[openstack-dev] [Quantum] [Nova] improved vif-plugging and OVS Security Group

Akihiro MOTOKI amotoki at gmail.com
Sat Feb 9 02:52:39 UTC 2013


Hi, (folks involving vif-pluginng improvements)

In the review https://review.openstack.org/#/c/19126/,
there is a dicussion whether we should address the issue
about Hybrid VIF Driver with Quantum OVS security group in this patch.

I summarized the relationship between VIF driver and Nova/Quantum
security group implementaiton.
https://docs.google.com/presentation/d/1Gro8rFJ8eYGx5u7BsHbv6WU4tq9v8chqAQSKwWzGUok/edit#slide=id.ga808ce59_00

To address the issue about Hybrid driver with Quantum OVS security group,
Quantum needs to pass two additional types of information:
(1) the one is whether quantum provides firewalling
(2) the other is whether hybrid vif-plugging (additional linux bridge)
is required.

I plan to add new attributes to Quantum binding extensions for a port:
"binding:has_firewall" and "binding:bridge_required".
Previously I introduced "binding:capabilities[port_filter]", but on a
second thought
it would be better to move it to the top level attribute since a sub-dict model
for an attribute makes it difficult to validate it on the API layer.

Any comments on the direction and the names of the attributes are also
appreciated.

It requires both Quantum and Nova updates, but these patches will be small.

Thanks,
Akihiro



More information about the OpenStack-dev mailing list