SlideShare a Scribd company logo

Neutron Networking: Service Groups, Policies and Chains

Daniel Krook
Daniel Krook

This document discusses proposed extensions to the OpenStack Neutron networking service API to add higher-level abstractions for application developers. The current API focuses on physical network constructs like ports and subnets. The extensions define logical groupings of endpoints (EPGs) and policy rules specifying allowed network access between EPGs. This provides a more declarative and application-centric model, separating application and infrastructure concerns. An example shows how a multi-tier application could be defined using these new abstractions.

Technology
1 of 11
Download to read offline
IBM T. J. Watson Research Center Neutron Networking: Service Groups, Policies and Chains OpenStack Meetup - IBM OpenStack Lightning Talks © 2014 IBM Corporation John M. Tracey for Mohammad Banikazemi October 7, 2014
© 2013 IBM Corporation Agenda § Current Neutron application programming interface § Example multi tier application with current API § Application centric abstraction § Group based policy constructs § Example multi tier application with policy extension § For more information 2
© 2013 IBM Corporation Abstract § Neutron is OpenStack’s networking service. It defines an API, but allows different implementations to be plugged in. § The current OpenStack Neutron API provides constructs that are closely tied to physical network entities. § To better support application developers and allow better separation of application and infrastructure concerns, a Neutron blueprint is well underway that adds a set of higher-level abstractions to Neutron, known as group-based policy. 3
Neutron application programming interface • Current Neutron API is somewhat low-level • Neutron constructs mirror physical devices • Network: layer-2 broadcast domain; private/shared • Port: virtual switch port on a network; has MAC and IP address properties • Subnet: CIDR IP address block associated with a network; optionally associated with gateway, DNS/DHCP servers • Router: provides IP routing among networks, supports source NAT 4 © 2013 IBM Corporation
Example multi tier application Web Application Database External Network (Internet) Firewall Load Balancer 5 © 2013 IBM Corporation
Example multi tier application with current neutron CLI neutron net-create web_tier neutron subnet-create web_tier 10.0.0.0/24 neutron router-create router1 neutron router-interface-add router1 web_tier External Network Router Q sNuebtnweot rk/ sNuebtnweot rk/ sNuebtnweot rk/ Port Q 6 © 2013 IBM Corporation
Application centric abstraction • Need a more application centric set of abstractions as well • More easily understood/utilized by higher layers • Declarative model • Separation of concerns (application/infrastructure) • Provide policy-based connectivity between application tiers • Enable redirection to network services and service chains • Support dynamic application of policies 7 © 2013 IBM Corporation
Group based policy constructs • Endpoint (EP) • Lowest unit of abstraction to which policy is applied • Endpoint Group (EPG) • Logical grouping of endpoints • Policy Rule • Specifies allowed/disallowed network access to EPGs • Policy (a.k.a. contract) • Collection of policy rules 8 © 2013 IBM Corporation
Example multi tier application with GBP extension neutron classifier-create Insecure-Web-Access --port 80 --protocol TCP --direction IN neutron policy-rule-create insecure-web --policy-classifier Insecure-Web-Access --actions ALLOW neutron contract-create Web-Server-Contract --policy-rule insecure-web EPG Web EPG Application EPG Database Firewall 9 © 2013 IBM Corporation EPG External Network (Internet) Policy Protocol:TCP Port:80 Action:Redirect To FW_LB_CHAIN Protocol:TCP Port:3306 Action:ALLOW Protocol:TCP Port:9080 Action:ALLOW EPG EPG (Endpoint Group)
For further information • Neutron wiki • https://wiki.openstack.org/wiki/Neutron • https://ibm.biz/BdFyZu • Blueprints for Neutron • https://blueprints.launchpad.net/neutron • https://ibm.biz/BdE4dC • Group-based policy abstractions for Neutron • https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction • https://ibm.biz/BdE4dQ 10 © 2013 IBM Corporation
11 © 2013 IBM Corporation

Recommended

Group-based Policy for Networking
Group-based Policy for NetworkingGroup-based Policy for Networking
Group-based Policy for NetworkingSumit Naiksatam
 
Open stack gbp final sn-4-slideshare
Open stack gbp final sn-4-slideshareOpen stack gbp final sn-4-slideshare
Open stack gbp final sn-4-slideshareSumit Naiksatam
 
Group-based Policy For OpenStack Networking
Group-based Policy For OpenStack NetworkingGroup-based Policy For OpenStack Networking
Group-based Policy For OpenStack NetworkingSumit Naiksatam
 
Securing Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundrySecuring Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundryPLUMgrid
 
You Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it TooYou Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it TooPLUMgrid
 
Brkcld 2215
Brkcld 2215Brkcld 2215
Brkcld 2215JuanCarlosMuruchi
 
Policy Driven Deployment for Container Networking
Policy Driven Deployment for Container NetworkingPolicy Driven Deployment for Container Networking
Policy Driven Deployment for Container NetworkingDocker, Inc.
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...PLUMgrid
 

Recommended

Group-based Policy for Networking
Group-based Policy for NetworkingGroup-based Policy for Networking
Group-based Policy for NetworkingSumit Naiksatam
 
Open stack gbp final sn-4-slideshare
Open stack gbp final sn-4-slideshareOpen stack gbp final sn-4-slideshare
Open stack gbp final sn-4-slideshareSumit Naiksatam
 
Group-based Policy For OpenStack Networking
Group-based Policy For OpenStack NetworkingGroup-based Policy For OpenStack Networking
Group-based Policy For OpenStack NetworkingSumit Naiksatam
 
Securing Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundrySecuring Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundryPLUMgrid
 
You Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it TooYou Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it TooPLUMgrid
 
Brkcld 2215
Brkcld 2215Brkcld 2215
Brkcld 2215JuanCarlosMuruchi
 
Policy Driven Deployment for Container Networking
Policy Driven Deployment for Container NetworkingPolicy Driven Deployment for Container Networking
Policy Driven Deployment for Container NetworkingDocker, Inc.
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...PLUMgrid
 
How Red Hat ran a global OpenVPN offer during the COVID-19 pandemic with 99% ...
How Red Hat ran a global OpenVPN offer during the COVID-19 pandemic with 99% ...How Red Hat ran a global OpenVPN offer during the COVID-19 pandemic with 99% ...
How Red Hat ran a global OpenVPN offer during the COVID-19 pandemic with 99% ...All Things Open
 
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit kimw001
 
Midokura Enterprise MidoNet Overview
Midokura Enterprise MidoNet Overview Midokura Enterprise MidoNet Overview
Midokura Enterprise MidoNet Overview Midokura
 
CCNA Discovery 4 - Chapter 8
CCNA Discovery 4 - Chapter 8CCNA Discovery 4 - Chapter 8
CCNA Discovery 4 - Chapter 8Irsandi Hasan
 
Docker meetup oct14
Docker meetup oct14Docker meetup oct14
Docker meetup oct14Vipin Jain
 
IPv6 cross border communication challenges
IPv6 cross border communication challengesIPv6 cross border communication challenges
IPv6 cross border communication challengesGovernments ENabled with IPv6
 
Chapter 6
Chapter 6Chapter 6
Chapter 6ali raza
 
Design and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesDesign and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesPLUMgrid
 
CCNA Discovery 4 - Chapter 5
CCNA Discovery 4 - Chapter 5CCNA Discovery 4 - Chapter 5
CCNA Discovery 4 - Chapter 5Irsandi Hasan
 
Monitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack CloudsMonitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack CloudsPLUMgrid
 
Chapter 7
Chapter 7 Chapter 7
Chapter 7 ali raza
 
Chapter 8
Chapter 8 Chapter 8
Chapter 8 ali raza
 
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini SummitF5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summitkimw001
 
