SlideShare una empresa de Scribd logo

Open source policy open daylight and opflex

B
belaire11

Presentation of an approach to building an OpFlex Agent, which operates in an OpenDaylight and/or OpenStack infrastructure using OVS. This will be presented at LinuxCon in Chicago (August 2014).

Software
1 de 17
Descargar para leer sin conexión
OpenDaylight and OpFlex Scott Mann
The Open Source Policy “Stack” OpFlex Policy Agent with northbound OpFlex protocol interface and southbound interface for device (OVS is the reference implementation). OpFlex protocol defined through IETF (OpFlex Control Protocol draft-smith-opflex-00) Group Policy as defined by OpenDaylight/OpenStack OpenDaylight and OpenStack provide northbound API for Group Policy and southbound interface for OpFlex protocol. Linux (Netlink) OVS (OpenFlow, OVSDB) libvirt API
ODL Group-Based Policy Project The group-based policy project defines an application- centric policy model for OpenDaylight that separates information about application connectivity requirements from information about the underlying details of the network infrastructure.
Group Policy Elements • Policy Repository • A database of policies • A policy consists of • Endpoint Groups (EPGs) described below • Contracts, which describe how/if EPGs communicate with each other • Endpoint Repository • Database of endpoints and their meta-data • Endpoints are things that can communicate like virtual/physical ports • Includes mapping of endpoints into of Endpoint Groups (EPG) • EPGs are the smallest entity that can be specified in a policy • Observer • A repository that maintains a database of status updates and exceptions
The Policy Agent’s Role The policy agent’s function is to exchange and enforce policy, acting as a participant in a larger policy management system.
End Point Registry The Policy Agent in the Policy System Observer Policy Agent Policy Agent (on another device) Policy Resolution Policy Repository Policy Update End Point Declaratio n End Point Policy Update Status Policy Peering via Triggers
Policy Agent in the Policy System Explained • The policy agent (PA) • Requests policy resolution from a Policy Repository (PR) • Receives policy updates from a PR • Indicate end points to an End Point Registry (EPR) • Receive policy resolutions • Receive updates for the End Points • Trigger behaviors in peering Policy Elements (PEs), using the Policy Trigger OpFlex messaging • Status information is sent to an Observer • Collects and archives status • Observer may communicate status to other PEs • PRs, EPRs, PAs, and Observers may be referred to as PEs
Policy Resolution within the Agent Policy Agent Policy Manager Inbound/Outbound TCP/IP Managed Object Database Policy Enforcer In/Out to “device” (e.g., OVS, vSwitches, HW switches, etc.)
Agent Policy Resolution Explained • Policy Manager • “Speaks” OpFlex • Converts OpFlex into format useful to Managed Object Database • Manages TCP connections with PR, EPR, and Observer • Managed Object Database (MODB) • Maintains hierarchical tree model of physical/virtual devices under management • Updates are propagated appropriately via northbound and southbound APIs • Policy Enforcer • Conceptually similar to a device driver • Translates data from MODB into sets of appropriate commands/communications to physical and/or virtual devices • Monitors devices for updates, which are propagated to MODB via API
Reference/OVS Implementation OpFlex Agent Open vSwitch Datapath Flow Table OpenFlow OVSDB Managed Objects Store (MODB) OVS Render Plugin (Policy Enforcement) SW/HW Datapath OpFlex (Policy Manager)
Reference/OVS Implementation • Written in C using standard libraries • Developed with the OpenDaylight project • Eclipse and Apache licensing • Runs on common Linux distributions • Policy Manager • Supports the OpFlex protocol with JSON at L-6 • Support at least 3 PRs • Managed Object Database • Queries by class, object ID, or URIs • Updates generate notifications to Policy Manager and/or Policy Enforcer as appropriate • DB persistence with crash recovery • Policy Enforcer • Policy enforcement between containers and/or virtual machines • Interface to libvirt API (supporting many hypervisors) and OVSDB • OVS management via ovs-vsctl, ovs-ofctl, etc • Network management via ip commands
Policy Agent Southbound Path (OVS Implementation) MODB Update database Inform policy enforcer Policy/End Point Repository JSON Policy Manager Receive update Convert JSON to internal form Policy Enforcer Translate managed object Issue appropriate commands ovs-vsctl ... ovs-ofctl ... ip addr ... ip link ... etc ….
OVS Policy Agent Southbound Path Explained • A policy or policy update arrives at the port of the Policy Manager • JSON is translated into internal form • Internal data is passed to Managed Object module • Data inserted into database • Notification of database change goes out to subscribers • Policy enforcer receives update • New or modified data is passed to translator • Translator produces list of commands suitable for underlying virtual/physical device • Dependencies are identified • Commands are executed asynchronously • Pass/Fail of command execution is recorded • Failure may cause roll back of successful commands • Since all commands are issued asynchronously, determination of successful implementation follows the northbound path described next
Policy Agent Northbound Path (OVS Implementation) Observer Policy/End Point Repository Initial Scan Policy Manager Receive update Convert MODB to JSON MODB Update database Inform policy manager Policy Enforcer Monitor runs continuously Translate received data into MODB OVSDB Asynchronous OVS updates libvirt JSON JSON
OVS Policy Agent Northbound Path Explained • Policy Enforcer receives update and/or asynchronous responses • Translates responses into managed object as appropriate • Notifies Managed Object module of changes • Managed Object module • Notifies Policy Manager of changes • Policy Manager • Converts MO data into JSON • Sends data to appropriate elements (Policy Repository, Endpoint Repository, Observer)
Start Up • Start Up • PE initializes communication with OVS and libvirt • Essentially collects current state • MO module • Reads in crash recovery file, if it exists • Populates MODB with recovery data and/or PE scan data • Policy Manager • Initializes connections with know PEs • Sends current policy (or state) to appropriate PEs
Summary • Currently working on reference policy agent • Implementation: C, Linux, JSON, OVS, libvirt • More detail about the reference architecture may be found at https://wiki. opendaylight.org/view/Opflex_Architecture • The OpFlex IETF draft specification may be found at http://tools.ietf. org/html/draft-smith-opflex-00 • More detail about ODL group policy may be found at https://wiki. opendaylight.org/view/Group_Policy:Main • ODL group policy architecture https://wiki.opendaylight.org/view/Group_Policy:Architecture

Recomendados

Database ingest with Apache NiFi and MiNiFi
Database ingest with Apache NiFi and MiNiFiDatabase ingest with Apache NiFi and MiNiFi
Database ingest with Apache NiFi and MiNiFiLucian Neghina
 
Joe witt may2015_kafka_nyc_apachenifi-overview
Joe witt may2015_kafka_nyc_apachenifi-overviewJoe witt may2015_kafka_nyc_apachenifi-overview
Joe witt may2015_kafka_nyc_apachenifi-overviewJoseph Witt
 
Nifi workshop
Nifi workshopNifi workshop
Nifi workshopYifeng Jiang
 
Apache NiFi SDLC Improvements
Apache NiFi SDLC ImprovementsApache NiFi SDLC Improvements
Apache NiFi SDLC ImprovementsBryan Bende
 
(Past), Present, and Future of Apache Flink
(Past), Present, and Future of Apache Flink(Past), Present, and Future of Apache Flink
(Past), Present, and Future of Apache FlinkAljoscha Krettek
 
Integrating NiFi and Flink
Integrating NiFi and FlinkIntegrating NiFi and Flink
Integrating NiFi and FlinkBryan Bende
 
Joe Witt presentation on Apache NiFi
Joe Witt presentation on Apache NiFiJoe Witt presentation on Apache NiFi
Joe Witt presentation on Apache NiFiMark Kerzner
 
Beyond FTP & hard drives: Accelerating LAN file transfers
Beyond FTP & hard drives: Accelerating LAN file transfersBeyond FTP & hard drives: Accelerating LAN file transfers
Beyond FTP & hard drives: Accelerating LAN file transfersFileCatalyst
 

Recomendados

Database ingest with Apache NiFi and MiNiFi
Database ingest with Apache NiFi and MiNiFiDatabase ingest with Apache NiFi and MiNiFi
Database ingest with Apache NiFi and MiNiFiLucian Neghina
 
Joe witt may2015_kafka_nyc_apachenifi-overview
Joe witt may2015_kafka_nyc_apachenifi-overviewJoe witt may2015_kafka_nyc_apachenifi-overview
Joe witt may2015_kafka_nyc_apachenifi-overviewJoseph Witt
 
Nifi workshop
Nifi workshopNifi workshop
Nifi workshopYifeng Jiang
 
Apache NiFi SDLC Improvements
Apache NiFi SDLC ImprovementsApache NiFi SDLC Improvements
Apache NiFi SDLC ImprovementsBryan Bende
 
(Past), Present, and Future of Apache Flink
(Past), Present, and Future of Apache Flink(Past), Present, and Future of Apache Flink
(Past), Present, and Future of Apache FlinkAljoscha Krettek
 
Integrating NiFi and Flink
Integrating NiFi and FlinkIntegrating NiFi and Flink
Integrating NiFi and FlinkBryan Bende
 
Joe Witt presentation on Apache NiFi
Joe Witt presentation on Apache NiFiJoe Witt presentation on Apache NiFi
Joe Witt presentation on Apache NiFiMark Kerzner
 
Beyond FTP & hard drives: Accelerating LAN file transfers
Beyond FTP & hard drives: Accelerating LAN file transfersBeyond FTP & hard drives: Accelerating LAN file transfers
Beyond FTP & hard drives: Accelerating LAN file transfersFileCatalyst
 
Data monstersrealtimeetl new
Data monstersrealtimeetl newData monstersrealtimeetl new
Data monstersrealtimeetl newGreenM
 
ERP and E-commerce Integration – 4 Ways to Synchronize Data between the two S...
ERP and E-commerce Integration – 4 Ways to Synchronize Data between the two S...ERP and E-commerce Integration – 4 Ways to Synchronize Data between the two S...
ERP and E-commerce Integration – 4 Ways to Synchronize Data between the two S...i95Dev
 
ABIT SFTP
ABIT SFTPABIT SFTP
ABIT SFTPEroglu Ozan
 
Bluetooth 5
Bluetooth 5Bluetooth 5
Bluetooth 5harsh parekh
 
IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4APNIC
 
Performance tools developments
Performance tools developmentsPerformance tools developments
Performance tools developmentsRoberto Agostino Vitillo
 
Acceleration Technology: Taking Media File Transfers From Days to Minutes
Acceleration Technology: Taking Media File Transfers From Days to MinutesAcceleration Technology: Taking Media File Transfers From Days to Minutes
Acceleration Technology: Taking Media File Transfers From Days to MinutesFileCatalyst
 
IRUS R5: open and flexible access to standardised repository usage data
IRUS R5: open and flexible access to standardised repository usage dataIRUS R5: open and flexible access to standardised repository usage data
IRUS R5: open and flexible access to standardised repository usage dataJisc
 
SC15 PMIx Birds-of-a-Feather
SC15 PMIx Birds-of-a-FeatherSC15 PMIx Birds-of-a-Feather
SC15 PMIx Birds-of-a-Featherrcastain
 
HPC Controls Future
HPC Controls FutureHPC Controls Future
HPC Controls Futurercastain
 
Near rt ric tc
Near rt ric tcNear rt ric tc
Near rt ric tcNickHuang49
 
Exascale Process Management Interface
Exascale Process Management InterfaceExascale Process Management Interface
Exascale Process Management Interfacercastain
 
Near rt ric tc
Near rt ric tcNear rt ric tc
Near rt ric tcNickHuang49
 
RPKI Trust Anchor
RPKI Trust AnchorRPKI Trust Anchor
RPKI Trust AnchorAPNIC
 
A proposal for Modify 103 IPv4 transfer policy
A proposal for Modify 103 IPv4 transfer policyA proposal for Modify 103 IPv4 transfer policy
A proposal for Modify 103 IPv4 transfer policyAPNIC
 
[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...
[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...
[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...WSO2
 
PacNOG 21: APNIC Update
PacNOG 21: APNIC UpdatePacNOG 21: APNIC Update
PacNOG 21: APNIC UpdateAPNIC
 
Implementing oracle primavera_analytics
Implementing oracle primavera_analyticsImplementing oracle primavera_analytics
Implementing oracle primavera_analyticsVolantic, Inc
 
Define enterprise integration strategy by industry leader bhawani nandanprasad
Define enterprise integration strategy by industry leader bhawani nandanprasadDefine enterprise integration strategy by industry leader bhawani nandanprasad
Define enterprise integration strategy by industry leader bhawani nandanprasadBhawani N Prasad
 
Ronen Levinson: Unified policy enforcement with opa - Architecture Next 20
Ronen Levinson: Unified policy enforcement with opa - Architecture Next 20Ronen Levinson: Unified policy enforcement with opa - Architecture Next 20
Ronen Levinson: Unified policy enforcement with opa - Architecture Next 20CodeValue
 
Bluetooth and Raspberry Pi
Bluetooth and Raspberry PiBluetooth and Raspberry Pi
Bluetooth and Raspberry PiDamien Magoni
 
SDN Project PPT
SDN Project PPTSDN Project PPT
SDN Project PPTMatthew Chang
 

Más contenido relacionado

La actualidad más candente

Data monstersrealtimeetl new
Data monstersrealtimeetl newData monstersrealtimeetl new
Data monstersrealtimeetl newGreenM
 
ERP and E-commerce Integration – 4 Ways to Synchronize Data between the two S...
ERP and E-commerce Integration – 4 Ways to Synchronize Data between the two S...ERP and E-commerce Integration – 4 Ways to Synchronize Data between the two S...
ERP and E-commerce Integration – 4 Ways to Synchronize Data between the two S...i95Dev
 
IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4APNIC
 
Acceleration Technology: Taking Media File Transfers From Days to Minutes
Acceleration Technology: Taking Media File Transfers From Days to MinutesAcceleration Technology: Taking Media File Transfers From Days to Minutes
Acceleration Technology: Taking Media File Transfers From Days to MinutesFileCatalyst
 
IRUS R5: open and flexible access to standardised repository usage data
IRUS R5: open and flexible access to standardised repository usage dataIRUS R5: open and flexible access to standardised repository usage data
IRUS R5: open and flexible access to standardised repository usage dataJisc
 
SC15 PMIx Birds-of-a-Feather
SC15 PMIx Birds-of-a-FeatherSC15 PMIx Birds-of-a-Feather
SC15 PMIx Birds-of-a-Featherrcastain
 
HPC Controls Future
HPC Controls FutureHPC Controls Future
HPC Controls Futurercastain
 
Exascale Process Management Interface
Exascale Process Management InterfaceExascale Process Management Interface
Exascale Process Management Interfacercastain
 
RPKI Trust Anchor
RPKI Trust AnchorRPKI Trust Anchor
RPKI Trust AnchorAPNIC
 
A proposal for Modify 103 IPv4 transfer policy
A proposal for Modify 103 IPv4 transfer policyA proposal for Modify 103 IPv4 transfer policy
A proposal for Modify 103 IPv4 transfer policyAPNIC
 
[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...
[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...
[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...WSO2
 
PacNOG 21: APNIC Update
PacNOG 21: APNIC UpdatePacNOG 21: APNIC Update
PacNOG 21: APNIC UpdateAPNIC
 
Implementing oracle primavera_analytics
Implementing oracle primavera_analyticsImplementing oracle primavera_analytics
Implementing oracle primavera_analyticsVolantic, Inc
 

La actualidad más candente (18)

Data monstersrealtimeetl new
Data monstersrealtimeetl newData monstersrealtimeetl new
Data monstersrealtimeetl new
 
ERP and E-commerce Integration – 4 Ways to Synchronize Data between the two S...
ERP and E-commerce Integration – 4 Ways to Synchronize Data between the two S...ERP and E-commerce Integration – 4 Ways to Synchronize Data between the two S...
ERP and E-commerce Integration – 4 Ways to Synchronize Data between the two S...
 
