Changes between Version 23 and Version 24 of OpenFlow/FOAM


Ignore:
Timestamp:
07/17/12 14:33:53 (12 years ago)
Author:
Josh Smift
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • OpenFlow/FOAM

    v23 v24  
    6262This issue is fixed in FOAM 0.8.
    6363
     64== Auto-approval ==
     65
     66FOAM 0.8 adds a simple analysis engine which can be used to inform auto-approval decisions. The analysis is done by default, but can be disabled if you really want to for some reason.
     67
     68The action taken on a newly created sliver depends on the geni.approval.approve-on-creation configuration option. It has three possible values:
     69
     70 * Mode 0, "never": Newly created slivers are never automatically approved.
     71 * Mode 1, "always": Newly created slivers are always automatically approved.
     72 * Mode 2, "analsys": Newly created slivers are automatically approved if they pass all the checks in the analysis engine.
     73
     74The analysis engine performs four tests:
     75
     76 * If the sliver's flowspace includes IP space: Does the new sliver's requested IP space overlap with the IP space of any already-approved slivers?
     77 * If the sliver's flowspace includes MAC addresses: Do the new sliver's requested MAC addresses overlap with the MAC addresses of any already-approved slivers?
     78 * If the sliver's flowspace includes ethertypes (other than IP and ARP): Do the new sliver's requested ethertypes overlap with the ethertypes of any already-approved slivers?
     79 * If there are any port groups defined: Does the new sliver's flowspace include more than one port in a port group?
     80
     81If all of those tests pass (i.e. the answer is "no" for all of those questions), the sliver is automatically approved (when FOAM is in mode 2 -- in the other modes, the analysis is still done, but the results are ignored).
     82
     83In practice, this implements a policy somewhat like: "Auto-approve a sliver that includes IP, MAC, or ethertype flowspace, doesn't overlap with anything else, and doesn't include more than one port in these port groups". Port groups might include things like cross-connects, or any other collection of ports where you only want a given sliver to have one port in the group.
     84
     85If a sliver is not auto-approved, the 'pend_reason' field (visible in 'foamctl geni:show-sliver') should explain why.
     86
     87A more flexible policy is expected in future versions of FOAM.
     88
    6489== Sliver approval workflow ==
    6590
    66 This section describes our workflow for approving slivers at BBN.
     91This section describes our workflow for approving slivers at BBN (those which aren't auto-approved).
    6792
    6893FOAM sends e-mail about new slivers to the FOAM admin e-mail address that you configured when you set up FOAM. If further communication about a sliver request is needed, we copy that address on the e-mail, so that everyone will see it. We also send mail to to that address when we approve or reject the sliver (or if we review the request and we're not sure whether to approve or reject it), so everyone knows who did it.