[openstack-dev] [neutron][fwaas]some architectural advice on fwaas driver writing
Oğuz Yarımtepe
oguzyarimtepe at gmail.com
Mon Nov 2 11:05:45 UTC 2015
Hi,
On Mon, Nov 2, 2015 at 11:25 AM, Somanchi Trinath <
trinath.somanchi at freescale.com> wrote:
> Hi –
>
>
>
> Based on this “Assuming that, it will not be routing traffic, just
> filtering, and that we will be using virtual routers of Openstack”
>
>
>
> As I understand from the email, you might be comfortable to configure the
> HW-FW using the ReST API. So you can write a proxy driver and connect the
> HW-FW in the setup (which you have tested to make it ready to use). The
> proxy driver written helps to Configure the HW-FW and the HW-FW filters the
> traffic.
>
>
>
> Having said that, I assume that the HW-FW has some intelligence to process
> the requests from proxy driver and update the FW configuration.
>
>
>
To be sure, calling the REST API at
https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py#L62
for ex to create a firewall is what you are talking about. Instead of
iptables, a new driver will be written to handle CRUD operations.
To distinguish the tenant networks, i will be using vlan or vxlan ids while
entering firewall rules, i think.
> *HW-FW – Hardware Firewall.
>
>
>
> Hope this helps.
>
>
>
> -
>
> Trinath
>
>
>
Did I understand you right, about the proxy driver?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151102/928c2e83/attachment.html>
More information about the OpenStack-dev
mailing list