Thanks Sumit and Stephen for information provided.

It appears to me that we can (and should) use the notion of
services/service chains within the group policy extension (and that has
been always one of our options). If this is a reasonable approach, then we
need to see how we can bring in these services to our group policy and if
there are changes we may require.

The first thing that comes to mind is to have a new service insertion
context, namely policy (or should it be policy_rule?). If that is in place,
then a service chain (we can start with a chain of one single service) gets
created with it's context set to a particular policy. While the service
plugin is responsible for standing up the service, the connectivity is
established through the implementation of the group policy extension, in
particular the "redirect" action. Is this a reasonable approach? This
approach requires some kind of coordination wrt how these operations are
done by the service plugin and the group policy extension. May be a policy
simply provides the insertion context for creation of the service chain (in
isolation and by the appropriate service plugin) and policy rules are then
used to make the service operational. This is different from how services
are expected to be instantiated right now. Right? Thinking aloud here.
Please comment.

A lot of interesting things to work on. May be Juno is where all these
efforts come to fruition together :)

Mohammad



From:   Sumit Naiksatam <sumitnaiksa...@gmail.com>
To:     Mohammad Banikazemi/Watson/IBM@IBMUS,
Cc:     "OpenStack Development Mailing List (not for usage questions)"
            <openstack-dev@lists.openstack.org>
Date:   02/17/2014 02:12 AM
Subject:        Re: [openstack-dev] [neutron][policy] Using network services
            with network policies



Thanks Mohammad for bringing this up. I responded in another thread:
http://lists.openstack.org/pipermail/openstack-dev/2014-February/027306.html


~Sumit.

On Sun, Feb 16, 2014 at 7:27 AM, Mohammad Banikazemi <m...@us.ibm.com> wrote:
> During the last IRC call we started talking about network services and
how
> they can be integrated into the group Policy framework.
>
> In particular, with the "redirect" action we need to think how we can
> specify the network services we want to redirect the traffic to/from.
There
> has been a substantial work in the area of service chaining and service
> insertion and in the last summit "advanced service" in VMs were
discussed.
> I think the first step for us is to find out the status of those efforts
and
> then see how we can use them. Here are a few questions that come to mind.
> 1- What is the status of service chaining, service insertion and advanced
> services work?
> 2- How could we use a service chain? Would simply referring to it in the
> action be enough? Are there considerations wrt creating a service chain
> and/or a service VM for use with the Group Policy framework that need to
be
> taken into account?
>
> Let's start the discussion on the ML before taking it to the next call.
>
> Thanks,
>
> Mohammad

<<inline: graycol.gif>>

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to