OpFlex agent-ovs Developer Guide

Overview

agent-ovs is a policy agent that works with OVS to enforce a group-based policy networking model with locally attached virtual machines or containers. The policy agent is designed to work well with orchestration tools like OpenStack.

agent-ovs Architecture

agent-ovs uses libopflex to communicate with an OpFlex-based policy repository to enforce policy on network endpoints attached to OVS by an orchestration system.

The key components are:

• Agent - coordinates startup and configuration

• Renderers - Renderers are responsible for rendering policy. This is a very general mechanism but the currently-implemented renderer is the stitched-mode renderer that can work along with with hardware fabrics such as ACI that support policy enforcement.

• EndpointManager - Keep track of network endpoints and declare them to the endpoint repository

• PolicyManager - Keep track of and index policies

• IntFlowManager - render policies to OVS integration bridge

• AccessFlowManager - render policies to OVS access bridge

API Reference Documentation

Internal API documentation can be found by in doc/html/index.html in any build.