SlideShare a Scribd company logo

OpenStack Folsom Summit: Melange overview

Download as KEY, PDF
T
troytoman

This is the slide deck from the Melange overview presentation given during the OpenStack Folsom Summit in San Francisco.

TechnologyBusiness
1 of 16
Melange Overview Troy Toman Folsom Summit April 2012
Melange • mélange: noun, a mixture; medley. • melange or mélange • 1. a mixture; confusion • 2. geology  a totally disordered mixture of rocks of different shapes, sizes, ages, and origins 
History • Spun out of NetStack work at Diablo summit • Initial proposal to integrate directly into Nova • Shifted to incubated project after Essex summit • Merging into Quantum going forward • API Doc: http://melange.readthedocs.org
Original Melange Blueprint ✓across OpenStack services. network information services for use Melange is intended to provide ✓The initial focus will be on IP address management (IPAM) - and address discovery (DHCP/dnsmasq) functionality. ✓Melange is intended to be a standalone service with it's own API. NOTE: Melange is just a data store - it doesn’t DO anything!
Melange Elements • IP Blocks • IP Addresses • Static Routes • Interfaces • NAT’ing • Policies • MAC address ranges
IP Blocks • Public or private IP space tracking • { "ip_block": { "broadcast": "10.1.1.255", "cidr": "10.1.1.0/24", "created_at": "2011-12-01T09:46:22", "dns1": "8.8.8.8", "dns2": "8.8.4.4", "gateway": "10.1.1.1", "id": "af19f87a-d6a9-4ce5-b30f-4cc9878ec292", "netmask": "255.255.255.0", "network_id": "quantum_net_id4", "parent_id": null, "policy_id": "2f730874-2088-4f91-87fb-63792c753971", "tenant_id": "RAX", "type": "private", "updated_at": "2011-12-01T09:46:22" } }
IP Addresses { "ip_address": { "address": "10.1.1.6", "created_at": "2011-12-01T10:02:53", "id": "94fa249b-0626-49fc-b420-cce13dabed4f", "interface_id": "interface_id", "ip_block_id": "af19f87a-d6a9-4ce5-b30f-4cc9878ec292", "updated_at": "2011-12-01T10:02:53", "used_by_device": "instance_id", "used_by_tenant": "lessee_tenant", "version": 4 } } Supports both IPv6 and IPv6 addresses
Static Routes • GET /ipam/tenants/{tenant_id}/ip_blocks/{ip_block_id}/ip_routes { "ip_routes": [ { "created_at": "2011-12-01T10:19:12", "destination": "192.168.0.0", "gateway": "10.1.1.1", "id": "364c555d-4e35-43d4-9807-59535df082a5", "netmask": "255.255.255.0", "updated_at": "2011-12-01T10:19:12" }, { "created_at": "2011-12-01T10:20:47", "destination": "192.168.0.0", "gateway": "10.1.1.1", "id": "7ebffbd6-3640-4061-b8f1-7878463e651f", "netmask": "255.255.255.0", "updated_at": "2011-12-01T10:20:47" } ] }
Interface Creation • Orchestrated creation of interface, MAC and IP assignment • POST /ipam/interfaces/ • Creates a vif record, allocates a mac and optionally allocates ip address from a network { "interface": { "id": "virt_iface", "device_id": "instance", "tenant_id": "tnt", "network": { "id": "net1", "addresses": ["10.0.0.2"], "tenant_id": "network_owner_tenant_id" } } }
Interfaces { "interface": { "created_at": "2011-12-01T13:18:37", "device_id": "instance", "id": "virt_iface", "ip_addresses": [ { "address": "10.0.0.2", "id": "7615ca4a-787d-46b0-8a8c-3a90e3e6cf2c", "interface_id": "virt_iface", "ip_block": { "broadcast": "10.0.0.255", "cidr": "10.0.0.0/24", "dns1": "8.8.8.8", "dns2": "8.8.4.4", "gateway": "10.0.0.1", "id": "9c4c3dfd-c707-45bd-8626-9c369b1b9460", "ip_routes": [], "netmask": "255.255.255.0" }, "version": 4 } ], "mac_address": null, "tenant_id": "tnt_id", "updated_at": "2011-12-01T13:18:37" } }
Instance Interfaces • Batch interface for interface creation • PUT /ipam/instances/{instance_id}/interfaces/ • Create interfaces, allocate macs and ips on all networks provided. { "instance": { "tenant_id": "tnt", "interfaces": [ {"network": {"id": "public_net1", "tenant_id": "RAX"}, "mac_address": null}, {"network": {"id": "public_net2", "tenant_id": "RAX"}, "mac_address": null}, ] } }
NAT’ing • Intended for tracking floating IPs or NAT relationships • Globals - public IPs • Locals - private IPs • POST /ipam/ip_blocks/{ip_block_id}/ip_addresses/{address}/inside_globals • Finds local IpAddress from given ip_block_id and address and creates IpAddresses passed in params as its inside global. • {‘ip_addresses’:’[ { “ip_block_id” : “some_global_ip_block_id”, “ip_address” : “some_global_ip_address” }, ..., {....} }
Policies • Create policy (essentially a policy group) • Create policy elements • Unusable ranges • Unusable octets • Assign policy to block
Policy Example • `melange policy create -t {tenant} name={block_name} desc={policy_name}`  • `melange unusable_ip_octet create -t {tenant} policy_id={policy_id} octet=0` • `melange unusable_ip_octet create -t {tenant} policy_id={policy_id} octet=1` • `melange ip_block update -t {tenant} id={block_id} policy_id={policy_id}`
MAC Address Ranges • Ability to control the range of MAC addresses melange --host <melangeIP> --port 9898 mac_address_range create cidr=404040000000/24 mac_address_range:     cidr: 404040000000/24     created_at: '2012-01-25T17:21:46'     id: ad4e7f30-4e11-45b9-b204-c58d194fe5a9     updated_at: '2012-01-25T17:21:46'
Known Issues/Limitations • Woefully behind on user/admin documentation (Sorry!) • Early integration has focused around Quantum • DHCP scenario has not been broadly tested (vs. injection) • Needs more participation/input from broader community

