Hi- I’m confused. Do you really have an PoC implementation of what is to be achieved?
As I look into these type of Implementations, I would prefer to have proxy driver/plugin to get the configuration from Openstack to external controller/device and do the rest of the magic. - Trinath From: Oğuz Yarımtepe [mailto:[email protected]] Sent: Monday, November 02, 2015 4:36 PM To: OpenStack Development Mailing List (not for usage questions) <[email protected]> Subject: Re: [openstack-dev] [neutron][fwaas]some architectural advice on fwaas driver writing Hi, On Mon, Nov 2, 2015 at 11:25 AM, Somanchi Trinath <[email protected]<mailto:[email protected]>> wrote: Hi – Based on this “Assuming that, it will not be routing traffic, just filtering, and that we will be using virtual routers of Openstack” As I understand from the email, you might be comfortable to configure the HW-FW using the ReST API. So you can write a proxy driver and connect the HW-FW in the setup (which you have tested to make it ready to use). The proxy driver written helps to Configure the HW-FW and the HW-FW filters the traffic. Having said that, I assume that the HW-FW has some intelligence to process the requests from proxy driver and update the FW configuration. To be sure, calling the REST API at https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py#L62 for ex to create a firewall is what you are talking about. Instead of iptables, a new driver will be written to handle CRUD operations. To distinguish the tenant networks, i will be using vlan or vxlan ids while entering firewall rules, i think. *HW-FW – Hardware Firewall. Hope this helps. - Trinath Did I understand you right, about the proxy driver?
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
