Open Stack

Hi-

I’m confused. Do you really have an PoC implementation of what is to be achieved?

As I look into these type of Implementations, I would prefer to have proxy driver/plugin to get the configuration from Openstack to external controller/device and do the rest of the magic.

-
Trinath

From: Oğuz Yarımtepe [mailto:oguzyarimtepe at gmail.com]
Sent: Monday, November 02, 2015 4:36 PM
To: OpenStack Development Mailing List (not for usage questions) <openstack-dev at lists.openstack.org>
Subject: Re: [openstack-dev] [neutron][fwaas]some architectural advice on fwaas driver writing

Hi,

On Mon, Nov 2, 2015 at 11:25 AM, Somanchi Trinath <trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com>> wrote:
Hi –

Based on this “Assuming that, it will not be routing traffic, just filtering, and that we will be using virtual routers of Openstack”

As I understand from the email, you might be comfortable to configure the HW-FW using the ReST API. So you can write a proxy driver and connect the HW-FW in the setup (which you have tested to make it ready to use). The proxy driver written helps to Configure the HW-FW and the HW-FW filters the traffic.

Having said that, I assume that the HW-FW has some intelligence to process the requests from proxy driver and update the FW configuration.


To be sure, calling the REST API at https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py#L62 for ex to create a firewall is what you are talking about. Instead of iptables, a new driver will be written to handle CRUD operations.
To distinguish the tenant networks, i will be using vlan or vxlan ids while entering firewall rules, i think.


*HW-FW – Hardware Firewall.

Hope this helps.

-
Trinath


Did I understand you right, about the proxy driver?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151102/da46ae77/attachment.html>