Hey Cesar, First of all, I haven’t use Vyattas at all, but I noticed that there is neutron driver for that[1]. If you want to keep the current Vyattas deployment it’s fine, more likely you’ll need to install a neutron agent there. I’m not sure if you also need to populate the Neutron Database with the information that you have, I remember that we had to do something similar when I was working in our IT department. Lastly, the FWaaS code is there, if you need to improve certain area it’s always welcome.
Regards, Victor Morales Irc: electrocucaracha [1] https://wiki.openstack.org/wiki/Brocade_Vyatta_Firewall_driver On 1/31/17, 9:20 AM, "Cesar Benito Hernández" <cben...@arsys.es> wrote: >We currently have a cloud infrastructure meeting our own requirements. Let's >focus on some Networking features (firewall, instances isolation, spoofing >control). We are thinking about moving to OpenStack and when we focus on these >Networking features, Neutron comes into play. We are currently using Vyattas >for these networking features (firewall, instance isolation, spoofing control) >and we would like to keep it as it is right now. Therefore, if we move to >OpenStack we would like Neutron to orchestrate these Vyattas but these Vyattas >would be installed/configured in an outter layer, out of OpenStack. A good >comparison we find is Cinder. In Cinder you can configure your storage backend >(this storage backend is an external "agent" to OpenStack) and the idea with >this networking features would be the same (being able to configure in Neutron >our firewall backend). > >This is our desired scenario, and these are the questions that we arise. We >would appreciate very much your feedback: > >- We believe the current Neutron FWaaS does not meet our requirement. It's not >able to "talk" to an external firewall "backend". Are we right? >- In case FWaaS does not meet our requirements, we can think of >implementing/modifying the Neutron source code. I don't know exactly what this >implies, but if we are in the right direction, a new Neutron API set of >methods would be needed. Do you think the OpenStack community would accept >this change? >- Again, if we are right, apart from changing the Neutron source code to make >it able to "talk" to an external firewall, we would also need to implement the >firewall driver that matches the new API set of methods with the corresponding >methods of the vendor's API (in our case Vyatta). Are we right? > >If you think this is a wrong forum to discuss all these questions, please, >could you tell us another place to discuss all this? > >Thank you very much for your help and attention. We appreciate it. > >_______________________________________________ >Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >Post to : openstack@lists.openstack.org >Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
