Difference between revisions of "Brocade Vyatta Firewall driver"
Vishwanathj (talk | contribs) (→Configuration) |
Vishwanathj (talk | contribs) (→Configuration) |
||
| Line 23: | Line 23: | ||
<big> | <big> | ||
| − | 1. Edit Neutron configuration file /etc/neutron/neutron.conf to specify Vyatta vRouter L3 plugin and Firewall plugin: | + | 1. Refer to link https://wiki.openstack.org/wiki/Brocade_Vyatta_L3_Plugin for L3 plugin configuration. |
| + | |||
| + | 2. Edit Neutron configuration file /etc/neutron/neutron.conf to specify Vyatta vRouter L3 plugin and Firewall plugin: | ||
service_plugins = | service_plugins = | ||
| Line 29: | Line 31: | ||
neutron.services.firewall.fwaas_plugin.FirewallPlugin | neutron.services.firewall.fwaas_plugin.FirewallPlugin | ||
| − | + | 3. Edit the /etc/neutron/fwaas_driver.ini file to use Brocade Vyatta FWaaS driver | |
[fwaas] | [fwaas] | ||
| Line 35: | Line 37: | ||
enabled=True | enabled=True | ||
| − | + | 4. Edit the /usr/local/bin/neutron-l3-agent script to start Vyatta L3 agent. | |
from neutron_fwaas.services.firewall.agents.vyatta.fwaas_agent import main | from neutron_fwaas.services.firewall.agents.vyatta.fwaas_agent import main | ||
| − | + | 5. Restart L3 agent. | |
python /usr/local/bin/neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini | python /usr/local/bin/neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini | ||
</big> | </big> | ||
Revision as of 20:01, 5 February 2015
Overview:
The Brocade Vyatta Firewall device driver provides FWaaS solution using Vyatta vRouter VM running as a Neutron router. The driver implements 'Perimeter Firewall' functionality to filter traffic between tenant private networks and external networks.
Vyatta FWaaS device driver will invoke the Vyatta vRouter REST APIs for the below CRUD APIs as and when determined by the FWaaS agent.
1. create_firewall
2. update_firewall
3. delete_firewall
All the above functions are similar to the existing reference FWaaS device-driver implementation.
Configuration
1. Refer to link https://wiki.openstack.org/wiki/Brocade_Vyatta_L3_Plugin for L3 plugin configuration.
2. Edit Neutron configuration file /etc/neutron/neutron.conf to specify Vyatta vRouter L3 plugin and Firewall plugin:
service_plugins =
neutron.plugins.brocade.vyatta.vrouter_neutron_plugin.VyattaVRouterPlugin.
neutron.services.firewall.fwaas_plugin.FirewallPlugin
3. Edit the /etc/neutron/fwaas_driver.ini file to use Brocade Vyatta FWaaS driver
[fwaas] driver=neutron.services.firewall.drivers.vyatta.vyatta_fwaas.VyattaFirewallDriver enabled=True
4. Edit the /usr/local/bin/neutron-l3-agent script to start Vyatta L3 agent.
from neutron_fwaas.services.firewall.agents.vyatta.fwaas_agent import main
5. Restart L3 agent.
python /usr/local/bin/neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini
