Merge "introducint TScP and PROXY_GROUP extension"

2015-10-20 18:10:44 +00:00 · 2015-10-20 18:10:44 +00:00 · 0460baf43c
commit 0460baf43c
parent 9edfda99c9 adbbd0e2e3
1 changed files with 268 additions and 0 deletions
--- a/specs/kilo/gbp-traffic-stitching-plumber.rst
+++ b/specs/kilo/gbp-traffic-stitching-plumber.rst
@ -0,0 +1,268 @@
+..
+ This work is licensed under a Creative Commons Attribution 3.0 Unported
+ License.
+
+ http://creativecommons.org/licenses/by/3.0/legalcode
+
+==========================================
+Traffic Stitching Plumber
+==========================================
+
+
+Problem description
+===================
+As part of the service chain refactor effort [0] GBP now supports the ability to provision
+"node centric" service chains that are composed of interoperable multi-vendor service
+nodes linked by a Plumber, which takes care of placing the services in the underlying
+infrastructure in a way that complies with the user intent.
+Each Node Driver will expose a set of networking requirements via the get_plumbing_info
+API, that will be used by the plumber to ensure that the traffic flows correctly.
+As for today, the only plumber implementation we have (obviously intended as a placeholder
+for testing) just blindly add Policy Targets to the provider and the consumer
+groups, making the chain ordering useless and traffic flowing incorrect.
+
+This document will address the design of a Plumber that will guarantee traffic
+to flow as expected throughout the chain, in the order specified by the SCS.
+
+
+Proposed change
+===============
+
+The proposal of this blueprint is to implement a Traffic Stitching Plumber (TScP)
+that uses the GBP underlying constructs in order to guarantee a correct traffic flow
+across services from their provider to the consumer and vice versa.
+As discussed in [0] the output of the plumbing operations will be either the creation or
+deletion of a set of Service Targets, which effectively result in creation of Policy Targets exposed
+to the specific Node Driver for its own use. In addition to that, TScP will create a set of L2Ps
+and/or PTGs that are "stitched" together and host the actual service PTs.
+
+
+The creation of said plumber, will be divided in three macro steps:
+
+1. Introduction of the PROXY_GROUP driver extension, an extension of the base
+   GBP API that introduces a way to "proxy" a PTG with another that "eats" all
+   the incoming and outgoing traffic from the original PTG;
+
+2. Make RMD compliant with the PROXY_GROUP extension;
+
+3. Implement the TScP, that will exclusively make use of existing GBP constructs
+   (and proxy_group extension) in order to deploy the chain. This will guarantee
+   interoperability across multiple backend solutions.
+
+
+PROXY_GROUP driver extension.
+    The main functionality exposed by this extension is the ability to put a PTG
+    "in front" of an existing one (in a linked list fashion). Whenever a PTG
+    proxies another, all the traffic going to the original PTG will have to go
+    through the proxy fist. Traffic from the Proxy through the original group will
+    go through a special PT that has the proxy_gateway flag set to True.
+    In addition to the above, a new "group_default_gateway" attribute is introduced
+    for PTs, that indicates a special PT that will take the default gateway address
+    for a given group (typically enforced by reserving the corresponding Neutron
+    Subnet address). The flow representation below describes how traffic flows
+    from a L3P (for simplicity) to a PTG proxied by another:
+
+    asciiflow::
+
+     +---+                    +-------+
+     |   |                    |       |                 +-------+
+     |   |     +--------------+       +-----------+     |       |
+     |PTG<-----> proxy_gateway| PROXY | group dgw <----->  L3P  |
+     |   |     +--------------+       +-----------+     |       |
+     |   |                    |       |                 +-------+
+     +---+                    +-------+
+
+
+    There are two types of Proxies: L2 and L3 proxy. A L2 proxy will share the
+    same subnets as the original group (at least at the CIDR level, may be different
+    Neutron's subnets). In a L2 Proxy traffic is supposed to go through the proxy
+    without being routed. A L3 proxy will route traffic to the original group,
+    and will have its own subnet coming from a proxy_ip_pool, new attribute that
+    extends the L3P.
+
+    Note that this extension will be exclusively for *internal* use! Meaning that
+    the TScP is likely the only entity that will even make use of this API.
+
+
+RMD compliance with PROXY_GROUP extension.
+    The RMD will use existing Neutron constructs for implementing the PROXY_GROUP
+    extension using the semantic described above. More specifically, whenever a
+    Proxy is put in front of a PTG, the latter will be detached from the L3P router and
+    replaced by the Proxy. Is then expected that a proxy_gateway PT is created and
+    a proper function (depending from the proxy type) is created for ensuring traffic
+    flow.
+
+    In case of L3 proxies, the subnet allocation will happen just like it does for
+    normal PTGs, but from a different Pool (proxy_ip_pool). Also, routes need
+    to be updated properly across the Neutron subnets/routers when a L3 Proxy
+    is used.
+
+TScP implementation.
+    The last step of the implementation is the TScP itself. By using the new
+    PROXY_GROUP constructs, the TScP plumber will take care of setting up the
+    Service Chain datapath.
+    Depending on the plumbing type used (defined in a different blueprint) the
+    TScP will create the correct proxy type and PTs to be provided to the node
+    driver for the actual service plugging to happen. Support for a management
+    PTG will also be implemented.
+
+
+Data model impact
+-----------------
+
+A number of tables are created for the PROXY_GROUP extension to work:
+
+GroupProxyMapping (gp_group_proxy_mappings):
+    * policy_target_group_id - proxy PTG UUID;
+    * proxied_group_id - UUID of the proxied PTG
+    * proxy_group_id - UUID of the current PTG's proxy
+    * proxy_type - ENUM (L2/L3)
+
+
+ProxyGatewayMapping(gp_proxy_gateway_mappings):
+    * policy_target_id - PT UUID
+    * proxy_gateway - Bool indicating whether this PT is a gateway to proxy
+    * group_default_gateway - Bool indicating whether this PT is the DG for its PTG
+
+
+ProxyIPPoolMapping(gp_proxy_ip_pool_mapping):
+    * l3_policy_id - L3P UUID
+    * proxy_ip_pool - IP pool (address/cidr) to be used for L3 proxies
+    * proxy_subnet_prefix_length - Iterger value, prefix len for the proxy subnets
+
+REST API impact
+---------------
+
+The REST API changes look like follows (note that they only ally if the PROXY_GROUP
+extension is configured)::
+
+ EXTENDED_ATTRIBUTES_2_0 = {
+     gp.POLICY_TARGET_GROUPS: {
+         'proxied_group_id': {
+             'allow_post': True, 'allow_put': False,
+             'validate': {'type:uuid_or_none': None}, 'is_visible': True,
+             'default': attr.ATTR_NOT_SPECIFIED,
+             'enforce_policy': True},
+         'proxy_type': {
+             'allow_post': True, 'allow_put': False,
+             'validate': {'type:values': ['l2', 'l3', None]},
+             'is_visible': True, 'default': attr.ATTR_NOT_SPECIFIED,
+             'enforce_policy': True},
+         'proxy_group_id': {
+             'allow_post': False, 'allow_put': False,
+             'validate': {'type:uuid_or_none': None}, 'is_visible': True,
+             'enforce_policy': True},
+         # TODO(ivar): The APIs should allow the creation of a group with a
+         # custom subnet prefix length. It may be useful for both the proxy
+         # groups and traditional ones.
+     },
+     gp.L3_POLICIES: {
+         'proxy_ip_pool': {'allow_post': True, 'allow_put': False,
+                           'validate': {'type:subnet': None},
+                           'default': '192.168.0.0/16', 'is_visible': True},
+         'proxy_subnet_prefix_length': {'allow_post': True, 'allow_put': True,
+                                        'convert_to': attr.convert_to_int,
+                                        # for ipv4 legal values are 2 to 30
+                                        # for ipv6 legal values are 2 to 127
+                                        'default': 29, 'is_visible': True},
+         # Proxy IP version is the same as the standard L3 pool ip version
+     },
+     gp.POLICY_TARGETS: {
+         # This policy target will be used to reach the -proxied- PTG
+         'proxy_gateway': {
+             'allow_post': True, 'allow_put': False, 'default': False,
+             'convert_to': attr.convert_to_boolean,
+             'is_visible': True, 'required_by_policy': True,
+             'enforce_policy': True},
+         # This policy target is the default gateway for the -current- PTG
+         # Only for internal use.
+         'group_default_gateway': {
+             'allow_post': True, 'allow_put': False, 'default': False,
+             'convert_to': attr.convert_to_boolean,
+             'is_visible': True, 'required_by_policy': True,
+             'enforce_policy': True},
+     },
+ }
+
+Security impact
+---------------
+
+
+Notifications impact
+--------------------
+
+
+Other end user impact
+---------------------
+
+
+Performance impact
+------------------
+
+
+Other deployer impact
+---------------------
+
+TBD
+
+Developer impact
+----------------
+
+TBD
+
+Community impact
+----------------
+
+
+Alternatives
+------------
+
+
+Implementation
+==============
+
+Assignee(s)
+-----------
+
+* Ivar Lazzaro (mmaleckk)
+
+Work items
+----------
+
+
+Dependencies
+============
+
+
+Testing
+=======
+
+Tempest tests
+-------------
+
+
+Functional tests
+----------------
+
+
+API tests
+---------
+
+
+Documentation impact
+====================
+
+User documentation
+------------------
+
+
+Developer documentation
+-----------------------
+
+
+References
+==========
+
+[0] https://github.com/stackforge/group-based-policy-specs/blob/master/specs/kilo/gbp-service-chain-
+driver-refactor.rst
+