incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kelcey Damage \(BT\)" <kel...@backbonetechnology.com>
Subject RE: [VOTE] Accept a donation of SRX&F5 inline mode support in CloudStack from Citrix
Date Wed, 16 Jan 2013 20:12:46 GMT
Gave it a read through, 

+1 (Binding) 

-kd


>-----Original Message-----
>From: Chip Childers [mailto:chip.childers@sungard.com]
>Sent: Wednesday, January 16, 2013 12:09 PM
>To: cloudstack-dev@incubator.apache.org
>Subject: Re: [VOTE] Accept a donation of SRX&F5 inline mode support in
>CloudStack from Citrix
>
>On Wed, Jan 16, 2013 at 1:53 PM, Animesh Chaturvedi
><animesh.chaturvedi@citrix.com> wrote:
>> Reposting with subject line VOTE
>>
>> Committers have binding votes for this decision.
>>
>> Please respond with your vote:
>> +1 - Accept the donation and begin the process of bringing this
>> +enhancement to CloudStack
>> in via the IP clearance process
>> +0 - Don't care
>> -1 - Do not accept the donation
>>
>> This vote will remain open for ~72 hours.
>
>+1
>
>>> -----Original Message-----
>>> From: Sheng Yang [mailto:sheng@yasker.org]
>>> Sent: Tuesday, January 15, 2013 5:54 PM
>>> To: cloudstack-dev@incubator.apache.org
>>> Subject: [IP Clearance] CLOUDSTACK-306 SRX&F5 inline mode
>>>
>>> Hi,
>>>
>>> I'd like to start the process of IP Clearance for CLOUDSTACK-306:
>>> SRX&F5 inline mode support.
>>>
>>> Citrix would like to donate this code to Apache Cloudstack.
>>>
>>> This feature extended the support for external network devices for
>Cloudstack.
>>>
>>> In the Cloudstack 4.0 release, it's only able to work with SRX and F5
>>> in side-by- side mode, which means all the traffic going through F5
>>> load balancer would bypass SRX firewall, and F5 would facing the
>>> public network directly. Cloudstack
>>> 4.0 still have some obsolete codes to deal with inline mode back to
>>> 2.2.x era, but they're not functional after NaaS work in 3.0 release.
>>>
>>> After reintroducing this feature, SRX is able to working as the
>>> firewall for the whole guest network(isolated network), including F5.
>>> Every load balancing traffic must go through SRX, in order to reach F5.
>>>
>>> In order to support inline mode, in the first patch, I had
>>> re-implemented the firewall part SRX to make it able to filter based
>>> on public ip we're using to identify the traffic, using firewall filter
of SRX.
>>>
>>> In the second patch, I've investigated the possibility of using one
>>> F5 instance in site-by-site mode and inline-mode at the same time,
>>> and found it doable. So I make "inline" a parameter for network
offering,
>not an option for device(e.g.
>>> F5).
>>>
>>> And I have reimplemented the inline mode feature in the third patch.
>>>
>>> The whole patchset mostly deal with external devices related filres,
e.g.
>>> JuniperSrxResource.java, ExternalFirewallDeviceManagerImpl.java,
>>> F5BigIpResource.java, ExternalLoadBalancerDeviceManagerImpl.java.
>>> There are also some refactor works regarding NetworkManagerImpl.java.
>>>
>>> The patchset is at:
>>> http://people.apache.org/~yasker/
>>>
>>> Since there are three patches, I've checksumed and signed the tar ball.
>>>
>>> The related Jira ticket at:
>>> https://issues.apache.org/jira/browse/CLOUDSTACK-306
>>>
>>> The function spec is at:
>>> https://cwiki.apache.org/CLOUDSTACK/network-inline-mode-functional-
>>> spec.html
>>>
>>> The previous discussion happened on:
>>> http://markmail.org/message/jnpl5b7b6cqqmrui
>>>
>>> There is no objection on this feature at the time of discussion.
>>>
>>> Thank you!
>>>
>>> --Sheng
>>


Mime
View raw message