[Openstack-operators] Quantum + Firewall as a Service

Tomasz Paszkowski ss7pro at gmail.com
Tue Apr 2 22:03:24 UTC 2013 

Yes, this is grizzly feature.


On Wed, Apr 3, 2013 at 12:02 AM, Jacob Godin <jacobgodin at gmail.com> wrote:
> Hi Tomasz,
>
> Just to clarify, this was not in Folsom?
>
>
> On Tue, Apr 2, 2013 at 4:15 PM, Tomasz Paszkowski <ss7pro at gmail.com> wrote:
>>
>> Yes,
>>
>> after you'll put this line into your nova.conf file on all compute nodes
>> it'll work seamlessly with security groups (also though horizon, as horizon
>> is just an graphical interface to an openstack api).  Remember also to check
>> if you have valid firewall driver set (eg.
>> firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver).
>>
>>
>>
>>
>>
>> On Tue, Apr 2, 2013 at 8:06 PM, Jacob Godin <jacobgodin at gmail.com> wrote:
>>>
>>> Will this work with per-tenant routers as well? Is it configurable
>>> through nova security groups (and Horizon)?
>>>
>>> Thanks!
>>>
>>>
>>> On Tue, Apr 2, 2013 at 12:59 PM, Tomasz Paszkowski <ss7pro at gmail.com>
>>> wrote:
>>>>
>>>> Hi Jacob,
>>>>
>>>> Grizzly release supports this setup by using Hybrid configuration (linux
>>>> bridge attached to the ovs-bridge). All you need is to set:
>>>>
>>>> libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver in your
>>>> nova.conf
>>>>
>>>> :-)
>>>>
>>>>
>>>>
>>>>
>>>> On Tue, Apr 2, 2013 at 5:43 PM, Jacob Godin <jacobgodin at gmail.com>
>>>> wrote:
>>>>>
>>>>> Hi all,
>>>>>
>>>>> Is anyone implementing Quantum per-tenant routers with a "Firewall as a
>>>>> Service" so that each tenant can create and manage their own firewalls? As
>>>>> far as I know, Nova security groups still will not integrate with this type
>>>>> of Quantum setup.
>>>>>
>>>>> I'm currently using Openvswitch as an L2 agent.
>>>>>
>>>>> Thanks
>>>>> Jacob
>>>>>
>>>>> _______________________________________________
>>>>> OpenStack-operators mailing list
>>>>> OpenStack-operators at lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Tomasz Paszkowski
>>>> SS7, Asterisk, SAN, Datacenter, Cloud Computing
>>>> +48500166299
>>>
>>>
>>
>>
>>
>> --
>> Tomasz Paszkowski
>> SS7, Asterisk, SAN, Datacenter, Cloud Computing
>> +48500166299
>
>



-- 
Tomasz Paszkowski
SS7, Asterisk, SAN, Datacenter, Cloud Computing
+48500166299

More information about the OpenStack-operators mailing list