The goal of this document is to provide an umbrella blueprint defining how to add support for VPC in Openstack.
A VPC is defined as an entity providing resources access boundaries with the goal of building a logically isolated infrastructure assigned to a tenant.
There are multiple options to implement this entity, either as a formal node in the openstack container hierarchy (domain, projects), or as a tag used to define access policies.
Contents
[hide]
- 1 Relationship with other blueprint
- 2 Use cases
- 3 Resource Model
- 4 Implementation options
- 5 Resulting Blueprints
Relationship with other blueprint
- Hierarchical Multitenancy [1] defines a hierarchical model for resource ownership and containment. This blueprint can be used to implement the VPC concept by considering each VPC as a node in the hierarchy.
- AWS VPC API support [2] aims at providing an EC2 VPC equivalent API on openstack. This blueprint uses a special project to group the VPC resources, however, it doesn‘t address the needed changes in scoping of different resource to implement a true isolated VPC.
- Hierarchical Administrative Boundaries [5] defines a model similar to [1] and is focusing on defining administrative delegation.
Use cases
- 1 - The administrator of a domain can create a VPC composed of network resources. A generic VPC can look like:
- Within the VPC, the administrator can :
- 1.1 - create a shared network. A shared network in the VPC is equivalent to a Neutron public network (it‘s a public network with a restricted scope).
- 1.2 - create a transit or external network that can be connected to a remote datacenter through, for MPLS or a VPN or to the internet.
- 1.3 - define specific flavors, images or other openstack resources restricted to be used within this VPC (e.g. DNS Zone, LB Resources, ...).
- 1.4 - define quota for resources available to a given VPC.
- 2 - The domain administrator can delegate the management of the VPC to a user or group of the domain
- 3 - A user of a domain, can create a project within a given VPC. Within this project, the user can
- 3.1. create a private network using the VPC external or shared network as the next hop. VMs can get a floating IP from the shared or external network
- 3.2 create a VM within a project attached to a shared network exposed by the VPC.
Resource Model
The above model is showing a relationship between VPC and Project assuming a containment relationship. However, as shown below, depending on the implementation, it could be a more loose relationship.
http://blog.csdn.net/quqi99/article/details/41829605
https://wiki.openstack.org/wiki/Blueprint-VPC
时间: 2024-10-21 10:30:25