Difference between revisions of "Brocade Vyatta Firewall driver"

Revision as of 18:59, 5 February 2015

Overview:

The Brocade Vyatta Firewall device driver provides FWaaS solution using Vyatta vRouter VM running as a Neutron router. The driver implements 'Perimeter Firewall' functionality to filter traffic between tenant private networks and external networks.

Vyatta FWaaS device driver will invoke the Vyatta vRouter REST APIs for the below CRUD APIs as and when determined by the FWaaS agent.

1. create_firewall

2. update_firewall

3. delete_firewall

All the above functions are similar to the existing reference FWaaS device-driver implementation.

Configuration

1. Edit Neutron configuration file /etc/neutron/neutron.conf to specify Vyatta vRouter L3 plugin:

  service_plugins =
    neutron.plugins.brocade.vyatta.vrouter_neutron_plugin.VyattaVRouterPlugin.
    neutron.services.firewall.fwaas_plugin.FirewallPlugin

2. Edit the /etc/neutron/fwaas_driver.ini file to use Brocade Vyatta FWaaS driver

  [fwaas]
  driver=neutron.services.firewall.drivers.vyatta.vyatta_fwaas.VyattaFirewallDriver
  enabled=True

3. Edit the /usr/local/bin/neutron-l3-agent script to start Vyatta L3 agent.

  from neutron_fwaas.services.firewall.agents.vyatta.fwaas_agent import main

4. Restart L3 agent.

  python /usr/local/bin/neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini