group-based-policy

Group Based Policy

Go to file

Thomas Bachman 1e35489bf1 Fix implicit ICMPv6 Security Group Rules The implicit security group rules only included a rule to allow ICMPv6 ingress traffic. Furthermore, the security group rules used reflexive connection tracking, which causes issues when integrated with Open vSwitch rules (the router advertisement messages would result in connection tracking returning an "invalid" state). This patch adds bidirectional ICMPv6 to the implicit rules, without the reflexive behavior, which will allow the SLAAC process to succeed. Change-Id: I19bfb63acaa76ce41200c4e71bc3b5c73f995748		2019-09-19 02:39:53 +00:00
devstack	[AIM] Improve validation output for missing external VRF	2019-03-21 16:23:35 -04:00
doc/source	Replace openstack.org git:// URLs with https://	2019-03-24 20:33:43 +00:00
etc	Remove monolithic service chain plugin and drivers	2017-06-13 21:46:46 +00:00
gbpservice	Fix implicit ICMPv6 Security Group Rules	2019-09-19 02:39:53 +00:00
tools	Remove unused tools/tox_install.sh	2016-08-30 10:47:17 +02:00
.coveragerc	Change ignore-errors to ignore_errors	2015-09-21 14:59:28 +00:00
.gitignore	Status attributes for GBP resources	2016-06-22 01:29:46 -07:00
.gitreview	OpenDev Migration Patch	2019-04-19 19:51:00 +00:00
.testr.conf	Fix stable/newton UT issues	2019-03-05 20:24:43 -05:00
.zuul.yaml	Fix stable/newton gate	2019-06-09 19:23:56 -04:00
CONTRIBUTING.rst	Workflow documentation is now in infra-manual	2014-12-05 03:30:45 +00:00
HACKING.rst	Update GBP to work with Neutron Master (Post Juno)	2015-04-11 16:28:50 +05:30
LICENSE	Project boilerplate and base modules	2014-09-26 15:16:17 -07:00
MANIFEST.in	Project boilerplate and base modules	2014-09-26 15:16:17 -07:00
README.rst	Fix the acronyms list	2016-03-10 14:57:43 +08:00
TESTING.rst	Adding dir structure for developer reference docs	2016-02-19 14:46:27 -08:00
babel.cfg	Project boilerplate and base modules	2014-09-26 15:16:17 -07:00
openstack-common.conf	Renaming gbp package to gbpservice	2014-12-31 19:13:19 -08:00
requirements.txt	Pin keystoneclient to liberty branch	2016-01-14 10:08:36 -08:00
run_tests.sh	fix test coverage report	2015-06-10 21:28:04 -07:00
setup.cfg	[AIM] Validation/Repair/Migration Tool	2018-05-22 16:49:30 -04:00
setup.py	Syncing with mitaka dependencies	2016-02-25 18:35:47 -08:00
test-requirements.txt	[AIM] Improve validation output for missing external VRF	2019-03-21 16:23:35 -04:00
tox.ini	Pull the upper constraint file also from the opendev.org site	2019-06-19 15:07:02 -07:00

README.rst

Group Based Policy (GBP) provides declarative abstractions for achieving scalable intent-based infrastructure automation.

GBP complements the OpenStack networking model with the notion of policies that can be applied between groups of network endpoints. As users look beyond basic connectivity, richer network services with diverse implementations and network properties are naturally expressed as policies. Examples include service chaining, QoS, path properties, access control, etc.

GBP allows application administrators to express their networking requirements using a Group and a Policy Rules-Set abstraction. The specifics of policy rendering are left to the underlying pluggable policy driver.

GBP model also supports a redirect operation that makes it easy to abstract and consume complex network service chains and graphs.

Checkout the GBP wiki page for more detailed information: <http://wiki.openstack.org/GroupBasedPolicy>

The latest code is available at: <http://git.openstack.org/cgit/openstack/group-based-policy>.

GBP project management (blueprints, bugs) is done via Launchpad: <http://launchpad.net/group-based-policy>

For help using or hacking on GBP, you can send mail to <mailto:openstack-dev@lists.openstack.org>.

Acronyms used in code for brevity:

PT: Policy Target
PTG: Policy Target Group
PR: Policy Rule
PRS: Policy Rule Set
L2P: L2 Policy
L3P: L3 Policy
NSP: Network Service Policy
EP: External Policy
ES: External Segment