cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From radh...@apache.org
Subject git commit: updated refs/heads/4.2 to e37fc13
Date Wed, 17 Jul 2013 05:06:33 GMT
Updated Branches:
  refs/heads/4.2 164ce32a8 -> e37fc1345


CLOUDSTACK-2806


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/e37fc134
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/e37fc134
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/e37fc134

Branch: refs/heads/4.2
Commit: e37fc13455859259b4309ad705d8c92778969812
Parents: 164ce32
Author: radhikap <radhika.puthiyetath@citrix.com>
Authored: Wed Jul 17 10:36:12 2013 +0530
Committer: radhikap <radhika.puthiyetath@citrix.com>
Committed: Wed Jul 17 10:36:12 2013 +0530

----------------------------------------------------------------------
 docs/en-US/add-gateway-vpc.xml         |   9 +-
 docs/en-US/configure-acl.xml           | 374 +++++++++++++++++++---------
 docs/en-US/images/replace-acl-icon.png | Bin 0 -> 930 bytes
 docs/en-US/images/replace-acl-list.png | Bin 0 -> 7706 bytes
 4 files changed, 263 insertions(+), 120 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e37fc134/docs/en-US/add-gateway-vpc.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/add-gateway-vpc.xml b/docs/en-US/add-gateway-vpc.xml
index 9a270f9..486cf84 100644
--- a/docs/en-US/add-gateway-vpc.xml
+++ b/docs/en-US/add-gateway-vpc.xml
@@ -144,10 +144,11 @@
   <section id="acl-private-gateway">
     <title>ACL on Private Gateway</title>
     <para>The traffic on the VPC private gateway is controlled by creating both ingress
and egress
-      network ACL rules. The ACLs contains both allow and deny rules. As per the rule, all
the
-      ingress traffic to the private gateway interface and all the egress traffic out from
the
-      private gateway interface are blocked. You can change this default behaviour while
creating a
-      private gateway.</para>
+      network ACL rules. The ACLs contains both allow and deny rules. In addition to the
default ACL
+      rules, rules you might have created are also listed in the ACL drop-down list. As per
the
+      rule, all the ingress traffic to the private gateway interface and all the egress traffic
out
+      from the private gateway interface are blocked. You can change this default behaviour
while
+      creating a private gateway.</para>
   </section>
   <section id="static-route">
     <title>Creating a Static Route</title>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e37fc134/docs/en-US/configure-acl.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/configure-acl.xml b/docs/en-US/configure-acl.xml
index e7459e6..c89210b 100644
--- a/docs/en-US/configure-acl.xml
+++ b/docs/en-US/configure-acl.xml
@@ -19,125 +19,267 @@
     under the License.
 -->
 <section id="configure-acl">
-  <title>Configuring Access Control List</title>
+  <title>Configuring Network Access Control List</title>
   <para>Define Network Access Control List (ACL) on the VPC virtual router to control
incoming
     (ingress) and outgoing (egress) traffic between the VPC tiers, and the tiers and Internet.
By
     default, all incoming and outgoing traffic to the guest networks is blocked. To open
the ports,
     you must create a new network ACL. The network ACLs can be created for the tiers only
if the
     NetworkACL service is supported.</para>
-  <orderedlist>
-    <listitem>
-      <para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
-    </listitem>
-    <listitem>
-      <para>In the left navigation, choose Network.</para>
-    </listitem>
-    <listitem>
-      <para>In the Select view, select VPC.</para>
-      <para>All the VPCs that you have created for the account is listed in the page.</para>
-    </listitem>
-    <listitem>
-      <para>Click the Configure button of the VPC, for which you want to configure
load balancing
-        rules.</para>
-      <para>For each tier, the following options are displayed:</para>
-      <itemizedlist>
-        <listitem>
-          <para>Internal LB</para>
-        </listitem>
-        <listitem>
-          <para>Public LB IP</para>
-        </listitem>
-        <listitem>
-          <para>Static NAT</para>
