[openstack-dev] [controller-dev] Group-Based Policy Understanding and Queries
Stephen Wong
stephen.kf.wong at gmail.com
Fri Sep 26 17:22:42 UTC 2014
CC'ed ODL GBP --- although this doesn't concern them at this point, it may
be of interest to the team
On Fri, Sep 26, 2014 at 12:10 AM, Sachi Gupta <sachi.gupta at tcs.com> wrote:
> Hi All,
>
> Request you all to provide inputs of the below queries:
>
> - As per my understanding GBP constructs are mapped to neutron calls
> for example - creating an endpoint, the neutron mapping driver will map it
> to the existing port creation method. Similarly to achieve the complete
> functionality of GBP openstack, I have checked for the neutron calls and it
> includes network, subnet, port, router, security group.
>
> Correct.
>
> 1. Creating a contract - policy rules..Will this include a call to
> firewall rules or only security group calls will be done?
>
> At this point, only security group calls.
>
> 1.
> 2. I need to integrate Openstack with Opendaylight(ODL). To achieve
> the interface between two will it be done by ML2 plugin and neutron mapping
> driver of Openstack or something additional is required?
>
>
That should be enough.
>
> 1.
> 2. The neutron northbound APIs of ODL include network, subnet, port,
> router, security groups, firewall calls. Any other call that needs to be
> included a part from these in ODL.
>
>
Even FWaaS APIs are supported in ODL now? If so, I guess ODL is even
ready to do (basic) 'redirect' action once it is implemented on the mapping
driver then.
And no, you should not need any other APIs.
>
> 1.
> 2. Do the neutron calls that will be mapped by the neutron mapping
> driver of openstack are something different from the previous neutron calls
> that were being made without using GBP??? For example: The network create
> call that was used previously with ODL without using GBP in openstack. Will
> it be different from the network call to ODL that will be made by GBP
> mapping driver of openstack.
>
> No. The intent of mapping driver is to allow network policies to be
rendered by current Neutron plugins. So the ODL calls should NOT be any
different from before, the magic happens in the mapping driver layer.
>
> 1.
> 2. How the GBP project in openstack will be affecting the Opendaylight
> neutron calls??
>
>
It doesn't. That said, I fully expect the ODL Neutron handling layer to
support GBP APIs in the (near) future. When that happens, instead of using
the mapping driver, you will have an additional choice of using the ODL GBP
driver.
Hope it helps,
- Stephen
>
>
>
> Thanks in Advance
> Sachi Gupta
>
>
>
> From: Sumit Naiksatam <sumitnaiksatam at gmail.com>
> To: "OpenStack Development Mailing List (not for usage questions)"
> <openstack-dev at lists.openstack.org>
> Date: 09/23/2014 04:33 AM
> Subject: Re: [openstack-dev] Group-Based Policy Understanding and
> Queries
> ------------------------------
>
>
>
> Thanks for your interest in GBP, responses inline.
>
> On Sun, Sep 21, 2014 at 11:35 PM, Sachi Gupta <sachi.gupta at tcs.com> wrote:
> > Hi All,
> >
> > Request you all to provide inputs on below understanding:
> >
> > Openstack: Group-based policy is a blueprint for Juno-3 release of
> > Openstack. It will extend OpenStack Networking with policy and
> connectivity
> > abstractions that enable significantly more simplified and
> > application-oriented interfaces than with the current Neutron API model.
> > When will be the code ready for Group-based policy as an open source?
>
> The code has been in review in gerrit for a while now, you can find
> all the links to all the patches here:
> https://wiki.openstack.org/wiki/Meetings/Neutron_Group_Policy/Patches
> We are also consolidating this code in Stackforge so that its usable
> starting from the Juno release.
>
> > Openstack group policy API will be an extension to the Neutron APIs.
> There
> > will be a policy manager to manage the policy and policy rules. Will GBP
> a
> > part of neutron?? If yes, then will GBP be a part of Horizon under
> neutron?
>
> The wiki page above has links to client, Horizon and Heat patches.
>
> > Policy driver which will act as an interface(ODL Policy Driver). For eg.
> we
> > used neutron ML2 plugin as an interface between Openstack neutron and ODL
> > neutron northbound. When will the policy driver for ODL available?
> > Openstack policy driver for ODL will act as an interface to ODL. Which
> API
> > in ODL, Policy calls from Openstack ODL Policy driver will be hitting??
> >
>
> I know that this was planned, so you would probably need to check with
> the author of the following patch for the status on this:
> https://review.openstack.org/#/c/105606/
> We can also bring this up for discussion during the weekly IRC:
> https://wiki.openstack.org/wiki/Meetings/Neutron_Group_Policy
>
> >
> >
> > Thanks & Regards
> > Sachi Gupta
> >
> > =====-----=====-----=====
> > Notice: The information contained in this e-mail
> > message and/or attachments to it may contain
> > confidential or privileged information. If you are
> > not the intended recipient, any dissemination, use,
> > review, distribution, printing or copying of the
> > information contained in this e-mail message
> > and/or attachments to it are strictly prohibited. If
> > you have received this communication in error,
> > please notify us by reply e-mail or telephone and
> > immediately and permanently delete the message
> > and any attachments. Thank you
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
> _______________________________________________
> controller-dev mailing list
> controller-dev at lists.opendaylight.org
> https://lists.opendaylight.org/mailman/listinfo/controller-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140926/ad8f6acb/attachment.html>
More information about the OpenStack-dev
mailing list