[Openstack] [Quantum] Anybody implemented DMZ?
David Kang
dkang at isi.edu
Thu Apr 4 17:51:50 UTC 2013
Hi Aron,
Thank you for your reply.
We deploy one (quantum) subnet as a DMZ network and the other (quantum) subnet
as a non-DMZ network.
They are routed to the network node where quantum services (dhcp, l3, linuxbridge)
are running.
They can talk each other through network node, now.
However, we do not want to the network node to route the traffic between them directly.
Instead we want them to be routed to different (external) routers such that
we can apply filtering/firewall/etc. on the traffic from DMZ network.
Do you think is it possible using two l3-agents or any other way?
Currently, I manually set up routings for those two subnets.
Thanks,
David
----- Original Message -----
> Hi David,
>
>
> The quantum network node would route traffic between the non-DMZ-DMZ
> network if both of those subnets are uplinked to the same quantum
> router. I believe if you create another router for your dmz hosts then
> traffic in/out of that network should route our to your physical
> infrastructure which will go through your router to do filtering.
>
>
> Thanks,
>
>
> Aaron
>
>
>
> On Wed, Apr 3, 2013 at 8:26 AM, David Kang < dkang at isi.edu > wrote:
>
>
>
> Hi,
>
> We are trying to set up Quantum network for non-DMZ and DMZ networks.
> The cloud has both non-DMZ networks and a DMZ network.
> We need to route traffic from DMZ network to a specific router before
> it reaches
> anywhere else in non-DMZ networks.
> However, Quantum Network Node routes the traffic between DMZ network
> and
> non-DMZ network within itself by default.
> Have anybody configured Quantum for this case?
> Any help will be appreciated.
> We are using Quantum linuxbridge-agent.
>
> Thanks,
> David
>
> --
> ----------------------
> Dr. Dong-In "David" Kang
> Computer Scientist
> USC/ISI
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
--
----------------------
Dr. Dong-In "David" Kang
Computer Scientist
USC/ISI
More information about the Openstack
mailing list