SlideShare ist ein Scribd-Unternehmen logo

Open stackatlantagrouppolicy

Als PPTX, PDF herunterladen
Mohammad Banikazemi
Mohammad Banikazemi

This is the slides for the talk Network Policy Abstractions in Neutron given at OpenStack Summit, Atlanta, May 2014.

Technologie
1 von 20
May 2014 Network Policy Abstractions in Neutron Mohammad Banikazemi Sumit Naiksatam Stephen Wong
Outline ❖ Introduction ❖ Neutron Abstractions ❖ Group Policy Extension ❖ PoC Implementation and Demo ❖ Future Directions ❖ Q&A
Networking in the Cloud ❖ Current API: network centric ❖ Need a more application centric set of abstractions as well ❖ More easily understood/utilized by higher layers ❖ Declarative model ❖ Separation of concerns
Desired Features ❖ Provide policy-based connectivity between application tiers ❖ Support dynamic application of policies ❖ Redirection to Network services and chains ❖ Policies defined by administrators and users
Current Neutron API ❖ Network centric, close to physical devices ❖ Network: isolated layer-2 broadcast domain; private/shared ❖ Subnet: CIDR IP address block associated with a network; optionally associated with gateway, DNS/DHCP servers ❖ Port: virtual switch port on a network; has MAC and IP address properties ❖ Router: connects networks, supports SNAT
Example: Multi Tier Apps Q Web Application DB Firewall Load Balancer QoS External Network (Internet)
Neutron Representation Q Network/ subnet Network/ subnet Network/ subnet Router External Network Port Q neutron net-create web_tier neutron subnet-create web_tier 10.0.0.0/24 neutron router-create router1 neutron router-add-interface router1 web_subnet . . .
Group Policy e x t e n s i o n
The Basic Idea ❖ Endpoint (EP): Lowest unit of abstraction where policy is applied ❖ Endpoint Group (EPG): Logical grouping of endpoints ❖ Policy Rule: Network policies to access EPGs ❖ Contract: Collection of policy rules
EPG-Contract Relationship ❖ An EPG may provide one or more contracts ❖ An EPG may consume one or more contracts Endpoint Group Contract ❖ Application deployer focused
Policy Rules ❖ Action is applied to traffic specified by Classifier Policy Rule Classifier Protocol Ports Direction Action Type Value Action Type Allow Redirect QoS Log Copy Mark Value None Service/Chain QoS args Log args Copy args Mark args
Group Policy - Workflow neutron classifier-create Insecure-Web-Access --port 80 --protocol TCP --direction IN neutron policy-rule insecure-web --policy-classifier Insecure-Web-Access --actions ALLOW neutron contract-create Web-Server-Contract --policy-rule insecure-web ❖ Create contract ❖ Create EPGs and provide/consume contracts neutron epg-create Web-Server-EPG --provides-contract Web-Server-Contract neutron ep-create --endpoint-group Web-Server-EPG neutron epg-create Outside-EPG --consumes-contract Web-Server-Contract
Putting It All Together – 3 Tier App Web Application DB Firewall Load Balancer External Network (Internet)
Group Policy Realization EPG Web EPG Application EPG DB Firewall EPG External Network (Internet) Contract Protocol:TCP Port:80 Action:Redirect To FW_LB_CHAIN ProvidesConsumes Protocol:TCP Port:3306 Action:ALLOW Protocol:TCP Port:9080 Action:ALLOW EPG EPG
Optional Constructs in Model ❖ Scopes: put constraints around how provider and consumer EPGs are matched ❖ Policy Rule Filters: allow for tagging Policy Rules with Labels such that subsets can be created in a Contract ❖ Contract hierarchy: infra admin constraints can be achieved by Contract hierarchical composition ❖ Endpoint labels: policies get triggered automatically when labels are added or removed
Proof of Concept i m p l e m e n t a t i o n
PoC Implementation ❖ Team has worked on a PoC implementation ❖ Considering various model and implementation alternatives ❖ Using legacy driver ❖ CLI, Horizon, and Heat CLI Neutron Heat Horizon Policy Manager Legacy Policy Driver ODL Policy Driver others
The Group Policy PoC Team ❖ Sumit Naiksatam, Robert Kukura, Mandeep Dhami (Cisco) ❖ Mohammad Banikazemi (IBM) ❖ Stephen Wong (Midokura) ❖ Ronak Shah (Nuage Networks) ❖ Hemanth Ravi, Susaant Kondapaneni, Prasad Vellanki (One Convergence) ❖ Rudra Rugge (Juniper)
State of Implementation ❖ The blueprint for Group Policy has been reviewed/approved ❖ Working PoC available (install from: https://github.com/noironetworks/devstack/tree/group- policy-poc) ❖ Neutron reference implementation for Group Policy is in progress ❖ Complementary work on network services framework is in progress
More Information ❖ Neutron Group-based Policy design session May 16 • 10:50am - 11:30am • B304 ❖ Wiki page: https://wiki.openstack.org/wiki/Neutron/GroupPolicy ❖ Neutron Group Policy Sub-Team Meeting IRC weekly meetings: https://wiki.openstack.org/wiki/Meetings/Neutron_Group_Policy

