Return-Path: X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 16092EBE1 for ; Wed, 16 Jan 2013 21:20:36 +0000 (UTC) Received: (qmail 57850 invoked by uid 500); 16 Jan 2013 21:20:35 -0000 Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org Received: (qmail 57815 invoked by uid 500); 16 Jan 2013 21:20:35 -0000 Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-dev@incubator.apache.org Delivered-To: mailing list cloudstack-dev@incubator.apache.org Received: (qmail 57765 invoked by uid 99); 16 Jan 2013 21:20:33 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Jan 2013 21:20:33 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of Chiradeep.Vittal@citrix.com designates 66.165.176.89 as permitted sender) Received: from [66.165.176.89] (HELO SMTP.CITRIX.COM) (66.165.176.89) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Jan 2013 21:20:27 +0000 X-IronPort-AV: E=Sophos;i="4.84,480,1355097600"; d="scan'208";a="4000639" Received: from sjcpmailmx01.citrite.net ([10.216.14.74]) by FTLPIPO01.CITRIX.COM with ESMTP/TLS/RC4-MD5; 16 Jan 2013 21:20:06 +0000 Received: from SJCPMAILBOX01.citrite.net ([10.216.4.72]) by SJCPMAILMX01.citrite.net ([10.216.14.74]) with mapi; Wed, 16 Jan 2013 13:20:05 -0800 From: Chiradeep Vittal To: CloudStack DeveloperList Date: Wed, 16 Jan 2013 13:20:02 -0800 Subject: Re: [VOTE] Accept a donation of SRX&F5 inline mode support in CloudStack from Citrix Thread-Topic: [VOTE] Accept a donation of SRX&F5 inline mode support in CloudStack from Citrix Thread-Index: Ac30L0CWI1PUuPEXRTyQLbQVH+oDRw== Message-ID: In-Reply-To: <67EF18FDCA335F489B366120481AB6C5F6B4031013@BANPMAILBOX01.citrite.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.13.0.110805 acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org +1 (binding) On 1/16/13 11:59 AM, "Pranav Saxena" wrote: >+1=20 > >-----Original Message----- >From: Sudha Ponnaganti [mailto:sudha.ponnaganti@citrix.com] >Sent: Thursday, January 17, 2013 12:59 AM >To: cloudstack-dev@incubator.apache.org >Subject: RE: [VOTE] Accept a donation of SRX&F5 inline mode support in >CloudStack from Citrix > >+1 > >-----Original Message----- >From: Animesh Chaturvedi [mailto:animesh.chaturvedi@citrix.com] >Sent: Wednesday, January 16, 2013 10:53 AM >To: cloudstack-dev@incubator.apache.org >Subject: [VOTE] Accept a donation of SRX&F5 inline mode support in >CloudStack from Citrix > >Reposting with subject line VOTE > >Committers have binding votes for this decision. > >Please respond with your vote: >+1 - Accept the donation and begin the process of bringing this >+enhancement to CloudStack >in via the IP clearance process >+0 - Don't care >-1 - Do not accept the donation > >This vote will remain open for ~72 hours. > > >> -----Original Message----- >> From: Sheng Yang [mailto:sheng@yasker.org] >> Sent: Tuesday, January 15, 2013 5:54 PM >> To: cloudstack-dev@incubator.apache.org >> Subject: [IP Clearance] CLOUDSTACK-306 SRX&F5 inline mode >>=20 >> Hi, >>=20 >> I'd like to start the process of IP Clearance for CLOUDSTACK-306: >> SRX&F5 inline mode support. >>=20 >> Citrix would like to donate this code to Apache Cloudstack. >>=20 >> This feature extended the support for external network devices for >>Cloudstack. >>=20 >> In the Cloudstack 4.0 release, it's only able to work with SRX and F5 >> in side-by- side mode, which means all the traffic going through F5 >> load balancer would bypass SRX firewall, and F5 would facing the >> public network directly. Cloudstack >> 4.0 still have some obsolete codes to deal with inline mode back to >> 2.2.x era, but they're not functional after NaaS work in 3.0 release. >>=20 >> After reintroducing this feature, SRX is able to working as the >> firewall for the whole guest network(isolated network), including F5. >> Every load balancing traffic must go through SRX, in order to reach F5. >>=20 >> In order to support inline mode, in the first patch, I had >> re-implemented the firewall part SRX to make it able to filter based >> on public ip we're using to identify the traffic, using firewall filter >>of SRX. >>=20 >> In the second patch, I've investigated the possibility of using one F5 >> instance in site-by-site mode and inline-mode at the same time, and >> found it doable. So I make "inline" a parameter for network offering, >>not an option for device(e.g. >> F5). >>=20 >> And I have reimplemented the inline mode feature in the third patch. >>=20 >> The whole patchset mostly deal with external devices related filres, >>e.g. >> JuniperSrxResource.java, ExternalFirewallDeviceManagerImpl.java, >> F5BigIpResource.java, ExternalLoadBalancerDeviceManagerImpl.java. >> There are also some refactor works regarding NetworkManagerImpl.java. >>=20 >> The patchset is at: >> http://people.apache.org/~yasker/ >>=20 >> Since there are three patches, I've checksumed and signed the tar ball. >>=20 >> The related Jira ticket at: >> https://issues.apache.org/jira/browse/CLOUDSTACK-306 >>=20 >> The function spec is at: >> https://cwiki.apache.org/CLOUDSTACK/network-inline-mode-functional- >> spec.html >>=20 >> The previous discussion happened on: >> http://markmail.org/message/jnpl5b7b6cqqmrui >>=20 >> There is no objection on this feature at the time of discussion. >>=20 >> Thank you! >>=20 >> --Sheng