Add Hyper-V Network Virtualization (SDN 2.0) mechanism driver

Registered by Gabriel Samfira

This blueprint aims to integrate part of the new SDN stack that ships with Windows Server 2016 [1] as a mechanism driver which will run on the neutron server, as well as a new metadata proxy and a simple L2 agent, both of which will run on each Hypervisor.

The main features it aims to implement are:

* Ensure L2 access to tenant VMs
* Ensure L3 access to tenant VMs (outbound NAT, and floating IPs)
* Implement QoS
* Implement ACLs

It does not yet add support for:

* LBaaS
* VPNaaS

but that will come as part of future updates.

This blueprint will implement 3 components:

* Mechanism driver
* L2 agent
* Metadata proxy

The mechanism driver will make all the necessary calls to the north bound API of the network controller in order to configure the network interfaces of the VMs, create virtual networks, create outbound NAT rules inside the load balancer, etc.

The L2 agent only has to plug the port into the vm switch, and set the port profile ID on the port. The rest of the configuration will be done by the HNV agents based on the policies we add via the mechanism driver into the network controller.

The metadata proxy is a simple service that will be running on each of the hypervisors. While it is possible to use one central metadata proxy, considering that it is a light weight service, it makes sense to distribute it on each hipervisor. Part of the new networking stack, is a metadata service forwarder, that allows us to configure a target ip/port to act as a metadata service. When a VM sends a request to this service, the VMswitch will intercept it, and append the port profile ID of the NIC attached to the VM, as the first column in the headers and body of the HTTP request. The proxy will strip that away, determine which VM has sent the request, it will set the proper headers and proxy the request to Nova.

This feature will not make any changes to the API of neutron and will not make any changes to the database.


For L3 support, the HNVL3RouterPlugin needs to be set in the DEFAULT section under service plugins:

service_plugins =,hyperv.neutron.ml2.l3.HNVL3RouterPlugin

For QoS support, a notification driver needs to be set under the [qos] section:

notification_drivers = message_queue,hnv_qos

Finally, a new section needs to be added, that will point the mechanism driver to the proper network controller:

enable_support = True
url =
username = example\Administrator
password = P@ssw0rd
https_allow_insecure = True
# This is the logical network defined in the network controller that is
# used as a medium for overlay networks
logical_network = "c4cd42ff-5efb-4006-ac56-479730557926"
retry_count = 3
retry_interval = 1
http_request_timeout = 10

It must be noted, that at this point, HNV does not inter-operate with any third party VTEPs, so at this juncture, it is not possible to mix HNVv2 with OpenVSwitch VTEPs. It also does not support VLAN or flat networking schemes for tenant network traffic.


Blueprint information

Claudiu Belu
Gabriel Samfira
Gabriel Samfira
Series goal:
Needs Code Review
Milestone target:
Started by
Claudiu Belu

Related branches



Gerrit topic:,topic:bp/hyperv-network-virtualization-support,n,z

Addressed by:
    [WIP] Add QOS Driver for Hyper-V Network Virtualization (SDN 2.0)

Addressed by:
    [WIP] Add ACLs Driver for Hyper-V Network Virtualization (SDN 2.0)

Addressed by:
    [WIP] Add LoadBalancer manager for Hyper-V Network Virtualization (SDN 2.0)

Addressed by:
    [WIP] Add PublicIPAddress manager for Hyper-V Network Virtualization (SDN 2.0)

Addressed by:
    [WIP] Add HNV Layer 3 router plugin

Addressed by:
    [WIP] Add HNV mechanism driver

Addressed by:
    Refactor the Hyper-V Layer 2 Agent

Addressed by:
    Add layer 2 agent for Hyper-V Network Virtualization v2

Addressed by:
    Add support for custom metadata agent for HNV

Addressed by:
    Add base classes for neutron agents

Gerrit topic:,topic:refactoring/layer2-agent,n,z

Addressed by:
    Replaces neutronclient's initialisation with keystoneauth

Addressed by:
    cleans up the config option usage

Addressed by:
    Fixes Windows Server 2016 Network Controller constants


Work Items

This blueprint contains Public information 
Everyone can see this information.


No subscribers.