OpenStack Summit November 2014 Paris

The Group Based Policy (GBP) extension introduces a declarative policy driven framework for networking in OpenStack. The GBP abstractions allow application administrators to express their networking requirements using group and policy abstractions, with the specifics of policy enforcement and implementation left to the underlying policy driver. This facilitates clear separation of concerns between the application and the infrastructure administrator.




Over the past two release cycles, the GBP model has been incubated in Neutron as an extension. A new sub group has worked on defining this extension and  the proposed specification has been approved for implementation in the Juno release cycle. In this talk, we first discuss the GBP extension API and then present the reference implementation for it. In particular, we show how a new Service plugin is designed and developed in order to support this extension through a framework of configurable policy drivers similar to that used in the ML2 plugin. We will showcase the latest working version of the code, and provide an end-to-end demonstration of the features. We will also present several vendor and open source policy drivers that are being developed to support this new extension.

 

The work in Juno implements a subset of a more richer model that is intended for development in Kilo. We will provide a roadmap for the upcoming features including the integration with the advanced services (L4-7) framework. We will also discuss how the new extension can be utilized by other OpenStack projects.