The goal of this document is to provide an umbrella blueprint defining how to add support for VPC in Openstack.

A VPC is defined as an entity providing resources access boundaries with the goal of building a logically isolated infrastructure assigned to a tenant.

There are multiple options to implement this entity, either as a formal node in the openstack container hierarchy (domain, projects), or as a tag used to define access policies.

Relationship with other blueprint

  • Hierarchical Multitenancy [1] defines a hierarchical model for resource ownership and containment. This blueprint can be used to implement the VPC concept by considering each VPC as a node in the hierarchy.
  • AWS VPC API support [2] aims at providing an EC2 VPC equivalent API on openstack. This blueprint uses a special project to group the VPC resources, however, it doesn't address the needed changes in scoping of different resource to implement a true isolated VPC.
  • Hierarchical Administrative Boundaries [5] defines a model similar to [1] and is focusing on defining administrative delegation.

Use cases

1 - The administrator of a domain can create a VPC composed of network resources. A generic VPC can look like:

Within the VPC, the administrator can :
1.1 - create a shared network. A shared network in the VPC is equivalent to a Neutron public network (it's a public network with a restricted scope).
1.2 - create a transit or external network that can be connected to a remote datacenter through, for MPLS or a VPN or to the internet.
1.3 - define specific flavors, images or other openstack resources restricted to be used within this VPC (e.g. DNS Zone, LB Resources, ...).
1.4 - define quota for resources available to a given VPC.
2 - The domain administrator can delegate the management of the VPC to a user or group of the domain
3 - A user of a domain, can create a project within a given VPC. Within this project, the user can
3.1. create a private network using the VPC external or shared network as the next hop. VMs can get a floating IP from the shared or external network
3.2 create a VM within a project attached to a shared network exposed by the VPC.

Resource Model

The above model is showing a relationship between VPC and Project assuming a containment relationship. However, as shown below, depending on the implementation, it could be a more loose relationship.

http://blog.csdn.net/quqi99/article/details/41829605

https://wiki.openstack.org/wiki/Blueprint-VPC

neutron VPC的更多相关文章

  1. 2017.4.5 OpenStack简介

    OpenStack 管理的资源不是单机的而是一个分布的系统,把分布的计算.存储.网络.设备.资源组织起来,形成一个完整的云计算系统:OpenStack 也提供一个 UI,这里包括一个图形化的 UI:H ...

  2. 深入浅出新一代云网络——VPC中的那些功能与基于OpenStack Neutron的实现(一)

    VPC的概念与基于vxlan的overlay实现很早就有了,标题中的"新"只是一个和传统网络的相对概念.但从前年开始,不同于以往基础网络架构的新一代SDN网络才真正越来越多的走进国 ...

  3. Neutron 理解 (1): Neutron 所实现的虚拟化网络 [How Netruon Virtualizes Network]

    学习 Neutron 系列文章: (1)Neutron 所实现的虚拟化网络 (2)Neutron OpenvSwitch + VLAN 虚拟网络 (3)Neutron OpenvSwitch + GR ...

  4. What's VPC (by quqi99)

    作者:张华  发表于:2014-12-09版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本版权声明 ( http://blog.csdn.net/quqi99 ) VPC ...

  5. 一:Neutron实现网络虚拟化

    一 云计算时代数据中心物理网络的问题 数据中心虚拟化成为了趋势,最典型的场景莫过于:对数据中心的服务器进行虚拟化,来提高资源利用率,同时降低单位能耗. 但是,随着数据中心虚拟化程度的不断提高.虚拟化服 ...

  6. Neutron网络学习

    学习 Neutron 系列文章: 转http://www.cnblogs.com/sammyliu/p/4622563.html (1)Neutron 所实现的网络虚拟化 (2)Neutron Ope ...

  7. Neutron 理解 (1): Neutron 所实现的网络虚拟化 [How Neutron Virtualizes Network]

    学习 Neutron 系列文章: (1)Neutron 所实现的网络虚拟化 (2)Neutron OpenvSwitch + VLAN 虚拟网络 (3)Neutron OpenvSwitch + GR ...

  8. 创建vpc网络

    vpc相关功能点: 模块 功能点 描述 备注 VPC 创建vpc网络 创建vpc网络,指定vpc网络名称   修改vpc网络 修改vpc网络名称   删除vpc网络 删除vpc网络   vpc相关命令 ...

  9. Openstack Neutron : 安全

    目录 - iptable:起源 - tables - chains - rules - 方向 - Security group 安全组: - Firewall 防火墙: - 更高的安全 - 无处安放的 ...

随机推荐

  1. 利用python 掌握机器学习的过程

    转载:http://python.jobbole.com/84326/ 偶然看到的这篇文章,觉得对我挺有引导作用的.特此跟大家分享一下. 为了理解和应用机器学习技术,你需要学习 Python 或者 R ...

  2. NFS详细分析

    1. NFS服务介绍 1.1什么是NFS服务 NFS(Network File System)即网络文件系统,它允许网络中的计算机之间通过TCP/IP网络共享资源.在NFS的应用中,本地NFS的客户端 ...

  3. [译]GLUT教程 - 每秒帧数

    Lighthouse3d.com >> GLUT Tutorial >> Extras >> Frames per Second 你的程序实际上跑得多快? 有时我们 ...

  4. CIA 读书笔记

    对此书的评价只有八个字:粗制滥造,到处粘贴. 对于通过表情识别人情绪的教程,最好要有图,图很重要,也最好有案例.

  5. jq bootstrap select 点击不能动弹

    jq  bootstrap select 点击不能动弹   因为是样式selectpicker  冲突. 解决办法换 样式  form-control <select name="ty ...

  6. AR9331出现connect-debounce failed,port 1 disabled解决方法备忘

    基于AR9331的路由器,自己画的pcb板子,居然出现这个错误,百度下,貌似有不少人遇见过这个错误,可是在改动板子前我的固件用的是没问题的.USB完美使用 改动过板子后出现这个问题! hub 1-0: ...

  7. php != 和 !== 的区别

    == and != do not take into account the data type of the variables you compare. So these would all re ...

  8. XSD文件详解

    XSD (xml Schema Definition) Xml Schema的用途 1.  定义一个Xml文档中都有什么元素 2.  定义一个Xml文档中都会有什么属性 3.  定义某个节点的都有什么 ...

  9. Composer的Autoload源码实现1——启动与初始化

    前言 上一篇文章,我们讨论了 PHP 的自动加载原理.PHP 的命名空间.PHP 的 PSR0 与 PSR4 标准,有了这些知识,其实我们就可以按照 PSR4 标准写出可以自动加载的程序了.然而我们为 ...

  10. 如何更好的利用Node.js的性能极限

    通过使用非阻塞.事件驱动的I/O操作,Node.js为构建和运行大规模网络应用及服务提供了很好的平台,也受到了广泛的欢迎.其主要特性表现为能够处理庞大的并且高吞吐量的并发连接,从而构建高性能.高扩展性 ...