Recommended

Unity makes strength
Unity makes strengthUnity makes strength
Unity makes strengthXavier Mertens
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat Security Conference
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB MongoDB
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBMongoDB
 
BlockchainConf.tech - Build a private blockchain workshop
BlockchainConf.tech - Build a private blockchain workshopBlockchainConf.tech - Build a private blockchain workshop
BlockchainConf.tech - Build a private blockchain workshopPad Kankipati
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat Security Conference
 
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...Felipe Prado
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 

Recommended

Unity makes strength
Unity makes strengthUnity makes strength
Unity makes strengthXavier Mertens
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat Security Conference
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB MongoDB
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBMongoDB
 
BlockchainConf.tech - Build a private blockchain workshop
BlockchainConf.tech - Build a private blockchain workshopBlockchainConf.tech - Build a private blockchain workshop
BlockchainConf.tech - Build a private blockchain workshopPad Kankipati
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat Security Conference
 
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...
DEF CON 27 - WENXIANG QIAN and YUXIANG LI HUIYU - breaking google home exploi...Felipe Prado
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare
 
Vault
VaultVault
VaultJean-Philippe Bélanger
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
 
FIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFederico Michele Facca
 
2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite 2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite Hu Kenneth
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key ManagementAnthony Ikeda
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)Valio Bonev
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault pptShrey Agarwal
 
HashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureHashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureNicolas Corrarello
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesMichał Czeraszkiewicz
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsDerek Downey
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat Security Conference
 
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat Security Conference
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]RootedCON
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolCheapSSLsecurity
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 
Growing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at HootsuiteGrowing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at HootsuiteJAmes Atwill
 
Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBMongoDB
 
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitMatrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitAlan Quayle
 

More Related Content

What's hot

Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
 
FIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFederico Michele Facca
 
2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite 2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite Hu Kenneth
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key ManagementAnthony Ikeda
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)Valio Bonev
 
HashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureHashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureNicolas Corrarello
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsDerek Downey
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat Security Conference
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]RootedCON
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolCheapSSLsecurity
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 
Growing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at HootsuiteGrowing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at HootsuiteJAmes Atwill
 

What's hot (20)

Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014
 
Vault
VaultVault
Vault
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
 
FIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 Minutes
 
2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite 2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus Derivatives
 
Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)Azure Unchained (Azure boot camp Sofia 2017)
Azure Unchained (Azure boot camp Sofia 2017)
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
 
HashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin InfrastructureHashiCorp Vault Plugin Infrastructure
HashiCorp Vault Plugin Infrastructure
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The Examples
 
Using Vault to decouple MySQL Secrets
Using Vault to decouple MySQL SecretsUsing Vault to decouple MySQL Secrets
Using Vault to decouple MySQL Secrets
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet
 
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013
 
Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and Keytool
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014
 
Growing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at HootsuiteGrowing HashiCorp Vault at Hootsuite
Growing HashiCorp Vault at Hootsuite
 

Similar to OpenStack Folsom Summit: Melange overview

Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBMongoDB
 
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitMatrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitAlan Quayle
 
KazooCon 2014 - Playing Kazoo Dudka Style
KazooCon 2014 - Playing Kazoo Dudka StyleKazooCon 2014 - Playing Kazoo Dudka Style
KazooCon 2014 - Playing Kazoo Dudka Style2600Hz
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveMadhu Venugopal
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeAman Kohli
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinChiradeep Vittal
 
Maintenance for MongoDB Replica Sets
Maintenance for MongoDB Replica SetsMaintenance for MongoDB Replica Sets
Maintenance for MongoDB Replica SetsIgor Donchovski
 
Managing Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchManaging Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchVic Hargrave
 
June Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data centerJune Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data centerKamesh Pemmaraju
 
Skydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSkydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSylvain Afchain
 
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 MinutesFederico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 MinutesCodemotion
 
Elk its big log season
Elk its big log seasonElk its big log season
Elk its big log seasonEric Luellen
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...NGINX, Inc.
 
Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDaniel-Constantin Mierla
 
Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint MongoDB
 
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Docker, Inc.
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of TruthJoel W. King
 
The missing signalling layer for WebRTC
The missing signalling layer for WebRTCThe missing signalling layer for WebRTC
The missing signalling layer for WebRTCWebRTCConferenceJapan
 
Android 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and NetworkAndroid 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and NetworkCaio Pereira
 

Similar to OpenStack Folsom Summit: Melange overview (20)

Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDBWebinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDB
 
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummitMatrix.org decentralised communication, Matthew Hodgson, TADSummit
Matrix.org decentralised communication, Matthew Hodgson, TADSummit
 
KazooCon 2014 - Playing Kazoo Dudka Style
KazooCon 2014 - Playing Kazoo Dudka StyleKazooCon 2014 - Playing Kazoo Dudka Style
KazooCon 2014 - Playing Kazoo Dudka Style
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on Purpose
 
Skydive 5/07/2016
Skydive 5/07/2016Skydive 5/07/2016
Skydive 5/07/2016
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
 
Maintenance for MongoDB Replica Sets
Maintenance for MongoDB Replica SetsMaintenance for MongoDB Replica Sets
Maintenance for MongoDB Replica Sets
 
Managing Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchManaging Your Security Logs with Elasticsearch
Managing Your Security Logs with Elasticsearch
 
June Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data centerJune Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data center
 
Skydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSkydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integration
 
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 MinutesFederico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
 
Elk its big log season
Elk its big log seasonElk its big log season
Elk its big log season
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
 
Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling Servers
 
Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint Building and Scaling the Internet of Things with MongoDB at Vivint
Building and Scaling the Internet of Things with MongoDB at Vivint
 
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
Orchestrating Docker with Terraform and Consul by Mitchell Hashimoto
 
Super-NetOps Source of Truth
Super-NetOps Source of TruthSuper-NetOps Source of Truth
Super-NetOps Source of Truth
 
The missing signalling layer for WebRTC
The missing signalling layer for WebRTCThe missing signalling layer for WebRTC
The missing signalling layer for WebRTC
 
Android 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and NetworkAndroid 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and Network
 

