Revision as of 08:57, 17 February 2014

Neutron Traffic Protection Support - API and Featurres

Background

1. A traffic storm occurs when a large amount of broadcast, multicast,or unknow unicast packets congest a network .

2. Some Mailcious programs maybe send a large amount of the particular type of traffic,eg ARP,ICMP...

Because the two points lead to exssive cpu and network cost, and some security problems, most physical switches offer many traffic protection functions,such as broadcast-suppression，storm control，arp anti-attack rate-limit. Neutron also need this ability in complex real-world data centers.

Introduction

A proposal to allow the users of neutrn network service to get tranffic-protection in complex real-world data centers.

1.Per network: all the VMs/hosts on particular network belonging to a particular tenant get traffic-protection

2.Per port:A VMs/host connected to that port get traffic-protection

Concept

Traffic-proction

Attribute	Type	Required	CRUD	Default Value	Validation Constraints	Notes
id	uuid-str	N/A	R	generated	N/A	UUID for traffic-protection
name	String	No	CR	None	N/A	Human-readable name for traffic-protection.Might not be unique.
traffic_protection_policies	dict	No	R	Empty List	N/A	the description of policies about to which particular type of traffic, use which methos to achieve the traffic-protection.
tenant_id	uuid-str	No	CR	N/A	N/A	owner of traffic-protection

Traffic-protection-policies

Attribute	Type	Required	CRUD	Default Value	Validation Constraints	Notes
id	uuid-str	N/A	R	generated	N/A	UUID for traffic-protection-policies
traffic_type	enum	Yes	CR	none	one of support type list	which particular type of traffic
method	enum	Yes	CR	none	one of support method list	which method to achieve the traffic-protection.
args	dict	No	CR	empty dict	N/A	the arguments of traffic-protection method
traffic_protection_id	uuid-str	No	CR	N/A	N/A	which traffic_protection is associated with the policy
tenant_id	uuid-str	No	CR	N/A	N/A	owner of traffic-protection-policy

Extension API

List traffic-protections

Method:GET
URL:v2.0/traffic-protections 
Description:List all Openstack networking traffic protections to which the specified tenant has access.
Request:
GET /v2.0/traffic-protections.json
Accept: application/json
Reponse:
{
 "traffic_protections":[
  {
  "id":"a7734e61-b545-452d-a3cd-0189cbd97abc",
  "name":"any string",
  "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
    "traffic_protection_policies":[
    {
      "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
      "traffic_type":"ARP_BROADCAST",
      "method":"SUPPRESSION",
      "args":{"kbps":688},
      "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a",
      "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
},
{
    "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
    "traffic_type":"BROADCAST",
    "method":"IP_SUPPRESSION",
    "args":{"kbps":1024},
    "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747b",
    "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
}
]
},
]
}

Create traffic-protection

Method:POST
URL:v2.0/traffic-protections
Description:Creates an Openstack Netwrok traffic-protection
Request:
POST /v2.0/traffic-protections.json
Accept: application/json
{
 "traffic_protection":
  {
  "name":"any string",
}
}
Reponse:
{
 "traffic_protection":
  {
 "id":"a7734e61-b545-452d-a3cd-0189cbd97abc",
 "name":"any string",
 "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
}
  }

Show traffic-protection

Method:GET
URL:v2.0/traffic-protection/{tranffic-protection-id}
Description:show the infomation of a specified traffic-protection.
Request:
GET /v2.0/traffic-protections/a7734e61-b545-452d-a3cd-0189cbd97abc
Accept: application/json
Reponse:
{
 "traffic_protection":
  {
  "id":"a7734e61-b545-452d-a3cd-0189cbd97abc",
  "name":"any string",
    "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112",
    "traffic_protection_policies":[
         {
      "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
      "traffic_type":"ARP_BROADCAST",
      "method":"SUPPRESSION",
      "args":{"kbps":688},
      "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a",
      "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
          },
          {
    "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
    "traffic_type":"BROADCAST",
    "method":"IP_SUPPRESSION",
    "args":{"kbps":1024},
    "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747b",
    "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
          }
]
     }
}

Delete traffic-protection

Method:DELETEv2.0/traffic-protection/{tranffic-protection-id}
URL:v2.0/traffic-protection/{tranffic-protection-id}
Description:Delete a specified traffic-protection.
Request:
DELETE /v2.0/traffic-protection-policies/a7734e61-b545-452d-a3cd-0189cbd97qqq
Contect-Type:application/json
Accept: application/json
Reponse:

List traffic-protection-policies

Method:GET
URL:v2.0/traffic-protection-policies
Description:List a summary of all OpenStack Networking traffic-protection-policies that the specified tenant can access.
Request:
GET /v2.0/traffic-protection-policies.json
Accept: application/json
Reponse:
{
"traffic_protection_policies":[
 {
  "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
  "traffic_type":"ARP_BROADCAST",
  "method":"SUPPRESSION",
  "args":{"kbps":688},
  "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a",
  "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
}
{
"id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
"traffic_type":"BROADCAST",
"method":"IP_SUPPRESSION",
"args":{"kbps":1024},
"traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747b",
"tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
}
]
}

Create traffic-protection-policies

Method:POST
URL:v2.0/traffic-protection-policies
Description:Create an Openstack Network traffic-protection
Request:
POST /v2.0/traffic-protection-policies.json
Accept: application/json
{
"traffic_protection_policy":{
"traffic_type":"BROADCAST",
"method":"SUPPRESSION",
"args":{"kbps":1024},
"traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a"
}
}

