Re: [openstack-dev] [controller-dev] Group-Based Policy Understanding and Queries
CC'ed ODL GBP --- although this doesn't concern them at this point, it may be of interest to the team On Fri, Sep 26, 2014 at 12:10 AM, Sachi Gupta sachi.gu...@tcs.com wrote: Hi All, Request you all to provide inputs of the below queries: - As per my understanding GBP constructs are mapped to neutron calls for example - creating an endpoint, the neutron mapping driver will map it to the existing port creation method. Similarly to achieve the complete functionality of GBP openstack, I have checked for the neutron calls and it includes network, subnet, port, router, security group. Correct. 1. Creating a contract - policy rules..Will this include a call to firewall rules or only security group calls will be done? At this point, only security group calls. 1. 2. I need to integrate Openstack with Opendaylight(ODL). To achieve the interface between two will it be done by ML2 plugin and neutron mapping driver of Openstack or something additional is required? That should be enough. 1. 2. The neutron northbound APIs of ODL include network, subnet, port, router, security groups, firewall calls. Any other call that needs to be included a part from these in ODL. Even FWaaS APIs are supported in ODL now? If so, I guess ODL is even ready to do (basic) 'redirect' action once it is implemented on the mapping driver then. And no, you should not need any other APIs. 1. 2. Do the neutron calls that will be mapped by the neutron mapping driver of openstack are something different from the previous neutron calls that were being made without using GBP??? For example: The network create call that was used previously with ODL without using GBP in openstack. Will it be different from the network call to ODL that will be made by GBP mapping driver of openstack. No. The intent of mapping driver is to allow network policies to be rendered by current Neutron plugins. So the ODL calls should NOT be any different from before, the magic happens in the mapping driver layer. 1. 2. How the GBP project in openstack will be affecting the Opendaylight neutron calls?? It doesn't. That said, I fully expect the ODL Neutron handling layer to support GBP APIs in the (near) future. When that happens, instead of using the mapping driver, you will have an additional choice of using the ODL GBP driver. Hope it helps, - Stephen Thanks in Advance Sachi Gupta From:Sumit Naiksatam sumitnaiksa...@gmail.com To:OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Date:09/23/2014 04:33 AM Subject:Re: [openstack-dev] Group-Based Policy Understanding and Queries -- Thanks for your interest in GBP, responses inline. On Sun, Sep 21, 2014 at 11:35 PM, Sachi Gupta sachi.gu...@tcs.com wrote: Hi All, Request you all to provide inputs on below understanding: Openstack: Group-based policy is a blueprint for Juno-3 release of Openstack. It will extend OpenStack Networking with policy and connectivity abstractions that enable significantly more simplified and application-oriented interfaces than with the current Neutron API model. When will be the code ready for Group-based policy as an open source? The code has been in review in gerrit for a while now, you can find all the links to all the patches here: https://wiki.openstack.org/wiki/Meetings/Neutron_Group_Policy/Patches We are also consolidating this code in Stackforge so that its usable starting from the Juno release. Openstack group policy API will be an extension to the Neutron APIs. There will be a policy manager to manage the policy and policy rules. Will GBP a part of neutron?? If yes, then will GBP be a part of Horizon under neutron? The wiki page above has links to client, Horizon and Heat patches. Policy driver which will act as an interface(ODL Policy Driver). For eg. we used neutron ML2 plugin as an interface between Openstack neutron and ODL neutron northbound. When will the policy driver for ODL available? Openstack policy driver for ODL will act as an interface to ODL. Which API in ODL, Policy calls from Openstack ODL Policy driver will be hitting?? I know that this was planned, so you would probably need to check with the author of the following patch for the status on this: https://review.openstack.org/#/c/105606/ We can also bring this up for discussion during the weekly IRC: https://wiki.openstack.org/wiki/Meetings/Neutron_Group_Policy Thanks Regards Sachi Gupta =-=-= Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the
Re: [openstack-dev] [controller-dev] Group-Based Policy Understanding and Queries
