Jump to: navigation, search

QuantumCloudpipe

Revision as of 20:27, 6 December 2011 by Ddutta (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Cloudpipe in Quantum

Summary:

Cloudpipe support in Quantum will let external users create a secure tunnel into a tenant network.

Note:

CloudPipe is special use case for generalized L3 services. However, as a first step, we refactor the current cloudpipe effort into Quantum and obtain Nova parity. The design goal is to have a flexible mechanism for inserting this service.

Use Cases:

  1. Allow an external user to VPN into a network and get an IP address an internal (to the network she VPNs into) IP address for any network.
  2. Allow a TenantAdmin to create private network topologies and create VPN tunnels from the external network into these networks (which could be edges of a private topology).
  3. Allow a TenantUser to determine the tunnel details of every virtual network/edge (of the topology).

Target “Quantum:Admin” workflow:

  1. Allow CloudPipe/VPN access to this user.

Target “Quantum:TenantUser” workflow:

  1. Specify a cloudpipe image (it could be per network or a fixed cloudpipe image for the entire tenant)
  2. Retrieve credentials for the cloudpipe.
  3. Enable cloudpipe for a given network.

Implementation:

Changes to Quantum:

  • API changes to Quantum would include adding attributes to a network upon creation for the cloudpipe. An alternative is to specify it separately (not during creation).

Changes to Nova

  • During creation of a VM, pass the handle to a network. This is required because the VM creation process would include a script injection with the parameters that are specific to the network, before the network is even attached by Quantum.
  • Hence we need API changes for the above.

Design Notes:

Retrieved from "https://wiki.openstack.org/w/index.php?title=QuantumCloudpipe&oldid=11018"