Intelligent IoT gateway on openwrt
Intelligent IoT gateway on openwrtIntelligent IoT gateway on openwrt
Intelligent IoT gateway on openwrtMateusz Babiarz
 
Model-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsModel-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsCisco Canada
 
Chapter 1
Chapter 1Chapter 1
Chapter 1ali raza
 
CCNA Discovery 4 - Chapter 6
CCNA Discovery 4 - Chapter 6CCNA Discovery 4 - Chapter 6
CCNA Discovery 4 - Chapter 6Irsandi Hasan
 
Supporting Virtualized Telco Applications with OpenStack
Supporting Virtualized Telco Applications with OpenStackSupporting Virtualized Telco Applications with OpenStack
Supporting Virtualized Telco Applications with OpenStackBruce Davie
 
OpenStackDay - XIFI Federation
OpenStackDay - XIFI FederationOpenStackDay - XIFI Federation
OpenStackDay - XIFI FederationAlessandro Martellone
 
CCNA Discovery 4 - Chapter 9
CCNA Discovery 4 - Chapter 9CCNA Discovery 4 - Chapter 9
CCNA Discovery 4 - Chapter 9Irsandi Hasan
 
Open stackatlantagrouppolicy
Open stackatlantagrouppolicyOpen stackatlantagrouppolicy
Open stackatlantagrouppolicyMohammad Banikazemi
 
Stephen Wallo
Stephen WalloStephen Wallo
Stephen WalloAFCEA International
 

More Related Content

What's hot

How Red Hat ran a global OpenVPN offer during the COVID-19 pandemic with 99% ...
How Red Hat ran a global OpenVPN offer during the COVID-19 pandemic with 99% ...How Red Hat ran a global OpenVPN offer during the COVID-19 pandemic with 99% ...
How Red Hat ran a global OpenVPN offer during the COVID-19 pandemic with 99% ...All Things Open
 
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit kimw001
 
Midokura Enterprise MidoNet Overview
Midokura Enterprise MidoNet Overview Midokura Enterprise MidoNet Overview
Midokura Enterprise MidoNet Overview Midokura
 
CCNA Discovery 4 - Chapter 8
CCNA Discovery 4 - Chapter 8CCNA Discovery 4 - Chapter 8
CCNA Discovery 4 - Chapter 8Irsandi Hasan
 
Docker meetup oct14
Docker meetup oct14Docker meetup oct14
Docker meetup oct14Vipin Jain
 
Design and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesDesign and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesPLUMgrid
 
CCNA Discovery 4 - Chapter 5
CCNA Discovery 4 - Chapter 5CCNA Discovery 4 - Chapter 5
CCNA Discovery 4 - Chapter 5Irsandi Hasan
 
Monitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack CloudsMonitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack CloudsPLUMgrid
 
Chapter 7
Chapter 7 Chapter 7
Chapter 7 ali raza
 
Chapter 8
Chapter 8 Chapter 8
Chapter 8 ali raza
 
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini SummitF5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summitkimw001
 
Intelligent IoT gateway on openwrt
Intelligent IoT gateway on openwrtIntelligent IoT gateway on openwrt
Intelligent IoT gateway on openwrtMateusz Babiarz
 
Model-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsModel-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsCisco Canada
 
CCNA Discovery 4 - Chapter 6
CCNA Discovery 4 - Chapter 6CCNA Discovery 4 - Chapter 6
CCNA Discovery 4 - Chapter 6Irsandi Hasan
 
Supporting Virtualized Telco Applications with OpenStack
Supporting Virtualized Telco Applications with OpenStackSupporting Virtualized Telco Applications with OpenStack
Supporting Virtualized Telco Applications with OpenStackBruce Davie
 
CCNA Discovery 4 - Chapter 9
CCNA Discovery 4 - Chapter 9CCNA Discovery 4 - Chapter 9
CCNA Discovery 4 - Chapter 9Irsandi Hasan
 

What's hot (20)

How Red Hat ran a global OpenVPN offer during the COVID-19 pandemic with 99% ...
How Red Hat ran a global OpenVPN offer during the COVID-19 pandemic with 99% ...How Red Hat ran a global OpenVPN offer during the COVID-19 pandemic with 99% ...
How Red Hat ran a global OpenVPN offer during the COVID-19 pandemic with 99% ...
 