On Fri, Sep 26, 2014 at 10:22 AM, Stephen Wong stephen.kf.w...@gmail.com wrote: CC'ed ODL GBP --- although this doesn't concern them at this point, it may be of interest to the team On Fri, Sep 26, 2014 at 12:10 AM, Sachi Gupta sachi.gu...@tcs.com wrote: Hi All, Request you all to provide inputs of the below queries: As per my understanding GBP constructs are mapped to neutron calls for example - creating an endpoint, the neutron mapping driver will map it to the existing port creation method. Similarly to achieve the complete functionality of GBP openstack, I have checked for the neutron calls and it includes network, subnet, port, router, security group. Correct. Creating a contract - policy rules..Will this include a call to firewall rules or only security group calls will be done? At this point, only security group calls. We have also used FWaaS rules in our experiments earlier, but it won't be a part of the initial version of the mapping. In general, the GBP model is independent of the rendering. I need to integrate Openstack with Opendaylight(ODL). To achieve the interface between two will it be done by ML2 plugin and neutron mapping driver of Openstack or something additional is required? That should be enough. The neutron northbound APIs of ODL include network, subnet, port, router, security groups, firewall calls. Any other call that needs to be included a part from these in ODL. Even FWaaS APIs are supported in ODL now? If so, I guess ODL is even ready to do (basic) 'redirect' action once it is implemented on the mapping driver then. And no, you should not need any other APIs. Do the neutron calls that will be mapped by the neutron mapping driver of openstack are something different from the previous neutron calls that were being made without using GBP??? For example: The network create call that was used previously with ODL without using GBP in openstack. Will it be different from the network call to ODL that will be made by GBP mapping driver of openstack. No. The intent of mapping driver is to allow network policies to be rendered by current Neutron plugins. So the ODL calls should NOT be any different from before, the magic happens in the mapping driver layer. How the GBP project in openstack will be affecting the Opendaylight neutron calls?? It doesn't. That said, I fully expect the ODL Neutron handling layer to support GBP APIs in the (near) future. When that happens, instead of using the mapping driver, you will have an additional choice of using the ODL GBP driver. Hope it helps, - Stephen Thanks in Advance Sachi Gupta From:Sumit Naiksatam sumitnaiksa...@gmail.com To:OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Date:09/23/2014 04:33 AM Subject:Re: [openstack-dev] Group-Based Policy Understanding and Queries Thanks for your interest in GBP, responses inline. On Sun, Sep 21, 2014 at 11:35 PM, Sachi Gupta sachi.gu...@tcs.com wrote: Hi All, Request you all to provide inputs on below understanding: Openstack: Group-based policy is a blueprint for Juno-3 release of Openstack. It will extend OpenStack Networking with policy and connectivity abstractions that enable significantly more simplified and application-oriented interfaces than with the current Neutron API model. When will be the code ready for Group-based policy as an open source? The code has been in review in gerrit for a while now, you can find all the links to all the patches here: https://wiki.openstack.org/wiki/Meetings/Neutron_Group_Policy/Patches We are also consolidating this code in Stackforge so that its usable starting from the Juno release. Openstack group policy API will be an extension to the Neutron APIs. There will be a policy manager to manage the policy and policy rules. Will GBP a part of neutron?? If yes, then will GBP be a part of Horizon under neutron? The wiki page above has links to client, Horizon and Heat patches. Policy driver which will act as an interface(ODL Policy Driver). For eg. we used neutron ML2 plugin as an interface between Openstack neutron and ODL neutron northbound. When will the policy driver for ODL available? Openstack policy driver for ODL will act as an interface to ODL. Which API in ODL, Policy calls from Openstack ODL Policy driver will be hitting?? I know that this was planned, so you would probably need to check with the author of the following patch for the status on this: https://review.openstack.org/#/c/105606/ We can also bring this up for discussion during the weekly IRC: https://wiki.openstack.org/wiki/Meetings/Neutron_Group_Policy Thanks Regards Sachi Gupta =-=-= Notice: The information contained in this e-mail message and/or attachments to it