-        </listitem>
-        <listitem>
-          <para>Virtual Machines</para>
-        </listitem>
-        <listitem>
-          <para>CIDR</para>
-        </listitem>
-      </itemizedlist>
-      <para>The following router information is displayed:</para>
-      <itemizedlist>
-        <listitem>
-          <para>Private Gateways</para>
-        </listitem>
-        <listitem>
-          <para>Public IP Addresses</para>
-        </listitem>
-        <listitem>
-          <para>Site-to-Site VPNs</para>
-        </listitem>
-        <listitem>
-          <para>Network ACL Lists</para>
-        </listitem>
-      </itemizedlist>
-    </listitem>
-    <listitem>
-      <para>Select Network ACL Lists.</para>
-      <para>The following default rules are displayed in the Network ACLs page: default_allow,
-        default_deny.</para>
-    </listitem>
-    <listitem>
-      <para>Click Add ACL Lists, and specify the following:</para>
-      <itemizedlist>
-        <listitem>
-          <para><emphasis role="bold">ACL List Name</emphasis>: A name
for the ACL list.</para>
-        </listitem>
-        <listitem>
-          <para><emphasis role="bold">Description</emphasis>: A short description
of the ACL list
-            that can be displayed to users.</para>
-        </listitem>
-      </itemizedlist>
-    </listitem>
-    <listitem>
-      <para>Select the ACL list.</para>
-    </listitem>
-    <listitem>
-      <para>Select the ACL List Rules tab.</para>
-      <para>To add an ACL rule, fill in the following fields to specify what kind of
network traffic
-        is allowed in the VPC. </para>
-      <itemizedlist>
-        <listitem>
-          <para><emphasis role="bold">CIDR</emphasis>: The CIDR acts as
the Source CIDR for the
-            Ingress rules, and Destination CIDR for the Egress rules. To accept traffic only
from or
-            to the IP addresses within a particular address block, enter a CIDR or a comma-separated
-            list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example,
-            192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.</para>
-        </listitem>
-        <listitem>
-          <para><emphasis role="bold">Protocol</emphasis>: The networking
protocol that sources use
-            to send traffic to the tier. The TCP and UDP protocols are typically used for
data
-            exchange and end-user communications. The ICMP protocol is typically used to
send error
-            messages or network monitoring data. All supports all the traffic. Other option
is
-            Protocol Number.</para>
-        </listitem>
-        <listitem>
-          <para><emphasis role="bold">Start Port</emphasis>, <emphasis
role="bold">End
-              Port</emphasis> (TCP, UDP only): A range of listening ports that are
the destination
-            for the incoming traffic. If you are opening a single port, use the same number
in both
-            fields.</para>
-        </listitem>
-        <listitem>
-          <para><emphasis role="bold">Protocol Number</emphasis>: The protocol
number associated
-            with IPv4 or IPv6. For more information, see <ulink
-              url="http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml">Protocol
-              Numbers</ulink>.</para>
-        </listitem>
-        <listitem>
-          <para><emphasis role="bold">ICMP Type</emphasis>, <emphasis
role="bold">ICMP
-              Code</emphasis> (ICMP only): The type of message and error code that
will be
-            sent.</para>
-        </listitem>
-        <listitem>
-          <para><emphasis role="bold">Action</emphasis>: What action to
be taken. </para>
-        </listitem>
-      </itemizedlist>
-    </listitem>
-    <listitem>
-      <para>Click Add. The ACL rule is added.</para>
-      <para>You can edit the tags assigned to the ACL rules and delete the ACL rules
you have
-        created. Click the appropriate button in the Details tab.</para>
-    </listitem>
-  </orderedlist>
+  <section id="network-acl">
+    <title>About Network ACL Lists</title>
+    <para>In &PRODUCT; terminology, Network ACL is a group of Network ACL items.
