Vinod Borole

Vinod Borole

I like building things to solve problems

Openstack Group-Based Policy

OpenStack has grown from a simple open source project to a major community-based initiative including thousands of contributors in more than a hundred countries.As OpenStack clouds begin to scale and the basic infrastructure-as-a-service (IaaS) use case evolves, developers have an opportunity to look beyond the initial challenges of setting up virtual machines, configuring storage devices, and orchestrating network connectivity on demand.Future IaaS environments need to focus on deployment and delivery of applications and services with speed, agility, flexibility, security, and scale rather than just orchestration of infrastructure components. For such solutions, a declarative policy engine can be a critical component.


The new OpenStack Group-Based Policy (GBP) framework, designed to offer a new set of abstraction that allows to manage OpenStack infrastructure through declarative policy abstractions.GBP is designed on the principle of capturing application requirements directly rather than converting the requirements into a specific set of infrastructure configurations. It is initially targeted at OpenStack networking resources, but the abstractions are general enough to apply to computing and storage resources as well.

The GBP model offers a number of very powerful advantages over the way the current Neutron API works today. Automation and security are much easier to implement through GBP. Simply by becoming a member of a group, a virtual machine inherits all of the group’s policies, allowing developers to easily automate scaling, both up and down. This approach offers a naturally flexible and extensible framework for capturing the requirements of a virtual machine in a single location. It also makes consistency easier to achieve because only one step – becoming a member of the group – is required to inherit multiple policies.

The model is easy for application developers to use and offers them a simple way to describe application requirements. In fact, it was designed to make advanced capabilities such as service chaining extremely easy to use. Finally, the GBP model offers a means for allowing operator and user requirements to coexist cleanly. After a user describes the requirements for an application, the infrastructure operators can impose additional policy constraints if desired.

GBP was designed by a community of developers including Big Switch, Cisco, IBM, Juniper, Midokura, Nuage Networks, and One Convergence.


Your email address will not be published. Required fields are marked *