ABIT SFTP
ABIT SFTPABIT SFTP
ABIT SFTP
 
Bluetooth 5
Bluetooth 5Bluetooth 5
Bluetooth 5
 
IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4
 
Performance tools developments
Performance tools developmentsPerformance tools developments
Performance tools developments
 
Acceleration Technology: Taking Media File Transfers From Days to Minutes
Acceleration Technology: Taking Media File Transfers From Days to MinutesAcceleration Technology: Taking Media File Transfers From Days to Minutes
Acceleration Technology: Taking Media File Transfers From Days to Minutes
 
IRUS R5: open and flexible access to standardised repository usage data
IRUS R5: open and flexible access to standardised repository usage dataIRUS R5: open and flexible access to standardised repository usage data
IRUS R5: open and flexible access to standardised repository usage data
 
SC15 PMIx Birds-of-a-Feather
SC15 PMIx Birds-of-a-FeatherSC15 PMIx Birds-of-a-Feather
SC15 PMIx Birds-of-a-Feather
 
HPC Controls Future
HPC Controls FutureHPC Controls Future
HPC Controls Future
 
Near rt ric tc
Near rt ric tcNear rt ric tc
Near rt ric tc
 
Exascale Process Management Interface
Exascale Process Management InterfaceExascale Process Management Interface
Exascale Process Management Interface
 
Near rt ric tc
Near rt ric tcNear rt ric tc
Near rt ric tc
 
RPKI Trust Anchor
RPKI Trust AnchorRPKI Trust Anchor
RPKI Trust Anchor
 
A proposal for Modify 103 IPv4 transfer policy
A proposal for Modify 103 IPv4 transfer policyA proposal for Modify 103 IPv4 transfer policy
A proposal for Modify 103 IPv4 transfer policy
 
[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...
[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...
[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...
 
PacNOG 21: APNIC Update
PacNOG 21: APNIC UpdatePacNOG 21: APNIC Update
PacNOG 21: APNIC Update
 
Implementing oracle primavera_analytics
Implementing oracle primavera_analyticsImplementing oracle primavera_analytics
Implementing oracle primavera_analytics
 

Similar a Open source policy open daylight and opflex

Define enterprise integration strategy by industry leader bhawani nandanprasad
Define enterprise integration strategy by industry leader bhawani nandanprasadDefine enterprise integration strategy by industry leader bhawani nandanprasad
Define enterprise integration strategy by industry leader bhawani nandanprasadBhawani N Prasad
 
Ronen Levinson: Unified policy enforcement with opa - Architecture Next 20
Ronen Levinson: Unified policy enforcement with opa - Architecture Next 20Ronen Levinson: Unified policy enforcement with opa - Architecture Next 20
Ronen Levinson: Unified policy enforcement with opa - Architecture Next 20CodeValue
 
Bluetooth and Raspberry Pi
Bluetooth and Raspberry PiBluetooth and Raspberry Pi
Bluetooth and Raspberry PiDamien Magoni
 
DEVNET-1175 OpenDaylight Service Function Chaining
DEVNET-1175 OpenDaylight Service Function ChainingDEVNET-1175 OpenDaylight Service Function Chaining
DEVNET-1175 OpenDaylight Service Function ChainingCisco DevNet
 
A Model-Based Systems Engineering Approach to Portfolio Management
A Model-Based Systems Engineering Approach to Portfolio ManagementA Model-Based Systems Engineering Approach to Portfolio Management
A Model-Based Systems Engineering Approach to Portfolio ManagementElizabeth Steiner
 
Data Con LA 2018 - Streaming and IoT by Pat Alwell
Data Con LA 2018 - Streaming and IoT by Pat AlwellData Con LA 2018 - Streaming and IoT by Pat Alwell
Data Con LA 2018 - Streaming and IoT by Pat AlwellData Con LA
 
OpenDaylight Openflow & OVSDB use cases ODL summit 2016
OpenDaylight Openflow & OVSDB use cases ODL summit 2016OpenDaylight Openflow & OVSDB use cases ODL summit 2016
OpenDaylight Openflow & OVSDB use cases ODL summit 2016abhijit2511
 
Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...
Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...
Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...Data Con LA
 
data warehousing need and characteristics. types of data w data warehouse arc...
data warehousing need and characteristics. types of data w data warehouse arc...data warehousing need and characteristics. types of data w data warehouse arc...
data warehousing need and characteristics. types of data w data warehouse arc...aasifkuchey85
 
Where Should You Deliver Database Services From?
Where Should You Deliver Database Services From?Where Should You Deliver Database Services From?
Where Should You Deliver Database Services From?EDB
 
Data Vault Automation at the Bijenkorf
Data Vault Automation at the BijenkorfData Vault Automation at the Bijenkorf
Data Vault Automation at the BijenkorfRob Winters
 
Apache NiFi - Flow Based Programming Meetup
Apache NiFi - Flow Based Programming MeetupApache NiFi - Flow Based Programming Meetup
Apache NiFi - Flow Based Programming MeetupJoseph Witt
 
Erp and E-Commerce Integration - 4 ways to synchronize data between the two s...
Erp and E-Commerce Integration - 4 ways to synchronize data between the two s...Erp and E-Commerce Integration - 4 ways to synchronize data between the two s...
Erp and E-Commerce Integration - 4 ways to synchronize data between the two s...i95Dev
 

Similar a Open source policy open daylight and opflex (20)

Define enterprise integration strategy by industry leader bhawani nandanprasad
Define enterprise integration strategy by industry leader bhawani nandanprasadDefine enterprise integration strategy by industry leader bhawani nandanprasad
Define enterprise integration strategy by industry leader bhawani nandanprasad
 
Ronen Levinson: Unified policy enforcement with opa - Architecture Next 20
Ronen Levinson: Unified policy enforcement with opa - Architecture Next 20Ronen Levinson: Unified policy enforcement with opa - Architecture Next 20
Ronen Levinson: Unified policy enforcement with opa - Architecture Next 20
 
Bluetooth and Raspberry Pi
Bluetooth and Raspberry PiBluetooth and Raspberry Pi
Bluetooth and Raspberry Pi
 
SDN Project PPT
SDN Project PPTSDN Project PPT
SDN Project PPT
 
DEVNET-1175 OpenDaylight Service Function Chaining
DEVNET-1175 OpenDaylight Service Function ChainingDEVNET-1175 OpenDaylight Service Function Chaining
DEVNET-1175 OpenDaylight Service Function Chaining
 
A Model-Based Systems Engineering Approach to Portfolio Management
A Model-Based Systems Engineering Approach to Portfolio ManagementA Model-Based Systems Engineering Approach to Portfolio Management
A Model-Based Systems Engineering Approach to Portfolio Management
 
SDN Introduction
SDN IntroductionSDN Introduction
SDN Introduction
 
Ods
OdsOds
Ods
 
Data Con LA 2018 - Streaming and IoT by Pat Alwell
Data Con LA 2018 - Streaming and IoT by Pat AlwellData Con LA 2018 - Streaming and IoT by Pat Alwell
Data Con LA 2018 - Streaming and IoT by Pat Alwell
 
OpenDaylight Openflow & OVSDB use cases ODL summit 2016
OpenDaylight Openflow & OVSDB use cases ODL summit 2016OpenDaylight Openflow & OVSDB use cases ODL summit 2016
OpenDaylight Openflow & OVSDB use cases ODL summit 2016
 
Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...
Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...
Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...
 
Vip2p
Vip2pVip2p
Vip2p
 
Overview of Function Points Analysis
Overview of Function Points Analysis Overview of Function Points Analysis
Overview of Function Points Analysis
 
Function Points
Function PointsFunction Points
Function Points
 
data warehousing need and characteristics. types of data w data warehouse arc...
data warehousing need and characteristics. types of data w data warehouse arc...data warehousing need and characteristics. types of data w data warehouse arc...
data warehousing need and characteristics. types of data w data warehouse arc...
 