Network ACL items
+      are nothing but numbered rules that are evaluated in order, starting with the lowest
numbered
+      rule. These rules determine whether traffic is allowed in or out of any tier associated
with
+      the network ACL. You need to add the Network ACL items to the Network ACL, then associate
the
+      Network ACL with a tier. Network ACL is associated with a VPC and can be assigned to
multiple
+      VPC tiers within a VPC. A Tier is associated with a Network ACL at all the times. Each
tier
+      can be associated with only one ACL.</para>
+    <para>The default Network ACL is used when no ACL is associated. Default behavior
is all the
+      incoming and outgoing traffic is blocked to the tiers. Default network ACL cannot be
removed
+      or modified. Contents of the default Network ACL is:</para>
+    <informaltable>
+      <tgroup cols="5" align="left" colsep="1" rowsep="1">
+        <colspec colnum="1" colname="c1" colwidth="31.5pt"/>
+        <colspec colnum="2" colname="c2" colwidth="58.5pt"/>
+        <colspec colnum="3" colname="c3" colwidth="66.0pt"/>
+        <colspec colnum="4" colname="c4" colwidth="48.0pt"/>
+        <colspec colnum="5" colname="c5" colwidth="58.5pt"/>
+        <thead>
+          <row>
+            <entry><para>Rule</para></entry>
+            <entry><para>Protocol</para></entry>
+            <entry><para>Traffic type</para></entry>
+            <entry><para>Action</para></entry>
+            <entry><para>CIDR</para></entry>
+          </row>
+        </thead>
+        <tbody>
+          <row>
+            <entry><para>1</para></entry>
+            <entry><para>All</para></entry>
+            <entry><para>Ingress</para></entry>
+            <entry><para>Deny</para></entry>
+            <entry><para>0.0.0.0/0</para></entry>
+          </row>
+          <row>
+            <entry><para>2</para></entry>
+            <entry><para>All</para></entry>
+            <entry><para>Egress</para></entry>
+            <entry><para>Deny</para></entry>
+            <entry><para>0.0.0.0/0</para></entry>
+          </row>
+        </tbody>
+      </tgroup>
+    </informaltable>
+  </section>
+  <section id="acl-list">
+    <title>Creating ACL Lists</title>
+    <orderedlist>
+      <listitem>
+        <para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
+      </listitem>
+      <listitem>
+        <para>In the left navigation, choose Network.</para>
+      </listitem>
+      <listitem>
+        <para>In the Select view, select VPC.</para>
+        <para>All the VPCs that you have created for the account is listed in the page.</para>
+      </listitem>
+      <listitem>
+        <para>Click the Configure button of the VPC.</para>
+        <para>For each tier, the following options are displayed:</para>
+        <itemizedlist>
+          <listitem>
+            <para>Internal LB</para>
+          </listitem>
+          <listitem>
+            <para>Public LB IP</para>
+          </listitem>
+          <listitem>
+            <para>Static NAT</para>
+          </listitem>
+          <listitem>
+            <para>Virtual Machines</para>
+          </listitem>
+          <listitem>
+            <para>CIDR</para>
+          </listitem>
+        </itemizedlist>
+        <para>The following router information is displayed:</para>
+        <itemizedlist>
+          <listitem>
+            <para>Private Gateways</para>
+          </listitem>
+          <listitem>
+            <para>Public IP Addresses</para>
+          </listitem>
+          <listitem>
+            <para>Site-to-Site VPNs</para>
+          </listitem>
+          <listitem>
+            <para>Network ACL Lists</para>
+          </listitem>
+        </itemizedlist>
+      </listitem>
+      <listitem>
+        <para>Select Network ACL Lists.</para>
+        <para>The following default rules are displayed in the Network ACLs page: default_allow,
+          default_deny.</para>
+      </listitem>
+      <listitem>
+        <para>Click Add ACL Lists, and specify the following:</para>
+        <itemizedlist>
+          <listitem>
+            <para><emphasis role="bold">ACL List Name</emphasis>: A name
for the ACL list.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Description</emphasis>: A short
description of the ACL list
+              that can be displayed to users.</para>
+          </listitem>
+        </itemizedlist>
+      </listitem>
+    </orderedlist>
+  </section>
+  <section id="add-acl-rule">
+    <title>Creating an ACL Rule</title>
+    <orderedlist>
+      <listitem>
+        <para>Log in to the &PRODUCT; UI as an administrator or end user.</para>
+      </listitem>
+      <listitem>
+        <para>In the left navigation, choose Network.</para>
+      </listitem>
+      <listitem>
+        <para>In the Select view, select VPC.</para>
+        <para>All the VPCs that you have created for the account is listed in the page.</para>
+      </listitem>
+      <listitem>
+        <para>Click the Configure button of the VPC.</para>
+      </listitem>
+      <listitem>
+        <para>Select Network ACL Lists.</para>
+        <para>In addition to the custom ACL lists you have created, the following default
rules are
+          displayed in the Network ACLs page: default_allow, default_deny.</para>
+      </listitem>
+      <listitem>
+        <para>Select the desired ACL list.</para>
+      </listitem>
+      <listitem>
+        <para>Select the ACL List Rules tab.</para>
