[openstack-dev] [neutron][L3][dvr][fwaas] FWaaS with DVR
Mickey Spiegel
emspiege at us.ibm.com
Thu Aug 27 15:44:05 UTC 2015
Bump
The FWaaS team would really like some feedback from the DVR side.
Mickey
-----Mickey Spiegel/San Jose/IBM wrote: -----
To: openstack-dev at lists.openstack.org
From: Mickey Spiegel/San Jose/IBM
Date: 08/19/2015 09:45AM
Subject: [fwaas][dvr] FWaaS with DVR
Currently, FWaaS behaves differently with DVR, applying to only north/south traffic, whereas FWaaS on routers in network nodes applies to both north/south and east/west traffic. There is a compatibility issue due to the asymmetric design of L3 forwarding in DVR, which breaks the connection tracking that FWaaS currently relies on.
I started an etherpad where I hope the community can discuss the problem, collect multiple possible solutions, and eventually try to reach consensus about how to move forward:
https://etherpad.openstack.org/p/FWaaS_with_DVR
I listed every possible solution that I can think of as a starting point. I am somewhat new to OpenStack and FWaaS, so please correct anything that I might have misrepresented.
Please add more possible solutions and comment on the possible solutions already listed.
Mickey
More information about the OpenStack-dev
mailing list