Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: cloudstack-dev@incubator.apache.org
Received-SPF: pass (athena.apache.org: domain of animesh.chaturvedi@citrix.com
 designates 66.165.176.63 as permitted sender)
From: Animesh Chaturvedi <animesh.chaturvedi@citrix.com>
To: "cloudstack-dev@incubator.apache.org"
	<cloudstack-dev@incubator.apache.org>
Date: Wed, 16 Jan 2013 10:53:22 -0800
Subject: [VOTE]  Accept a donation of SRX&F5 inline mode support in
 CloudStack from Citrix
Thread-Topic: [VOTE]  Accept a donation of SRX&F5 inline mode support in
 CloudStack from Citrix
Thread-Index: Ac30GonpqzxvwbdPQW6eifeByhrcwQ==
Message-ID: 
 <7A92FF96DF135843B4B608FB576BFC3E012DA320C6EB@SJCPMAILBOX01.citrite.net>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Reposting with subject line VOTE

Committers have binding votes for this decision.

Please respond with your vote:
+1 - Accept the donation and begin the process of bringing this enhancement=
 to CloudStack
in via the IP clearance process
+0 - Don't care
-1 - Do not accept the donation

This vote will remain open for ~72 hours.


> -----Original Message-----
> From: Sheng Yang [mailto:sheng@yasker.org]
> Sent: Tuesday, January 15, 2013 5:54 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: [IP Clearance] CLOUDSTACK-306 SRX&F5 inline mode
>=20
> Hi,
>=20
> I'd like to start the process of IP Clearance for CLOUDSTACK-306:
> SRX&F5 inline mode support.
>=20
> Citrix would like to donate this code to Apache Cloudstack.
>=20
> This feature extended the support for external network devices for Clouds=
tack.
>=20
> In the Cloudstack 4.0 release, it's only able to work with SRX and F5 in =
side-by-
> side mode, which means all the traffic going through F5 load balancer wou=
ld
> bypass SRX firewall, and F5 would facing the public network directly. Clo=
udstack
> 4.0 still have some obsolete codes to deal with inline mode back to 2.2.x=
 era,
> but they're not functional after NaaS work in 3.0 release.
>=20
> After reintroducing this feature, SRX is able to working as the firewall =
for the
> whole guest network(isolated network), including F5.
> Every load balancing traffic must go through SRX, in order to reach F5.
>=20
> In order to support inline mode, in the first patch, I had re-implemented=
 the
> firewall part SRX to make it able to filter based on public ip we're usin=
g to
> identify the traffic, using firewall filter of SRX.
>=20
> In the second patch, I've investigated the possibility of using one F5 in=
stance in
> site-by-site mode and inline-mode at the same time, and found it doable. =
So I
> make "inline" a parameter for network offering, not an option for device(=
e.g.
> F5).
>=20
> And I have reimplemented the inline mode feature in the third patch.
>=20
> The whole patchset mostly deal with external devices related filres, e.g.
> JuniperSrxResource.java, ExternalFirewallDeviceManagerImpl.java,
> F5BigIpResource.java, ExternalLoadBalancerDeviceManagerImpl.java.
> There are also some refactor works regarding NetworkManagerImpl.java.
>=20
> The patchset is at:
> http://people.apache.org/~yasker/
>=20
> Since there are three patches, I've checksumed and signed the tar ball.
>=20
> The related Jira ticket at:
> https://issues.apache.org/jira/browse/CLOUDSTACK-306
>=20
> The function spec is at:
> https://cwiki.apache.org/CLOUDSTACK/network-inline-mode-functional-
> spec.html
>=20
> The previous discussion happened on:
> http://markmail.org/message/jnpl5b7b6cqqmrui
>=20
> There is no objection on this feature at the time of discussion.
>=20
> Thank you!
>=20
> --Sheng