Hello,
Thanks a lot for explanation. Now is is more clear for me :)
--
Pozrawiam / Best regards
Sławek Kapłoński
sla...@kaplonski.pl
W dniu 2015-02-21 o 01:20, Sumit Naiksatam pisze:
Inline...
On Fri, Feb 20, 2015 at 3:38 PM, Sławek Kapłoński <sla...@kaplonski.pl> wrote:
Hello,
Thx guys. Now it is clear for me :)
One more question. I saw that in this service plugin there is hardcoded quota
1 firewall per tenant. Do you know why it is so limited? Is there any
important reason for that?
This is a current limitation of the reference implementation, since we
associate the FWaaS firewall resource with all the neutron routers.
Note that this is not a limitation of the FWaaS model, hence, if your
backend can support it, you can override this limitation.
And second thing. As there is only one firewall per tenant so all rules from
it will be applied on all routers (L3 agents) from this tenant and for all
tenant networks, am I right? If yes, how it is solved to set firewall rules
In general, this limitation is going away in the Kilo release. See the
following patch under review which removes the limitation of one
router per tenant:
https://review.openstack.org/#/c/152697/
when for example new router is created? L3 agent is asking about rules via rpc
or FwaaS is sending such notification to L3 agent?
In the current implementation this is automatically reconciled.
Whenever a new router comes up, the FWaaS agent pulls the rules, and
applies it on the interfaces of the new router.
Sorry if my questions are silly but I didn't do anything with this service
plugins yet :)
--
Pozdrawiam / Best regards
Sławek Kapłoński
sla...@kaplonski.pl
Dnia piątek, 20 lutego 2015 16:27:33 Doug Wiegley pisze:
Same project, shiny new repo.
doug
On Feb 20, 2015, at 4:05 PM, Sławek Kapłoński <sla...@kaplonski.pl> wrote:
Hello,
Thx for tips. I have one more question. You point me fo neutron-fwaas
project which for me looks like different project then neutron. I saw
fwaas service plugin directly in neutron in Juno. So which "version"
should I use: this neutron-fwaas or service plugin from neutron? Or maybe
it is the same or I misunderstand something?
--
Pozdrawiam / Best regards
Sławek Kapłoński
sla...@kaplonski.pl
Dnia piątek, 20 lutego 2015 14:44:21 Sumit Naiksatam pisze:
Inline...
On Wed, Feb 18, 2015 at 7:48 PM, Vikram Choudhary
<vikram.choudh...@huawei.com> wrote:
Hi,
You can write your own driver. You can refer to below links for getting
some idea about the architecture.
https://wiki.openstack.org/wiki/Neutron/ServiceTypeFramework
This is a legacy construct and should not be used.
https://wiki.openstack.org/wiki/Neutron/LBaaS/Agent
The above pointer is to a LBaaS Agent which is very different from a
FWaaS driver (which was the original question in the email).
FWaaS does use pluggable drivers and the default is configured here:
https://github.com/openstack/neutron-fwaas/blob/master/etc/fwaas_driver.i
ni
For example for FWaaS driver implementation you can check here:
https://github.com/openstack/neutron-fwaas/tree/master/neutron_fwaas/serv
ice s/firewall/drivers
Thanks
Vikram
-----Original Message-----
From: Sławek Kapłoński [mailto: ]
Sent: 19 February 2015 02:33
To: openstack-dev@lists.openstack.org
Subject: [openstack-dev] [Neutron] FWaaS - question about drivers
Hello,
I'm looking to use FWaaS service plugin with my own router solution (I'm
not using L3 agent at all). If I want to use FWaaS plugin also, should I
write own driver to it, or should I write own service plugin? I will be
grateful for any links to some description about this FWaaS and it's
architecture :) Thx a lot for any help
--
Best regards
Sławek Kapłoński
sla...@kaplonski.pl
________________________________________________________________________
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
________________________________________________________________________
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
--
Pozdrawiam
Sławek Kapłonski
sla...@kaplonski.pl
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
