SlideShare a Scribd company logo

OpenStack Folsom Summit: Melange overview

Download as KEY, PDF
T
troytoman

This is the slide deck from the Melange overview presentation given during the OpenStack Folsom Summit in San Francisco.

TechnologyBusiness
1 of 16
Melange Overview Troy Toman Folsom Summit April 2012
Melange • mélange: noun, a mixture; medley. • melange or mélange • 1. a mixture; confusion • 2. geology  a totally disordered mixture of rocks of different shapes, sizes, ages, and origins 
History • Spun out of NetStack work at Diablo summit • Initial proposal to integrate directly into Nova • Shifted to incubated project after Essex summit • Merging into Quantum going forward • API Doc: http://melange.readthedocs.org
Original Melange Blueprint ✓across OpenStack services. network information services for use Melange is intended to provide ✓The initial focus will be on IP address management (IPAM) - and address discovery (DHCP/dnsmasq) functionality. ✓Melange is intended to be a standalone service with it's own API. NOTE: Melange is just a data store - it doesn’t DO anything!
Melange Elements • IP Blocks • IP Addresses • Static Routes • Interfaces • NAT’ing • Policies • MAC address ranges
IP Blocks • Public or private IP space tracking • { "ip_block": { "broadcast": "10.1.1.255", "cidr": "10.1.1.0/24", "created_at": "2011-12-01T09:46:22", "dns1": "8.8.8.8", "dns2": "8.8.4.4", "gateway": "10.1.1.1", "id": "af19f87a-d6a9-4ce5-b30f-4cc9878ec292", "netmask": "255.255.255.0", "network_id": "quantum_net_id4", "parent_id": null, "policy_id": "2f730874-2088-4f91-87fb-63792c753971", "tenant_id": "RAX", "type": "private", "updated_at": "2011-12-01T09:46:22" } }
IP Addresses { "ip_address": { "address": "10.1.1.6", "created_at": "2011-12-01T10:02:53", "id": "94fa249b-0626-49fc-b420-cce13dabed4f", "interface_id": "interface_id", "ip_block_id": "af19f87a-d6a9-4ce5-b30f-4cc9878ec292", "updated_at": "2011-12-01T10:02:53", "used_by_device": "instance_id", "used_by_tenant": "lessee_tenant", "version": 4 } } Supports both IPv6 and IPv6 addresses
Static Routes • GET /ipam/tenants/{tenant_id}/ip_blocks/{ip_block_id}/ip_routes { "ip_routes": [ { "created_at": "2011-12-01T10:19:12", "destination": "192.168.0.0", "gateway": "10.1.1.1", "id": "364c555d-4e35-43d4-9807-59535df082a5", "netmask": "255.255.255.0", "updated_at": "2011-12-01T10:19:12" }, { "created_at": "2011-12-01T10:20:47", "destination": "192.168.0.0", "gateway": "10.1.1.1", "id": "7ebffbd6-3640-4061-b8f1-7878463e651f", "netmask": "255.255.255.0", "updated_at": "2011-12-01T10:20:47" } ] }
Interface Creation • Orchestrated creation of interface, MAC and IP assignment • POST /ipam/interfaces/ • Creates a vif record, allocates a mac and optionally allocates ip address from a network { "interface": { "id": "virt_iface", "device_id": "instance", "tenant_id": "tnt", "network": { "id": "net1", "addresses": ["10.0.0.2"], "tenant_id": "network_owner_tenant_id" } } }
Interfaces { "interface": { "created_at": "2011-12-01T13:18:37", "device_id": "instance", "id": "virt_iface", "ip_addresses": [ { "address": "10.0.0.2", "id": "7615ca4a-787d-46b0-8a8c-3a90e3e6cf2c", "interface_id": "virt_iface", "ip_block": { "broadcast": "10.0.0.255", "cidr": "10.0.0.0/24", "dns1": "8.8.8.8", "dns2": "8.8.4.4", "gateway": "10.0.0.1", "id": "9c4c3dfd-c707-45bd-8626-9c369b1b9460", "ip_routes": [], "netmask": "255.255.255.0" }, "version": 4 } ], "mac_address": null, "tenant_id": "tnt_id", "updated_at": "2011-12-01T13:18:37" } }
Instance Interfaces • Batch interface for interface creation • PUT /ipam/instances/{instance_id}/interfaces/ • Create interfaces, allocate macs and ips on all networks provided. { "instance": { "tenant_id": "tnt", "interfaces": [ {"network": {"id": "public_net1", "tenant_id": "RAX"}, "mac_address": null}, {"network": {"id": "public_net2", "tenant_id": "RAX"}, "mac_address": null}, ] } }
NAT’ing • Intended for tracking floating IPs or NAT relationships • Globals - public IPs • Locals - private IPs • POST /ipam/ip_blocks/{ip_block_id}/ip_addresses/{address}/inside_globals • Finds local IpAddress from given ip_block_id and address and creates IpAddresses passed in params as its inside global. • {‘ip_addresses’:’[ { “ip_block_id” : “some_global_ip_block_id”, “ip_address” : “some_global_ip_address” }, ..., {....} }
Policies • Create policy (essentially a policy group) • Create policy elements • Unusable ranges • Unusable octets • Assign policy to block
Policy Example • `melange policy create -t {tenant} name={block_name} desc={policy_name}`  • `melange unusable_ip_octet create -t {tenant} policy_id={policy_id} octet=0` • `melange unusable_ip_octet create -t {tenant} policy_id={policy_id} octet=1` • `melange ip_block update -t {tenant} id={block_id} policy_id={policy_id}`
MAC Address Ranges • Ability to control the range of MAC addresses melange --host <melangeIP> --port 9898 mac_address_range create cidr=404040000000/24 mac_address_range:     cidr: 404040000000/24     created_at: '2012-01-25T17:21:46'     id: ad4e7f30-4e11-45b9-b204-c58d194fe5a9     updated_at: '2012-01-25T17:21:46'
Known Issues/Limitations • Woefully behind on user/admin documentation (Sorry!) • Early integration has focused around Quantum • DHCP scenario has not been broadly tested (vs. injection) • Needs more participation/input from broader community

Recommended

Unity makes strength
Unity makes strengthUnity makes strength
Unity makes strengthXavier Mertens
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat Security Conference
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB MongoDB
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBMongoDB
 
BlockchainConf.tech - Build a private blockchain workshop
BlockchainConf.tech - Build a private blockchain workshopBlockchainConf.tech - Build a private blockchain workshop
BlockchainConf.tech - Build a private blockchain workshopPad Kankipati
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat Security Conference
 
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...Felipe Prado
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 

Recommended

Unity makes strength
Unity makes strengthUnity makes strength
Unity makes strengthXavier Mertens
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat Security Conference
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB MongoDB
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBMongoDB
 
BlockchainConf.tech - Build a private blockchain workshop
BlockchainConf.tech - Build a private blockchain workshopBlockchainConf.tech - Build a private blockchain workshop
BlockchainConf.tech - Build a private blockchain workshopPad Kankipati
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat Security Conference
 
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...Felipe Prado
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare
 
Vault
VaultVault
VaultJean-Philippe Bélanger
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
 
FIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFederico Michele Facca
 
2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite 2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite Hu Kenneth
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key ManagementAnthony Ikeda
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)Valio Bonev
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault pptShrey Agarwal
 
HashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureHashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureNicolas Corrarello
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesMichał Czeraszkiewicz
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsDerek Downey
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat Security Conference
 
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat Security Conference
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]RootedCON
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolCheapSSLsecurity
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 
Growing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at HootsuiteGrowing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at HootsuiteJAmes Atwill
 
Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBMongoDB
 
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitMatrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitAlan Quayle
 

More Related Content

What's hot

Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
 
FIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFederico Michele Facca
 
2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite 2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite Hu Kenneth
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key ManagementAnthony Ikeda
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)Valio Bonev
 
HashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureHashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureNicolas Corrarello
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsDerek Downey
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat Security Conference
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]RootedCON
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolCheapSSLsecurity
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 
Growing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at HootsuiteGrowing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at HootsuiteJAmes Atwill
 

What's hot (20)

Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014
 
Vault
VaultVault
Vault
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
 
FIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 Minutes
 
2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite 2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus Derivatives
 
Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
 
HashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureHashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin Infrastructure
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The Examples
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL Secrets
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet
 
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013
 
Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and Keytool
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014
 
Growing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at HootsuiteGrowing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at Hootsuite
 

Similar to OpenStack Folsom Summit: Melange overview

Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBMongoDB
 
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitMatrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitAlan Quayle
 
