Big Switch Plugin Routing-Rules extension
The Big Switch controller's Virtual Router implementation supports "routing rules" which are of the form:
<source, destination, next-hop, action>
This extension aims to expose this abstraction via the Big Switch Quantum plugin.
These rules are applied at the router level, allowing tenants to control communication between networks at a high level without requiring security policies. (e.g. prevent servers in a publicly accessible subnet from communicating with database servers).
This extension does not have any relation to the extraroute extension.
It controls a fundamentally different aspect of the network traffic.
The extraroute extension is for adding routes to a routing table for the router to use to make forwarding decisions.
The routing_rules extension is used to apply stateless ACLs to the router to control traffic flow between subnets before the routing table is reached.
This is being submitted as a vendor-specific extension due to the presence of the 'nexthops' attribute. It can be used to specify the interfaces used to handle traffic from clients in order to prevent hair-pinning and other network inefficiencies. In other words, it is a next hop for the traffic as it leaves the client, not the next hop once it reaches the router.
Blueprint information
- Status:
- Complete
- Approver:
- Mark McClain
- Priority:
- Medium
- Drafter:
- Kevin Benton
- Direction:
- Approved
- Assignee:
- Kevin Benton
- Definition:
- Approved
- Series goal:
- Accepted for havana
- Implementation:
- Implemented
- Milestone target:
- 2013.2
- Started by
- Sumit Naiksatam
- Completed by
- Kevin Benton
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Adds support for router rules to Big Switch plugin