Hi Koushik, Can you please confirm if the LB functionality (via VR or VPX) would be supported in 4.2 or not?
Regards, Manan Shah On 3/19/13 5:00 AM, "Koushik Das" <koushik....@citrix.com> wrote: >Inline > >> >> On 18/03/13 7:37 PM, "Sailaja Mada" <sailaja.m...@citrix.com> wrote: >> >> >+ >> > >> >7) During Guest Network shutdown, Do we release the ASA association >> >with Guest Network and Even change guest_port_profile configuration as >> >Cloudstack releases VLAN and Network will go to allocated state? >> > > >Yes. Necessary stuff should get cleaned up > >> >8) When the Guest Network is updated from ASA firewall offering to VR >> >Offering , Please share the sequence of configuration steps called out >> >@ ASA/VNMC? >> > > >Not sure I understand the scenario completely. Can you elaborate on the >use case that this is going to provide? > >> >Thanks, >> >Sailaja.M >> > >> >-----Original Message----- >> >From: Sailaja Mada [mailto:sailaja.m...@citrix.com] >> >Sent: Monday, March 18, 2013 5:32 PM >> >To: cloudstack-dev@incubator.apache.org; Koushik Das >> >Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack >> > >> >Hi, >> > >> >1) Section: CiscoVNMCElement::implement() : >> > >> >1A) vservice_node is configured with fail-mode close . This is to >> >drop the packets if there is no connectivity to VEM , It means ESXi >> >host is not reachable. I see that we are going to configure with fail >> >mode as close >> > >> >Is there any use case where packets will get forwarded with fail-mode >> >open ? >> > > >If required this can be moved to a configuration later on. For now >'close' should be good. > >> >1B) vservice_node configuration has ip address 10.1.1.1 . Can you >> >please share from where this IP address is picked up when the >> >configuration is done thru cloudstack? >> > > >ASA acts as the default gateway and this is the gateway IP. > >> >2) When the guest network is deleted/Account it deleted, Will you be >> >deleting the vethernet asa in_port_profile defined @ VSM while >> >releasing the VLAN . >> > > >Yes > >> >3) Can you please update FS with Edge security profile details that >> >will get configured @ ASA when firewall rules are configured from >> Cloudstack. >> > > >ESP is configured in VNMC. There will be rules created under NAT, >Egress/Ingress ACLs > >> >4) When Guest Network is restarted what are the sequence of operations >> >will happen when it has ASA firewall ? >> > > >ASA firewall will get implemented as a network element that participates >in the orchestration. Let me know what specific sequence are you >referring to? > >> >5) Is there any change with API's that are used to configure Firewall >> >rules? >> > > >No > >> >6) Use Cases / Flow - I see that LB as Netscaler with isolated >> >Network is not available. Are we supporting only VR? >> > > >Not in 4.2. Its mentioned in FS. > >> >Please clarify. >> > >> >Thanks, >> >Sailaja.M >> > >> >-----Original Message----- >> >From: Koushik Das [mailto:koushik....@citrix.com] >> >Sent: Monday, March 11, 2013 6:41 PM >> >To: Koushik Das; cloudstack-dev@incubator.apache.org >> >Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack >> > >> >Updated the FS with following changes: >> > >> >- Use case section updated, classified use cases that will be supported >> >for 4.2 and beyond. Also removed items like VSG and VXLAN support to >> >"Open items" section as not planning to do them as part of "ASA >> >integration". >> >- Updated the deployment model section and added HV limitation (Vmware >> >only feature) >> >- Also updated the API section with parameter details. >> > >> >Comments/feedback? >> > >> >Thanks, >> >Koushik >> > >> >> -----Original Message----- >> >> From: Koushik Das [mailto:koushik....@citrix.com] >> >> Sent: Monday, February 11, 2013 7:08 PM >> >> To: cloudstack-dev@incubator.apache.org >> >> Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack >> >> >> >> Updated the FS with API, Db changes and current deployment >>limitations. >> >> Also updated the UI section as to what all needs to be added. >> >> >> >> Chiradeep, >> >> I looked at the option of spinning up templates from ovf template but >> >>didn't find a way (was looking for some samples) to pass custom >> >>parameters like vnmc ip, password etc. while creating VM instance. So >> >>for now the ASA instance creation is a manual step similar to VNMC >> >>appliance. In case there is a way out, the auto-creation can be done >> >>as a future enhancement. >> >> >> >> Thanks, >> >> Koushik >> >> >> >> > -----Original Message----- >> >> > From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com] >> >> > Sent: Friday, January 25, 2013 1:39 AM >> >> > To: CloudStack DeveloperList >> >> > Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack >> >> > >> >> > Thanks for the FS updates. >> >> > Good progress. >> >> > I had forgotten about registering the ASA 1000v with VNMC < that >> >> > makes it harder to spin these appliances up/down. However we can >> >> > plan to login via the CLI just for this step. >> >> > >> >> > I believe it is better to use a pre-setup pool of ASA appliances. >> >> > Let's say we start with N appliances (created via an admin API call >> >> > to >> >> CloudStack). >> >> > createASA1000vPool(ovf template id, zone, vnmc ip, N, increment, >> >> > threshold) Then as the capacity reaches threshold%, the pool >> >> > capacity is incremented by increment% asynchronously. >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > On 1/21/13 12:46 AM, "Koushik Das" <koushik....@citrix.com> wrote: >> >> > >> >> > >Thanks Chiradeep for explaining the vnmc/asa integration stuff >> >> > >that you are working on and listing down all the use cases. >> >> > > >> >> > >Manan, >> >> > >CLOUDSTACK-742 is covered as part of Chiradeep's work (refer use >> >> > >cases >> >> > >#1 and #2 from the doc). >> >> > > >> >> > >-Koushik >> >> > > >> >> > >-----Original Message----- >> >> > >From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com] >> >> > >Sent: Saturday, January 19, 2013 1:30 AM >> >> > >To: CloudStack DeveloperList >> >> > >Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack >> >> > > >> >> > >Take a look here: >> >> > >> >> >> >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Cisco+VNMC+i >> >> > nteg >> >> > >rat >> >> > >i >> >> > >on >> >> > > >> >> > > >> >> > >This is something I had been prototyping without any real >>enthusiasm. >> >> > > >> >> > >There's 3 ways to control the ASA1000v: >> >> > >1. By logging in via the CLI. Strongly against this. >> >> > >2. By using VNMC >> >> > >3. Via Cisco's Network Services Manager (NSM)[1] >> >> > > >> >> > >The NSM is comprehensive, covers a large range of physical and >> >> > >virtual devices and has an easy northbound API. This would be my >> >> > >preferred solution. >> >> > > >> >> > >However as of now (NSM v5.0.2), the ASA1000v is not supported. >> >> > >It may also be the case that using VNMC may be a cheaper (albeit >> >> > >less >> >> > >supported) option >> >> > > >> >> > >[1] http://www.cisco.com/en/US/products/ps11636/index.html >> >> > > >> >> > >On 1/17/13 9:26 PM, "Koushik Das" <koushik....@citrix.com> wrote: >> >> > > >> >> > >>Manan, >> >> > >>Can you answer the questions that Chiradeep has raised? >> >> > >> >> >> > >>Chiradeep, >> >> > >>I saw that you have started working on asa/vnmc here >> >> > >>(https://git-wip-us.apache.org/repos/asf/incubator-cloudstack/rep >> >> > >>o >> >> > >>?p >> >> > >>=i >> >> > >>n >> >> > >>cub >> >> > >>ator-cloudstack.git;a=shortlog;h=refs/heads/cisco-vnmc-api- >> >> integration). >> >> > >>I would like to understand the functionalities that you are >> >> > >>planning to cover and what is the overlap between your work and >> >> > >>the feature that Manan has proposed (supporting asa1000v as an >> >>external firewall). >> >> > >> >> >> > >>Thanks, >> >> > >>Koushik >> >> > >> >> >> > >>> -----Original Message----- >> >> > >>> From: Alex Huang [mailto:alex.hu...@citrix.com] >> >> > >>> Sent: Sunday, January 06, 2013 2:18 AM >> >> > >>> To: cloudstack-dev@incubator.apache.org >> >> > >>> Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into >> >> > >>> CloudStack >> >> > >>> >> >> > >>> Manan, >> >> > >>> >> >> > >>> Can you address the issues that Chiradeep has brought up? I >> >> > >>>think for a requirements discussion it is just as important to >> >> > >>>indicate what we will not do or what is considered a feature of >> >> > >>>a later release. >> >> > >>> >> >> > >>> --Alex >> >> > >>> >> >> > >>> > -----Original Message----- >> >> > >>> > From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com] >> >> > >>> > Sent: Thursday, January 03, 2013 6:16 PM >> >> > >>> > To: CloudStack DeveloperList >> >> > >>> > Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into >> >> > >>> > CloudStack >> >> > >>> > >> >> > >>> > There cannot be feature parity since the ASA1000v is only >> >> > >>> > supported on VMWare. >> >> > >>> > >> >> > >>> > Should the ASA1000v be created on demand, or do we expect the >> >> > >>> > admin to provision a pool of virtual ASAs? >> >> > >>> > >> >> > >>> > Should we support VXLAN as the isolation technology or VLANs? >> >> > >>> > >> >> > >>> > >> >> > >>> > On 1/3/13 5:08 PM, "Manan Shah" <manan.s...@citrix.com> >> wrote: >> >> > >>> > >> >> > >>> > >Hi, >> >> > >>> > > >> >> > >>> > >I would like to propose a new feature for integrating Cisco >> >> > >>> > >ASA 1000v in CS 4.1. I have created a JIRA ticket and >> >> > >>> > >provided the requirements at the following location. Please >> >> > >>> > >provide feedback on the >> >> > >>>requirements. >> >> > >>> > > >> >> > >>> > >JIRA Ticket: >> >> > >>> > >https://issues.apache.org/jira/browse/CLOUDSTACK-742 >> >> > >>> > >Requirements: >> >> > >>> > >> >> > >>> >> >> > >> >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Integrate+C >> >> > >i >> >> > >>> >s >> >> > >>> >c >> >> > >>> > >o >> >> > >>> > +ASA >> >> > >>> > >+ >> >> > >>> > >1000v+as+a+FW+for+CloudStack >> >> > >>> > > >> >> > >>> > >Additional details would be provided in the FS. >> >> > >>> > > >> >> > >>> > >Regards, >> >> > >>> > >Manan Shah >> >> > >>> > > >> >> > >> >> >> > > >> > >