Empfohlen

Vivpn pp tfinal
Vivpn pp tfinalVivpn pp tfinal
Vivpn pp tfinalsangusajjan
 
ElasticISP
ElasticISPElasticISP
ElasticISPKHNOG
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationRam Bharosh Raut
 
New features in PMTA 5.0
New features in PMTA 5.0New features in PMTA 5.0
New features in PMTA 5.0SparkPost
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moesheshMohamed Shishtawy
 
Power Mta 4.0
Power Mta 4.0Power Mta 4.0
Power Mta 4.0powerMta
 
12 Understanding V P Ns
12 Understanding V P Ns12 Understanding V P Ns
12 Understanding V P NsAamirAziz
 
Neutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and ChainsNeutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and ChainsDaniel Krook
 

Empfohlen

Vivpn pp tfinal
Vivpn pp tfinalVivpn pp tfinal
Vivpn pp tfinalsangusajjan
 
ElasticISP
ElasticISPElasticISP
ElasticISPKHNOG
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationRam Bharosh Raut
 
New features in PMTA 5.0
New features in PMTA 5.0New features in PMTA 5.0
New features in PMTA 5.0SparkPost
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moesheshMohamed Shishtawy
 
Power Mta 4.0
Power Mta 4.0Power Mta 4.0
Power Mta 4.0powerMta
 
12 Understanding V P Ns
12 Understanding V P Ns12 Understanding V P Ns
12 Understanding V P NsAamirAziz
 
Neutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and ChainsNeutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and ChainsDaniel Krook
 
Traffic Control as a Service
Traffic Control as a ServiceTraffic Control as a Service
Traffic Control as a ServiceOfer Ben Yaacov
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPROIDEA
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC UpdatesMyNOG
 
Rolling out Baya V3 with ConnectXF
Rolling out Baya V3 with ConnectXF Rolling out Baya V3 with ConnectXF
Rolling out Baya V3 with ConnectXF Mithi SkyConnect
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service ProvidersBAKOTECH
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengMyNOG
 
Group-based Policy for Networking
Group-based Policy for NetworkingGroup-based Policy for Networking
Group-based Policy for NetworkingSumit Naiksatam
 
V P N
V P NV P N
V P Nbhathiji
 
PMTA Success Story - J2 Martech
PMTA Success Story - J2 MartechPMTA Success Story - J2 Martech
PMTA Success Story - J2 MartechSparkPost
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALASaikiran Panjala
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxC4Media
 
Virtual private network, vpn presentation
Virtual private network, vpn presentationVirtual private network, vpn presentation
Virtual private network, vpn presentationAmjad Bhutto
 
Ir.34 v14.0
Ir.34 v14.0Ir.34 v14.0
Ir.34 v14.0Pascalo
 
Big ip f5 ltm load balancing methods
Big ip f5 ltm load balancing methodsBig ip f5 ltm load balancing methods
Big ip f5 ltm load balancing methodsUtpal Sinha
 
