SlideShare a Scribd company logo

OpenStack Folsom Summit: Melange overview

Download as KEY, PDF
T
troytoman

This is the slide deck from the Melange overview presentation given during the OpenStack Folsom Summit in San Francisco.

TechnologyBusiness
1 of 16
Melange Overview Troy Toman Folsom Summit April 2012
Melange • mélange: noun, a mixture; medley. • melange or mélange • 1. a mixture; confusion • 2. geology  a totally disordered mixture of rocks of different shapes, sizes, ages, and origins 
History • Spun out of NetStack work at Diablo summit • Initial proposal to integrate directly into Nova • Shifted to incubated project after Essex summit • Merging into Quantum going forward • API Doc: http://melange.readthedocs.org
Original Melange Blueprint ✓across OpenStack services. network information services for use Melange is intended to provide ✓The initial focus will be on IP address management (IPAM) - and address discovery (DHCP/dnsmasq) functionality. ✓Melange is intended to be a standalone service with it's own API. NOTE: Melange is just a data store - it doesn’t DO anything!
Melange Elements • IP Blocks • IP Addresses • Static Routes • Interfaces • NAT’ing • Policies • MAC address ranges
IP Blocks • Public or private IP space tracking • { "ip_block": { "broadcast": "10.1.1.255", "cidr": "10.1.1.0/24", "created_at": "2011-12-01T09:46:22", "dns1": "8.8.8.8", "dns2": "8.8.4.4", "gateway": "10.1.1.1", "id": "af19f87a-d6a9-4ce5-b30f-4cc9878ec292", "netmask": "255.255.255.0", "network_id": "quantum_net_id4", "parent_id": null, "policy_id": "2f730874-2088-4f91-87fb-63792c753971", "tenant_id": "RAX", "type": "private", "updated_at": "2011-12-01T09:46:22" } }
IP Addresses { "ip_address": { "address": "10.1.1.6", "created_at": "2011-12-01T10:02:53", "id": "94fa249b-0626-49fc-b420-cce13dabed4f", "interface_id": "interface_id", "ip_block_id": "af19f87a-d6a9-4ce5-b30f-4cc9878ec292", "updated_at": "2011-12-01T10:02:53", "used_by_device": "instance_id", "used_by_tenant": "lessee_tenant", "version": 4 } } Supports both IPv6 and IPv6 addresses
Static Routes • GET /ipam/tenants/{tenant_id}/ip_blocks/{ip_block_id}/ip_routes { "ip_routes": [ { "created_at": "2011-12-01T10:19:12", "destination": "192.168.0.0", "gateway": "10.1.1.1", "id": "364c555d-4e35-43d4-9807-59535df082a5", "netmask": "255.255.255.0", "updated_at": "2011-12-01T10:19:12" }, { "created_at": "2011-12-01T10:20:47", "destination": "192.168.0.0", "gateway": "10.1.1.1", "id": "7ebffbd6-3640-4061-b8f1-7878463e651f", "netmask": "255.255.255.0", "updated_at": "2011-12-01T10:20:47" } ] }
Interface Creation • Orchestrated creation of interface, MAC and IP assignment • POST /ipam/interfaces/ • Creates a vif record, allocates a mac and optionally allocates ip address from a network { "interface": { "id": "virt_iface", "device_id": "instance", "tenant_id": "tnt", "network": { "id": "net1", "addresses": ["10.0.0.2"], "tenant_id": "network_owner_tenant_id" } } }
Interfaces { "interface": { "created_at": "2011-12-01T13:18:37", "device_id": "instance", "id": "virt_iface", "ip_addresses": [ { "address": "10.0.0.2", "id": "7615ca4a-787d-46b0-8a8c-3a90e3e6cf2c", "interface_id": "virt_iface", "ip_block": { "broadcast": "10.0.0.255", "cidr": "10.0.0.0/24", "dns1": "8.8.8.8", "dns2": "8.8.4.4", "gateway": "10.0.0.1", "id": "9c4c3dfd-c707-45bd-8626-9c369b1b9460", "ip_routes": [], "netmask": "255.255.255.0" }, "version": 4 } ], "mac_address": null, "tenant_id": "tnt_id", "updated_at": "2011-12-01T13:18:37" } }
Instance Interfaces • Batch interface for interface creation • PUT /ipam/instances/{instance_id}/interfaces/ • Create interfaces, allocate macs and ips on all networks provided. { "instance": { "tenant_id": "tnt", "interfaces": [ {"network": {"id": "public_net1", "tenant_id": "RAX"}, "mac_address": null}, {"network": {"id": "public_net2", "tenant_id": "RAX"}, "mac_address": null}, ] } }
NAT’ing • Intended for tracking floating IPs or NAT relationships • Globals - public IPs • Locals - private IPs • POST /ipam/ip_blocks/{ip_block_id}/ip_addresses/{address}/inside_globals • Finds local IpAddress from given ip_block_id and address and creates IpAddresses passed in params as its inside global. • {‘ip_addresses’:’[ { “ip_block_id” : “some_global_ip_block_id”, “ip_address” : “some_global_ip_address” }, ..., {....} }
Policies • Create policy (essentially a policy group) • Create policy elements • Unusable ranges • Unusable octets • Assign policy to block
Policy Example • `melange policy create -t {tenant} name={block_name} desc={policy_name}`  • `melange unusable_ip_octet create -t {tenant} policy_id={policy_id} octet=0` • `melange unusable_ip_octet create -t {tenant} policy_id={policy_id} octet=1` • `melange ip_block update -t {tenant} id={block_id} policy_id={policy_id}`
MAC Address Ranges • Ability to control the range of MAC addresses melange --host <melangeIP> --port 9898 mac_address_range create cidr=404040000000/24 mac_address_range:     cidr: 404040000000/24     created_at: '2012-01-25T17:21:46'     id: ad4e7f30-4e11-45b9-b204-c58d194fe5a9     updated_at: '2012-01-25T17:21:46'
Known Issues/Limitations • Woefully behind on user/admin documentation (Sorry!) • Early integration has focused around Quantum • DHCP scenario has not been broadly tested (vs. injection) • Needs more participation/input from broader community

Recommended

Unity makes strength
Unity makes strengthUnity makes strength
Unity makes strengthXavier Mertens
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat Security Conference
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB MongoDB
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBMongoDB
 
BlockchainConf.tech - Build a private blockchain workshop
BlockchainConf.tech - Build a private blockchain workshopBlockchainConf.tech - Build a private blockchain workshop
BlockchainConf.tech - Build a private blockchain workshopPad Kankipati
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat Security Conference
 
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...Felipe Prado
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 

Recommended

Unity makes strength
Unity makes strengthUnity makes strength
Unity makes strengthXavier Mertens
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat Security Conference
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB MongoDB
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBMongoDB
 
BlockchainConf.tech - Build a private blockchain workshop
BlockchainConf.tech - Build a private blockchain workshopBlockchainConf.tech - Build a private blockchain workshop
BlockchainConf.tech - Build a private blockchain workshopPad Kankipati
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat Security Conference
 
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...Felipe Prado
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare
 
Vault
VaultVault
VaultJean-Philippe Bélanger
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
 
FIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFederico Michele Facca
 
2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite 2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite Hu Kenneth
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key ManagementAnthony Ikeda
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)Valio Bonev
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault pptShrey Agarwal
 
HashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureHashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureNicolas Corrarello
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesMichał Czeraszkiewicz
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsDerek Downey
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat Security Conference
 
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat Security Conference
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]RootedCON
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolCheapSSLsecurity
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 
Growing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at HootsuiteGrowing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at HootsuiteJAmes Atwill
 
Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBMongoDB
 
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitMatrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitAlan Quayle
 

More Related Content

What's hot

Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
 
FIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFederico Michele Facca
 
2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite 2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite Hu Kenneth
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key ManagementAnthony Ikeda
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)Valio Bonev
 
HashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureHashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureNicolas Corrarello
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsDerek Downey
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat Security Conference
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]RootedCON
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolCheapSSLsecurity
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 
Growing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at HootsuiteGrowing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at HootsuiteJAmes Atwill
 

What's hot (20)

Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014
 
Vault
VaultVault
Vault
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
 
FIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 Minutes
 
2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite 2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus Derivatives
 
Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
 
HashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureHashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin Infrastructure
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The Examples
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL Secrets
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet
 
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013
 
Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and Keytool
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014
 
Growing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at HootsuiteGrowing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at Hootsuite
 

Similar to OpenStack Folsom Summit: Melange overview

Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBMongoDB
 
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitMatrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitAlan Quayle
 
KazooCon 2014 - Playing Kazoo Dudka Style
KazooCon 2014 - Playing Kazoo Dudka StyleKazooCon 2014 - Playing Kazoo Dudka Style
KazooCon 2014 - Playing Kazoo Dudka Style2600Hz
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveMadhu Venugopal
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeAman Kohli
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinChiradeep Vittal
 
Maintenance for MongoDB Replica Sets
Maintenance for MongoDB Replica SetsMaintenance for MongoDB Replica Sets
Maintenance for MongoDB Replica SetsIgor Donchovski
 
Managing Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchManaging Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchVic Hargrave
 
June Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data centerJune Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data centerKamesh Pemmaraju
 
Skydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSkydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSylvain Afchain
 
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 MinutesFederico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 MinutesCodemotion
 
Elk its big log season
Elk its big log seasonElk its big log season
Elk its big log seasonEric Luellen
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...NGINX, Inc.
 
Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDaniel-Constantin Mierla
 
Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint MongoDB
 
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Docker, Inc.
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of TruthJoel W. King
 
The missing signalling layer for WebRTC
The missing signalling layer for WebRTCThe missing signalling layer for WebRTC
The missing signalling layer for WebRTCWebRTCConferenceJapan
 
Android 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and NetworkAndroid 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and NetworkCaio Pereira
 

Similar to OpenStack Folsom Summit: Melange overview (20)

Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDB
 
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitMatrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
 
KazooCon 2014 - Playing Kazoo Dudka Style
KazooCon 2014 - Playing Kazoo Dudka StyleKazooCon 2014 - Playing Kazoo Dudka Style
KazooCon 2014 - Playing Kazoo Dudka Style
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on Purpose
 
Skydive 5/07/2016
Skydive 5/07/2016Skydive 5/07/2016
Skydive 5/07/2016
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
 
Maintenance for MongoDB Replica Sets
Maintenance for MongoDB Replica SetsMaintenance for MongoDB Replica Sets
Maintenance for MongoDB Replica Sets
 
Managing Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchManaging Your Security Logs with Elasticsearch
Managing Your Security Logs with Elasticsearch
 
June Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data centerJune Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data center
 
Skydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSkydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integration
 
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 MinutesFederico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
 
Elk its big log season
Elk its big log seasonElk its big log season
Elk its big log season
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
 
Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling Servers
 
Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint
 
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of Truth
 
The missing signalling layer for WebRTC
The missing signalling layer for WebRTCThe missing signalling layer for WebRTC
The missing signalling layer for WebRTC
 
Android 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and NetworkAndroid 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and Network
 

Recently uploaded

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Recently uploaded (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