KazooCon 2014 - Playing Kazoo Dudka Style
KazooCon 2014 - Playing Kazoo Dudka StyleKazooCon 2014 - Playing Kazoo Dudka Style
KazooCon 2014 - Playing Kazoo Dudka Style2600Hz
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveMadhu Venugopal
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeAman Kohli
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinChiradeep Vittal
 
Maintenance for MongoDB Replica Sets
Maintenance for MongoDB Replica SetsMaintenance for MongoDB Replica Sets
Maintenance for MongoDB Replica SetsIgor Donchovski
 
Managing Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchManaging Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchVic Hargrave
 
June Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data centerJune Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data centerKamesh Pemmaraju
 
Skydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSkydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSylvain Afchain
 
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 MinutesFederico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 MinutesCodemotion
 
Elk its big log season
Elk its big log seasonElk its big log season
Elk its big log seasonEric Luellen
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...NGINX, Inc.
 
Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDaniel-Constantin Mierla
 
Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint MongoDB
 
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Docker, Inc.
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of TruthJoel W. King
 
The missing signalling layer for WebRTC
The missing signalling layer for WebRTCThe missing signalling layer for WebRTC
The missing signalling layer for WebRTCWebRTCConferenceJapan
 
Android 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and NetworkAndroid 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and NetworkCaio Pereira
 

Similar to OpenStack Folsom Summit: Melange overview (20)

Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDB
 
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitMatrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
 
KazooCon 2014 - Playing Kazoo Dudka Style
KazooCon 2014 - Playing Kazoo Dudka StyleKazooCon 2014 - Playing Kazoo Dudka Style
KazooCon 2014 - Playing Kazoo Dudka Style
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on Purpose
 
Skydive 5/07/2016
Skydive 5/07/2016Skydive 5/07/2016
Skydive 5/07/2016
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
 
Maintenance for MongoDB Replica Sets
Maintenance for MongoDB Replica SetsMaintenance for MongoDB Replica Sets
Maintenance for MongoDB Replica Sets
 
Managing Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchManaging Your Security Logs with Elasticsearch
Managing Your Security Logs with Elasticsearch
 
June Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data centerJune Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data center
 
Skydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSkydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integration
 
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 MinutesFederico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
 
Elk its big log season
Elk its big log seasonElk its big log season
Elk its big log season
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
 
Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling Servers
 
Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint
 
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of Truth
 
The missing signalling layer for WebRTC
The missing signalling layer for WebRTCThe missing signalling layer for WebRTC
The missing signalling layer for WebRTC
 
Android 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and NetworkAndroid 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and Network
 