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
Cisco - OpenStack Summit 2016/Red Hat NFV Mini Summit
 
Midokura Enterprise MidoNet Overview
Midokura Enterprise MidoNet Overview Midokura Enterprise MidoNet Overview
Midokura Enterprise MidoNet Overview
 
CCNA Discovery 4 - Chapter 8
CCNA Discovery 4 - Chapter 8CCNA Discovery 4 - Chapter 8
CCNA Discovery 4 - Chapter 8
 
Docker meetup oct14
Docker meetup oct14Docker meetup oct14
Docker meetup oct14
 
IPv6 cross border communication challenges
IPv6 cross border communication challengesIPv6 cross border communication challenges
IPv6 cross border communication challenges
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
 
Design and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesDesign and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use Cases
 
CCNA Discovery 4 - Chapter 5
CCNA Discovery 4 - Chapter 5CCNA Discovery 4 - Chapter 5
CCNA Discovery 4 - Chapter 5
 
Monitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack CloudsMonitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack Clouds
 
Chapter 7
Chapter 7 Chapter 7
Chapter 7
 
Chapter 8
Chapter 8 Chapter 8
Chapter 8
 
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini SummitF5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
 
Intelligent IoT gateway on openwrt
Intelligent IoT gateway on openwrtIntelligent IoT gateway on openwrt
Intelligent IoT gateway on openwrt
 
Model-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsModel-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data Analytics
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
 
CCNA Discovery 4 - Chapter 6
CCNA Discovery 4 - Chapter 6CCNA Discovery 4 - Chapter 6
CCNA Discovery 4 - Chapter 6
 
Supporting Virtualized Telco Applications with OpenStack
Supporting Virtualized Telco Applications with OpenStackSupporting Virtualized Telco Applications with OpenStack
Supporting Virtualized Telco Applications with OpenStack
 
OpenStackDay - XIFI Federation
OpenStackDay - XIFI FederationOpenStackDay - XIFI Federation
OpenStackDay - XIFI Federation
 
CCNA Discovery 4 - Chapter 9
CCNA Discovery 4 - Chapter 9CCNA Discovery 4 - Chapter 9
CCNA Discovery 4 - Chapter 9
 

Similar to Neutron Networking: Service Groups, Policies and Chains

Group Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutron
Group Based Policy: Open Source Policy in OpenDaylight and OpenStack NeutronGroup Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutron
Group Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutronmestery
 
Necos keynote UFRN Telecomday
Necos keynote UFRN TelecomdayNecos keynote UFRN Telecomday
Necos keynote UFRN TelecomdayAugusto Neto
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?NGINX, Inc.
 
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PROIDEA
 
CohesiveFT and IBM joint EMEA Webinar - 20Jun13
CohesiveFT and IBM joint EMEA Webinar - 20Jun13CohesiveFT and IBM joint EMEA Webinar - 20Jun13
CohesiveFT and IBM joint EMEA Webinar - 20Jun13Cohesive Networks
 
Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014
Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014
Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014Scott Sneddon
 
Cloud = Application Enablement and Innovation ≠ IaaS (Cloud Foundry Summit 2014)
Cloud = Application Enablement and Innovation ≠ IaaS (Cloud Foundry Summit 2014)Cloud = Application Enablement and Innovation ≠ IaaS (Cloud Foundry Summit 2014)
Cloud = Application Enablement and Innovation ≠ IaaS (Cloud Foundry Summit 2014)VMware Tanzu
 
NECOS - Concertation Meeting EUBrasilCloudFORUM
NECOS - Concertation Meeting EUBrasilCloudFORUMNECOS - Concertation Meeting EUBrasilCloudFORUM
NECOS - Concertation Meeting EUBrasilCloudFORUMEUBrasilCloudFORUM .
 
2 ning so cso and open network platform
2 ning so cso and open network platform2 ning so cso and open network platform
2 ning so cso and open network platform遵共 陳
 
Cloud Computing basic concept to understand
Cloud Computing basic concept to understandCloud Computing basic concept to understand
Cloud Computing basic concept to understandRahulBhole12
 
Architecture of OpenFlow SDNs
Architecture of OpenFlow SDNsArchitecture of OpenFlow SDNs
Architecture of OpenFlow SDNsUS-Ignite
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Codemotion
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsSanjeev Rampal
 
OpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerOpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerLew Tucker
 
Cisco deploying openstack with UCS
Cisco deploying openstack with UCSCisco deploying openstack with UCS
Cisco deploying openstack with UCSsolarisyougood
 

Similar to Neutron Networking: Service Groups, Policies and Chains (20)

Open stackatlantagrouppolicy
Open stackatlantagrouppolicyOpen stackatlantagrouppolicy
Open stackatlantagrouppolicy
 
Stephen Wallo
Stephen WalloStephen Wallo
Stephen Wallo
 
Group Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutron
Group Based Policy: Open Source Policy in OpenDaylight and OpenStack NeutronGroup Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutron
Group Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutron
 
TFI2014 Session I - State of SDN - Scott Sneddon
TFI2014 Session I - State of SDN - Scott SneddonTFI2014 Session I - State of SDN - Scott Sneddon
TFI2014 Session I - State of SDN - Scott Sneddon
 
Necos keynote UFRN Telecomday
Necos keynote UFRN TelecomdayNecos keynote UFRN Telecomday
Necos keynote UFRN Telecomday
 
Adoption of SDN: Progress Update
Adoption of SDN: Progress UpdateAdoption of SDN: Progress Update
Adoption of SDN: Progress Update
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
 
Mb openstack-nov2013v7
Mb openstack-nov2013v7Mb openstack-nov2013v7
Mb openstack-nov2013v7
 
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
 
CohesiveFT and IBM joint EMEA Webinar - 20Jun13
CohesiveFT and IBM joint EMEA Webinar - 20Jun13CohesiveFT and IBM joint EMEA Webinar - 20Jun13
CohesiveFT and IBM joint EMEA Webinar - 20Jun13
 
Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014
Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014
Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014
 
Cloud = Application Enablement and Innovation ≠ IaaS (Cloud Foundry Summit 2014)
Cloud = Application Enablement and Innovation ≠ IaaS (Cloud Foundry Summit 2014)Cloud = Application Enablement and Innovation ≠ IaaS (Cloud Foundry Summit 2014)
Cloud = Application Enablement and Innovation ≠ IaaS (Cloud Foundry Summit 2014)
 
NECOS - Concertation Meeting EUBrasilCloudFORUM
NECOS - Concertation Meeting EUBrasilCloudFORUMNECOS - Concertation Meeting EUBrasilCloudFORUM
NECOS - Concertation Meeting EUBrasilCloudFORUM
 
2 ning so cso and open network platform
2 ning so cso and open network platform2 ning so cso and open network platform
2 ning so cso and open network platform
 
Cloud Computing basic concept to understand
Cloud Computing basic concept to understandCloud Computing basic concept to understand
Cloud Computing basic concept to understand
 
Architecture of OpenFlow SDNs
Architecture of OpenFlow SDNsArchitecture of OpenFlow SDNs
Architecture of OpenFlow SDNs
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMs
 
OpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerOpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew Tucker
 
Cisco deploying openstack with UCS
Cisco deploying openstack with UCSCisco deploying openstack with UCS
Cisco deploying openstack with UCS
 

More from Daniel Krook

Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...
Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...
Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...Daniel Krook
 
