Category Archives: opflex

Group based policy in Opendaylight

This is a continuation of my previous blog on Group based policy(GBP). In this blog, I will cover the GBP features in Opendaylight helium release, Use-cases that are published in the Opendaylight wiki as well as different usecase that I tried out.

Group based policy in Opendaylight:

Following diagram is from Opendaylight GBP wiki:


  • Openstack here is the orchestration layer and it communicates the policy to ODL through Neutron apis.
  • The policy is expressed in high level data language and is translated and programmed into hardware through renderers.
  • In ODL helium release, the only available renderer is Openflow and it uses ovsdb overlay design.
  • Opflex renderer is being developed currently and it is also based on ovsdb overlay. When Opflex is available, there will be a Opflex agent in the openvswitch that will eventually do the low level translation and programming.

Continue reading Group based policy in Opendaylight


Group based policy

There is lot of work going on in both Openstack and Opendaylight projects on Group based policy and I will try to capture my learnings in the next few blogs.

Group based policy(GBP) is an abstracted way of specifying interactions between the applications rather than using infrastructure specifics. In the networking context, for example, rather than using terms like ip address, vlan, port numbers, the policies are specified in much higher level language in terms of what the application needs. Currently Group based policy is targeted for Networking. Eventually, it will be applicable to Compute and Storage as well. I kind of see GBP as Open source variant of Cisco’s ACI model, multiple vendors are involved in the development of GBP.

In Openstack Neutron context, following are the goals of Group based policy.

Continue reading Group based policy

Cloud policy – Congress and Opflex

Recently, I saw a lot of press on Cisco’s Opflex protocol that allows a declarative policy model to control a physical or virtual device. There were discussions around if the Opflex protocol would replace Ovsdb and Openflow. Within Openstack, there is a new project called Congress that allows for creating a policy framework within Openstack. This blog is my attempt to get into more details on Congress and Opflex and explain the relationship between them. This is mostly information gathered from different references that I have listed in the end.


Congress is a new Openstack project that is used to enforce compliance within the cloud environment. The end goal would be to integrate Congress with other cloud orchestration software as well. Compliance could be needed because of Government regulations, contracts between organizations, SLA enforcement etc. Following picture illustrates the need for Congress.

Continue reading Cloud policy – Congress and Opflex