Difference between revisions of "Freescale Firewall as a Service Plugin"

Latest revision as of 19:31, 26 July 2014

Introduction

CRD (Cloud Resource Discovery) Service is designed to support Freescale silicon in data center environment. Like Neutron, it uses keystone authentication for all ReSTful calls.

Freescale FWaaS Plugin proxies ReSTful calls (formatted for CRD Service) from Neutron to CRD Service.

It supports the Cloud Resource Discovery (CRD) service by updating the Firewall related data (rules, policies and firewall) into the CRD database.

CRD service manages creation of firewall on network nodes, virtual network appliances and openflow controller network applications.

Basic work Flow

Basic work flow between Freescale FWaaS Plugin and CRD service is shown below.

How does Freescale FWaaS work?

Freescale Firewall Service plugin sends the Firewall related data to CRD server.

The plug-in implements the CRUD operation on the following entities:

Firewall Rules
Firewall Policies
Firewall

The plug-in uses the exisitng firewall database to store the firewall data.

The creation of firewall in network node or Virtual Network appliance or Openflow controller app is decided by CRD service.

Sequence flow of events for create_firewall is as follows:

 create_firewall
 {
   neutron       ->  fsl_fw_plugin
   fsl_fw_plugin ->  crd_service
   fsl_fw_plugin <-- crd_service
   neutron       <-- fsl_fw_plugin
 }

How to use Freescale FWaaS Plugin?

Follow the following configuration detailed below to configure Neutron with Freescale FWaaS plugin.

Configuring Neutron to use Freescale FWaaS Plugin

In [DEFAULT] section of /etc/neutron/neutron.conf modify 'service_plugins' attribute as,

[DEFAULT]
service_plugins = fsl_firewall

Configuring Freescale FWaaS Plugin

Update /etc/neutron/plugins/ml2/ml2_conf_fslsdn.ini, as below.

[ml2_fslsdn]
crd_auth_strategy = keystone
crd_url = http://127.0.0.1:9797
crd_auth_url = http://127.0.0.1:5000/v2.0/
crd_tenant_name = service
crd_password = <-service-password->
crd_user_name = <-service-username->

Neutron Service must be configured to use ml2_conf_fslsdn.ini.

CRD service must be running in the controller.

@@ Line 1: / Line 1: @@
+<br />
 == Introduction ==
@@ Line 17: / Line 18: @@
 Basic work flow between Freescale FWaaS Plugin and CRD service is shown below.
+<br /><br />
+[[File:Freescale_FWaaS_Overview.jpg]]<br />
- +-------------------------------+
+<br />
- |                               |
- |       Neutron Service         |
- |                               |
- |    +--------------------------+
- |    |                          |
- |    |  Freescale Firewall      |
- |    |  Service Plugin          |
- |    |                          |
- +----+-----------+--------------+
-                  |
-                  |  ReST API
-                  |
-                  |
-        +---------v-----------+
-        |                     |
-        |   CRD Service       |
-        |                     |
-        +---------------------+
 == How does Freescale FWaaS work? ==
@@ Line 44: / Line 29: @@
 CRD server.
-The plug-in implements the CRUD operation on the following entities:
+The plug-in implements the CRUD operation on the following entities:<br />
-  * Firewall Rules
-  * Firewall Policies
+'''Firewall Rules'''  <br />
-  * Firewall
+'''Firewall Policies''' <br />
+'''Firewall''' <br />
 The plug-in uses the exisitng firewall database to store the firewall
@@ Line 83: / Line 70: @@
 === Configuring Freescale FWaaS Plugin ===
-Update /etc/neutron/fsl_fwaas.ini, as below.
+Update /etc/neutron/plugins/ml2/ml2_conf_fslsdn.ini, as below.
 ::
-  [fsl_fwaas]
+  [ml2_fslsdn]
   crd_auth_strategy = keystone
   crd_url = http://127.0.0.1:9797
@@ Line 94: / Line 81: @@
   crd_password = <-service-password->
   crd_user_name = <-service-username->
+Neutron Service must be configured to use ml2_conf_fslsdn.ini.
 CRD service must be running in the controller.