Its already mentioned in FS that LB functionality is beyond 4.2. I haven't yet thought about these scenarios. Can you let me know what all configurations (in-line, side-by-side) needs to be supported? I am not sure about the use for side-by-side.
> -----Original Message----- > From: Manan Shah [mailto:manan.s...@citrix.com] > Sent: Thursday, March 21, 2013 12:20 AM > To: cloudstack-...@incubator.apache.org > Cc: Manan Shah > Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack > > Hi Koushik, > > Can you please confirm if the LB functionality (via VR or VPX) would be > supported in 4.2 or not? > > Regards, > Manan Shah > > > > > On 3/19/13 5:00 AM, "Koushik Das" <koushik....@citrix.com> wrote: > > >Inline > > > >> > >> On 18/03/13 7:37 PM, "Sailaja Mada" <sailaja.m...@citrix.com> wrote: > >> > >> >+ > >> > > >> >7) During Guest Network shutdown, Do we release the ASA association > >> >with Guest Network and Even change guest_port_profile configuration > >> >as Cloudstack releases VLAN and Network will go to allocated state? > >> > > > > >Yes. Necessary stuff should get cleaned up > > > >> >8) When the Guest Network is updated from ASA firewall offering to > >> >VR Offering , Please share the sequence of configuration steps > >> >called out @ ASA/VNMC? > >> > > > > >Not sure I understand the scenario completely. Can you elaborate on the > >use case that this is going to provide? > > > >> >Thanks, > >> >Sailaja.M > >> > > >> >-----Original Message----- > >> >From: Sailaja Mada [mailto:sailaja.m...@citrix.com] > >> >Sent: Monday, March 18, 2013 5:32 PM > >> >To: cloudstack-...@incubator.apache.org; Koushik Das > >> >Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack > >> > > >> >Hi, > >> > > >> >1) Section: CiscoVNMCElement::implement() : > >> > > >> >1A) vservice_node is configured with fail-mode close . This is to > >> >drop the packets if there is no connectivity to VEM , It means ESXi > >> >host is not reachable. I see that we are going to configure with > >> >fail mode as close > >> > > >> >Is there any use case where packets will get forwarded with > >> >fail-mode open ? > >> > > > > >If required this can be moved to a configuration later on. For now > >'close' should be good. > > > >> >1B) vservice_node configuration has ip address 10.1.1.1 . Can you > >> >please share from where this IP address is picked up when the > >> >configuration is done thru cloudstack? > >> > > > > >ASA acts as the default gateway and this is the gateway IP. > > > >> >2) When the guest network is deleted/Account it deleted, Will you be > >> >deleting the vethernet asa in_port_profile defined @ VSM while > >> >releasing the VLAN . > >> > > > > >Yes > > > >> >3) Can you please update FS with Edge security profile details that > >> >will get configured @ ASA when firewall rules are configured from > >> Cloudstack. > >> > > > > >ESP is configured in VNMC. There will be rules created under NAT, > >Egress/Ingress ACLs > > > >> >4) When Guest Network is restarted what are the sequence of > >> >operations will happen when it has ASA firewall ? > >> > > > > >ASA firewall will get implemented as a network element that > >participates in the orchestration. Let me know what specific sequence > >are you referring to? > > > >> >5) Is there any change with API's that are used to configure > >> >Firewall rules? > >> > > > > >No > > > >> >6) Use Cases / Flow - I see that LB as Netscaler with isolated > >> >Network is not available. Are we supporting only VR? > >> > > > > >Not in 4.2. Its mentioned in FS. > > > >> >Please clarify. > >> > > >> >Thanks, > >> >Sailaja.M > >> > > >> >-----Original Message----- > >> >From: Koushik Das [mailto:koushik....@citrix.com] > >> >Sent: Monday, March 11, 2013 6:41 PM > >> >To: Koushik Das; cloudstack-...@incubator.apache.org > >> >Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack > >> > > >> >Updated the FS with following changes: > >> > > >> >- Use case section updated, classified use cases that will be > >> >supported for 4.2 and beyond. Also removed items like VSG and VXLAN > >> >support to "Open items" section as not planning to do them as part > >> >of "ASA integration". > >> >- Updated the deployment model section and added HV limitation > >> >(Vmware only feature) > >> >- Also updated the API section with parameter details. > >> > > >> >Comments/feedback? > >> > > >> >Thanks, > >> >Koushik > >> > > >> >> -----Original Message----- > >> >> From: Koushik Das [mailto:koushik....@citrix.com] > >> >> Sent: Monday, February 11, 2013 7:08 PM > >> >> To: cloudstack-...@incubator.apache.org > >> >> Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack > >> >> > >> >> Updated the FS with API, Db changes and current deployment > >>limitations. > >> >> Also updated the UI section as to what all needs to be added. > >> >> > >> >> Chiradeep, > >> >> I looked at the option of spinning up templates from ovf template > >> >>but didn't find a way (was looking for some samples) to pass custom > >> >>parameters like vnmc ip, password etc. while creating VM instance. > >> >>So for now the ASA instance creation is a manual step similar to > >> >>VNMC appliance. In case there is a way out, the auto-creation can > >> >>be done as a future enhancement. > >> >> > >> >> Thanks, > >> >> Koushik > >> >> > >> >> > -----Original Message----- > >> >> > From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com] > >> >> > Sent: Friday, January 25, 2013 1:39 AM > >> >> > To: CloudStack DeveloperList > >> >> > Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack > >> >> > > >> >> > Thanks for the FS updates. > >> >> > Good progress. > >> >> > I had forgotten about registering the ASA 1000v with VNMC < that > >> >> > makes it harder to spin these appliances up/down. However we can > >> >> > plan to login via the CLI just for this step. > >> >> > > >> >> > I believe it is better to use a pre-setup pool of ASA appliances. > >> >> > Let's say we start with N appliances (created via an admin API > >> >> > call to > >> >> CloudStack). > >> >> > createASA1000vPool(ovf template id, zone, vnmc ip, N, increment, > >> >> > threshold) Then as the capacity reaches threshold%, the pool > >> >> > capacity is incremented by increment% asynchronously. > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > On 1/21/13 12:46 AM, "Koushik Das" <koushik....@citrix.com> > wrote: > >> >> > > >> >> > >Thanks Chiradeep for explaining the vnmc/asa integration stuff > >> >> > >that you are working on and listing down all the use cases. > >> >> > > > >> >> > >Manan, > >> >> > >CLOUDSTACK-742 is covered as part of Chiradeep's work (refer > >> >> > >use cases > >> >> > >#1 and #2 from the doc). > >> >> > > > >> >> > >-Koushik > >> >> > > > >> >> > >-----Original Message----- > >> >> > >From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com] > >> >> > >Sent: Saturday, January 19, 2013 1:30 AM > >> >> > >To: CloudStack DeveloperList > >> >> > >Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into > >> >> > >CloudStack > >> >> > > > >> >> > >Take a look here: > >> >> > > >> >> > >> > >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Cisco+VNMC+i > >> >> > nteg > >> >> > >rat > >> >> > >i > >> >> > >on > >> >> > > > >> >> > > > >> >> > >This is something I had been prototyping without any real > >>enthusiasm. > >> >> > > > >> >> > >There's 3 ways to control the ASA1000v: > >> >> > >1. By logging in via the CLI. Strongly against this. > >> >> > >2. By using VNMC > >> >> > >3. Via Cisco's Network Services Manager (NSM)[1] > >> >> > > > >> >> > >The NSM is comprehensive, covers a large range of physical and > >> >> > >virtual devices and has an easy northbound API. This would be > >> >> > >my preferred solution. > >> >> > > > >> >> > >However as of now (NSM v5.0.2), the ASA1000v is not supported. > >> >> > >It may also be the case that using VNMC may be a cheaper > >> >> > >(albeit less > >> >> > >supported) option > >> >> > > > >> >> > >[1] http://www.cisco.com/en/US/products/ps11636/index.html > >> >> > > > >> >> > >On 1/17/13 9:26 PM, "Koushik Das" <koushik....@citrix.com> > wrote: > >> >> > > > >> >> > >>Manan, > >> >> > >>Can you answer the questions that Chiradeep has raised? > >> >> > >> > >> >> > >>Chiradeep, > >> >> > >>I saw that you have started working on asa/vnmc here > >> >> > >>(https://git-wip-us.apache.org/repos/asf/incubator-cloudstack/ > >> >> > >>rep > >> >> > >>o > >> >> > >>?p > >> >> > >>=i > >> >> > >>n > >> >> > >>cub > >> >> > >>ator-cloudstack.git;a=shortlog;h=refs/heads/cisco-vnmc-api- > >> >> integration). > >> >> > >>I would like to understand the functionalities that you are > >> >> > >>planning to cover and what is the overlap between your work > >> >> > >>and the feature that Manan has proposed (supporting asa1000v > >> >> > >>as an > >> >>external firewall). > >> >> > >> > >> >> > >>Thanks, > >> >> > >>Koushik > >> >> > >> > >> >> > >>> -----Original Message----- > >> >> > >>> From: Alex Huang [mailto:alex.hu...@citrix.com] > >> >> > >>> Sent: Sunday, January 06, 2013 2:18 AM > >> >> > >>> To: cloudstack-...@incubator.apache.org > >> >> > >>> Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into > >> >> > >>> CloudStack > >> >> > >>> > >> >> > >>> Manan, > >> >> > >>> > >> >> > >>> Can you address the issues that Chiradeep has brought up? I > >> >> > >>>think for a requirements discussion it is just as important > >> >> > >>>to indicate what we will not do or what is considered a > >> >> > >>>feature of a later release. > >> >> > >>> > >> >> > >>> --Alex > >> >> > >>> > >> >> > >>> > -----Original Message----- > >> >> > >>> > From: Chiradeep Vittal > >> >> > >>> > [mailto:chiradeep.vit...@citrix.com] > >> >> > >>> > Sent: Thursday, January 03, 2013 6:16 PM > >> >> > >>> > To: CloudStack DeveloperList > >> >> > >>> > Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into > >> >> > >>> > CloudStack > >> >> > >>> > > >> >> > >>> > There cannot be feature parity since the ASA1000v is only > >> >> > >>> > supported on VMWare. > >> >> > >>> > > >> >> > >>> > Should the ASA1000v be created on demand, or do we expect > >> >> > >>> > the admin to provision a pool of virtual ASAs? > >> >> > >>> > > >> >> > >>> > Should we support VXLAN as the isolation technology or > VLANs? > >> >> > >>> > > >> >> > >>> > > >> >> > >>> > On 1/3/13 5:08 PM, "Manan Shah" <manan.s...@citrix.com> > >> wrote: > >> >> > >>> > > >> >> > >>> > >Hi, > >> >> > >>> > > > >> >> > >>> > >I would like to propose a new feature for integrating > >> >> > >>> > >Cisco ASA 1000v in CS 4.1. I have created a JIRA ticket > >> >> > >>> > >and provided the requirements at the following location. > >> >> > >>> > >Please provide feedback on the > >> >> > >>>requirements. > >> >> > >>> > > > >> >> > >>> > >JIRA Ticket: > >> >> > >>> > >https://issues.apache.org/jira/browse/CLOUDSTACK-742 > >> >> > >>> > >Requirements: > >> >> > >>> > > >> >> > >>> > >> >> > > >> >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Integrate+C > >> >> > >i > >> >> > >>> >s > >> >> > >>> >c > >> >> > >>> > >o > >> >> > >>> > +ASA > >> >> > >>> > >+ > >> >> > >>> > >1000v+as+a+FW+for+CloudStack > >> >> > >>> > > > >> >> > >>> > >Additional details would be provided in the FS. > >> >> > >>> > > > >> >> > >>> > >Regards, > >> >> > >>> > >Manan Shah > >> >> > >>> > > > >> >> > >> > >> >> > > > >> > > >