Engaging Open Source Developers to Develop Tech for Good through Code and Res...
Engaging Open Source Developers to Develop Tech for Good through Code and Res...Engaging Open Source Developers to Develop Tech for Good through Code and Res...
Engaging Open Source Developers to Develop Tech for Good through Code and Res...Daniel Krook
 
COVID-19 and Climate Change Action Through Open Source Technology
COVID-19 and Climate Change Action Through Open Source TechnologyCOVID-19 and Climate Change Action Through Open Source Technology
COVID-19 and Climate Change Action Through Open Source TechnologyDaniel Krook
 
Serverless APIs with Apache OpenWhisk
Serverless APIs with Apache OpenWhiskServerless APIs with Apache OpenWhisk
Serverless APIs with Apache OpenWhiskDaniel Krook
 
Workshop: Develop Serverless Applications with IBM Cloud Functions
Workshop: Develop Serverless Applications with IBM Cloud FunctionsWorkshop: Develop Serverless Applications with IBM Cloud Functions
Workshop: Develop Serverless Applications with IBM Cloud FunctionsDaniel Krook
 
Event specifications, state of the serverless landscape, and other news from ...
Event specifications, state of the serverless landscape, and other news from ...Event specifications, state of the serverless landscape, and other news from ...
Event specifications, state of the serverless landscape, and other news from ...Daniel Krook
 
Serverless Architectures in Banking: OpenWhisk on IBM Bluemix at Santander
Serverless Architectures in Banking: OpenWhisk on IBM Bluemix at SantanderServerless Architectures in Banking: OpenWhisk on IBM Bluemix at Santander
Serverless Architectures in Banking: OpenWhisk on IBM Bluemix at SantanderDaniel Krook
 
The CNCF on Serverless
The CNCF on ServerlessThe CNCF on Serverless
The CNCF on ServerlessDaniel Krook
 
Building serverless applications with Apache OpenWhisk and IBM Cloud Functions
Building serverless applications with Apache OpenWhisk and IBM Cloud FunctionsBuilding serverless applications with Apache OpenWhisk and IBM Cloud Functions
Building serverless applications with Apache OpenWhisk and IBM Cloud FunctionsDaniel Krook
 
Building serverless applications with Apache OpenWhisk
Building serverless applications with Apache OpenWhiskBuilding serverless applications with Apache OpenWhisk
Building serverless applications with Apache OpenWhiskDaniel Krook
 
Containers vs serverless - Navigating application deployment options
Containers vs serverless - Navigating application deployment optionsContainers vs serverless - Navigating application deployment options
Containers vs serverless - Navigating application deployment optionsDaniel Krook
 
Serverless architectures built on an open source platform
Serverless architectures built on an open source platformServerless architectures built on an open source platform
Serverless architectures built on an open source platformDaniel Krook
 
Build a cloud native app with OpenWhisk
Build a cloud native app with OpenWhiskBuild a cloud native app with OpenWhisk
Build a cloud native app with OpenWhiskDaniel Krook
 
Cloud Native Architectures with an Open Source, Event Driven, Serverless Plat...
Cloud Native Architectures with an Open Source, Event Driven, Serverless Plat...Cloud Native Architectures with an Open Source, Event Driven, Serverless Plat...
Cloud Native Architectures with an Open Source, Event Driven, Serverless Plat...Daniel Krook
 
Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...
Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...
Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...Daniel Krook
 
Serverless apps with OpenWhisk
Serverless apps with OpenWhiskServerless apps with OpenWhisk
Serverless apps with OpenWhiskDaniel Krook
 
OpenWhisk - A platform for cloud native, serverless, event driven apps
OpenWhisk - A platform for cloud native, serverless, event driven appsOpenWhisk - A platform for cloud native, serverless, event driven apps
OpenWhisk - A platform for cloud native, serverless, event driven appsDaniel Krook
 
Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!Daniel Krook
 
Taking the Next Hot Mobile Game Live with Docker and IBM SoftLayer
Taking the Next Hot Mobile Game Live with Docker and IBM SoftLayerTaking the Next Hot Mobile Game Live with Docker and IBM SoftLayer
Taking the Next Hot Mobile Game Live with Docker and IBM SoftLayerDaniel Krook
 
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...Daniel Krook
 

More from Daniel Krook (20)

Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...
Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...
Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...
 
