[openstack-dev] [neutron] [policy] Policy-group relationship

Stephen Wong s3wong at midokura.com
Sun Dec 15 17:00:32 UTC 2013


Hi Mohammad,

    Good writeup, one minor comment at the end below (look for [s3wong]).

On Thu, Dec 12, 2013 at 3:42 PM, Mohammad Banikazemi <mb at us.ibm.com> wrote:
> Continuing the discussion we had earlier today during the Neutron Group
> Policy weekly meeting [0], I would like to initiate a couple of email
> threads and follow up on a couple of important issues we need to agree on so
> we can move forward. In this email thread, I would like to discuss the
> policy-group relationship.
>
> I want to summarize the discussion we had during the meeting [1] and see if
> we have reached an agreement:
>
> There are two models for expressing the relationship between Groups and
> Policies that were discussed:
> 1- Policies are defined for a source Group and a destination Group
> 2- Groups specify the Policies they "provide" and the Policies they
> "consume"
>
> As expressed during the IRC meeting, both models have strong support and we
> decided to have a resource model that can be used to express both models.
> The solution we came up with was rather simple:
>
> Update the resource model (shown in the attribute tables and the taxonomy in
> the google doc [2]) such that policy can refer to a "list" of source Groups
> and a "list" of destination Groups.
> This boils down to having two attributes namely, src_groups and
> destination_groups (both list of uuid-str type) replacing the current
> attributes src_group and dest_group, respectively.
>
> This change simply allows the support for both models. For supporting model
> 1, specify a single source Group and a single destination Group. For model
> 2, specify the producers of a Policy in the source Group list and specify
> the consumers of the Policy in the destination Group list.

[s3wong] this is interesting. Let's say we have two groups A & B, and
A wants to send traffic to B, so in this case, B is providing a policy
which A will consume. In your proposal above, I would have to put A in
destination group list and B in source group list although the traffic
direction is the reverse. Would that cause a bit of a confusion?

Thanks,
- Stephen


>
> If there is agreement, I will update the taxonomy and the attribute tables
> in the doc.
>
> Best,
>
> Mohammad
>
>
> [0] https://wiki.openstack.org/wiki/Meetings/Neutron_Group_Policy
> [1]
> http://eavesdrop.openstack.org/meetings/networking_policy/2013/networking_policy.2013-12-12-16.01.log.html
> [2]
> https://docs.google.com/document/d/1ZbOFxAoibZbJmDWx1oOrOsDcov6Cuom5aaBIrupCD9E/edit#heading=h.x1h06xqhlo1n
> (Note the new additions are at the end of the document.)
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



More information about the OpenStack-dev mailing list