Virtual private network 03
Virtual private network 03Virtual private network 03
Virtual private network 03Noman khan
 
Vpn
VpnVpn
VpnNure Alam
 
VPN as the Key for a Successful MSP Business
VPN as the Key for a Successful MSP BusinessVPN as the Key for a Successful MSP Business
VPN as the Key for a Successful MSP BusinessSafar Safarov
 
Daily livestock report apr 15 2013
Daily livestock report apr 15 2013Daily livestock report apr 15 2013
Daily livestock report apr 15 2013joseleorcasita
 
Rakesh_Gupta
Rakesh_GuptaRakesh_Gupta
Rakesh_GuptaRakesh Gupta
 
About meimmersion abw
About meimmersion abwAbout meimmersion abw
About meimmersion abwlabecvar
 
Fcv hum mach_belongie
Fcv hum mach_belongieFcv hum mach_belongie
Fcv hum mach_belongiezukun
 
Reddottherapy
ReddottherapyReddottherapy
ReddottherapyRobert Frampton
 

Weitere ähnliche Inhalte

Was ist angesagt?

Traffic Control as a Service
Traffic Control as a ServiceTraffic Control as a Service
Traffic Control as a ServiceOfer Ben Yaacov
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPROIDEA
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC UpdatesMyNOG
 
Rolling out Baya V3 with ConnectXF
Rolling out Baya V3 with ConnectXF Rolling out Baya V3 with ConnectXF
Rolling out Baya V3 with ConnectXF Mithi SkyConnect
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service ProvidersBAKOTECH
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengMyNOG
 
Group-based Policy for Networking
Group-based Policy for NetworkingGroup-based Policy for Networking
Group-based Policy for NetworkingSumit Naiksatam
 
PMTA Success Story - J2 Martech
PMTA Success Story - J2 MartechPMTA Success Story - J2 Martech
PMTA Success Story - J2 MartechSparkPost
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALASaikiran Panjala
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxC4Media
 
Virtual private network, vpn presentation
Virtual private network, vpn presentationVirtual private network, vpn presentation
Virtual private network, vpn presentationAmjad Bhutto
 
Ir.34 v14.0
Ir.34 v14.0Ir.34 v14.0
Ir.34 v14.0Pascalo
 
Big ip f5 ltm load balancing methods
Big ip f5 ltm load balancing methodsBig ip f5 ltm load balancing methods
Big ip f5 ltm load balancing methodsUtpal Sinha
 
Virtual private network 03
Virtual private network 03Virtual private network 03
Virtual private network 03Noman khan
 
VPN as the Key for a Successful MSP Business
VPN as the Key for a Successful MSP BusinessVPN as the Key for a Successful MSP Business
VPN as the Key for a Successful MSP BusinessSafar Safarov
 

Was ist angesagt? (17)

Traffic Control as a Service
Traffic Control as a ServiceTraffic Control as a Service
Traffic Control as a Service
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
 
Rolling out Baya V3 with ConnectXF
Rolling out Baya V3 with ConnectXF Rolling out Baya V3 with ConnectXF
Rolling out Baya V3 with ConnectXF
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service Providers
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
 
Group-based Policy for Networking
Group-based Policy for NetworkingGroup-based Policy for Networking
Group-based Policy for Networking
 
V P N
V P NV P N
V P N
 
PMTA Success Story - J2 Martech
PMTA Success Story - J2 MartechPMTA Success Story - J2 Martech
PMTA Success Story - J2 Martech
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a Fox
 
Virtual private network, vpn presentation
Virtual private network, vpn presentationVirtual private network, vpn presentation
Virtual private network, vpn presentation
 
Ir.34 v14.0
Ir.34 v14.0Ir.34 v14.0
Ir.34 v14.0
 
Big ip f5 ltm load balancing methods
Big ip f5 ltm load balancing methodsBig ip f5 ltm load balancing methods
Big ip f5 ltm load balancing methods
 
Virtual private network 03
Virtual private network 03Virtual private network 03
Virtual private network 03
 
Vpn
VpnVpn
Vpn
 
VPN as the Key for a Successful MSP Business
VPN as the Key for a Successful MSP BusinessVPN as the Key for a Successful MSP Business
VPN as the Key for a Successful MSP Business
 

Andere mochten auch

Daily livestock report apr 15 2013
Daily livestock report apr 15 2013Daily livestock report apr 15 2013
Daily livestock report apr 15 2013joseleorcasita
 
About meimmersion abw
About meimmersion abwAbout meimmersion abw
About meimmersion abwlabecvar
 
Fcv hum mach_belongie
Fcv hum mach_belongieFcv hum mach_belongie
Fcv hum mach_belongiezukun
 
A Dualistic Sub-Image Histogram Equalization Based Enhancement and Segmentati...
A Dualistic Sub-Image Histogram Equalization Based Enhancement and Segmentati...A Dualistic Sub-Image Histogram Equalization Based Enhancement and Segmentati...
A Dualistic Sub-Image Histogram Equalization Based Enhancement and Segmentati...inventy
 

Andere mochten auch (7)

Daily livestock report apr 15 2013
Daily livestock report apr 15 2013Daily livestock report apr 15 2013
Daily livestock report apr 15 2013
 
Rakesh_Gupta
Rakesh_GuptaRakesh_Gupta
Rakesh_Gupta
 
About meimmersion abw
About meimmersion abwAbout meimmersion abw
About meimmersion abw
 
Fcv hum mach_belongie
Fcv hum mach_belongieFcv hum mach_belongie
Fcv hum mach_belongie
 
Reddottherapy
ReddottherapyReddottherapy
Reddottherapy
 
A Dualistic Sub-Image Histogram Equalization Based Enhancement and Segmentati...
A Dualistic Sub-Image Histogram Equalization Based Enhancement and Segmentati...A Dualistic Sub-Image Histogram Equalization Based Enhancement and Segmentati...
A Dualistic Sub-Image Histogram Equalization Based Enhancement and Segmentati...
 
Git basics
Git basicsGit basics
Git basics
 

Ähnlich wie Open stackatlantagrouppolicy

Network Policy Abstractions in OpenStack Neutron
Network Policy Abstractions in OpenStack NeutronNetwork Policy Abstractions in OpenStack Neutron
Network Policy Abstractions in OpenStack NeutronSumit Naiksatam
 
Network Convergence of Mobile, Broadband and Wi-Fi
Network Convergence of Mobile, Broadband and Wi-FiNetwork Convergence of Mobile, Broadband and Wi-Fi
Network Convergence of Mobile, Broadband and Wi-Fi3G4G
 
Docker meetup oct14
Docker meetup oct14Docker meetup oct14
Docker meetup oct14Vipin Jain
 
Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014
Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014
Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014Scott Sneddon
 
5 maximazing networkcapacity_v4-jorge_alvarado
5 maximazing networkcapacity_v4-jorge_alvarado5 maximazing networkcapacity_v4-jorge_alvarado
5 maximazing networkcapacity_v4-jorge_alvaradoSSPI Brasil
 
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PROIDEA
 
Security and Transport Performance in 5G
Security and Transport Performance in 5GSecurity and Transport Performance in 5G
Security and Transport Performance in 5GDirk Kutscher
 
Hyperledger Fabric update Meetup 20181101
Hyperledger Fabric update Meetup 20181101Hyperledger Fabric update Meetup 20181101
Hyperledger Fabric update Meetup 20181101Arnaud Le Hors
 
Group Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutron
Group Based Policy: Open Source Policy in OpenDaylight and OpenStack NeutronGroup Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutron
Group Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutronmestery
 
Managing infrastructure with Application Policy by Mike Cohen
Managing infrastructure with Application Policy by Mike CohenManaging infrastructure with Application Policy by Mike Cohen
Managing infrastructure with Application Policy by Mike Cohenbuildacloud
 
csevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfcsevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfHirazNor
 
