Multiple vendors, including an open source project within Cisco, have had a policy blueprint approved for the OpenStack cloud platform's Neutron networking component.
The blueprint is intended to allow for an application-centric interface to Neutron that complements its existing network-centric interface. Application awareness will take Neutron beyond basic connectivity to network service enablement, such as service chaining, QoS, access control, path properties, and others.
Vendors working on the so-called Group Based Policy blueprint over the past eight or nine months include Cisco, Juniper, Alcatel-Lucent and its Nuage Networks subsidiary, Big Switch Networks, Midokura, One Convergence, IBM, RedHat, NTT, Intel, Mirantis, Plexxi and others, including Noiro Networks, an open source activity within Cisco.
Noiro is a project within Cisco's Insieme Business Unit (INSBU). The group reports into INSBU leadership team, according to Mike Dvorkin, Insieme's co-founder and chief scientist, who tweeted on Friday about the policy blueprint being approved. It was created with a goal of building a set of open-source technologies centered around group-based policies.
Noiro is funded within INSBU and is not a Cisco spin-in startup company like Insieme was. Currently, Noiro is focused on OpenStack Neutron, OpenDaylight and Open vSwitch, Dvorkin says.
"As many know, declarative models, abstractions and describing behaviors in terms of groups and policies that regulate how these groups interact have been my life-long obsession, and taking these concepts to open source is very exciting," Dvorkin said in an e-mail to Techworld's sister title Network World. "We have a small team of dedicated software engineers with prior open source involvement who care deeply about these concepts and related theoretical work. The group does not have a product or an end-goal in its charter. Instead, its only focus is to drive the declarative methods of control forward and apply it to variety of technologies across multiple disciplines."
Noiro, which means black zero, took on its own identity to make it visibly focused and distinct from other open-source related projects within Cisco, Dvorkin said. Black, or noir, represents abstraction as a form of obfuscation of implementation detail; zero is an ideal amount of discrepancy between desired state and the reality.
According to the Group Based Policy document on the OpenStack website, the current Neutron model of networks, ports, subnets, routers, and security groups provides the necessary building blocks to create a logical network topology for connectivity, but does not provide the right level of abstraction for an application administrator. The administrator understands the application's details -- like application port numbers -- but not the infrastructure details like networks and routes.
Neutron's current connectivity abstraction puts the burden of maintaining the consistency of the network topology on the user, the document states. The lack of application developer/administrator focused abstractions supported by a declarative model like OpenStack makes it hard for those users to consume Neutron as a connectivity layer, the document states.
The Group Based Policy framework complements Neutron by defining policies that can be applied between groups of endpoints for broader, more diverse network services beyond basic connectivity. These services are expressed as policies that allow application administrators to delegate networking requirements to groups of endpoints.
The Group Based Policy framework is not yet the default application-centric policy abstraction for Neutron though, Dvorkin notes.
"The beauty of the open source is that the best or, at least, the most adopted approach will eventually win," he says. "So, time will tell. However, we do hope that GBP will become the default application-centric policy abstraction for Neutron, and we'd be glad to evolve it in any way that would make it more useful and adoptable."
With regard to the OpenStack Congress declarative compliance and governance cloud policy framework currently under development, the Group Based Policy framework for Neutron will be utilized by Congress for application-centric network policy definition, abstraction and enforcement, developers say. It will also be utilized in the Data Services Engine (DSE) of the OpenDaylight open source SDN project, they say.
"It provides a framework by which compliance and governance systems like Congress can issue directives that can affect how policies are applied without change of intent," Dvorkin says.
OpenDaylight DSE was recently demonstrated by Plexxi as a way to refresh configuration data when changes occur.