Whether you want to build the software, run it, grow the community or just learn more about it, there will be content, workshops and design sessions for you to attend at the OpenStack Summit, Oct 15-18 in San Diego. Stick around Friday for the first OpenStack service day, a 1/2 day beach cleanup.
This session will include the following subject(s):
Packet Filter API and its drivers:
A packet filtering API for Quantum network will be proposed. This API provides a fine-grained packet filtering where each filter entry consists of matching fields, an action and a priority. The matching fields consists of in/out quantum port-id, src/dst mac/ip addr/L4 port number and so on and they are similar to iptables and OpenFlow matching fields.
While the security group exists in OpenStack as a packet filtering feature, this API provides more fine-grained packet filtering like outgoing packet filtering from VMs, inter-VM communication and . In addition, some usecases requires controlling packet filtering rule based on its operational status: for example, bare-metal computing support requires some communications is allowed only during an instance booting.
We believe such primitive (low-level) API is useful for these usecases. The security group feature can be implemented on top of this API.
This API can be implemented by various method (iptables, firewall appliance, OpenFlow-based filtering and so on) and plugin (or driver) architecture would be suitable.
Firewall API for quantum:
API for stateful firewall at the gateway.
Wednesday October 17, 2012 3:40pm - 4:20pm