Group-based Policy For OpenStack Networking
Group-based Policy For OpenStack NetworkingGroup-based Policy For OpenStack Networking
Group-based Policy For OpenStack NetworkingSumit Naiksatam
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityRaphaël PINSON
 
QoS in IP Network.pptx
QoS in IP Network.pptxQoS in IP Network.pptx
QoS in IP Network.pptxPiyushJha78
 

Ähnlich wie Open stackatlantagrouppolicy (20)

Network Policy Abstractions in OpenStack Neutron
Network Policy Abstractions in OpenStack NeutronNetwork Policy Abstractions in OpenStack Neutron
Network Policy Abstractions in OpenStack Neutron
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2
 
Vpn
VpnVpn
Vpn
 
TFI2014 Session I - State of SDN - Scott Sneddon
TFI2014 Session I - State of SDN - Scott SneddonTFI2014 Session I - State of SDN - Scott Sneddon
TFI2014 Session I - State of SDN - Scott Sneddon
 
Network Convergence of Mobile, Broadband and Wi-Fi
Network Convergence of Mobile, Broadband and Wi-FiNetwork Convergence of Mobile, Broadband and Wi-Fi
Network Convergence of Mobile, Broadband and Wi-Fi
 
Docker meetup oct14
Docker meetup oct14Docker meetup oct14
Docker meetup oct14
 
Network Rightsizing Best Practices Guide
Network Rightsizing Best Practices GuideNetwork Rightsizing Best Practices Guide
Network Rightsizing Best Practices Guide
 
Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014
Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014
Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014
 
5 maximazing networkcapacity_v4-jorge_alvarado
5 maximazing networkcapacity_v4-jorge_alvarado5 maximazing networkcapacity_v4-jorge_alvarado
5 maximazing networkcapacity_v4-jorge_alvarado
 
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
 
Security and Transport Performance in 5G
Security and Transport Performance in 5GSecurity and Transport Performance in 5G
Security and Transport Performance in 5G
 
Hyperledger Fabric update Meetup 20181101
Hyperledger Fabric update Meetup 20181101Hyperledger Fabric update Meetup 20181101
Hyperledger Fabric update Meetup 20181101
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
Group Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutron
Group Based Policy: Open Source Policy in OpenDaylight and OpenStack NeutronGroup Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutron
Group Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutron
 
Managing infrastructure with Application Policy by Mike Cohen
Managing infrastructure with Application Policy by Mike CohenManaging infrastructure with Application Policy by Mike Cohen
Managing infrastructure with Application Policy by Mike Cohen
 
csevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfcsevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdf
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) ppt
 
Group-based Policy For OpenStack Networking
Group-based Policy For OpenStack NetworkingGroup-based Policy For OpenStack Networking
Group-based Policy For OpenStack Networking
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
 
QoS in IP Network.pptx
QoS in IP Network.pptxQoS in IP Network.pptx
QoS in IP Network.pptx
 

Kürzlich hochgeladen

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Kürzlich hochgeladen (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Open stackatlantagrouppolicy