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

OpenStack Folsom Summit: Melange overview

  • 1. Melange Overview Troy Toman Folsom Summit April 2012
  • 2. Melange • mélange: noun, a mixture; medley. • melange or mélange • 1. a mixture; confusion • 2. geology  a totally disordered mixture of rocks of different shapes, sizes, ages, and origins 
  • 3. History • Spun out of NetStack work at Diablo summit • Initial proposal to integrate directly into Nova • Shifted to incubated project after Essex summit • Merging into Quantum going forward • API Doc: http://melange.readthedocs.org
  • 4. Original Melange Blueprint ✓across OpenStack services. network information services for use Melange is intended to provide ✓The initial focus will be on IP address management (IPAM) - and address discovery (DHCP/dnsmasq) functionality. ✓Melange is intended to be a standalone service with it's own API. NOTE: Melange is just a data store - it doesn’t DO anything!
  • 5. Melange Elements • IP Blocks • IP Addresses • Static Routes • Interfaces • NAT’ing • Policies • MAC address ranges
  • 6. IP Blocks • Public or private IP space tracking • { "ip_block": { "broadcast": "10.1.1.255", "cidr": "10.1.1.0/24", "created_at": "2011-12-01T09:46:22", "dns1": "8.8.8.8", "dns2": "8.8.4.4", "gateway": "10.1.1.1", "id": "af19f87a-d6a9-4ce5-b30f-4cc9878ec292", "netmask": "255.255.255.0", "network_id": "quantum_net_id4", "parent_id": null, "policy_id": "2f730874-2088-4f91-87fb-63792c753971", "tenant_id": "RAX", "type": "private", "updated_at": "2011-12-01T09:46:22" } }
  • 7. IP Addresses { "ip_address": { "address": "10.1.1.6", "created_at": "2011-12-01T10:02:53", "id": "94fa249b-0626-49fc-b420-cce13dabed4f", "interface_id": "interface_id", "ip_block_id": "af19f87a-d6a9-4ce5-b30f-4cc9878ec292", "updated_at": "2011-12-01T10:02:53", "used_by_device": "instance_id", "used_by_tenant": "lessee_tenant", "version": 4 } } Supports both IPv6 and IPv6 addresses
  • 8. Static Routes • GET /ipam/tenants/{tenant_id}/ip_blocks/{ip_block_id}/ip_routes { "ip_routes": [ { "created_at": "2011-12-01T10:19:12", "destination": "192.168.0.0", "gateway": "10.1.1.1", "id": "364c555d-4e35-43d4-9807-59535df082a5", "netmask": "255.255.255.0", "updated_at": "2011-12-01T10:19:12" }, { "created_at": "2011-12-01T10:20:47", "destination": "192.168.0.0", "gateway": "10.1.1.1", "id": "7ebffbd6-3640-4061-b8f1-7878463e651f", "netmask": "255.255.255.0", "updated_at": "2011-12-01T10:20:47" } ] }
  • 9. Interface Creation • Orchestrated creation of interface, MAC and IP assignment • POST /ipam/interfaces/ • Creates a vif record, allocates a mac and optionally allocates ip address from a network { "interface": { "id": "virt_iface", "device_id": "instance", "tenant_id": "tnt", "network": { "id": "net1", "addresses": ["10.0.0.2"], "tenant_id": "network_owner_tenant_id" } } }
  • 10. Interfaces { "interface": { "created_at": "2011-12-01T13:18:37", "device_id": "instance", "id": "virt_iface", "ip_addresses": [ { "address": "10.0.0.2", "id": "7615ca4a-787d-46b0-8a8c-3a90e3e6cf2c", "interface_id": "virt_iface", "ip_block": { "broadcast": "10.0.0.255", "cidr": "10.0.0.0/24", "dns1": "8.8.8.8", "dns2": "8.8.4.4", "gateway": "10.0.0.1", "id": "9c4c3dfd-c707-45bd-8626-9c369b1b9460", "ip_routes": [], "netmask": "255.255.255.0" }, "version": 4 } ], "mac_address": null, "tenant_id": "tnt_id", "updated_at": "2011-12-01T13:18:37" } }
  • 11. Instance Interfaces • Batch interface for interface creation • PUT /ipam/instances/{instance_id}/interfaces/ • Create interfaces, allocate macs and ips on all networks provided. { "instance": { "tenant_id": "tnt", "interfaces": [ {"network": {"id": "public_net1", "tenant_id": "RAX"}, "mac_address": null}, {"network": {"id": "public_net2", "tenant_id": "RAX"}, "mac_address": null}, ] } }
  • 12. NAT’ing • Intended for tracking floating IPs or NAT relationships • Globals - public IPs • Locals - private IPs • POST /ipam/ip_blocks/{ip_block_id}/ip_addresses/{address}/inside_globals • Finds local IpAddress from given ip_block_id and address and creates IpAddresses passed in params as its inside global. • {‘ip_addresses’:’[ { “ip_block_id” : “some_global_ip_block_id”, “ip_address” : “some_global_ip_address” }, ..., {....} }
  • 13. Policies • Create policy (essentially a policy group) • Create policy elements • Unusable ranges • Unusable octets • Assign policy to block
  • 14. Policy Example • `melange policy create -t {tenant} name={block_name} desc={policy_name}`  • `melange unusable_ip_octet create -t {tenant} policy_id={policy_id} octet=0` • `melange unusable_ip_octet create -t {tenant} policy_id={policy_id} octet=1` • `melange ip_block update -t {tenant} id={block_id} policy_id={policy_id}`
  • 15. MAC Address Ranges • Ability to control the range of MAC addresses melange --host <melangeIP> --port 9898 mac_address_range create cidr=404040000000/24 mac_address_range:     cidr: 404040000000/24     created_at: '2012-01-25T17:21:46'     id: ad4e7f30-4e11-45b9-b204-c58d194fe5a9     updated_at: '2012-01-25T17:21:46'
  • 16. Known Issues/Limitations • Woefully behind on user/admin documentation (Sorry!) • Early integration has focused around Quantum • DHCP scenario has not been broadly tested (vs. injection) • Needs more participation/input from broader community

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n