Difference between revisions of "Neutron/TrafficProtection"
Vitas.yuzhou (talk | contribs) (Created page with "=Neutron Traffic Protection Support - API and Featurres= ==Background== 1. A traffic storm occurs when a large amount of broadcast, multicast,or unknow unicast packets conge...") |
Vitas.yuzhou (talk | contribs) (→Introduction) |
||
| Line 14: | Line 14: | ||
==Introduction== | ==Introduction== | ||
| − | A proposal to allow the users of neutrn network service to get tranffic-protection | + | A proposal to allow the users of neutrn network service to get tranffic-protection in complex real-world data centers. |
| − | in complex real-world data centers. | ||
1.Per network: all the VMs/hosts on particular network belonging to a particular tenant get traffic-protection | 1.Per network: all the VMs/hosts on particular network belonging to a particular tenant get traffic-protection | ||
2.Per port:A VMs/host connected to that port get traffic-protection | 2.Per port:A VMs/host connected to that port get traffic-protection | ||
| − | |||
==Concept== | ==Concept== | ||
Revision as of 08:28, 17 February 2014
Contents
Neutron Traffic Protection Support - API and Featurres
Background
1. A traffic storm occurs when a large amount of broadcast, multicast,or unknow unicast packets congest a network .
2. Some Mailcious programs maybe send a large amount of the particular type of traffic,eg ARP,ICMP...
Because the two points lead to exssive cpu and network cost, and some security problems, most physical switches offer many traffic protection functions,such as broadcast-suppression,storm control,arp anti-attack rate-limit. Neutron also need this ability in complex real-world data centers.
Introduction
A proposal to allow the users of neutrn network service to get tranffic-protection in complex real-world data centers.
1.Per network: all the VMs/hosts on particular network belonging to a particular tenant get traffic-protection
2.Per port:A VMs/host connected to that port get traffic-protection
Concept
Traffic-proction
Traffic-protection-policy
Extension API
List traffic-protections
Method:GET URL:v2.0/traffic-protections Description:List all Openstack networking traffic protections to which the specified tenant has access. Request: GET /v2.0/traffic-protections.json Accept: application/json Reponse: {
"traffic_protections":[
{
"id":"a7734e61-b545-452d-a3cd-0189cbd97abc",
"name":"any string",
"tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
"traffic_protection_policys":[
{
"id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
"traffic_type":"ARP_BROADCAST",
"method":"SUPPRESSION",
"args":{"kbps":688},
"traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a",
"tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
}, {
"id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
"traffic_type":"BROADCAST",
"method":"IP_SUPPRESSION",
"args":{"kbps":1024},
"traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747b",
"tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
} ] }, ] }
Create traffic-protection
Method:POST URL:v2.0/traffic-protections Description:Creates an Openstack Netwrok traffic-protection Request: POST /v2.0/traffic-protections.json Accept: application/json {
"traffic_protection":
{
"name":"any string",
} } Reponse: {
"traffic_protection":
{
"id":"a7734e61-b545-452d-a3cd-0189cbd97abc",
"name":"any string",
"tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
}
}
Show traffic-protection
Method:GET URL:v2.0/traffic-protection/{tranffic-protection-id} Description:show the infomation of a specified traffic-protection. Request: GET /v2.0/traffic-protections/a7734e61-b545-452d-a3cd-0189cbd97abc Accept: application/json Reponse: {
"traffic_protection":
{
"id":"a7734e61-b545-452d-a3cd-0189cbd97abc",
"name":"any string",
"tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112",
"traffic_protection_policys":[
{
"id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
"traffic_type":"ARP_BROADCAST",
"method":"SUPPRESSION",
"args":{"kbps":688},
"traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a",
"tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
},
{
"id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
"traffic_type":"BROADCAST",
"method":"IP_SUPPRESSION",
"args":{"kbps":1024},
"traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747b",
"tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
}
]
}
}
Delete traffic-protection
Method:DELETEv2.0/traffic-protection/{tranffic-protection-id} URL:v2.0/traffic-protection/{tranffic-protection-id} Description:Delete a specified traffic-protection. Request: DELETE /v2.0/traffic-protection-policys/a7734e61-b545-452d-a3cd-0189cbd97qqq Contect-Type:application/json Accept: application/json Reponse:
List traffic-protection-policys
Method:GET URL:v2.0/traffic-protection-policys Description:List a summary of all OpenStack Networking traffic-protection-policys that the specified tenant can access. Request: GET /v2.0/traffic-protection-policys.json Accept: application/json Reponse: { "traffic_protection_policys":[
{
"id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
"traffic_type":"ARP_BROADCAST",
"method":"SUPPRESSION",
"args":{"kbps":688},
"traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a",
"tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
} { "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq", "traffic_type":"BROADCAST", "method":"IP_SUPPRESSION", "args":{"kbps":1024}, "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747b", "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112" } ] }
Create traffic-protection-policys
Method:POST URL:v2.0/traffic-protection-policys Description:Create an Openstack Network traffic-protection Request: POST /v2.0/traffic-protection-policys.json Accept: application/json { "traffic_protection_policy":{ "traffic_type":"BROADCAST", "method":"SUPPRESSION", "args":{"kbps":1024}, "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a" } }
Reponse: { "traffic_protection_policy":{ "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq", "traffic_type":"BROADCAST", "method":"SUPPRESSION", "args":{"kbps":1024}, "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a", "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112" } }
Show traffic-protection-policy
Method:GET URL:v2.0/traffic-protection-policys/{tranffic-protection-policys-id} Description:show detailed infomation for a specified traffic-protection-policys. Request: GET /v2.0/traffic-protection-policy/a7734e61-b545-452d-a3cd-0189cbd97qqq Accept: application/json Reponse: { "traffic_protection_policy":{ "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq", "traffic_type":"BROADCAST", "method":"SUPPRESSION", "args":{"kbps":688}, "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a", "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112" } }
Delete traffic-protection-policys
Method:DELETE URL:DELETEv2.0/traffic-protection-policys/{tranffic-protection-policys-id} Description:Delete a specified traffic-protection. Request: DELETE /v2.0/traffic-protection-policys/a7734e61-b545-452d-a3cd-0189cbd97qqq Contect-Type:application/json Accept: application/json Reponse:
