Neutron/TrafficProtection
Contents
Neutron Traffic Protection Support - API and Featurres
Background
1. A traffic storm occurs when a large amount of broadcast, multicast,or unknow unicast packets congest a network .
2. Some Mailcious programs maybe send a large amount of the particular type of traffic,eg ARP,ICMP...
Because the two points lead to exssive cpu and network cost, and some security problems, most physical switches offer many traffic protection functions,such as broadcast-suppression,storm control,arp anti-attack rate-limit. Neutron also need this ability in complex real-world data centers.
traffic storm protection approaches:
Storm suppression, which enables to limit the size of monitored traffic passing through an Ethernet interface by setting a traffic threshold. When the traffic threshold is exceeded, the interface discards all exceeding traffic.
Storm control, which enables to shut down Ethernet interfaces or block traffic when monitored traffic exceeds the traffic threshold. It also enables an interface to send trap or log messages when monitored traffic reaches a certain traffic threshold, depending on the configuration.
Introduction
A proposal to allow the users of neutrn network service to get tranffic-protection in complex real-world data centers.
1.Per network: all the VMs/hosts on particular network belonging to a particular tenant get traffic-protection
2.Per port:A VMs/host connected to that port get traffic-protection
Concept
Traffic-proction
Attribute | Type | Required | CRUD | Default Value | Validation Constraints | Notes |
---|---|---|---|---|---|---|
id | uuid-str | N/A | R | generated | N/A | UUID for traffic-protection |
name | String | No | CR | None | N/A | Human-readable name for traffic-protection.Might not be unique. |
traffic_protection_policies | dict | No | R | Empty List | N/A | the description of policies about to which particular type of traffic, use which methos to achieve the traffic-protection. |
tenant_id | uuid-str | No | CR | N/A | N/A | owner of traffic-protection |
Traffic-protection-policies
Attribute | Type | Required | CRUD | Default Value | Validation Constraints | Notes |
---|---|---|---|---|---|---|
id | uuid-str | N/A | R | generated | N/A | UUID for traffic-protection-policies |
traffic_type | enum | Yes | CR | none | one of support type list | which particular type of traffic |
method | enum | Yes | CR | none | one of support method list | which method to achieve the traffic-protection. |
args | dict | No | CR | empty dict | N/A | the arguments of traffic-protection method |
traffic_protection_id | uuid-str | No | CR | N/A | N/A | which traffic_protection is associated with the policy |
tenant_id | uuid-str | No | CR | N/A | N/A | owner of traffic-protection-policy |
Extension API
List traffic-protections
Method:GET URL:v2.0/traffic-protections Description:List all Openstack networking traffic protections to which the specified tenant has access. Request: GET /v2.0/traffic-protections.json Accept: application/json Reponse: { "traffic_protections":[ { "id":"a7734e61-b545-452d-a3cd-0189cbd97abc", "name":"any string", "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112" "traffic_protection_policies":[ { "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq", "traffic_type":"ARP_BROADCAST", "method":"SUPPRESSION", "args":{"kbps":688}, "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a", "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112" }, { "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq", "traffic_type":"BROADCAST", "method":"IP_SUPPRESSION", "args":{"kbps":1024}, "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747b", "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112" } ] }, ] }
Create traffic-protection
Method:POST URL:v2.0/traffic-protections Description:Creates an Openstack Netwrok traffic-protection Request: POST /v2.0/traffic-protections.json Accept: application/json { "traffic_protection": { "name":"any string", } } Reponse: { "traffic_protection": { "id":"a7734e61-b545-452d-a3cd-0189cbd97abc", "name":"any string", "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112" } }
Show traffic-protection
Method:GET URL:v2.0/traffic-protection/{tranffic-protection-id} Description:show the infomation of a specified traffic-protection. Request: GET /v2.0/traffic-protections/a7734e61-b545-452d-a3cd-0189cbd97abc Accept: application/json Reponse: { "traffic_protection": { "id":"a7734e61-b545-452d-a3cd-0189cbd97abc", "name":"any string", "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112", "traffic_protection_policies":[ { "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq", "traffic_type":"ARP_BROADCAST", "method":"SUPPRESSION", "args":{"kbps":688}, "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a", "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112" }, { "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq", "traffic_type":"BROADCAST", "method":"IP_SUPPRESSION", "args":{"kbps":1024}, "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747b", "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112" } ] } }
Delete traffic-protection
Method:DELETEv2.0/traffic-protection/{tranffic-protection-id} URL:v2.0/traffic-protection/{tranffic-protection-id} Description:Delete a specified traffic-protection. Request: DELETE /v2.0/traffic-protection-policies/a7734e61-b545-452d-a3cd-0189cbd97qqq Contect-Type:application/json Accept: application/json Reponse:
List traffic-protection-policies
Method:GET URL:v2.0/traffic-protection-policies Description:List a summary of all OpenStack Networking traffic-protection-policies that the specified tenant can access. Request: GET /v2.0/traffic-protection-policies.json Accept: application/json Reponse: { "traffic_protection_policies":[ { "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq", "traffic_type":"ARP_BROADCAST", "method":"SUPPRESSION", "args":{"kbps":688}, "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a", "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112" } { "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq", "traffic_type":"BROADCAST", "method":"IP_SUPPRESSION", "args":{"kbps":1024}, "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747b", "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112" } ] }
Create traffic-protection-policies
Method:POST URL:v2.0/traffic-protection-policies Description:Create an Openstack Network traffic-protection Request: POST /v2.0/traffic-protection-policies.json Accept: application/json { "traffic_protection_policy":{ "traffic_type":"BROADCAST", "method":"SUPPRESSION", "args":{"kbps":1024}, "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a" } } Reponse: { "traffic_protection_policy":{ "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq", "traffic_type":"BROADCAST", "method":"SUPPRESSION", "args":{"kbps":1024}, "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a", "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112" } }
Show traffic-protection-policy
Method:GET URL:v2.0/traffic-protection-policies/{tranffic-protection-policies-id} Description:show detailed infomation for a specified traffic-protection-policies. Request: GET /v2.0/traffic-protection-policy/a7734e61-b545-452d-a3cd-0189cbd97qqq Accept: application/json Reponse: { "traffic_protection_policy":{ "id":"a7734e61-b545-452d-a3cd-0189cbd97qqq", "traffic_type":"BROADCAST", "method":"SUPPRESSION", "args":{"kbps":688}, "traffic_protection_id":"a7734e61-b545-452d-a3cd-0189cbd9747a", "tenant_id":"a7734e61-b545-452d-a3cd-0189cbd91112" } }
Delete traffic-protection-policy
Method:DELETE URL:DELETEv2.0/traffic-protection-policies/{tranffic-protection-policy-id} Description:Delete a specified traffic-protection. Request: DELETE /v2.0/traffic-protection-policies/a7734e61-b545-452d-a3cd-0189cbd97qqq Contect-Type:application/json Accept: application/json Reponse: