OpFlex is an extensible policy protocol designed to exchange abstract policy between a network controller and a set of smart devices capable of rendering policy. OpFlex relies on a separate information model understood by agents in both the controller and the devices. This information model, which exists outside the OpFlex protocol itself, must be based on abstract policy, giving each device the freedom and flexibility to render policy within the semantic constraints of the abstraction. For this reason, OpFlex can support any device, including hypervisor switches, physical switches, and Layer 4 through 7 network services.
Overview of Open Source Efforts
Cisco is proposing OpFlex as an informational RFC to the IETF and plans to lead the standardization process through that forum. At the same time, Cisco is working with the open source community to provide an open source implementation. An OpenDaylight (ODL) project is underway to define a uniform policy model that can extend across the data center, access layer, and WAN, and Cisco is also working on an open source OpFlex agent for Open vSwitch (OVS). The goal is to offer three main components to the community:
● An open source policy implementation
● A controller-side OpFlex implementation in ODL
● A switch-side OpFlex agent for Open vSwitch
Figure 1 provides an overview of OpFlex.
OpenDaylight and OpFlex
The ODL community has created a new incubated project called the ODL Group Policy plug-in. The goal of this project is to provide a policy-based API that can serve, in practice, as a standard information model in OpFlex implementations. This project includes contributions from Cisco, IBM, Midokura, and Plexxi, and the list of contributors is quickly expanding. Anyone is welcome to join this community and participate in the development and definition of the policy model. Information can be found at http://wiki.opendaylight.org.
The ODL Group Policy API will be supported through several different southbound APIs, including OpFlex. OpFlex essentially serves as a native back end through which policy can be passed to devices directly. The project will also allow policy to be rendered imperatively over existing southbound APIs such as OpenFlow without involving OpFlex.
Figure 2 presents a logical view of the ODL Group Policy plug-in.
OpFlex on Open vSwitch
Cisco is also building a fully open source Apache 2.0 licensed OpFlex agent that can run with OVS, rendering abstract policy through OVS native interfaces such as OpenFlow. The goal here is to provide a reference example of an OpFlex agent that can render policy as defined in ODL directly into local switching behaviors. Although this agent will be designed to work with OVS, it will be available and reusable on any platform, assuming that the appropriate mapping is created from abstract policy to device capabilities. Cisco will maintain this agent and help ensure that it remains compatible with the Cisco® Application Policy Infrastructure Controller (APIC) to offer vendors a starting point for Cisco APIC integration.
Conclusion: OpFlex Is Open
Cisco and its partners are strongly committed to creating an open protocol through both a standardization effort in the IETF and development of an abstract policy model and reference implementation in the open source community. Any vendor, customer, or partner is invited and encouraged to participate as we develop these modules through OpenDaylight, OpFlex, and Open vSwitch.
For More Information