Freescale Firewall as a Service Plugin
Contents
Introduction
CRD (Cloud Resource Discovery) Service is designed to support Freescale silicon in data center environment. Like Neutron, it uses keystone authentication for all ReSTful calls.
Freescale FWaaS Plugin proxies ReSTful calls (formatted for CRD Service) from Neutron to CRD Service.
It supports the Cloud Resource Discovery (CRD) service by updating the Firewall related data (rules, policies and firewall) into the CRD database.
CRD service manages creation of firewall on network nodes, virtual network appliances and openflow controller network applications.
Basic work Flow
Basic work flow between Freescale FWaaS Plugin and CRD service is shown below.
How does Freescale FWaaS work?
Freescale Firewall Service plugin sends the Firewall related data to CRD server.
The plug-in implements the CRUD operation on the following entities:
Firewall Rules
Firewall Policies
Firewall
The plug-in uses the exisitng firewall database to store the firewall
data.
The creation of firewall in network node or Virtual Network appliance or Openflow controller app is decided by CRD service.
Sequence flow of events for create_firewall is as follows:
create_firewall { neutron -> fsl_fw_plugin fsl_fw_plugin -> crd_service fsl_fw_plugin <-- crd_service neutron <-- fsl_fw_plugin }
How to use Freescale FWaaS Plugin?
Follow the following configuration detailed below to configure Neutron with Freescale FWaaS plugin.
Configuring Neutron to use Freescale FWaaS Plugin
In [DEFAULT] section of /etc/neutron/neutron.conf modify 'service_plugins' attribute as,
[DEFAULT] service_plugins = fsl_firewall
Configuring Freescale FWaaS Plugin
Update /etc/neutron/fsl_fwaas.ini, as below.
[fsl_fwaas] crd_auth_strategy = keystone crd_url = http://127.0.0.1:9797 crd_auth_url = http://127.0.0.1:5000/v2.0/ crd_tenant_name = service crd_password = <-service-password-> crd_user_name = <-service-username->
CRD service must be running in the controller.