cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sailaja Mada <sailaja.m...@citrix.com>
Subject RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
Date Mon, 18 Mar 2013 12:01:32 GMT
Hi,

1) Section: CiscoVNMCElement::implement() :

1A) vservice_node  is configured with fail-mode close .  This is to drop the packets if there
is no connectivity to VEM , It means ESXi host is not reachable. I see that we are going to
configure with fail mode as close 

Is there any use case where packets will get forwarded with fail-mode open ?

1B) vservice_node   configuration has ip address 10.1.1.1 .  Can you please share from where
this IP address is picked up when the configuration is done thru cloudstack? 

2) When the guest network is deleted/Account it deleted, Will you be deleting the vethernet
asa in_port_profile defined @ VSM while releasing the VLAN .

3) Can you please update  FS with Edge security profile details that will get configured @
ASA when firewall rules are configured from Cloudstack. 

4) When Guest Network is restarted what are the sequence of operations will happen when it
 has ASA firewall ?

5) Is there  any change with API's that are used to configure Firewall rules? 

6) Use Cases / Flow  -  I see that LB as Netscaler with isolated Network is not available.
 Are we supporting only VR?

Please clarify.

Thanks,
Sailaja.M

-----Original Message-----
From: Koushik Das [mailto:koushik.das@citrix.com] 
Sent: Monday, March 11, 2013 6:41 PM
To: Koushik Das; cloudstack-dev@incubator.apache.org
Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack

Updated the FS with following changes:

- Use case section updated, classified use cases that will be supported for 4.2 and beyond.
Also removed items like VSG and VXLAN support to "Open items" section as not planning to do
them as part of "ASA integration".
- Updated the deployment model section and added HV limitation (Vmware only feature)
- Also updated the API section with parameter details.

Comments/feedback?