Reponse:
{
"traffic_protection_policy":{
"id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
"traffic_type":"BROADCAST",
"method":"SUPPRESSION",
"args":{"kbps":1024},
"traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a",
"tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
}
}

Show traffic-protection-policy

Method:GET
URL:v2.0/traffic-protection-policies/{tranffic-protection-policies-id}
Description:show detailed infomation for a specified traffic-protection-policies.
Request:
GET /v2.0/traffic-protection-policy/a7734e61-b545-452d-a3cd-0189cbd97qqq
Accept: application/json
Reponse:
{
"traffic_protection_policy":{
"id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
"traffic_type":"BROADCAST",
"method":"SUPPRESSION",
"args":{"kbps":688},
"traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a",
"tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
}
}

Delete traffic-protection-policy

Method:DELETE
URL:DELETEv2.0/traffic-protection-policies/{tranffic-protection-policy-id}
Description:Delete a specified traffic-protection.
Request:
DELETE /v2.0/traffic-protection-policies/a7734e61-b545-452d-a3cd-0189cbd97qqq
Contect-Type:application/json
Accept: application/json
Reponse:

@@ Line 32: / Line 32: @@
 | name||String||No||CR||None||N/A||Human-readable name for traffic-protection.Might not be  unique.
 |-
-| traffic_protection_policys||dict||No||R||Empty List||N/A||policy descriptions about to which  particular type of traffic, use which methos to achieve the traffic-protection.
+| traffic_protection_policies||dict||No||R||Empty List||N/A||the description of policies about to which  particular type of traffic, use which methos to achieve the traffic-protection.
 |-
 | tenant_id||uuid-str||No||CR||N/A||N/A||owner of traffic-protection
 |}
-Traffic-protection-policy
+Traffic-protection-policies
 {| class="wikitable"
@@ Line 43: / Line 43: @@
 ! Attribute!! Type !! Required !! CRUD!!Default Value !! Validation Constraints !! Notes
 |-
-|id||uuid-str||N/A||R||generated||N/A||UUID for traffic-protection-policy
+|id||uuid-str||N/A||R||generated||N/A||UUID for traffic-protection-policies
 |-
 |traffic_type||enum||Yes||CR||none||one of support type list||which  particular type of traffic
@@ Line 73: / Line 73: @@
    "name":"any string",
    "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112"
-     "traffic_protection_policys":[
+     "traffic_protection_policies":[
      {
        "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
@@ Line 136: / Line 136: @@
    "name":"any string",
      "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112",
-     "traffic_protection_policys":[
+     "traffic_protection_policies":[
           {
        "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
@@ Line 164: / Line 164: @@
 Description:Delete a specified traffic-protection.
 Request:
-DELETE /v2.0/traffic-protection-policys/a7734e61-b545-452d-a3cd-0189cbd97qqq
+DELETE /v2.0/traffic-protection-policies/a7734e61-b545-452d-a3cd-0189cbd97qqq
 Contect-Type:application/json
 Accept: application/json
@@ Line 170: / Line 170: @@
 </pre>
-===List traffic-protection-policys===
+===List traffic-protection-policies===
 <pre>
 Method:GET
-URL:v2.0/traffic-protection-policys
+URL:v2.0/traffic-protection-policies
-Description:List a summary of all OpenStack Networking traffic-protection-policys that the specified tenant can access.
+Description:List a summary of all OpenStack Networking traffic-protection-policies that the specified tenant can access.
 Request:
-GET /v2.0/traffic-protection-policys.json
+GET /v2.0/traffic-protection-policies.json
 Accept: application/json
 Reponse:
 {
-"traffic_protection_policys":[
+"traffic_protection_policies":[
   {
    "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq",
@@ Line 201: / Line 201: @@
 </pre>
-===Create traffic-protection-policys===
+===Create traffic-protection-policies===
 <pre>
 Method:POST
-URL:v2.0/traffic-protection-policys
+URL:v2.0/traffic-protection-policies
 Description:Create an Openstack Network traffic-protection
 Request:
-POST /v2.0/traffic-protection-policys.json
+POST /v2.0/traffic-protection-policies.json
 Accept: application/json
 {
@@ Line 234: / Line 234: @@
 <pre>
 Method:GET
-URL:v2.0/traffic-protection-policys/{tranffic-protection-policys-id}
+URL:v2.0/traffic-protection-policies/{tranffic-protection-policies-id}
-Description:show detailed infomation for a specified traffic-protection-policys.
+Description:show detailed infomation for a specified traffic-protection-policies.
 Request:
 GET /v2.0/traffic-protection-policy/a7734e61-b545-452d-a3cd-0189cbd97qqq
@@ Line 252: / Line 252: @@
 </pre>
-===Delete traffic-protection-policys===
+===Delete traffic-protection-policy===
 <pre>
 Method:DELETE
-URL:DELETEv2.0/traffic-protection-policys/{tranffic-protection-policys-id}
+URL:DELETEv2.0/traffic-protection-policies/{tranffic-protection-policy-id}
 Description:Delete a specified traffic-protection.
 Request:
-DELETE /v2.0/traffic-protection-policys/a7734e61-b545-452d-a3cd-0189cbd97qqq
+DELETE /v2.0/traffic-protection-policies/a7734e61-b545-452d-a3cd-0189cbd97qqq
 Contect-Type:application/json
 Accept: application/json

Difference between revisions of "Neutron/TrafficProtection"