Engaging Open Source Developers to Develop Tech for Good through Code and Res...
Engaging Open Source Developers to Develop Tech for Good through Code and Res...Engaging Open Source Developers to Develop Tech for Good through Code and Res...
Engaging Open Source Developers to Develop Tech for Good through Code and Res...
 
COVID-19 and Climate Change Action Through Open Source Technology
COVID-19 and Climate Change Action Through Open Source TechnologyCOVID-19 and Climate Change Action Through Open Source Technology
COVID-19 and Climate Change Action Through Open Source Technology
 
Serverless APIs with Apache OpenWhisk
Serverless APIs with Apache OpenWhiskServerless APIs with Apache OpenWhisk
Serverless APIs with Apache OpenWhisk
 
Workshop: Develop Serverless Applications with IBM Cloud Functions
Workshop: Develop Serverless Applications with IBM Cloud FunctionsWorkshop: Develop Serverless Applications with IBM Cloud Functions
Workshop: Develop Serverless Applications with IBM Cloud Functions
 
Event specifications, state of the serverless landscape, and other news from ...
Event specifications, state of the serverless landscape, and other news from ...Event specifications, state of the serverless landscape, and other news from ...
Event specifications, state of the serverless landscape, and other news from ...
 
Serverless Architectures in Banking: OpenWhisk on IBM Bluemix at Santander
Serverless Architectures in Banking: OpenWhisk on IBM Bluemix at SantanderServerless Architectures in Banking: OpenWhisk on IBM Bluemix at Santander
Serverless Architectures in Banking: OpenWhisk on IBM Bluemix at Santander
 
The CNCF on Serverless
The CNCF on ServerlessThe CNCF on Serverless
The CNCF on Serverless
 
Building serverless applications with Apache OpenWhisk and IBM Cloud Functions
Building serverless applications with Apache OpenWhisk and IBM Cloud FunctionsBuilding serverless applications with Apache OpenWhisk and IBM Cloud Functions
Building serverless applications with Apache OpenWhisk and IBM Cloud Functions
 
Building serverless applications with Apache OpenWhisk
Building serverless applications with Apache OpenWhiskBuilding serverless applications with Apache OpenWhisk
Building serverless applications with Apache OpenWhisk
 
Containers vs serverless - Navigating application deployment options
Containers vs serverless - Navigating application deployment optionsContainers vs serverless - Navigating application deployment options
Containers vs serverless - Navigating application deployment options
 
Serverless architectures built on an open source platform
Serverless architectures built on an open source platformServerless architectures built on an open source platform
Serverless architectures built on an open source platform
 
Build a cloud native app with OpenWhisk
Build a cloud native app with OpenWhiskBuild a cloud native app with OpenWhisk
Build a cloud native app with OpenWhisk
 
Cloud Native Architectures with an Open Source, Event Driven, Serverless Plat...
Cloud Native Architectures with an Open Source, Event Driven, Serverless Plat...Cloud Native Architectures with an Open Source, Event Driven, Serverless Plat...
Cloud Native Architectures with an Open Source, Event Driven, Serverless Plat...
 
Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...
Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...
Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...
 
Serverless apps with OpenWhisk
Serverless apps with OpenWhiskServerless apps with OpenWhisk
Serverless apps with OpenWhisk
 
OpenWhisk - A platform for cloud native, serverless, event driven apps
OpenWhisk - A platform for cloud native, serverless, event driven appsOpenWhisk - A platform for cloud native, serverless, event driven apps
OpenWhisk - A platform for cloud native, serverless, event driven apps
 
Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!
 
Taking the Next Hot Mobile Game Live with Docker and IBM SoftLayer
Taking the Next Hot Mobile Game Live with Docker and IBM SoftLayerTaking the Next Hot Mobile Game Live with Docker and IBM SoftLayer
Taking the Next Hot Mobile Game Live with Docker and IBM SoftLayer
 
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
 

Recently uploaded

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 

Recently uploaded (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 

Neutron Networking: Service Groups, Policies and Chains

  • 1. IBM T. J. Watson Research Center Neutron Networking: Service Groups, Policies and Chains OpenStack Meetup - IBM OpenStack Lightning Talks © 2014 IBM Corporation John M. Tracey for Mohammad Banikazemi October 7, 2014
  • 2. © 2013 IBM Corporation Agenda § Current Neutron application programming interface § Example multi tier application with current API § Application centric abstraction § Group based policy constructs § Example multi tier application with policy extension § For more information 2
  • 3. © 2013 IBM Corporation Abstract § Neutron is OpenStack’s networking service. It defines an API, but allows different implementations to be plugged in. § The current OpenStack Neutron API provides constructs that are closely tied to physical network entities. § To better support application developers and allow better separation of application and infrastructure concerns, a Neutron blueprint is well underway that adds a set of higher-level abstractions to Neutron, known as group-based policy. 3
  • 4. Neutron application programming interface • Current Neutron API is somewhat low-level • Neutron constructs mirror physical devices • Network: layer-2 broadcast domain; private/shared • Port: virtual switch port on a network; has MAC and IP address properties • Subnet: CIDR IP address block associated with a network; optionally associated with gateway, DNS/DHCP servers • Router: provides IP routing among networks, supports source NAT 4 © 2013 IBM Corporation
  • 5. Example multi tier application Web Application Database External Network (Internet) Firewall Load Balancer 5 © 2013 IBM Corporation
  • 6. Example multi tier application with current neutron CLI neutron net-create web_tier neutron subnet-create web_tier 10.0.0.0/24 neutron router-create router1 neutron router-interface-add router1 web_tier External Network Router Q sNuebtnweot rk/ sNuebtnweot rk/ sNuebtnweot rk/ Port Q 6 © 2013 IBM Corporation
  • 7. Application centric abstraction • Need a more application centric set of abstractions as well • More easily understood/utilized by higher layers • Declarative model • Separation of concerns (application/infrastructure) • Provide policy-based connectivity between application tiers • Enable redirection to network services and service chains • Support dynamic application of policies 7 © 2013 IBM Corporation
  • 8. Group based policy constructs • Endpoint (EP) • Lowest unit of abstraction to which policy is applied • Endpoint Group (EPG) • Logical grouping of endpoints • Policy Rule • Specifies allowed/disallowed network access to EPGs • Policy (a.k.a. contract) • Collection of policy rules 8 © 2013 IBM Corporation
  • 9. Example multi tier application with GBP extension neutron classifier-create Insecure-Web-Access --port 80 --protocol TCP --direction IN neutron policy-rule-create insecure-web --policy-classifier Insecure-Web-Access --actions ALLOW neutron contract-create Web-Server-Contract --policy-rule insecure-web EPG Web EPG Application EPG Database Firewall 9 © 2013 IBM Corporation EPG External Network (Internet) Policy Protocol:TCP Port:80 Action:Redirect To FW_LB_CHAIN Protocol:TCP Port:3306 Action:ALLOW Protocol:TCP Port:9080 Action:ALLOW EPG EPG (Endpoint Group)
  • 10. For further information • Neutron wiki • https://wiki.openstack.org/wiki/Neutron • https://ibm.biz/BdFyZu • Blueprints for Neutron • https://blueprints.launchpad.net/neutron • https://ibm.biz/BdE4dC • Group-based policy abstractions for Neutron • https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction • https://ibm.biz/BdE4dQ 10 © 2013 IBM Corporation
  • 11. 11 © 2013 IBM Corporation