Imvedansh commented on issue #10445: URL: https://github.com/apache/cloudstack/issues/10445#issuecomment-2779562310
@btzq I agree ,we shouldn’t limit ourselves to just Suricata. Based on our discussion and my understanding, here’s a draft of the problem statement and objective. Could you please review and confirm if you're aligned with this? Once approved, I’ll move forward with drafting and submitting the proposal. Problem Statement While CloudStack supports Virtual Network Functions (VNFs), it currently lacks native support for transparently inserting VNFs before the Virtual Router (VR) in the traffic flow. This limitation hinders advanced use cases such as traffic inspection, monitoring, and policy enforcement using custom appliances or third-party IDS/IPS systems. Objective Enhance CloudStack’s VPC networking model to allow users to insert a VNF transparently before the VR, ensuring traffic flows through the VNF first and then to the VR. This should be achieved using user-defined static routes, and designed to be self-serviceable by tenants (wherever feasible), reducing dependency on operator-level configuration. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