Thanks,
Koushik

> -----Original Message-----
> From: Koushik Das [mailto:koushik.das@citrix.com]
> Sent: Monday, February 11, 2013 7:08 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
> 
> Updated the FS with API, Db changes and current deployment limitations.
> Also updated the UI section as to what all needs to be added.
> 
> Chiradeep,
> I looked at the option of spinning up templates from ovf template but 
> didn't find a way (was looking for some samples) to pass custom 
> parameters like vnmc  ip, password etc. while creating VM instance. So 
> for now the ASA instance creation is a manual step similar to VNMC 
> appliance. In case there is a way out, the auto-creation can be done as a future enhancement.
> 
> Thanks,
> Koushik
> 
> > -----Original Message-----
> > From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
> > Sent: Friday, January 25, 2013 1:39 AM
> > To: CloudStack DeveloperList
> > Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
> >
> > Thanks for the FS updates.
> > Good progress.
> > I had forgotten about registering the ASA 1000v with VNMC < that 
> > makes it harder to spin these appliances up/down. However we can 
> > plan to login via the CLI just for this step.
> >
> > I believe it is better to use a pre-setup pool of ASA appliances.
> > Let's say we start with N appliances (created via an admin API call 
> > to
> CloudStack).
> > createASA1000vPool(ovf template id, zone, vnmc ip, N, increment,
> > threshold) Then as the capacity reaches threshold%, the pool 
> > capacity is incremented by increment% asynchronously.
> >
> >
> >
> >
> >
> > On 1/21/13 12:46 AM, "Koushik Das" <koushik.das@citrix.com> wrote:
> >
> > >Thanks Chiradeep for explaining the vnmc/asa integration stuff that 
> > >you are working on and listing down all the use cases.
> > >
> > >Manan,
> > >CLOUDSTACK-742 is covered as part of Chiradeep's work (refer use 
> > >cases
> > >#1 and #2 from the doc).
> > >
> > >-Koushik
> > >
> > >-----Original Message-----
> > >From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
> > >Sent: Saturday, January 19, 2013 1:30 AM
> > >To: CloudStack DeveloperList
> > >Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
> > >
> > >Take a look here:
> >
> >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Cisco+VNMC+i
> > nteg
> > >rat
> > >i
> > >on
> > >
> > >
> > >This is something I had been prototyping without any real enthusiasm.
> > >
> > >There's 3 ways to control the ASA1000v:
> > >1. By logging in via the CLI. Strongly against this.
> > >2. By using VNMC
> > >3. Via Cisco's Network Services Manager (NSM)[1]
> > >
> > >The NSM is comprehensive, covers a large range of physical and 
> > >virtual devices and has an easy northbound API. This would be my 
> > >preferred solution.
> > >
> > >However as of now (NSM v5.0.2), the ASA1000v  is not supported.
> > >It may also be the case that using VNMC may be a cheaper (albeit 
> > >less
> > >supported) option
> > >
> > >[1] http://www.cisco.com/en/US/products/ps11636/index.html
> > >
> > >On 1/17/13 9:26 PM, "Koushik Das" <koushik.das@citrix.com> wrote:
> > >
> > >>Manan,
> > >>Can you answer the questions that Chiradeep has raised?
> > >>
> > >>Chiradeep,
> > >>I saw that you have started working on asa/vnmc here 
> > >>(https://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
> > >>?p
> > >>=i
> > >>n
> > >>cub
> > >>ator-cloudstack.git;a=shortlog;h=refs/heads/cisco-vnmc-api-
> integration).
> > >>I would like to understand the functionalities that you are 
> > >>planning to cover and what is the overlap between your work and 
> > >>the feature that Manan has proposed (supporting asa1000v as an external
firewall).
> > >>
> > >>Thanks,
> > >>Koushik
> > >>
> > >>> -----Original Message-----
> > >>> From: Alex Huang [mailto:Alex.Huang@citrix.com]
> > >>> Sent: Sunday, January 06, 2013 2:18 AM
> > >>> To: cloudstack-dev@incubator.apache.org
> > >>> Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
> > >>>
> > >>> Manan,
> > >>>
> > >>> Can you address the issues that Chiradeep has brought up?  I 
> > >>>think for a  requirements discussion it is just as important to 
> > >>>indicate what we will not do  or what is considered a feature of 
> > >>>a later release.
> > >>>
> > >>> --Alex
> > >>>
> > >>> > -----Original Message-----
> > >>> > From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
> > >>> > Sent: Thursday, January 03, 2013 6:16 PM
> > >>> > To: CloudStack DeveloperList
> > >>> > Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into 
> > >>> > CloudStack
> > >>> >
> > >>> > There cannot be feature parity since the ASA1000v is only 
> > >>> > supported on VMWare.
> > >>> >
> > >>> > Should the ASA1000v be created on demand, or do we expect the

> > >>> > admin to provision a pool of virtual ASAs?
> > >>> >
> > >>> > Should we support VXLAN as the isolation technology or VLANs?
> > >>> >
> > >>> >
> > >>> > On 1/3/13 5:08 PM, "Manan Shah" <manan.shah@citrix.com>
wrote:
> > >>> >
> > >>> > >Hi,
> > >>> > >
> > >>> > >I would like to propose a new feature for integrating Cisco

> > >>> > >ASA 1000v in CS 4.1. I have created a JIRA ticket and 
> > >>> > >provided the requirements at the following location.  Please

> > >>> > >provide feedback on the
> > >>>requirements.
> > >>> > >
> > >>> > >JIRA Ticket:
> > >>> > >https://issues.apache.org/jira/browse/CLOUDSTACK-742
> > >>> > >Requirements:
> > >>> >
> > >>>
> > >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Integrate+Ci
> > >>> >s
> > >>> >c
> > >>> > >o
> > >>> > +ASA
> > >>> > >+
> > >>> > >1000v+as+a+FW+for+CloudStack
> > >>> > >
> > >>> > >Additional details would be provided in the FS.
> > >>> > >
> > >>> > >Regards,
> > >>> > >Manan Shah
> > >>> > >
> > >>
> > >


Mime
View raw message