  • 1. May 2014 Network Policy Abstractions in Neutron Mohammad Banikazemi Sumit Naiksatam Stephen Wong
  • 2. Outline ❖ Introduction ❖ Neutron Abstractions ❖ Group Policy Extension ❖ PoC Implementation and Demo ❖ Future Directions ❖ Q&A
  • 3. Networking in the Cloud ❖ Current API: network centric ❖ Need a more application centric set of abstractions as well ❖ More easily understood/utilized by higher layers ❖ Declarative model ❖ Separation of concerns
  • 4. Desired Features ❖ Provide policy-based connectivity between application tiers ❖ Support dynamic application of policies ❖ Redirection to Network services and chains ❖ Policies defined by administrators and users
  • 5. Current Neutron API ❖ Network centric, close to physical devices ❖ Network: isolated layer-2 broadcast domain; private/shared ❖ Subnet: CIDR IP address block associated with a network; optionally associated with gateway, DNS/DHCP servers ❖ Port: virtual switch port on a network; has MAC and IP address properties ❖ Router: connects networks, supports SNAT
  • 6. Example: Multi Tier Apps Q Web Application DB Firewall Load Balancer QoS External Network (Internet)
  • 7. Neutron Representation Q Network/ subnet Network/ subnet Network/ subnet Router External Network Port Q neutron net-create web_tier neutron subnet-create web_tier 10.0.0.0/24 neutron router-create router1 neutron router-add-interface router1 web_subnet . . .
  • 8. Group Policy e x t e n s i o n
  • 9. The Basic Idea ❖ Endpoint (EP): Lowest unit of abstraction where policy is applied ❖ Endpoint Group (EPG): Logical grouping of endpoints ❖ Policy Rule: Network policies to access EPGs ❖ Contract: Collection of policy rules
  • 10. EPG-Contract Relationship ❖ An EPG may provide one or more contracts ❖ An EPG may consume one or more contracts Endpoint Group Contract ❖ Application deployer focused
  • 11. Policy Rules ❖ Action is applied to traffic specified by Classifier Policy Rule Classifier Protocol Ports Direction Action Type Value Action Type Allow Redirect QoS Log Copy Mark Value None Service/Chain QoS args Log args Copy args Mark args
  • 12. Group Policy - Workflow neutron classifier-create Insecure-Web-Access --port 80 --protocol TCP --direction IN neutron policy-rule insecure-web --policy-classifier Insecure-Web-Access --actions ALLOW neutron contract-create Web-Server-Contract --policy-rule insecure-web ❖ Create contract ❖ Create EPGs and provide/consume contracts neutron epg-create Web-Server-EPG --provides-contract Web-Server-Contract neutron ep-create --endpoint-group Web-Server-EPG neutron epg-create Outside-EPG --consumes-contract Web-Server-Contract
  • 13. Putting It All Together – 3 Tier App Web Application DB Firewall Load Balancer External Network (Internet)
  • 14. Group Policy Realization EPG Web EPG Application EPG DB Firewall EPG External Network (Internet) Contract Protocol:TCP Port:80 Action:Redirect To FW_LB_CHAIN ProvidesConsumes Protocol:TCP Port:3306 Action:ALLOW Protocol:TCP Port:9080 Action:ALLOW EPG EPG
  • 15. Optional Constructs in Model ❖ Scopes: put constraints around how provider and consumer EPGs are matched ❖ Policy Rule Filters: allow for tagging Policy Rules with Labels such that subsets can be created in a Contract ❖ Contract hierarchy: infra admin constraints can be achieved by Contract hierarchical composition ❖ Endpoint labels: policies get triggered automatically when labels are added or removed
  • 16. Proof of Concept i m p l e m e n t a t i o n
  • 17. PoC Implementation ❖ Team has worked on a PoC implementation ❖ Considering various model and implementation alternatives ❖ Using legacy driver ❖ CLI, Horizon, and Heat CLI Neutron Heat Horizon Policy Manager Legacy Policy Driver ODL Policy Driver others
  • 18. The Group Policy PoC Team ❖ Sumit Naiksatam, Robert Kukura, Mandeep Dhami (Cisco) ❖ Mohammad Banikazemi (IBM) ❖ Stephen Wong (Midokura) ❖ Ronak Shah (Nuage Networks) ❖ Hemanth Ravi, Susaant Kondapaneni, Prasad Vellanki (One Convergence) ❖ Rudra Rugge (Juniper)
  • 19. State of Implementation ❖ The blueprint for Group Policy has been reviewed/approved ❖ Working PoC available (install from: https://github.com/noironetworks/devstack/tree/group- policy-poc) ❖ Neutron reference implementation for Group Policy is in progress ❖ Complementary work on network services framework is in progress
  • 20. More Information ❖ Neutron Group-based Policy design session May 16 • 10:50am - 11:30am • B304 ❖ Wiki page: https://wiki.openstack.org/wiki/Neutron/GroupPolicy ❖ Neutron Group Policy Sub-Team Meeting IRC weekly meetings: https://wiki.openstack.org/wiki/Meetings/Neutron_Group_Policy