[openstack-dev] [neutron][fwaas]some architectural advice on fwaas driver writing

Oğuz Yarımtepe oguzyarimtepe at gmail.com
Mon Nov 23 13:01:18 UTC 2015


I am checking the vyatta driver now and they replaced l3 agent with their
own agent and also using a vrouter image for router creation. Our appliance
is not virtual :)
So for the linkage between services, can service chaining help me?

On Mon, Nov 23, 2015 at 8:25 AM, Germy Lure <germy.lure at gmail.com> wrote:

> Hi,
> Under current FWaaS architecture or framework, only integrating hardware
> firewall is not easy. That requires neutron support service level multiple
> vendors. In another word, vendors must fit each other for their services
> while currently vendors just provides all services through controller.
>
> I think the root cause is Neutron just doesn't known how the network
> devices connect each other.  Neutron provides FW, LB, VPN and other
> advanced network functionalists as services. But as the implementation
> layer, Neutron needs TOPO info to make right decision, routing traffic to
> the right device. For example, from namespace router to hardware firewall,
> Neutron should add some internal routes even extra L3 interfaces according
> to the connection relationship between them. If the firewall service is
> integrated with router, like Vyatta, it's simple. The only thing you need
> to do is just enable the firewall itself.
>
> All in all, it requires linkage between services, especially between
> advanced services and L3 router.
>
> Germy
> .
>
> On Fri, Nov 20, 2015 at 9:19 PM, Somanchi Trinath <
> trinath.somanchi at freescale.com> wrote:
>
>> Hi-
>>
>>
>>
>> As I understand you are not sure on “How to locate the Hardware
>> Appliance” which you have as your FW?
>>
>>
>>
>> Am I right?  If so you can look into,
>> https://github.com/jumpojoy/generic_switch kind of approach.
>>
>>
>>
>> -
>>
>> Trinath
>>
>>
>>
>>
>>
>>
>>
>> *From:* Oguz Yarimtepe [mailto:oguzyarimtepe at gmail.com]
>> *Sent:* Friday, November 20, 2015 5:52 PM
>> *To:* OpenStack Development Mailing List (not for usage questions) <
>> openstack-dev at lists.openstack.org>
>> *Subject:* Re: [openstack-dev] [neutron][fwaas]some architectural advice
>> on fwaas driver writing
>>
>>
>>
>> I created a sample driver by looking at vArmour driver that is at the
>> Github FWaaS repo. I am planning to call the FW's REST API from the
>> suitable functions.
>>
>> The problem is, i am still not sure how to locate the hardware appliance.
>> One of the FWaaS guy says that Service Chaining can help, any body has an
>> idea or how to insert the fw to OpenStack?
>>
>> On 11/02/2015 02:36 PM, Somanchi Trinath wrote:
>>
>> Hi-
>>
>>
>>
>> I’m confused. Do you really have an PoC implementation of what is to be
>> achieved?
>>
>>
>>
>> As I look into these type of Implementations, I would prefer to have
>> proxy driver/plugin to get the configuration from Openstack to external
>> controller/device and do the rest of the magic.
>>
>>
>>
>> -
>>
>> Trinath
>>
>>
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Oğuz Yarımtepe
http://about.me/oguzy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151123/d1e6f78f/attachment.html>


More information about the OpenStack-dev mailing list