OpFlex agent-ovs Developer Guide


agent-ovs is a policy agent that works with OVS to enforce a group-based policy networking model with locally attached virtual machines or containers. The policy agent is designed to work well with orchestration tools like OpenStack.

agent-ovs Architecture

agent-ovs uses libopflex to communicate with an OpFlex-based policy repository to enforce policy on network endpoints attached to OVS by an orchestration system.

The key components are:

  • Agent - coordinates startup and configuration

  • Renderers - Renderers are responsible for rendering policy. This is a very general mechanism but the currently-implemented renderer is the stitched-mode renderer that can work along with with hardware fabrics such as ACI that support policy enforcement.

  • EndpointManager - Keep track of network endpoints and declare them to the endpoint repository

  • PolicyManager - Keep track of and index policies

  • IntFlowManager - render policies to OVS integration bridge

  • AccessFlowManager - render policies to OVS access bridge

API Reference Documentation

Internal API documentation can be found by in doc/html/index.html in any build.