[openstack-dev] [neutron] How should edge services APIs integrate into Neutron?

Salvatore Orlando sorlando at nicira.com
Wed May 6 06:42:36 UTC 2015


I think Paul is correctly scoping this discussion in terms of APIs and
management layer.
For instance, it is true that dynamic routing support, and BGP support
might be a prerequisite for BGP VPNs, but it should be possible to have at
least an idea of how user and admin APIs for this VPN use case should look
like.

In particular the discussion on service chaining is a bit out of scope
here. I'd just note that [1] seems to have a lot of overlap with
group-based-policies [2], and that it appears to be a service that consumes
Neutron rather than an extension to it.

The current VPN service was conceived to be fairly generic. IPSEC VPN is
the only implemented one, but SSL VPN and BGP VPN were on the map as far as
I recall.
Personally having a lot of different VPN APIs is not ideal for users. As a
user, I probably don't even care about configuring a VPN. What is important
for me is to get L2 or L3 access to a network in the cloud; therefore I
would seek for common abstractions that might allow a user for configuring
a VPN service using the same APIs. Obviously then there will be parameters
which will be specific for the particular class of VPN being created.

I listened to several contributors in the area in the past, and there are
plenty of opinions across a spectrum which goes from total abstraction
(just expose "edges" at the API layer) to what could be tantamount to a
RESTful configuration of a VPN appliance. I am not in a position such to
prescribe what direction the community should take; so, for instance, if
the people working on XXX VPN believe the best way forward for them is to
start a new project, so be it.

The other approach would obviously to build onto the current APIs. The only
way the Neutron API layer provides to do that is to extend and extension.
This sounds terrible, and it is indeed terrible. There is a proposal for
moving toward versioned APIs [3], but until that proposal is approved and
implemented extensions are the only thing we have.
>From an API perspective the mechanism would be simpler:
1 - declare the extension, and implement get_required_extension to put
'vpnaas' as a requirement
2 - implement a DB mixin for it providing basic CRUD operations
3 - add it to the VPN service plugin and add its alias to
'supported_extensions_aliases' (step 2 and 3 can be merged if you wish not
to have a mixin)

What might be a bit more challenging is defining how this reflects onto
VPN. Ideally you would have a driver for every VPN type you support, and
then have a little dispatcher to route the API call to the appropriate
driver according to the VPN type.

Salvatore

[1]
https://blueprints.launchpad.net/neutron/+spec/intent-based-service-chaining
[2] https://wiki.openstack.org/wiki/GroupBasedPolicy
[3] https://review.openstack.org/#/c/136760

On 6 May 2015 at 07:14, Vikram Choudhary <vikram.choudhary at huawei.com>
wrote:

>  Hi Paul,
>
>
>
> Thanks for starting this mail thread.  We are also eyeing for supporting
> MPBGP in neutron and will like to actively participate in this discussion.
>
> Please let me know about the IRC channels which we will be following for
> this discussion.
>
>
>
> Currently, I am following below BP’s for this work.
>
> https://blueprints.launchpad.net/neutron/+spec/edge-vpn
>
> https://blueprints.launchpad.net/neutron/+spec/bgp-dynamic-routing
>
> https://blueprints.launchpad.net/neutron/+spec/dynamic-routing-framework
>
>
> https://blueprints.launchpad.net/neutron/+spec/prefix-clashing-issue-with-dynamic-routing-protocol
>
>
>
> Moreover, a similar kind of work is being headed by Cathy for defining an
> intent framework which can extended for various use case. Currently it will
> be leveraged for SFC but I feel the same can be used for providing intend
> VPN use case.
>
>
> https://blueprints.launchpad.net/neutron/+spec/intent-based-service-chaining
>
>
>
> Thanks
>
> Vikram
>
>
>
> *From:* Paul Michali [mailto:pc at michali.net]
> *Sent:* 06 May 2015 01:38
> *To:* OpenStack Development Mailing List (not for usage questions)
> *Subject:* [openstack-dev] [neutron] How should edge services APIs
> integrate into Neutron?
>
>
>
> There's been talk in VPN land about new services, like BGP VPN and DM VPN.
> I suspect there are similar things in other Advanced Services. I talked to
> Salvatore today, and he suggested starting a ML thread on this...
>
>
>
> Can someone elaborate on how we should integrate these API extensions into
> Neutron, both today, and in the future, assuming the proposal that
> Salvatore has is adopted?
>
>
>
> I could see two cases. The first, and simplest, is when a feature has an
> entirely new API that doesn't leverage off of an existing API.
>
>
>
> The other case would be when the feature's API would dovetail into the
> existing service API. For example, one may use the existing vpn_service API
> to create the service, but then create BGP VPN or DM VPN connections for
> that service, instead of the IPSec connections we have today.
>
>
>
> If there are examples already of how to extend an existing API extension
> that would help in understanding how to do this.
>
>
>
> I see that there are RESOURCE_ATTRIBUTE_MAPs with the information on the
> API, and I see that the plugin has a supported_extension_aliases, but
> beyond that, I'm not really sure how it all hooks up, and how to extend an
> existing extension.
>
>
>
> I'm assuming that the python-neutronclient would also need to be updated.
>
>
>
>
>
> So... the intent here is to start some discussion on how we do this, such
> that we have some things figured out before the summit and can save some
> time.
>
>
>
> Thanks in advance,
>
>
>
> Paul Michali (pc_m)
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150506/9bfcd11c/attachment.html>


More information about the OpenStack-dev mailing list