Open Stack

Hello,

Thanks a lot for explanation. Now is is more clear for me :)

--
Pozrawiam / Best regards
Sławek Kapłoński
slawek at kaplonski.pl

W dniu 2015-02-21 o 01:20, Sumit Naiksatam pisze:
> Inline...
>
> On Fri, Feb 20, 2015 at 3:38 PM, Sławek Kapłoński <slawek at kaplonski.pl> wrote:
>> Hello,
>>
>> Thx guys. Now it is clear for me :)
>> One more question. I saw that in this service plugin there is hardcoded quota
>> 1 firewall per tenant. Do you know why it is so limited? Is there any
>> important reason for that?
>
> This is a current limitation of the reference implementation, since we
> associate the FWaaS firewall resource with all the neutron routers.
> Note that this is not a limitation of the FWaaS model, hence, if your
> backend can support it, you can override this limitation.
>
>> And second thing. As there is only one firewall per tenant so all rules from
>> it will be applied on all routers (L3 agents) from this tenant and for all
>> tenant networks, am I right? If yes, how it is solved to set firewall rules
>
> In general, this limitation is going away in the Kilo release. See the
> following patch under review which removes the limitation of one
> router per tenant:
> https://review.openstack.org/#/c/152697/
>
>> when for example new router is created? L3 agent is asking about rules via rpc
>> or FwaaS is sending such notification to L3 agent?
>
> In the current implementation this is automatically reconciled.
> Whenever a new router comes up, the FWaaS agent pulls the rules, and
> applies it on the interfaces of the new router.
>
>> Sorry if my questions are silly but I didn't do anything with this service
>> plugins yet :)
>>
>> --
>> Pozdrawiam / Best regards
>> Sławek Kapłoński
>> slawek at kaplonski.pl
>>
>> Dnia piątek, 20 lutego 2015 16:27:33 Doug Wiegley pisze:
>>> Same project, shiny new repo.
>>>
>>> doug
>>>
>>>> On Feb 20, 2015, at 4:05 PM, Sławek Kapłoński <slawek at kaplonski.pl> wrote:
>>>>
>>>> Hello,
>>>>
>>>> Thx for tips. I have one more question. You point me fo neutron-fwaas
>>>> project which for me looks like different project then neutron. I saw
>>>> fwaas service plugin directly in neutron in Juno. So which "version"
>>>> should I use: this neutron-fwaas or service plugin from neutron? Or maybe
>>>> it is the same or I misunderstand something?
>>>>
>>>> --
>>>> Pozdrawiam / Best regards
>>>> Sławek Kapłoński
>>>> slawek at kaplonski.pl
>>>>
>>>> Dnia piątek, 20 lutego 2015 14:44:21 Sumit Naiksatam pisze:
>>>>> Inline...
>>>>>
>>>>> On Wed, Feb 18, 2015 at 7:48 PM, Vikram Choudhary
>>>>>
>>>>> <vikram.choudhary at huawei.com> wrote:
>>>>>> Hi,
>>>>>>
>>>>>> You can write your own driver. You can refer to below links for getting
>>>>>> some idea about the architecture.
>>>>>>
>>>>>> https://wiki.openstack.org/wiki/Neutron/ServiceTypeFramework
>>>>>
>>>>> This is a legacy construct and should not be used.
>>>>>
>>>>>> https://wiki.openstack.org/wiki/Neutron/LBaaS/Agent
>>>>>
>>>>> The above pointer is to a LBaaS Agent which is very different from a
>>>>> FWaaS driver (which was the original question in the email).
>>>>>
>>>>> FWaaS does use pluggable drivers and the default is configured here:
>>>>> https://github.com/openstack/neutron-fwaas/blob/master/etc/fwaas_driver.i
>>>>> ni
>>>>>
>>>>> For example for FWaaS driver implementation you can check here:
>>>>> https://github.com/openstack/neutron-fwaas/tree/master/neutron_fwaas/serv
>>>>> ice s/firewall/drivers
>>>>>
>>>>>> Thanks
>>>>>> Vikram
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Sławek Kapłoński [mailto: ]
>>>>>> Sent: 19 February 2015 02:33
>>>>>> To: openstack-dev at lists.openstack.org
>>>>>> Subject: [openstack-dev] [Neutron] FWaaS - question about drivers
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I'm looking to use FWaaS service plugin with my own router solution (I'm
>>>>>> not using L3 agent at all). If I want to use FWaaS plugin also, should I
>>>>>> write own driver to it, or should I write own service plugin? I will be
>>>>>> grateful for any links to some description about this FWaaS and it's
>>>>>> architecture :) Thx a lot for any help
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best regards
>>>>>> Sławek Kapłoński
>>>>>> slawek at kaplonski.pl
>>>>>>
>>>>>> ________________________________________________________________________
>>>>>> __
>>>>>> OpenStack Development Mailing List (not for usage questions)
>>>>>> Unsubscribe:
>>>>>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>> ________________________________________________________________________
>>>>>> __
>>>>>> OpenStack Development Mailing List (not for usage questions)
>>>>>> Unsubscribe:
>>>>>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>
>>>> __________________________________________________________________________
>>>> OpenStack Development Mailing List (not for usage questions)
>>>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>> __________________________________________________________________________
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

-- 
Pozdrawiam
Sławek Kapłonski
slawek at kaplonski.pl