SlideShare a Scribd company logo

Openstack Group-Based Policy

Download as PPTX, PDF
Vinod Borole, profile picture
Vinod Borole

The Group-based Policy (GBP) abstractions for OpenStack provide an intent-driven declarative policy model that presents simplified application-oriented interfaces to the user. GBP allows separation of the intent of application developers from the requirements of infrastructure operators. It provides policy-based abstractions to manage OpenStack infrastructure and runs on top of existing OpenStack services.

Technology
1 of 27
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
OPENSTACK GROUP- BASED POLICY The Group-based Policy (GBP) abstractions for OpenStack provide an intent-driven declarative policy model that presents simplified application-oriented interfaces to the user. 1
Agenda 2 Openstack Challenges Group-Based Policy Overcoming challenges Under the hood More Features
Openstack 3 A free open source software platform for cloud computing mostly deployed as IAAS Started in 2010 At least two releases every year, current stable release – Liberty 2015; upcoming is Mitaka April 2016 Thousands of contributors in over 100 countries
Openstack Architecture 4 Openstack Shared Services SWIFT CINDE R NOVA GLANC E NEUTRO N HORIZON GUI STORAGE HYPERVISORS NETWORK CLI REST API REST API Users Users
OPENSTACK DEMO 5
Demo 6 WEB APP DB 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 443 80 22 8080 446
Agenda 7 Openstack Challenges Group-Based Policy Overcoming challenges Under the hood More Features
Challenges 8 1 • Separating the Concerns 2 • Networking knowledge 3 • Need to manually maintain and refer virtual infrastructure information for any deployment 4 • Introduces more complexity with new networking features such as firewalling, load balancing
Agenda 9 Openstack Challenges Group-Based Policy Overcoming challenges Under the hood More Features
Group-Based Policy 10 GBP is available from Openstack Juno release Developed by a community of engineers from IBM, Cisco, Big Switch etc. It was started around Sept 2014 It has the ability to separate the intent of the application developer from the requirement of the infrastructure operators It runs on top of existing Openstack services Designed to offer policy based abstractions to manage Openstack infrastructure
Group-Based Policy 11 Openstack Shared Services SWIFT CINDE R NOVA GLANC E NEUTRO N HORIZON GUI STORAGE HYPERVISORS NETWORK CLI REST API REST API Users Users
Group-Based Policy Constructs 12 •Collection of network endpoints with their properties. •Policy Target Group: Contains members [VMs] •External Group: Contains the external connectivity defined by External Segment Groups •These are reusable rules that define connectivity between members of the group Policy Rules •These are collection of Policy rules Policy Rule Set •It defines port, protocol and direction Classifier •It can be of type ALLOW, REDIRECT (Service chaining) Actions
Group-Based Policy Design 13 POLICY TARGET GROUP SUBNET LAYER 2 POLICY POLICY RULE SET POLICY RULE POLICY RULE POLICY RULE CLASSIFIER CLASSIFIER ACTIONS ACTIONS POLICY TAGS Port: 22 Protocol: TCP Direction: Bi ALLOW
GROUP-BASED POLICY DEMO 14
POLICY Demo 15 15 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 APP GROUP DB GROUPWEB GROUP
Agenda 16 Openstack Challenges Group-Based Policy Overcoming challenges Under the hood More Features
Overcoming Challenges 17 Non-GBP GBP Separating the Concerns Networking knowledge Manually maintain and refer info More complexity with new n/w features Separation of Concerns No Need to have networking knowledge No Need to maintain any information Complexity removed with service chaining
Agenda 18 Openstack Challenges Group-Based Policy Overcoming challenges Under the hood More Features
Group-Based Policy Under the hood19 Neutron Driver HORIZON GUICLI ML2 Driver Neutron ODL Driver Vendor Driver Network Infrastructure
Agenda 20 Group-Based Policy Overcoming challenges Under the hood More Features Future Q&A
More Features of Group-Based Policy21 Service Chaining NAT Pooling
SERVICE CHAINING Service Chaining 22 WEB GROUP APP GROUP DB GROUP CLASSIFIE R FIREWALL LOAD BALANCER PORT 80 REDIRECT
Agenda 23 Group-Based Policy Overcoming challenges Under the hood More Features Future Q&A
Future Group Based Policy Experience24 It will become more easier and more flexible for vendors to integrate with Openstack that are offering policy based solutions More focus on application deployment and delivery Integrating SDN based solution will be easier
Agenda 25 Group-Based Policy Overcoming challenges Under the hood ICF More Features Future Q&A
Q&A 26
THANK YOU! Shital Patil & Vinod Borole 27

More Related Content

PPTX
Day1 assignment
vsbslideshar
 
PPTX
The IANA Stewardship Transition Overview & Background
APNIC
 
PPTX
APNIC Update - PacNOG20
APNIC
 
PPTX
APNIC Technical Assistance Service, IDNIC OPM 2016
APNIC
 
PPTX
Bluetooth 5
harsh parekh
 
PDF
Why OpenDaylight
Lumina Networks
 
PDF
Netconf yang
Telematika Open Session
 
PPTX
Bab 2 cookbook reload fahrudin
Bappeda Belitung Timur
 
Day1 assignment
vsbslideshar
 
The IANA Stewardship Transition Overview & Background
APNIC
 
APNIC Update - PacNOG20
APNIC
 
APNIC Technical Assistance Service, IDNIC OPM 2016
APNIC
 
Bluetooth 5
harsh parekh
 
Why OpenDaylight
Lumina Networks
 
Netconf yang
Telematika Open Session
 
Bab 2 cookbook reload fahrudin
Bappeda Belitung Timur
 

Viewers also liked (20)

PDF
Fashion is fed and stayl is eternal
Israel Caballero Yebenes
 
DOCX
HKES SVP DEGREE COLLEGE, SADASHIVANAGAR, BANGALORE-560080.
Harish Bramhaver
 
PDF
Assignment 3 - Certification in Dispute Management
Jyotpreet Kaur
 
PDF
SystemsOverview
Beth Abate Bacon
 
DOC
Unit 57 terminology becky doyle
FirstClassProductions
 
PDF
Extensive sampling of basidiomycete genomes demonstrates inadequacy of the wh...
Gomez García
 
PDF
Vancouver executive briefing seminar by csr training institute
Wayne Dunn
 
PDF
Kudavi 1.26.2016
Tom Currier
 
PPTX
The four agreements
William Barker
 
PDF
Emai m03t11
Henrique Fernandes
 
PPT
Vocabulario animales de granja
Virginia Villalba
 
PPTX
Vkdt sspipe-software-intro
vasudeva yaragatti
 
PDF
Composer Helpdesk
Sven Rautenberg
 
PDF
Chuong 2 rui ro tham hut tai khoa
Dat Nguyen
 
XLSX
Tabla de materiales y precios de colciencias (1)
Carlos Javier Beltran Martinez
 
PPTX
1041 Sophomores LR Lecture 1
Les Davy
 
PDF
Modul e book wenni mts-muh 1 bjm
Wenni Meliana
 
PPTX
RESA Commercial DRAFT
sdr-resa
 
PPT
Electrons and Chemical Bonding Day 1
jmori1
 
PPTX
Charles dickens power point pressentation
lynnbeach86
 
Fashion is fed and stayl is eternal
Israel Caballero Yebenes
 
HKES SVP DEGREE COLLEGE, SADASHIVANAGAR, BANGALORE-560080.
Harish Bramhaver
 
Assignment 3 - Certification in Dispute Management
Jyotpreet Kaur
 
SystemsOverview
Beth Abate Bacon
 
Unit 57 terminology becky doyle
FirstClassProductions
 
Extensive sampling of basidiomycete genomes demonstrates inadequacy of the wh...
Gomez García
 
Vancouver executive briefing seminar by csr training institute
Wayne Dunn
 
Kudavi 1.26.2016
Tom Currier
 
The four agreements
William Barker
 
Emai m03t11
Henrique Fernandes
 
Vocabulario animales de granja
Virginia Villalba
 
Vkdt sspipe-software-intro
vasudeva yaragatti
 
Composer Helpdesk
Sven Rautenberg
 
Chuong 2 rui ro tham hut tai khoa
Dat Nguyen
 
Tabla de materiales y precios de colciencias (1)
Carlos Javier Beltran Martinez
 
1041 Sophomores LR Lecture 1
Les Davy
 
Modul e book wenni mts-muh 1 bjm
Wenni Meliana
 
RESA Commercial DRAFT
sdr-resa
 
Electrons and Chemical Bonding Day 1
jmori1
 
Charles dickens power point pressentation
lynnbeach86
 
Ad

Similar to Openstack Group-Based Policy (20)

PDF
Group Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutron
mestery
 
PPTX
Group-based Policy For OpenStack Networking
Sumit Naiksatam
 
PPTX
Group-based Policy for Networking
Sumit Naiksatam
 
PPTX
TFI2014 Session I - State of SDN - Scott Sneddon
Colorado Internet Society (CO ISOC)
 
PDF
Neutron Networking: Service Groups, Policies and Chains
Daniel Krook
 
PPTX
Open stack gbp final sn-4-slideshare
Sumit Naiksatam
 
PPTX
Mb openstack-nov2013v7
Mohammad Banikazemi
 
PDF
Managing infrastructure with Application Policy by Mike Cohen
buildacloud
 
PDF
Troubleshooting for Intent-based Networking
Open Networking Summit
 
PPTX
Developing, Deploying, and Consuming L4-7 Network Services in an OpenStack Cloud
Igor D.C.
 
PDF
How Enterprises will Benefit from SDN
Shashi Kiran
 
PDF
Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014
Scott Sneddon
 
PDF
You can't make a (Denver) omelette without breaking eggs: Using OpenStack pol...
Brian Rosmaita
 
PDF
HP Helion Webinar #5 - Security Beyond Firewalls
BeMyApp
 
PDF
OpenStack: Security Beyond Firewalls
Giuseppe Paterno'
 
PDF
Openstack: security beyond firewalls
GARL
 
PDF
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
markmcclain
 
PPTX
Lightweight network-automation-orchestration-framework-v-1-3
Oded Nahum
 
PPTX
Some Advanced OpenStack Overview Document
TrungPhamVan10
 
PDF
Ct nyc-philly open stack meetups april 2014 final
ozkan01
 
Group Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutron
mestery
 
Group-based Policy For OpenStack Networking
Sumit Naiksatam
 
Group-based Policy for Networking
Sumit Naiksatam
 
TFI2014 Session I - State of SDN - Scott Sneddon
Colorado Internet Society (CO ISOC)
 
Neutron Networking: Service Groups, Policies and Chains
Daniel Krook
 
Open stack gbp final sn-4-slideshare
Sumit Naiksatam
 
Mb openstack-nov2013v7
Mohammad Banikazemi
 
Managing infrastructure with Application Policy by Mike Cohen
buildacloud
 
Troubleshooting for Intent-based Networking
Open Networking Summit
 
Developing, Deploying, and Consuming L4-7 Network Services in an OpenStack Cloud
Igor D.C.
 
How Enterprises will Benefit from SDN
Shashi Kiran
 
Nuage Networks, A Policy Driven Approach to SDN - Interop Tokyo 2014
Scott Sneddon
 
You can't make a (Denver) omelette without breaking eggs: Using OpenStack pol...
Brian Rosmaita
 
HP Helion Webinar #5 - Security Beyond Firewalls
BeMyApp
 
OpenStack: Security Beyond Firewalls
Giuseppe Paterno'
 
Openstack: security beyond firewalls
GARL
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
markmcclain
 
Lightweight network-automation-orchestration-framework-v-1-3
Oded Nahum
 
Some Advanced OpenStack Overview Document
TrungPhamVan10
 
Ct nyc-philly open stack meetups april 2014 final
ozkan01
 
Ad

Recently uploaded (20)

PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
KodekX | Application Modernization Development
KodekX
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
A Presentation on Artificial Intelligence
memembruh336
 

Openstack Group-Based Policy

Editor's Notes

  • #7: Application developers, the real users of the cloud infrastructure, need to think about different layers of the Open Systems Interconnection (OSI) stack as they deploy their applications. So although the detailed network configuration is very natural for a networking team, in many cases it adds unnecessary complexity and confusion for application developers. This complexity only increases as new features such as network services are added to the mix. Application developers just want to describe the network and security requirements of their applications in the simplest terms possible.
  • #9: Application developers, the real users of the cloud infrastructure, need to think about different layers of the Open Systems Interconnection (OSI) stack as they deploy their applications. So although the detailed network configuration is very natural for a networking team, in many cases it adds unnecessary complexity and confusion for application developers. This complexity only increases as new features such as network services are added to the mix. Application developers just want to describe the network and security requirements of their applications in the simplest terms possible.
  • #11: OpenStack Group-based Policy was designed to offer a new set of abstractions to manage OpenStack infrastructure. The solution was designed to separate the intent of the application developer from the requirements of the infrastructure operators to offer a powerful yet simple set of APIs. The solution runs on top of existing OpenStack services in a non-disruptive manner and has been developed by a community of engineers from Big Switch, Cisco, IBM, Juniper, Midokura, Nuage Networks, and One Convergence. GBP is available now on Stack-Forge and is designed to work with the OpenStack Juno release.
  • #13: To address additional network services like firewalling, load balancing; service chaining can be used.
  • #25: Future IaaS environments need to focus on deployment and delivery of applications and services with speed, agility, flexibility, security, and scale rather than just orchestration of infrastructure components