Neutron/vArmour-Firewall - OpenStack

Jump to: navigation, search

Revision as of 02:35, 25 August 2013 by Gduan (talk | contribs) (Created page with "== Overview == vArmour's OpenStack integration contains two components: * '''L3 Agent replacement''': This component configurse vArmour firewall to be the gateway of internal ...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Contents

1 Overview
2 Design
3 Blueprints
4 Configuration

Overview

vArmour's OpenStack integration contains two components:

L3 Agent replacement: This component configurse vArmour firewall to be the gateway of internal gateway and support SNAT and Floating IP (DNAT) function. It inherits neutron L3 Agent module. Instead of using iptables, the module makes RESTful API calls to program vArmour firewall.
FWaaS driver: Based on neutron FWaaS service extension, this component is a FWaaS driver implements to configure vArmour Firewall

Design

Blueprints

Firewall as a Service vArmour driver

Configuration

Only difference from Folsom is 'interface_driver' in dhcp_agent.ini and l3_agent.ini. OVSVethInterfaceDriver is now merged into OVSInterfaceDriver.

interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver
ovs_use_veth = True

Other configurations are same as Folsom.

Retrieved from "https://wiki.openstack.org/w/index.php?title=Neutron/vArmour-Firewall&oldid=28808"