Where Should You Deliver Database Services From?
Where Should You Deliver Database Services From?Where Should You Deliver Database Services From?
Where Should You Deliver Database Services From?
 
Data Vault Automation at the Bijenkorf
Data Vault Automation at the BijenkorfData Vault Automation at the Bijenkorf
Data Vault Automation at the Bijenkorf
 
Apache NiFi - Flow Based Programming Meetup
Apache NiFi - Flow Based Programming MeetupApache NiFi - Flow Based Programming Meetup
Apache NiFi - Flow Based Programming Meetup
 
Erp and E-Commerce Integration - 4 ways to synchronize data between the two s...
Erp and E-Commerce Integration - 4 ways to synchronize data between the two s...Erp and E-Commerce Integration - 4 ways to synchronize data between the two s...
Erp and E-Commerce Integration - 4 ways to synchronize data between the two s...
 
Design patternsforiot
Design patternsforiotDesign patternsforiot
Design patternsforiot
 

Último

SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?Alexandre Beguel
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxRTS corp
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesKrzysztofKkol1
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptxVinzoCenzo
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITmanoharjgpsolutions
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesVictoriaMetrics
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonApplitools
 
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdfAndrey Devyatkin
 
Data modeling 101 - Basics - Software Domain
Data modeling 101 - Basics - Software DomainData modeling 101 - Basics - Software Domain
Data modeling 101 - Basics - Software DomainAbdul Ahad
 
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...Bert Jan Schrijver
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slidesvaideheekore1
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldRoberto Pérez Alcolea
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfmaor17
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecturerahul_net
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...OnePlan Solutions
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsJean Silva
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jNeo4j
 

Último (20)

SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptx
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh IT
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 Updates
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
 
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
 
Data modeling 101 - Basics - Software Domain
Data modeling 101 - Basics - Software DomainData modeling 101 - Basics - Software Domain
Data modeling 101 - Basics - Software Domain
 
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slides
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository world
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdf
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
 

