Quantum v2 public networks

Registered by dan wendlandt

A common networking use case is that a service provider has a network that all tenants should have access to. for example, a network that provides access to the Internet.

Thus, tenants must have the ability to view the set of available "public" networks, but not modify them (this is likely similar to glances notion of a "public image", so perhaps we should look at that for inspiration).

Another twist is that service providers are likely to want to limit the set of things a tenant can do on this port, more so than what a tenant can do on a private network (where they can in many cases, only hurt themselves and don't ever conflict with other tenants). For example, it is likely that a tenant shouldn't be able to choose its own mac address on a shared network, or consume an arbitrary number of IP addresses from the subnet (in fact, one might be enough). However, the provider probably does want to let the tenant control the security groups on these ports, and view packet statistics. So we'll need some way to indicate which port attributes can be viewed and modified for such public ports.

Another example is that while the tenant can see the existence of the public network, it should not be able to list the set of ports on that public network, except for its own ports.

Note: it is likely that this blueprint will require changes to quantum-server, quantumclient, and nova.

Blueprint information

Status:
Complete
Approver:
dan wendlandt
Priority:
Essential
Drafter:
None
Direction:
Needs approval
Assignee:
Salvatore Orlando
Definition:
Pending Approval
Series goal:
Accepted for folsom
Implementation:
Implemented
Milestone target:
milestone icon 2012.2
Started by
Salvatore Orlando
Completed by
dan wendlandt

Related branches

Sprints

Whiteboard

I'm interested in how this BP relates to the provider-networks BP. I'd assume the underlying L2 network of a "public network" would typically be a provider VLAN network or a provider flat network. Do you see the "public" aspect as something specified by passing in an additional attribute when creating that provider network or the L3 subnet on top of that provider network?

[salvatore] The two tasks are orthogonal, but in many scenarios a public networks will be likely associated with a provider-specific vlan id.

Gerrit topic: https://review.openstack.org/#q,topic:bp/quantum-v2-public-networks,n,z

Addressed by: https://review.openstack.org/9845
    Adds the 'public network' concept to Quantum

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.