Thanks Sumit and Stephen for information provided. It appears to me that we can (and should) use the notion of services/service chains within the group policy extension (and that has been always one of our options). If this is a reasonable approach, then we need to see how we can bring in these services to our group policy and if there are changes we may require.
The first thing that comes to mind is to have a new service insertion context, namely policy (or should it be policy_rule?). If that is in place, then a service chain (we can start with a chain of one single service) gets created with it's context set to a particular policy. While the service plugin is responsible for standing up the service, the connectivity is established through the implementation of the group policy extension, in particular the "redirect" action. Is this a reasonable approach? This approach requires some kind of coordination wrt how these operations are done by the service plugin and the group policy extension. May be a policy simply provides the insertion context for creation of the service chain (in isolation and by the appropriate service plugin) and policy rules are then used to make the service operational. This is different from how services are expected to be instantiated right now. Right? Thinking aloud here. Please comment. A lot of interesting things to work on. May be Juno is where all these efforts come to fruition together :) Mohammad From: Sumit Naiksatam <sumitnaiksa...@gmail.com> To: Mohammad Banikazemi/Watson/IBM@IBMUS, Cc: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org> Date: 02/17/2014 02:12 AM Subject: Re: [openstack-dev] [neutron][policy] Using network services with network policies Thanks Mohammad for bringing this up. I responded in another thread: http://lists.openstack.org/pipermail/openstack-dev/2014-February/027306.html ~Sumit. On Sun, Feb 16, 2014 at 7:27 AM, Mohammad Banikazemi <m...@us.ibm.com> wrote: > During the last IRC call we started talking about network services and how > they can be integrated into the group Policy framework. > > In particular, with the "redirect" action we need to think how we can > specify the network services we want to redirect the traffic to/from. There > has been a substantial work in the area of service chaining and service > insertion and in the last summit "advanced service" in VMs were discussed. > I think the first step for us is to find out the status of those efforts and > then see how we can use them. Here are a few questions that come to mind. > 1- What is the status of service chaining, service insertion and advanced > services work? > 2- How could we use a service chain? Would simply referring to it in the > action be enough? Are there considerations wrt creating a service chain > and/or a service VM for use with the Group Policy framework that need to be > taken into account? > > Let's start the discussion on the ML before taking it to the next call. > > Thanks, > > Mohammad
<<inline: graycol.gif>>
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev