Difference between revisions of "Neutron/APIForServiceChaining"
(→port-group-update) |
|||
| Line 2: | Line 2: | ||
[[Category:Neutron]] | [[Category:Neutron]] | ||
[[Category:ServiceChaining]] | [[Category:ServiceChaining]] | ||
| + | = Neutron networking-sfc project next IRC meeting Agenda = | ||
| + | 1. Spec update, and review | ||
| + | 2. SFC CLI client and Horizon Client dependency on base Neutron CLI and Horizon code | ||
| + | 3. OVS Driver and OVS support for classifier and SFF. If we decide to go for no SFC header with chain ID, then the OVS has to build a forwarding table based on 5-tuple or n-tuple for flow identification. | ||
| + | 4 ? | ||
| + | |||
= Neutron API for Service Chaining = | = Neutron API for Service Chaining = | ||
Revision as of 23:40, 14 July 2015
Contents
- 1 Neutron networking-sfc project next IRC meeting Agenda
- 2 Neutron API for Service Chaining
- 2.1 Blueprint
- 2.2 Introduction
- 2.3 Overview
- 2.4 Model
- 2.5 API
- 2.6 CLI Commands
- 2.6.1 port-chain-create
- 2.6.2 port-chain-delete
- 2.6.3 port-chain-list
- 2.6.4 port-chain-show
- 2.6.5 port-chain-update
- 2.6.6 port-group-create
- 2.6.7 port-group-delete
- 2.6.8 port-group-list
- 2.6.9 port-group-show
- 2.6.10 port-group-update
- 2.6.11 flow-classifier-create
- 2.6.12 flow-classifier-delete
- 2.6.13 flow-classifier-list
- 2.6.14 flow-classifier-show
- 2.6.15 flow-classifier-update
Neutron networking-sfc project next IRC meeting Agenda
1. Spec update, and review 2. SFC CLI client and Horizon Client dependency on base Neutron CLI and Horizon code 3. OVS Driver and OVS support for classifier and SFF. If we decide to go for no SFC header with chain ID, then the OVS has to build a forwarding table based on 5-tuple or n-tuple for flow identification. 4 ?
Neutron API for Service Chaining
Blueprint
Introduction
Currently Neutron does not support service chaining. To support service chaining, Service VMs must be attached at points in the network and then traffic must be steered between these attachment points. Please also refer to the Neutron Service Chain BP associated with this specification and the Service Chain Bug.
Overview
All Neutron network services and VMs are connected to a Neutron network via Neutron ports. This makes it possible to create a traffic steering model for service chaining that uses only Neutron ports. This traffic steering model has no notion of the actual services attached to these Neutron ports.
The service VM hosting the service functions is instantiated and configured, then VNICs are added to the VM and then these VNICs are attached to the network by Neutron ports. Once the service function is attached to Neutron ports, the ports may be included in a "port chain" to allow the service function to provide treatment to the user's traffic.
A Port Chain (Service Function Path) consists of:
- a set of Neutron port-pairs, to define the sequence of service functions
- a set of flow classifiers, to specify the classified traffic flow to enter the chain
If a service function has a pair of ports, the first port in the port-pair is the ingress port of the service function, and the second port is the egress port of the service function. If a service function has one bidirectional port, then both ports in the port-pair have the same value.
The first port of the first port-pair is the head end of the Port Chain. The second port of the last port-pair is the tail end of the Port Chain.
A Neutron port-pair may be associated to more than one Port Chain to allow a service function to be part of multiple chains. A bidirectional service chain would be composed of two unidirectional service paths each using a "port-chain".
If there is more than one service function instance of a specific type available to meet the user's service requirement, their Neutron port-pairs are included in the port chain as a "port-group".
Flow classifiers are used to select the traffic that can access the chain. Traffic that matches any flow classifier will be directed to the first port in the chain. The flow classifier will a generic module and may be used by different projects like fw, QOS, etc.
The flow classifiers define the source and destination endpoints of the traffic that can enter a port chain.
A flow classifier cannot be part of two different port-chains. A check will be made to ensure that is the case.
If multiple flows go through a port chain, then there will be multiple flow classifiers for that port chain.
Model
+-------+ +--------+ +---------+
| Port |--------| Port |--------| Neutron |
| Chain |* *| Groups |1 *|Port-pair|
+-------+ +--------+ +---------+
|1 |1
| --------------
|* |1
+--------------+ +----------+
| Flow | | Chain |
| Classifiers | |Parameters|
+--------------+ +----------+
The model includes the following objects.
Port Chain
* id - Port chain id. * tenant_id - Tenant id. * name - Readable name. * description - Description. * port_groups - List of port-groups of service function (Neutron) port pairs. * classifier - List of flow-classifiers. * parameters - Id of optional Chain parameters.
Flow Classifier
* id - Flow classifier id. * tenant_id - Tenant id. * name - Readable name. * description - Description. * protocol - IP protocol. * src_port_range_min - Minimum source protocol port. * src_port_range_max - Maximum source protocol port. * dst_port_range_min - Minimum destination protocol port. * dst_port_range_max - Maximum destination protocol port. * src_ip_prefix - Source IP address or prefix. * dst_ip_prefix - Destination IP address or prefix. * src_port_id - Source Neutron port Id. * dst_port_id - Destination Neutron port Id. * l7_parameter - Dict. of L7 parameters.
Chain Parameters
* id - Chain parameters id. * tenant_id - Tenant id. * name - Readable name. * description - Description. * parameters - Dict of optional Chain parameters.
API
Port Chain
Operations
| Operation | URI | Description |
| POST | /v2.0/port_chains | Create a Port-chain |
| PUT | /v2.0/port_chains/{chain_id} | Update a specific Port-chain |
| DEL | /v2.0/port_chains/{chain_id} | Delete a specific Port-chain |
| GET | /v2.0/port_chains | List all Port-chains for specified tenant. |
| GET | /v2.0/port_chains/{chain_id} | Show information for a specified Port-chain |
Flow Classifier
Operations
| Operation | URI | Description |
| POST | /v2.0/flow_classifiers | Create a Flow-classifier |
| PUT | /v2.0/flow_classifiers/{flow_id} | Update a specific Flow-classifier |
| DEL | /v2.0/flow_classifiers/{flow_id} | Delete a specific Flow-classifier |
| GET | /v2.0/flow_classifiers | List all Flow-classifiers for specified tenant. |
| GET | /v2.0/flow_classifiers/{flow_id} | Show information for a specified Flow-classifier |
CLI Commands
port-chain-create
Create a Port Chain. The port-group option may be repeated for multiple port-groups in a Port Chain.
neutron port-chain-create [-h]
[-–description <description>]
--port-group <port-group-id>
[--flows [--filter <flow-id>]] PORTCHAIN-NAME
port-chain-delete
Delete a Port Chain.
neutron port-chain-delete [-h] PORTCHAIN_NAME
port-chain-list
List all Port Chains.
neutron port-chain-list [-h]
port-chain-show
Show a Port Chain.
neutron port-chain-show PORTCHAIN-NAME
port-chain-update
Update a Port Chain.
neutron port-chain-update [-h]
[-–description <description>]
[--flow <flow-id>] PORTCHAIN-NAME
port-group-create
Create a Port Group. The port-pair option may be repeated for multiple port-pairs in a Port Group.
neutron port-grou[p-create [-h]
[-–description <description>]
[-–port-pair ingress=<port-id> <egress=<port-id>] PORTGROUP-NAME
port-group-delete
Delete a Port Group.
neutron port-group-delete [-h] PORTGROUP_NAME
port-group-list
List all Port Groups.
neutron port-group-list [-h]
port-group-show
Show a Port Group.
neutron port-group-show PORTGROUP-NAME
port-group-update
Update a Port Group.
neutron port-group-update [-h]
[-–description <description>]
[-–port-pair ingress=<port-id> <egress=<port-id>] PORTGROUP-NAME
flow-classifier-create
Create a Flow Classifier.
neutron flow-classifier-create [-h]
[-–description <description>]
[--protocol <protocol>]
[--source-port-range <Source port range a:b>]
[--destination-port-range <Destination port range a:b>]
[--source-ip-prefix <Source IP prefix>]
[--destination-ip-prefix <Destination IP prefix>]
[--source-port-id <Source port id>]
[--destination-port-id <Destination port id>] FLOW-CLASSIFIER-NAME
flow-classifier-delete
Delete a Flow Classifier.
neutron flow-classifier-delete [-h] FLOW-CLASSIFIER-NAME
flow-classifier-list
List all Flow Classifiers.
neutron flow-classifier-list
flow-classifier-show
Show a Flow Classifier.
neutron flow-classifier-show [-h] FLOW-CLASSIFIER-NAME
flow-classifier-update
Update a Flow classifier.
neutron flow-classifier-update [-h]
[-–description <description>] FLOW-CLASSIFIER-NAME
