Jump to: navigation, search

Difference between revisions of "Neutron/vArmour-Firewall"

(Configuration)
(Overview)
Line 1: Line 1:
 
== Overview ==
 
== Overview ==
 
vArmour's OpenStack integration contains two components:
 
vArmour's OpenStack integration contains two components:
* '''L3 Agent replacement''': This component configurse vArmour firewall to be the gateway of internal gateway and support SNAT and Floating IP (DNAT) function. It inherits neutron L3 Agent module. Instead of using iptables, the module makes RESTful API calls to program vArmour firewall.
+
* '''L3 Agent replacement''': This component configures vArmour firewall to be the gateway of internal network and supports SNAT and Floating IP (DNAT) functions. It inherits neutron L3 Agent module. Instead of using iptables, the module makes RESTful API calls to program vArmour firewall.
* '''FWaaS driver''': Based on neutron FWaaS service extension, this component is a FWaaS driver implements to configure vArmour Firewall
+
* '''FWaaS driver''': Based on neutron FWaaS service extension, this component is a FWaaS driver implementation that configures vArmour Firewall
  
 
== Design  ==
 
== Design  ==

Revision as of 05:34, 25 August 2013

Overview

vArmour's OpenStack integration contains two components:

  • L3 Agent replacement: This component configures vArmour firewall to be the gateway of internal network and supports SNAT and Floating IP (DNAT) functions. It inherits neutron L3 Agent module. Instead of using iptables, the module makes RESTful API calls to program vArmour firewall.
  • FWaaS driver: Based on neutron FWaaS service extension, this component is a FWaaS driver implementation that configures vArmour Firewall

Design

Blueprints

Firewall as a Service vArmour driver

Configuration

Please refer to FWaaS Installation Guide on how to enable FWaaS service

  • Add the following configuration to l3_agent.ini to specify vArmour firewall director's IP address and login account

/etc/neutron/l3_agent.ini 

[vArmour]
director = 127.0.0.1
director_port = 443
username = varmour
password = varmour
  • Modify fwaas_driver.ini to use vArmour's FWaaS driver

/etc/neutron/fwaas_driver.ini 

[fwaas]
enabled = True
driver = neutron.services.firewall.drivers.varmour.varmour_fwaas.vArmourFwaasDriver
  • Modify neutron-l3-agent script to start vArmour's L3 Agent

/usr/local/bin/neutron-l3-agent 

#from neutron.agent.l3_agent import main
from neutron.services.firewall.agents.varmour.varmour_router import main
  • Restart L3 Agent
python /usr/local/bin/neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini
Retrieved from "https://wiki.openstack.org/w/index.php?title=Neutron/vArmour-Firewall&oldid=28813"