Difference between revisions of "Neutron/vArmour-Firewall"
< Neutron
(→Configuration) |
(→Overview) |
||
Line 1: | Line 1: | ||
== Overview == | == Overview == | ||
vArmour's OpenStack integration contains two components: | vArmour's OpenStack integration contains two components: | ||
− | * '''L3 Agent replacement''': This component | + | * '''L3 Agent replacement''': This component configures vArmour firewall to be the gateway of internal network and supports SNAT and Floating IP (DNAT) functions. It inherits neutron L3 Agent module. Instead of using iptables, the module makes RESTful API calls to program vArmour firewall. |
− | * '''FWaaS driver''': Based on neutron FWaaS service extension, this component is a FWaaS driver | + | * '''FWaaS driver''': Based on neutron FWaaS service extension, this component is a FWaaS driver implementation that configures vArmour Firewall |
== Design == | == Design == |
Revision as of 05:34, 25 August 2013
Contents
Overview
vArmour's OpenStack integration contains two components:
- L3 Agent replacement: This component configures vArmour firewall to be the gateway of internal network and supports SNAT and Floating IP (DNAT) functions. It inherits neutron L3 Agent module. Instead of using iptables, the module makes RESTful API calls to program vArmour firewall.
- FWaaS driver: Based on neutron FWaaS service extension, this component is a FWaaS driver implementation that configures vArmour Firewall
Design
Blueprints
Firewall as a Service vArmour driver
Configuration
Please refer to FWaaS Installation Guide on how to enable FWaaS service
- Add the following configuration to l3_agent.ini to specify vArmour firewall director's IP address and login account
/etc/neutron/l3_agent.ini
[vArmour] director = 127.0.0.1 director_port = 443 username = varmour password = varmour
- Modify fwaas_driver.ini to use vArmour's FWaaS driver
/etc/neutron/fwaas_driver.ini
[fwaas] enabled = True driver = neutron.services.firewall.drivers.varmour.varmour_fwaas.vArmourFwaasDriver
- Modify neutron-l3-agent script to start vArmour's L3 Agent
/usr/local/bin/neutron-l3-agent
#from neutron.agent.l3_agent import main from neutron.services.firewall.agents.varmour.varmour_router import main
- Restart L3 Agent
python /usr/local/bin/neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini