I wrote a vendor specific fwaas-driver for our firewall (I also wrote the iptables reference fwaas driver).
As per my understanding, the driver demux happens in L3 agent. Since we also wanted to enable our physical appliance for Fwaas, I had to extend L3 agent for insert the firewall into Neutron router. Ignoring service-insertion changes for now, if we just take the fwaas-driver demux happening in L3 agent, will this work with all core-plugins? When I look at other core-plugins (NVP or Big Switch), I see that L3 agent is not used (or not started).Does this mean that we have to have multiple implementations of fwaas-driver? As a firewall vendor, I would have expected that I write one one driver and it would work with all core-plugins. Is there some way this could be done? Is it possible with multi-host mode where one host runs L3 agent(and all advanced services can be used through this host) while other network services may be provided through vendor-specific core plugins. I am not sure if this is a good analogy. In Nova, we have different hypervisors being supported at the same time. For Neutron, can we have different core-plugins work at the same time. With the focus slowly increasing on advanced services and service insertion, is there a framework that we could follow that will work with all core-plugins. Thanks, -Rajesh Mohan
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev