[openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

CARVER, PAUL pc2929 at att.com
Fri Aug 8 15:46:44 UTC 2014

Wuhongning [mailto:wuhongning at huawei.com] wrote:

>Does it make sense to move all advanced extension out of ML2, like security
>group, qos...? Then we can just talk about advanced service itself, without
>bothering basic neutron object (network/subnet/port)

A modular layer 3 (ML3) analogous to ML2 sounds like a good idea. I still
think it's too late in the game to be shooting down all the work that the
GBP team has put in unless there's a really clean and effective way of
running AND iterating on GBP in conjunction with Neutron without being
part of the Juno release. As far as I can tell they've worked really
hard to follow the process and accommodate input. They shouldn't have
to wait multiple more releases on a hypothetical refactoring of how L3+ vs
L2 is structured.

But, just so I'm not making a horrible mistake, can someone reassure me
that GBP isn't removing the constructs of network/subnet/port from Neutron?

I'm under the impression that GBP is adding a higher level abstraction
but that it's not ripping basic constructs like network/subnet/port out
of the existing API. If I'm wrong about that I'll have to change my
opinion. We need those fundamental networking constructs to be present
and accessible to users that want/need to deal with them. I'm viewing
GBP as just a higher level abstraction over the top.

More information about the OpenStack-dev mailing list