+        <para>To add an ACL rule, fill in the following fields to specify what kind
of network
+          traffic is allowed in the VPC. </para>
+        <itemizedlist>
+          <listitem>
+            <para><emphasis role="bold">Rule Number</emphasis>: The order
in which the rules are
+              evaluated.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">CIDR</emphasis>: The CIDR acts
as the Source CIDR for the
+              Ingress rules, and Destination CIDR for the Egress rules. To accept traffic
only from
+              or to the IP addresses within a particular address block, enter a CIDR or a
+              comma-separated list of CIDRs. The CIDR is the base IP address of the incoming
+              traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Action</emphasis>: What action
to be taken. Allow traffic or
+              block.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Protocol</emphasis>: The networking
protocol that sources
+              use to send traffic to the tier. The TCP and UDP protocols are typically used
for data
+              exchange and end-user communications. The ICMP protocol is typically used to
send
+              error messages or network monitoring data. All supports all the traffic. Other
option
+              is Protocol Number.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Start Port</emphasis>, <emphasis
role="bold">End
+                Port</emphasis> (TCP, UDP only): A range of listening ports that are
the destination
+              for the incoming traffic. If you are opening a single port, use the same number
in
+              both fields.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Protocol Number</emphasis>: The
protocol number associated
+              with IPv4 or IPv6. For more information, see <ulink
+                url="http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml">Protocol
+                Numbers</ulink>.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">ICMP Type</emphasis>, <emphasis
role="bold">ICMP
+                Code</emphasis> (ICMP only): The type of message and error code that
will be
+              sent.</para>
+          </listitem>
+          <listitem>
+            <para><emphasis role="bold">Traffic Type</emphasis>: The type
of traffic: Incoming or
+              outgoing.</para>
+          </listitem>
+        </itemizedlist>
+      </listitem>
+      <listitem>
+        <para>Click Add. The ACL rule is added.</para>
+        <para>You can edit the tags assigned to the ACL rules and delete the ACL rules
you have
+          created. Click the appropriate button in the Details tab.</para>
+      </listitem>
+    </orderedlist>
+  </section>
+  <section id="create-acl-tier">
+    <title>Assigning a Custom ACL List to a Tier</title>
+    <orderedlist>
+      <listitem>
+        <para>Create a VPC.</para>
+      </listitem>
+      <listitem>
+        <para>Create a custom ACL list.</para>
+      </listitem>
+      <listitem>
+        <para>Add ACL rules to the ACL list.</para>
+      </listitem>
+      <listitem>
+        <para>Create a tier in the VPC.</para>
+        <para>Select the desired ACL list while creating a tier.</para>
+      </listitem>
+      <listitem>
+        <para>Click OK.</para>
+      </listitem>
+    </orderedlist>
+  </section>
+  <section id="assign-acl-tier">
+    <title>Assigning a Custom ACL List to a Tier</title>
+    <orderedlist>
+      <listitem>
+        <para>Create a VPC.</para>
+      </listitem>
+      <listitem>
+        <para>Create a tier in the VPC.</para>
+      </listitem>
+      <listitem>
+        <para>Associate the tier with the default ACL rule.</para>
+      </listitem>
+      <listitem>
+        <para>Create a custom ACL list.</para>
+      </listitem>
+      <listitem>
+        <para>Add ACL rules to the ACL list.</para>
+      </listitem>
+      <listitem>
+        <para>Select the tier for which you want to assign the custom ACL.</para>
+      </listitem>
+      <listitem>
+        <para>Click the Replace ACL List icon.<inlinemediaobject>
+            <imageobject>
+              <imagedata fileref="./images/replace-acl-icon.png"/>
+            </imageobject>
+            <textobject>
+              <phrase>replace-acl-icon.png: button to replace an ACL list</phrase>
+            </textobject>
+          </inlinemediaobject></para>
+        <para>The Replace ACL List dialog is displayed.</para>
+      </listitem>
+      <listitem>
+        <para>Select the desired ACL list.</para>
+      </listitem>
+      <listitem>
+        <para>Click OK.</para>
+      </listitem>
+    </orderedlist>
+  </section>
 </section>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e37fc134/docs/en-US/images/replace-acl-icon.png
----------------------------------------------------------------------
diff --git a/docs/en-US/images/replace-acl-icon.png b/docs/en-US/images/replace-acl-icon.png
new file mode 100644
index 0000000..6a15d45
Binary files /dev/null and b/docs/en-US/images/replace-acl-icon.png differ

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e37fc134/docs/en-US/images/replace-acl-list.png
----------------------------------------------------------------------
diff --git a/docs/en-US/images/replace-acl-list.png b/docs/en-US/images/replace-acl-list.png
new file mode 100644
index 0000000..3375017
Binary files /dev/null and b/docs/en-US/images/replace-acl-list.png differ


Mime
View raw message