<div dir="ltr"><div>I am checking the vyatta driver now and they replaced l3 agent with their own agent and also using a vrouter image for router creation. Our appliance is not virtual :)<br></div>So for the linkage between services, can service chaining help me?<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Nov 23, 2015 at 8:25 AM, Germy Lure <span dir="ltr"><<a href="mailto:germy.lure@gmail.com" target="_blank">germy.lure@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div>Under current FWaaS architecture or framework, only integrating hardware firewall is not easy. That requires neutron support service level multiple vendors. In another word, vendors must fit each other for their services while currently vendors just provides all services through controller. </div><div><br><div>I think the root cause is Neutron just doesn't known how the network devices connect each other. Neutron provides FW, LB, VPN and other advanced network functionalists as services. But as the implementation layer, Neutron needs TOPO info to make right decision, routing traffic to the right device. For example, from namespace router to hardware firewall, Neutron should add some internal routes even extra L3 interfaces according to the connection relationship between them. If the firewall service is integrated with router, like Vyatta, it's simple. The only thing you need to do is just enable the firewall itself.</div></div><div><br></div><div>All in all, it requires linkage between services, especially between advanced services and L3 router.</div><div><br></div><div>Germy</div><div>.</div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Fri, Nov 20, 2015 at 9:19 PM, Somanchi Trinath <span dir="ltr"><<a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
<div bgcolor="white" link="#0563C1" vlink="#954F72" lang="EN-US">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Hi-<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">As I understand you are not sure on “How to locate the Hardware Appliance” which you have as your FW?
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Am I right? If so you can look into,
<a href="https://github.com/jumpojoy/generic_switch" target="_blank">https://github.com/jumpojoy/generic_switch</a> kind of approach.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">-<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Trinath<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> Oguz Yarimtepe [mailto:<a href="mailto:oguzyarimtepe@gmail.com" target="_blank">oguzyarimtepe@gmail.com</a>]
<br>
<b>Sent:</b> Friday, November 20, 2015 5:52 PM<span><br>
<b>To:</b> OpenStack Development Mailing List (not for usage questions) <<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.org</a>><br>
<b>Subject:</b> Re: [openstack-dev] [neutron][fwaas]some architectural advice on fwaas driver writing<u></u><u></u></span></span></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">I created a sample driver by looking at vArmour driver that is at the Github FWaaS repo. I am planning to call the FW's REST API from the suitable functions.
<br></p><div><div>
<br>
The problem is, i am still not sure how to locate the hardware appliance. One of the FWaaS guy says that Service Chaining can help, any body has an idea or how to insert the fw to OpenStack?<u></u><u></u></div></div><p></p><div><div>
<div>
<p class="MsoNormal">On 11/02/2015 02:36 PM, Somanchi Trinath wrote:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Hi-</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I’m confused. Do you really have an PoC implementation of what is to be achieved?
</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">As I look into these type of Implementations, I would prefer to have proxy driver/plugin to get the
configuration from Openstack to external controller/device and do the rest of the magic.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">-</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Trinath</span><u></u><u></u></p>
</blockquote>
<p class="MsoNormal"><u></u> <u></u></p>
</div></div></div>
</div>
<br></div></div>__________________________________________________________________________<span class=""><br>
OpenStack Development Mailing List (not for usage questions)<br></span><span class="">
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></span></blockquote></div><br></div>
<br>__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature">Oğuz Yarımtepe<br><a href="http://about.me/oguzy" target="_blank">http://about.me/oguzy</a></div>
</div>