[openstack-dev] [Quantum] Services' Chaining
Ravi Chunduru
ravivsn at gmail.com
Wed Apr 10 00:57:28 UTC 2013
Hi Sumit/All,
We (me and folks from Freescale) have defined APIs in similar approach
for Network Service Appliance Chaining.
The APIs are in this link
https://github.com/kumarcv/openstack-nf/blob/master/README.md
We will be soon coming up with a blueprint on it.
Here is the brief summary:
For real time deployments there is need for running Network Service(NS)
Appliances in openstack environment. A typical deployment would need
Firewall, VPN, Intrusion Prevention, Anti Virus scanning etc., for the
traffic reaching to virtual servers. One would want to enforce the
security policies across the networks, between the networks as per their
guidelines.
Another important need for real time deployments is the scalability and
performance. Currently LBaaS is leveraged to provide scalability.
NS Appliance Chains:
There is a need for chaining the network service Appliances using Quantum.
Two types of network service chains are required.
1) Transparent NS Appliance Chain
Needed for treating the traffic transparently. For example, traffic with in
the same subnet.
2) Routed NS Appliance Chain
Applied on traffic between two networks.
Network Service Appliance Chains:
NS Rules provide the flexibility for the admin to control the network
functionality for the given traffic.
One can configure,
a) Scan virus content for the HTTP traffic going to network A
b) Apply Firewall rules for the traffic between Network B and Network C
etc.,
We also thought of horizon requirement for NS Appliance Image management.
Please review and provide comments.
Thanks,
-Ravi.
*
*
On Sun, Apr 7, 2013 at 12:48 PM, Sumit Naiksatam
<sumitnaiksatam at gmail.com>wrote:
> Hi All,
>
> Wanted to bring to your attention the following proposal on "Service
> Chaining":
>
> https://blueprints.launchpad.net/quantum/+spec/quantum-services-insertion-chaining-steering
>
> Summary:
> We aim to extend and enhance the current "services" framework via
> Quantum extensions to make it possible for the user to request that a
> combination of network services be inserted in the user's virtual
> network topology.
>
> We have proposed a design summit session to discuss this topic and
> there is a prototypical implementation being posted for better
> understanding and validation.
>
> Kindly review and provide comments.
>
> Thanks,
> ~Sumit.
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
--
Ravi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130409/181e7199/attachment.html>
More information about the OpenStack-dev
mailing list