Recently uploaded

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

OpenStack Folsom Summit: Melange overview

  • 1. Melange Overview Troy Toman Folsom Summit April 2012
  • 2. Melange • mélange: noun, a mixture; medley. • melange or mélange • 1. a mixture; confusion • 2. geology  a totally disordered mixture of rocks of different shapes, sizes, ages, and origins 
  • 3. History • Spun out of NetStack work at Diablo summit • Initial proposal to integrate directly into Nova • Shifted to incubated project after Essex summit • Merging into Quantum going forward • API Doc: http://melange.readthedocs.org
  • 4. Original Melange Blueprint ✓across OpenStack services. network information services for use Melange is intended to provide ✓The initial focus will be on IP address management (IPAM) - and address discovery (DHCP/dnsmasq) functionality. ✓Melange is intended to be a standalone service with it's own API. NOTE: Melange is just a data store - it doesn’t DO anything!
  • 5. Melange Elements • IP Blocks • IP Addresses • Static Routes • Interfaces • NAT’ing • Policies • MAC address ranges
  • 6. IP Blocks • Public or private IP space tracking • { "ip_block": { "broadcast": "10.1.1.255", "cidr": "10.1.1.0/24", "created_at": "2011-12-01T09:46:22", "dns1": "8.8.8.8", "dns2": "8.8.4.4", "gateway": "10.1.1.1", "id": "af19f87a-d6a9-4ce5-b30f-4cc9878ec292", "netmask": "255.255.255.0", "network_id": "quantum_net_id4", "parent_id": null, "policy_id": "2f730874-2088-4f91-87fb-63792c753971", "tenant_id": "RAX", "type": "private", "updated_at": "2011-12-01T09:46:22" } }
  • 7. IP Addresses { "ip_address": { "address": "10.1.1.6", "created_at": "2011-12-01T10:02:53", "id": "94fa249b-0626-49fc-b420-cce13dabed4f", "interface_id": "interface_id", "ip_block_id": "af19f87a-d6a9-4ce5-b30f-4cc9878ec292", "updated_at": "2011-12-01T10:02:53", "used_by_device": "instance_id", "used_by_tenant": "lessee_tenant", "version": 4 } } Supports both IPv6 and IPv6 addresses
  • 8. Static Routes • GET /ipam/tenants/{tenant_id}/ip_blocks/{ip_block_id}/ip_routes { "ip_routes": [ { "created_at": "2011-12-01T10:19:12", "destination": "192.168.0.0", "gateway": "10.1.1.1", "id": "364c555d-4e35-43d4-9807-59535df082a5", "netmask": "255.255.255.0", "updated_at": "2011-12-01T10:19:12" }, { "created_at": "2011-12-01T10:20:47", "destination": "192.168.0.0", "gateway": "10.1.1.1", "id": "7ebffbd6-3640-4061-b8f1-7878463e651f", "netmask": "255.255.255.0", "updated_at": "2011-12-01T10:20:47" } ] }
  • 9. Interface Creation • Orchestrated creation of interface, MAC and IP assignment • POST /ipam/interfaces/ • Creates a vif record, allocates a mac and optionally allocates ip address from a network { "interface": { "id": "virt_iface", "device_id": "instance", "tenant_id": "tnt", "network": { "id": "net1", "addresses": ["10.0.0.2"], "tenant_id": "network_owner_tenant_id" } } }
  • 10. Interfaces { "interface": { "created_at": "2011-12-01T13:18:37", "device_id": "instance", "id": "virt_iface", "ip_addresses": [ { "address": "10.0.0.2", "id": "7615ca4a-787d-46b0-8a8c-3a90e3e6cf2c", "interface_id": "virt_iface", "ip_block": { "broadcast": "10.0.0.255", "cidr": "10.0.0.0/24", "dns1": "8.8.8.8", "dns2": "8.8.4.4", "gateway": "10.0.0.1", "id": "9c4c3dfd-c707-45bd-8626-9c369b1b9460", "ip_routes": [], "netmask": "255.255.255.0" }, "version": 4 } ], "mac_address": null, "tenant_id": "tnt_id", "updated_at": "2011-12-01T13:18:37" } }
  • 11. Instance Interfaces • Batch interface for interface creation • PUT /ipam/instances/{instance_id}/interfaces/ • Create interfaces, allocate macs and ips on all networks provided. { "instance": { "tenant_id": "tnt", "interfaces": [ {"network": {"id": "public_net1", "tenant_id": "RAX"}, "mac_address": null}, {"network": {"id": "public_net2", "tenant_id": "RAX"}, "mac_address": null}, ] } }
  • 12. NAT’ing • Intended for tracking floating IPs or NAT relationships • Globals - public IPs • Locals - private IPs • POST /ipam/ip_blocks/{ip_block_id}/ip_addresses/{address}/inside_globals • Finds local IpAddress from given ip_block_id and address and creates IpAddresses passed in params as its inside global. • {‘ip_addresses’:’[ { “ip_block_id” : “some_global_ip_block_id”, “ip_address” : “some_global_ip_address” }, ..., {....} }
  • 13. Policies • Create policy (essentially a policy group) • Create policy elements • Unusable ranges • Unusable octets • Assign policy to block
  • 14. Policy Example • `melange policy create -t {tenant} name={block_name} desc={policy_name}`  • `melange unusable_ip_octet create -t {tenant} policy_id={policy_id} octet=0` • `melange unusable_ip_octet create -t {tenant} policy_id={policy_id} octet=1` • `melange ip_block update -t {tenant} id={block_id} policy_id={policy_id}`
  • 15. MAC Address Ranges • Ability to control the range of MAC addresses melange --host <melangeIP> --port 9898 mac_address_range create cidr=404040000000/24 mac_address_range:     cidr: 404040000000/24     created_at: '2012-01-25T17:21:46'     id: ad4e7f30-4e11-45b9-b204-c58d194fe5a9     updated_at: '2012-01-25T17:21:46'
  • 16. Known Issues/Limitations • Woefully behind on user/admin documentation (Sorry!) • Early integration has focused around Quantum • DHCP scenario has not been broadly tested (vs. injection) • Needs more participation/input from broader community

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n