25e-0e4696782fd7 | monash | 118.138.248.0/23 | legacy |
| 2ae205a1-369a-4079-a309-9134e81d6db9 | monash | 130.194.250.0/23 | modern |
| 058b38de-830a-46ab-9d95-7a614cb06f1b | QRIScloud | 203.100.30.0/23 | legacy |
| c5244890-4b5e-4b64-8ee6-c154406e16af | QRIScloud | 203.101.224.0/20 (203.101.238.11-203.101.239.250) | modern |
| 5174d796-116a-47b4-afe4-1bc7ac1ea5fb | swinburne | 136.186.94.0/24 | legacy |
| eb588bf6-a75d-4d9d-bf0e-6864db1d30b2 | swinburne | 136.186.95.0/24 | modern |
| 24dbaea8-c8ab-43dc-ba5c-0babc141c20e | tasmania | 131.217.168.0/24 | legacy |
| ec6bc1fc-4b62-483e-b4da-24cb1dda5f3e | tasmania | 131.217.169.128/25 | modern |