Open source policy open daylight and opflex

  • 2. The Open Source Policy “Stack” OpFlex Policy Agent with northbound OpFlex protocol interface and southbound interface for device (OVS is the reference implementation). OpFlex protocol defined through IETF (OpFlex Control Protocol draft-smith-opflex-00) Group Policy as defined by OpenDaylight/OpenStack OpenDaylight and OpenStack provide northbound API for Group Policy and southbound interface for OpFlex protocol. Linux (Netlink) OVS (OpenFlow, OVSDB) libvirt API
  • 3. ODL Group-Based Policy Project The group-based policy project defines an application- centric policy model for OpenDaylight that separates information about application connectivity requirements from information about the underlying details of the network infrastructure.
  • 4. Group Policy Elements • Policy Repository • A database of policies • A policy consists of • Endpoint Groups (EPGs) described below • Contracts, which describe how/if EPGs communicate with each other • Endpoint Repository • Database of endpoints and their meta-data • Endpoints are things that can communicate like virtual/physical ports • Includes mapping of endpoints into of Endpoint Groups (EPG) • EPGs are the smallest entity that can be specified in a policy • Observer • A repository that maintains a database of status updates and exceptions
  • 5. The Policy Agent’s Role The policy agent’s function is to exchange and enforce policy, acting as a participant in a larger policy management system.
  • 6. End Point Registry The Policy Agent in the Policy System Observer Policy Agent Policy Agent (on another device) Policy Resolution Policy Repository Policy Update End Point Declaratio n End Point Policy Update Status Policy Peering via Triggers
  • 7. Policy Agent in the Policy System Explained • The policy agent (PA) • Requests policy resolution from a Policy Repository (PR) • Receives policy updates from a PR • Indicate end points to an End Point Registry (EPR) • Receive policy resolutions • Receive updates for the End Points • Trigger behaviors in peering Policy Elements (PEs), using the Policy Trigger OpFlex messaging • Status information is sent to an Observer • Collects and archives status • Observer may communicate status to other PEs • PRs, EPRs, PAs, and Observers may be referred to as PEs
  • 8. Policy Resolution within the Agent Policy Agent Policy Manager Inbound/Outbound TCP/IP Managed Object Database Policy Enforcer In/Out to “device” (e.g., OVS, vSwitches, HW switches, etc.)
  • 9. Agent Policy Resolution Explained • Policy Manager • “Speaks” OpFlex • Converts OpFlex into format useful to Managed Object Database • Manages TCP connections with PR, EPR, and Observer • Managed Object Database (MODB) • Maintains hierarchical tree model of physical/virtual devices under management • Updates are propagated appropriately via northbound and southbound APIs • Policy Enforcer • Conceptually similar to a device driver • Translates data from MODB into sets of appropriate commands/communications to physical and/or virtual devices • Monitors devices for updates, which are propagated to MODB via API
  • 10. Reference/OVS Implementation OpFlex Agent Open vSwitch Datapath Flow Table OpenFlow OVSDB Managed Objects Store (MODB) OVS Render Plugin (Policy Enforcement) SW/HW Datapath OpFlex (Policy Manager)
  • 11. Reference/OVS Implementation • Written in C using standard libraries • Developed with the OpenDaylight project • Eclipse and Apache licensing • Runs on common Linux distributions • Policy Manager • Supports the OpFlex protocol with JSON at L-6 • Support at least 3 PRs • Managed Object Database • Queries by class, object ID, or URIs • Updates generate notifications to Policy Manager and/or Policy Enforcer as appropriate • DB persistence with crash recovery • Policy Enforcer • Policy enforcement between containers and/or virtual machines • Interface to libvirt API (supporting many hypervisors) and OVSDB • OVS management via ovs-vsctl, ovs-ofctl, etc • Network management via ip commands
  • 12. Policy Agent Southbound Path (OVS Implementation) MODB Update database Inform policy enforcer Policy/End Point Repository JSON Policy Manager Receive update Convert JSON to internal form Policy Enforcer Translate managed object Issue appropriate commands ovs-vsctl ... ovs-ofctl ... ip addr ... ip link ... etc ….
  • 13. OVS Policy Agent Southbound Path Explained • A policy or policy update arrives at the port of the Policy Manager • JSON is translated into internal form • Internal data is passed to Managed Object module • Data inserted into database • Notification of database change goes out to subscribers • Policy enforcer receives update • New or modified data is passed to translator • Translator produces list of commands suitable for underlying virtual/physical device • Dependencies are identified • Commands are executed asynchronously • Pass/Fail of command execution is recorded • Failure may cause roll back of successful commands • Since all commands are issued asynchronously, determination of successful implementation follows the northbound path described next
  • 14. Policy Agent Northbound Path (OVS Implementation) Observer Policy/End Point Repository Initial Scan Policy Manager Receive update Convert MODB to JSON MODB Update database Inform policy manager Policy Enforcer Monitor runs continuously Translate received data into MODB OVSDB Asynchronous OVS updates libvirt JSON JSON
  • 15. OVS Policy Agent Northbound Path Explained • Policy Enforcer receives update and/or asynchronous responses • Translates responses into managed object as appropriate • Notifies Managed Object module of changes • Managed Object module • Notifies Policy Manager of changes • Policy Manager • Converts MO data into JSON • Sends data to appropriate elements (Policy Repository, Endpoint Repository, Observer)
  • 16. Start Up • Start Up • PE initializes communication with OVS and libvirt • Essentially collects current state • MO module • Reads in crash recovery file, if it exists • Populates MODB with recovery data and/or PE scan data • Policy Manager • Initializes connections with know PEs • Sends current policy (or state) to appropriate PEs
  • 17. Summary • Currently working on reference policy agent • Implementation: C, Linux, JSON, OVS, libvirt • More detail about the reference architecture may be found at https://wiki. opendaylight.org/view/Opflex_Architecture • The OpFlex IETF draft specification may be found at http://tools.ietf. org/html/draft-smith-opflex-00 • More detail about ODL group policy may be found at https://wiki. opendaylight.org/view/Group_Policy:Main • ODL group policy architecture https://wiki.opendaylight.org/view/Group_Policy:Architecture