Oğuz, Eventually service chaining will help but if you need something to work now (and most vendors do) focus on how the other drivers are done. Usually copying the other drivers will work best. On the LBaaS side things are often integrated with tagged vLans but I haven’ read much of the code…
German From: Oğuz Yarımtepe <oguzyarimt...@gmail.com<mailto:oguzyarimt...@gmail.com>> Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>> Date: Monday, November 23, 2015 at 5:01 AM To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>> Subject: Re: [openstack-dev] [neutron][fwaas]some architectural advice on fwaas driver writing I am checking the vyatta driver now and they replaced l3 agent with their own agent and also using a vrouter image for router creation. Our appliance is not virtual :) So for the linkage between services, can service chaining help me? On Mon, Nov 23, 2015 at 8:25 AM, Germy Lure <germy.l...@gmail.com<mailto:germy.l...@gmail.com>> wrote: Hi, Under current FWaaS architecture or framework, only integrating hardware firewall is not easy. That requires neutron support service level multiple vendors. In another word, vendors must fit each other for their services while currently vendors just provides all services through controller. I think the root cause is Neutron just doesn't known how the network devices connect each other. Neutron provides FW, LB, VPN and other advanced network functionalists as services. But as the implementation layer, Neutron needs TOPO info to make right decision, routing traffic to the right device. For example, from namespace router to hardware firewall, Neutron should add some internal routes even extra L3 interfaces according to the connection relationship between them. If the firewall service is integrated with router, like Vyatta, it's simple. The only thing you need to do is just enable the firewall itself. All in all, it requires linkage between services, especially between advanced services and L3 router. Germy . On Fri, Nov 20, 2015 at 9:19 PM, Somanchi Trinath <trinath.soman...@freescale.com<mailto:trinath.soman...@freescale.com>> wrote: Hi- As I understand you are not sure on “How to locate the Hardware Appliance” which you have as your FW? Am I right? If so you can look into, https://github.com/jumpojoy/generic_switch kind of approach. - Trinath From: Oguz Yarimtepe [mailto:oguzyarimt...@gmail.com<mailto:oguzyarimt...@gmail.com>] Sent: Friday, November 20, 2015 5:52 PM To: OpenStack Development Mailing List (not for usage questions) <openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>> Subject: Re: [openstack-dev] [neutron][fwaas]some architectural advice on fwaas driver writing I created a sample driver by looking at vArmour driver that is at the Github FWaaS repo. I am planning to call the FW's REST API from the suitable functions. The problem is, i am still not sure how to locate the hardware appliance. One of the FWaaS guy says that Service Chaining can help, any body has an idea or how to insert the fw to OpenStack? On 11/02/2015 02:36 PM, Somanchi Trinath wrote: Hi- I’m confused. Do you really have an PoC implementation of what is to be achieved? As I look into these type of Implementations, I would prefer to have proxy driver/plugin to get the configuration from Openstack to external controller/device and do the rest of the magic. - Trinath __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe<http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe<http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Oğuz Yarımtepe http://about.me/oguzy __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
