[openstack-dev] Neutron Group Base Policy Implementation

加藤 由高 yoshitaka.kato at ctc-g.co.jp
Tue May 27 05:57:54 UTC 2014


Hello everyone,

My name is Yoshitaka and I am senior network architect at CTC. I wanted
to chime in on this thread because we're quite interested in the
group-based policy effort.  We like the model being proposed, are
looking forward to trying these APIs, and hope you can all help this
move forward for Juno.

Thanks,

Yoshitaka Kato



On 5/22/14, 11:38 AM, "Maru Newby" <marun at redhat.com> wrote:


On May 22, 2014, at 11:03 AM, Maru Newby <marun at redhat.com> wrote:

At the summit session last week for group-based policy, there were many
concerns voiced about the approach being undertaken.  I think those
concerns deserve a wider audience, and I'm going to highlight some of
them here.

The primary concern seemed to be related to the complexity of the
approach implemented for the POC.  A number of session participants
voiced concern that the simpler approach documented in the original
proposal [1] (described in the section titled 'Policies applied between
groups') had not been implemented in addition to or instead of what
appeared in the POC (described in the section titled 'Policies applied
as a group API').  The simpler approach was considered by those
participants as having the advantage of clarity and immediate
usefulness, whereas the complex approach was deemed hard to understand
and without immediate utility.

A secondary but no less important concern is related to the impact on
Neutron of the approach implemented in the POC.  The POC was developed
monolithically, without oversight through gerrit, and the resulting
patches were excessive in size (~4700 [2] and ~1500 [3] lines).  Such
large patches are effectively impossible to review.  Even broken down
into reviewable chunks, though, it does not seem realistic to target
juno-1 for merging this kind of complexity.  The impact on stability
could be considerable, and it is questionable whether the necessary
review effort should be devoted to fast-tracking group-based policy at
all, let alone an approach that is considered by many to be
unnecessarily complicated.

The blueprint for group policy [4] is currently listed as a 'High'
priority.  With the above concerns in mind, does it make sense to
continue prioritizing an effort that at present would seem to require
considerably more resources than the benefit it appears to promise?


Maru

1: https://etherpad.openstack.org/p/group-based-policy

Apologies, this link is to the summit session etherpad.  The link to the
original proposal is:

https://docs.google.com/document/d/1ZbOFxAoibZbJmDWx1oOrOsDcov6Cuom5aaBIru
pCD9E/edit

2: https://review.openstack.org/93853
3: https://review.openstack.org/93935
4:
https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstrac
tion

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



More information about the OpenStack-dev mailing list