cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Will Stevens <wstev...@cloudops.com>
Subject Re: [DISCUSS] Palo Alto Integration
Date Mon, 18 Mar 2013 13:29:41 GMT
Thank you both very much for your answers.  I think the
ExternalGuestNetworkGuru will be best received on my side, so I will do
some more research on that.

Thanks...




On Mon, Mar 18, 2013 at 2:46 AM, Murali Reddy <Murali.Reddy@citrix.com>wrote:

> On 16/03/13 1:46 AM, "Will Stevens" <wstevens@cloudops.com> wrote:
> >
> >1. Restrict the available subnets for each account so two accounts can't
> >create overlapping subnets.
> >To me, this breaks the whole concept of cloud, but for enterprise
> >customers
> >this is not a huge limitation because they usually solve this problem this
> >way.
> >
> >2. Run multiple Palo Alto VM firewalls and associate one VM firewall per
> >account.
> >The management overhead of this is crazy, so this type of implementation
> >would be very hard to work with.
> >
> >Since I do not like either of these approaches, I wanted to see if I could
> >get some feedback on this.  Are there other alternatives that would solve
> >the problem more elegantly that I have not mentioned?  What would be the
> >best way to solve this problem in a 'CloudStack way'?
>
> Unfortunately vendor appliacnces CloudStack support, does not have
> multi-tenancy yet. 'CloudStack way' has been both #1 and #2 to work around
> this.
>
> Please see [1], so 'external guest network' Guru designs the network such
> that no two guest networks in a zone using external network device has
> overlapping Cidr's. You may use 'external guest network' guru or extend it
> ensure automatically generated non-overlapping CIDR's for guest network.
>
> Also CloudStack already supports notion of multiple provider instances per
> physical network. Using which for load balancer devices there is generic
> management piece of code to allocate a dedicated (per tenant) or shared
> load balancer from a pool of admin provisioned load balancers [2]. See if
> this helps if you intend to support pool of firewall VM's.
>
> [1] server/src/com/cloud/network/guru/ExternalGuestNetworkGuru.java
> [2] server/src/com/cloud/network/ExternalLoadBalancerDeviceManagerImpl.java
>
> -Murali
>
>
> >
> >Any feedback on this would be appreciated.
> >
> >Cheers,
> >
> >Will
> >
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message