Jump to: navigation, search

Difference between revisions of "Neutron/vArmour-Firewall"

(Overview)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
== Overview ==
 
== Overview ==
 
vArmour's OpenStack integration contains two components:
 
vArmour's OpenStack integration contains two components:
* '''L3 Agent replacement''': This component configurse vArmour firewall to be the gateway of internal gateway and support SNAT and Floating IP (DNAT) function. It inherits neutron L3 Agent module. Instead of using iptables, the module makes RESTful API calls to program vArmour firewall.
+
* '''L3 Agent replacement''': This component configures vArmour firewall to be the gateway of internal networks and supports SNAT and Floating IP (DNAT) functions. It inherits neutron L3 Agent module. Instead of using iptables, the module makes RESTful API calls to program vArmour firewall.
* '''FWaaS driver''': Based on neutron FWaaS service extension, this component is a FWaaS driver implements to configure vArmour Firewall
+
* '''FWaaS driver''': Based on neutron FWaaS service extension, this component is a FWaaS driver implementation that configures vArmour Firewall.
  
 
== Design  ==
 
== Design  ==
Line 15: Line 15:
 
* Add the following configuration to l3_agent.ini to specify vArmour firewall director's IP address and login account
 
* Add the following configuration to l3_agent.ini to specify vArmour firewall director's IP address and login account
  
/etc/neutron/l3_agent.ini
+
/etc/neutron/l3_agent.ini
  
 
<pre><nowiki>
 
<pre><nowiki>
Line 27: Line 27:
 
* Modify fwaas_driver.ini to use vArmour's FWaaS driver
 
* Modify fwaas_driver.ini to use vArmour's FWaaS driver
  
/etc/neutron/fwaas_driver.ini
+
/etc/neutron/fwaas_driver.ini
  
 
<pre><nowiki>
 
<pre><nowiki>
Line 37: Line 37:
 
* Modify neutron-l3-agent script to start vArmour's L3 Agent
 
* Modify neutron-l3-agent script to start vArmour's L3 Agent
  
/usr/local/bin/neutron-l3-agent
+
/usr/local/bin/neutron-l3-agent
  
 
<pre><nowiki>
 
<pre><nowiki>

Latest revision as of 05:45, 25 August 2013

Overview

vArmour's OpenStack integration contains two components:

  • L3 Agent replacement: This component configures vArmour firewall to be the gateway of internal networks and supports SNAT and Floating IP (DNAT) functions. It inherits neutron L3 Agent module. Instead of using iptables, the module makes RESTful API calls to program vArmour firewall.
  • FWaaS driver: Based on neutron FWaaS service extension, this component is a FWaaS driver implementation that configures vArmour Firewall.

Design

Blueprints

Firewall as a Service vArmour driver

Configuration

Please refer to FWaaS Installation Guide on how to enable FWaaS service

  • Add the following configuration to l3_agent.ini to specify vArmour firewall director's IP address and login account

/etc/neutron/l3_agent.ini 

[vArmour]
director = 127.0.0.1
director_port = 443
username = varmour
password = varmour
  • Modify fwaas_driver.ini to use vArmour's FWaaS driver

/etc/neutron/fwaas_driver.ini 

[fwaas]
enabled = True
driver = neutron.services.firewall.drivers.varmour.varmour_fwaas.vArmourFwaasDriver
  • Modify neutron-l3-agent script to start vArmour's L3 Agent

/usr/local/bin/neutron-l3-agent 

#from neutron.agent.l3_agent import main
from neutron.services.firewall.agents.varmour.varmour_router import main
  • Restart L3 Agent
python /usr/local/bin/neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini
Retrieved from "https://wiki.openstack.org/w/index.php?title=Neutron/vArmour-Firewall&oldid=28814"