[openstack-dev] [neutron] [policy] Policy-group relationship

Mohammad Banikazemi mb at us.ibm.com
Tue Dec 17 19:42:53 UTC 2013



Stephen Wong <s3wong at midokura.com> wrote on 12/15/2013 12:00:32 PM:

> From: Stephen Wong <s3wong at midokura.com>
> To: "OpenStack Development Mailing List (not for usage questions)"
> <openstack-dev at lists.openstack.org>,
> Date: 12/15/2013 12:04 PM
> Subject: Re: [openstack-dev] [neutron] [policy] Policy-group relationship
>
> Hi Mohammad,
>
>     Good writeup, one minor comment at the end below (look for [s3wong]).
>
> On Thu, Dec 12, 2013 at 3:42 PM, Mohammad Banikazemi <mb at us.ibm.com>
wrote:
> > Continuing the discussion we had earlier today during the Neutron Group
> > Policy weekly meeting [0], I would like to initiate a couple of email
> > threads and follow up on a couple of important issues we need to agree
on so
> > we can move forward. In this email thread, I would like to discuss the
> > policy-group relationship.
> >
> > I want to summarize the discussion we had during the meeting [1] and
see if
> > we have reached an agreement:
> >
> > There are two models for expressing the relationship between Groups and
> > Policies that were discussed:
> > 1- Policies are defined for a source Group and a destination Group
> > 2- Groups specify the Policies they "provide" and the Policies they
> > "consume"
> >
> > As expressed during the IRC meeting, both models have strong support
and we
> > decided to have a resource model that can be used to express both
models.
> > The solution we came up with was rather simple:
> >
> > Update the resource model (shown in the attribute tables and the
taxonomy in
> > the google doc [2]) such that policy can refer to a "list" of source
Groups
> > and a "list" of destination Groups.
> > This boils down to having two attributes namely, src_groups and
> > destination_groups (both list of uuid-str type) replacing the current
> > attributes src_group and dest_group, respectively.
> >
> > This change simply allows the support for both models. For supporting
model
> > 1, specify a single source Group and a single destination Group. For
model
> > 2, specify the producers of a Policy in the source Group list and
specify
> > the consumers of the Policy in the destination Group list.
>
> [s3wong] this is interesting. Let's say we have two groups A & B, and
> A wants to send traffic to B, so in this case, B is providing a policy
> which A will consume. In your proposal above, I would have to put A in
> destination group list and B in source group list although the traffic
> direction is the reverse. Would that cause a bit of a confusion?
>

Yeah, that's a good point. Producers are the destination of traffic flows.
So should we have them under destination group? Even that is a bit
confusing.
May be we need different names for the two groups.

-Mohammad

> Thanks,
> - Stephen
>
>
> >
> > If there is agreement, I will update the taxonomy and the attribute
tables
> > in the doc.
> >
> > Best,
> >
> > Mohammad
> >
> >
> > [0] https://wiki.openstack.org/wiki/Meetings/Neutron_Group_Policy
> > [1]
> > http://eavesdrop.openstack.org/meetings/networking_policy/2013/
> networking_policy.2013-12-12-16.01.log.html
> > [2]
> > https://docs.google.com/document/d/
> 1ZbOFxAoibZbJmDWx1oOrOsDcov6Cuom5aaBIrupCD9E/edit#heading=h.x1h06xqhlo1n
> > (Note the new additions are at the end of the document.)
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131217/7fc7b87f/attachment.html>


More information about the OpenStack-dev mailing list