[openstack-dev] [neutron][fwaas]some architectural advice on fwaas driver writing
Oğuz Yarımtepe
oguzyarimtepe at gmail.com
Mon Nov 2 07:39:49 UTC 2015
Hi,
After talking with FWaaS developers at the summit (German and Sridar), i
decided to write here also, maybe someone has an idea. I am trying to
integrate a hardware firewall to our Openstack environment. It is a custom
hardware running BSD on it and has a REST API for configuring. I talked
with Sridar, he gave me the brief understanding of how FWaaS driver is
working.
Either i will be hacking the community driver and calling the REST API or
writing the driver and calling the REST API there. The problem is, we
couldn't figured it out how will the hardware firewall be working. Assuming
that, it will not be routing traffic, just filtering, and that we will be
using virtual routers of Openstack, do you have a reference architecture
for such a case? It seems everyone has its own way of using firewall
appliances in OpenStack. All i need is to create a firewall but instead of
using Iptables, i want to use the hardware firewall and be able to define
filtering rules.
FWaaS guys said that there will be API changes in the future so at Mitaka,
it seems the way of FWaaS will be changing and there are some plans about
merging FWaaS and security groups.
I am now using Kilo, the solution also will be working at Liberty also.
Will be great if you give some guidance.
Regards.
--
Oğuz Yarımtepe
http://about.me/oguzy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151102/fa350caf/attachment.html>
More information about the OpenStack-dev
mailing list