Open Stack

I wrote a vendor specific fwaas-driver for our firewall (I also wrote the
iptables reference fwaas driver).

As per my understanding, the driver demux happens in L3 agent. Since we
also wanted to enable our physical appliance for Fwaas, I had to extend L3
agent for insert the firewall into Neutron router.

Ignoring service-insertion changes for now, if we just take the
fwaas-driver demux happening in L3 agent, will this work with all
core-plugins?

When I look at other core-plugins (NVP or Big Switch), I see that L3 agent
is not used (or not started).Does this mean that we have to have multiple
implementations of fwaas-driver?

As a firewall vendor, I would have expected that I write one one driver and
it would work with all core-plugins.

Is there some way this could be done? Is it possible with multi-host mode
where one host runs L3 agent(and all advanced services can be used through
this host) while other network services may be provided through
vendor-specific core plugins.

I am not sure if this is a good analogy. In Nova, we have different
hypervisors being supported at the same time. For Neutron, can we have
different core-plugins work at the same time.

With the focus slowly increasing on advanced services and service
insertion, is there a framework that we could follow that will work with
all core-plugins.

Thanks,
-Rajesh Mohan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131012/ec55bc0e/attachment.html>