OpenStack Folsom Summit: Melange overview

  • 1. Melange Overview Troy Toman Folsom Summit April 2012
  • 2. Melange • mélange: noun, a mixture; medley. • melange or mélange • 1. a mixture; confusion • 2. geology  a totally disordered mixture of rocks of different shapes, sizes, ages, and origins 
  • 3. History • Spun out of NetStack work at Diablo summit • Initial proposal to integrate directly into Nova • Shifted to incubated project after Essex summit • Merging into Quantum going forward • API Doc: http://melange.readthedocs.org
  • 4. Original Melange Blueprint ✓across OpenStack services. network information services for use Melange is intended to provide ✓The initial focus will be on IP address management (IPAM) - and address discovery (DHCP/dnsmasq) functionality. ✓Melange is intended to be a standalone service with it's own API. NOTE: Melange is just a data store - it doesn’t DO anything!
  • 5. Melange Elements • IP Blocks • IP Addresses • Static Routes • Interfaces • NAT’ing • Policies • MAC address ranges
  • 6. IP Blocks • Public or private IP space tracking • { "ip_block": { "broadcast": "10.1.1.255", "cidr": "10.1.1.0/24", "created_at": "2011-12-01T09:46:22", "dns1": "8.8.8.8", "dns2": "8.8.4.4", "gateway": "10.1.1.1", "id": "af19f87a-d6a9-4ce5-b30f-4cc9878ec292", "netmask": "255.255.255.0", "network_id": "quantum_net_id4", "parent_id": null, "policy_id": "2f730874-2088-4f91-87fb-63792c753971", "tenant_id": "RAX", "type": "private", "updated_at": "2011-12-01T09:46:22" } }
  • 7. IP Addresses { "ip_address": { "address": "10.1.1.6", "created_at": "2011-12-01T10:02:53", "id": "94fa249b-0626-49fc-b420-cce13dabed4f", "interface_id": "interface_id", "ip_block_id": "af19f87a-d6a9-4ce5-b30f-4cc9878ec292", "updated_at": "2011-12-01T10:02:53", "used_by_device": "instance_id", "used_by_tenant": "lessee_tenant", "version": 4 } } Supports both IPv6 and IPv6 addresses
  • 8. Static Routes • GET /ipam/tenants/{tenant_id}/ip_blocks/{ip_block_id}/ip_routes { "ip_routes": [ { "created_at": "2011-12-01T10:19:12", "destination": "192.168.0.0", "gateway": "10.1.1.1", "id": "364c555d-4e35-43d4-9807-59535df082a5", "netmask": "255.255.255.0", "updated_at": "2011-12-01T10:19:12" }, { "created_at": "2011-12-01T10:20:47", "destination": "192.168.0.0", "gateway": "10.1.1.1", "id": "7ebffbd6-3640-4061-b8f1-7878463e651f", "netmask": "255.255.255.0", "updated_at": "2011-12-01T10:20:47" } ] }
  • 9. Interface Creation • Orchestrated creation of interface, MAC and IP assignment • POST /ipam/interfaces/ • Creates a vif record, allocates a mac and optionally allocates ip address from a network { "interface": { "id": "virt_iface", "device_id": "instance", "tenant_id": "tnt", "network": { "id": "net1", "addresses": ["10.0.0.2"], "tenant_id": "network_owner_tenant_id" } } }
  • 10. Interfaces { "interface": { "created_at": "2011-12-01T13:18:37", "device_id": "instance", "id": "virt_iface", "ip_addresses": [ { "address": "10.0.0.2", "id": "7615ca4a-787d-46b0-8a8c-3a90e3e6cf2c", "interface_id": "virt_iface", "ip_block": { "broadcast": "10.0.0.255", "cidr": "10.0.0.0/24", "dns1": "8.8.8.8", "dns2": "8.8.4.4", "gateway": "10.0.0.1", "id": "9c4c3dfd-c707-45bd-8626-9c369b1b9460", "ip_routes": [], "netmask": "255.255.255.0" }, "version": 4 } ], "mac_address": null, "tenant_id": "tnt_id", "updated_at": "2011-12-01T13:18:37" } }
  • 11. Instance Interfaces • Batch interface for interface creation • PUT /ipam/instances/{instance_id}/interfaces/ • Create interfaces, allocate macs and ips on all networks provided. { "instance": { "tenant_id": "tnt", "interfaces": [ {"network": {"id": "public_net1", "tenant_id": "RAX"}, "mac_address": null}, {"network": {"id": "public_net2", "tenant_id": "RAX"}, "mac_address": null}, ] } }
  • 12. NAT’ing • Intended for tracking floating IPs or NAT relationships • Globals - public IPs • Locals - private IPs • POST /ipam/ip_blocks/{ip_block_id}/ip_addresses/{address}/inside_globals • Finds local IpAddress from given ip_block_id and address and creates IpAddresses passed in params as its inside global. • {‘ip_addresses’:’[ { “ip_block_id” : “some_global_ip_block_id”, “ip_address” : “some_global_ip_address” }, ..., {....} }
  • 13. Policies • Create policy (essentially a policy group) • Create policy elements • Unusable ranges • Unusable octets • Assign policy to block
  • 14. Policy Example • `melange policy create -t {tenant} name={block_name} desc={policy_name}`  • `melange unusable_ip_octet create -t {tenant} policy_id={policy_id} octet=0` • `melange unusable_ip_octet create -t {tenant} policy_id={policy_id} octet=1` • `melange ip_block update -t {tenant} id={block_id} policy_id={policy_id}`
  • 15. MAC Address Ranges • Ability to control the range of MAC addresses melange --host <melangeIP> --port 9898 mac_address_range create cidr=404040000000/24 mac_address_range:     cidr: 404040000000/24     created_at: '2012-01-25T17:21:46'     id: ad4e7f30-4e11-45b9-b204-c58d194fe5a9     updated_at: '2012-01-25T17:21:46'
  • 16. Known Issues/Limitations • Woefully behind on user/admin documentation (Sorry!) • Early integration has focused around Quantum • DHCP scenario has not been broadly tested (vs. injection) • Needs more participation/input from broader community

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n