Return-Path: 
 <cloudstack-dev-return-17679-apmail-incubator-cloudstack-dev-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org
Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E8743E3AA
	for <apmail-incubator-cloudstack-dev-archive@minotaur.apache.org>;
 Thu, 17 Jan 2013 04:50:21 +0000 (UTC)
Received: (qmail 93278 invoked by uid 500); 17 Jan 2013 04:50:21 -0000
Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org
Received: (qmail 93235 invoked by uid 500); 17 Jan 2013 04:50:21 -0000
Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:cloudstack-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:cloudstack-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:cloudstack-dev@incubator.apache.org>
List-Id: <cloudstack-dev.incubator.apache.org>
Reply-To: cloudstack-dev@incubator.apache.org
Delivered-To: mailing list cloudstack-dev@incubator.apache.org
Received: (qmail 93222 invoked by uid 99); 17 Jan 2013 04:50:20 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Jan 2013 04:50:20 +0000
X-ASF-Spam-Status: No, hits=-2.3 required=5.0
	tests=RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of koushik.das@citrix.com
 designates 203.166.19.134 as permitted sender)
Received: from [203.166.19.134] (HELO SMTP.CITRIX.COM.AU) (203.166.19.134)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Jan 2013 04:50:14 +0000
X-IronPort-AV: E=Sophos;i="4.84,484,1355097600";
   d="scan'208";a="437664"
Received: from banpmailmx02.citrite.net ([10.103.128.74])
  by SYDPIPO01.CITRIX.COM.AU with ESMTP/TLS/RC4-MD5;
 17 Jan 2013 04:49:52 +0000
Received: from BANPMAILBOX01.citrite.net ([10.103.128.72]) by
 BANPMAILMX02.citrite.net ([10.103.128.74]) with mapi; Thu, 17 Jan 2013
 10:19:50 +0530
From: Koushik Das <koushik.das@citrix.com>
To: "cloudstack-dev@incubator.apache.org"
	<cloudstack-dev@incubator.apache.org>
Date: Thu, 17 Jan 2013 10:19:48 +0530
Subject: RE: [VOTE]  Accept a donation of SRX&F5 inline mode support in
 CloudStack from Citrix
Thread-Topic: [VOTE]  Accept a donation of SRX&F5 inline mode support in
 CloudStack from Citrix
Thread-Index: Ac30aTgzdCAY41nNTtSzZduGQJoc/gABNmfw
Message-ID: 
 <2529883E7B666F4E8F21F85AADA43CA7010C8F39BD3A@BANPMAILBOX01.citrite.net>
References: 
 <97F4356AEA71904482CD192135C038F901185E673CCF@BANPMAILBOX01.citrite.net>
 <CD1D788F.191D8%abhinandan.prateek@citrix.com>
In-Reply-To: <CD1D788F.191D8%abhinandan.prateek@citrix.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Virus-Checked: Checked by ClamAV on apache.org

+1

> -----Original Message-----
> From: Abhinandan Prateek [mailto:Abhinandan.Prateek@citrix.com]
> Sent: Thursday, January 17, 2013 9:45 AM
> To: cloudstack-dev@incubator.apache.org
> Subject: Re: [VOTE] Accept a donation of SRX&F5 inline mode support in
> CloudStack from Citrix
>=20
> +1
>=20
> On 17/01/13 9:26 AM, "Rajesh Battala" <rajesh.battala@citrix.com> wrote:
>=20
> >+1
> >
> >-----Original Message-----
> >From: Angeline Shen [mailto:Angeline.Shen@citrix.com]
> >Sent: Thursday, January 17, 2013 1:23 AM
> >To: cloudstack-dev@incubator.apache.org
> >Subject: RE: [VOTE] Accept a donation of SRX&F5 inline mode support in
> >CloudStack from Citrix
> >
> >+1   angie
> >
> >-----Original Message-----
> >From: Animesh Chaturvedi [mailto:animesh.chaturvedi@citrix.com]
> >Sent: Wednesday, January 16, 2013 10:53 AM
> >To: cloudstack-dev@incubator.apache.org
> >Subject: [VOTE] Accept a donation of SRX&F5 inline mode support in
> >CloudStack from Citrix
> >
> >Reposting with subject line VOTE
> >
> >Committers have binding votes for this decision.
> >
> >Please respond with your vote:
> >+1 - Accept the donation and begin the process of bringing this
> >+enhancement to CloudStack
> >in via the IP clearance process
> >+0 - Don't care
> >-1 - Do not accept the donation
> >
> >This vote will remain open for ~72 hours.
> >
> >
> >> -----Original Message-----
> >> From: Sheng Yang [mailto:sheng@yasker.org]
> >> Sent: Tuesday, January 15, 2013 5:54 PM
> >> To: cloudstack-dev@incubator.apache.org
> >> Subject: [IP Clearance] CLOUDSTACK-306 SRX&F5 inline mode
> >>
> >> Hi,
> >>
> >> I'd like to start the process of IP Clearance for CLOUDSTACK-306:
> >> SRX&F5 inline mode support.
> >>
> >> Citrix would like to donate this code to Apache Cloudstack.
> >>
> >> This feature extended the support for external network devices for
> >>Cloudstack.
> >>
> >> In the Cloudstack 4.0 release, it's only able to work with SRX and F5
> >> in side-by- side mode, which means all the traffic going through F5
> >> load balancer would bypass SRX firewall, and F5 would facing the
> >> public network directly. Cloudstack
> >> 4.0 still have some obsolete codes to deal with inline mode back to
> >> 2.2.x era, but they're not functional after NaaS work in 3.0 release.
> >>
> >> After reintroducing this feature, SRX is able to working as the
> >> firewall for the whole guest network(isolated network), including F5.
> >> Every load balancing traffic must go through SRX, in order to reach F5=
.
> >>
> >> In order to support inline mode, in the first patch, I had
> >>re-implemented the firewall part SRX to make it able to filter based
> >>on public ip we're using to identify the traffic, using firewall
> >>filter of SRX.
> >>
> >> In the second patch, I've investigated the possibility of using one
> >>F5  instance in site-by-site mode and inline-mode at the same time,
> >>and  found it doable. So I make "inline" a parameter for network
> >>offering, not an option for device(e.g.
> >> F5).
> >>
> >> And I have reimplemented the inline mode feature in the third patch.
> >>
> >> The whole patchset mostly deal with external devices related filres,
> >>e.g.
> >> JuniperSrxResource.java, ExternalFirewallDeviceManagerImpl.java,
> >> F5BigIpResource.java, ExternalLoadBalancerDeviceManagerImpl.java.
> >> There are also some refactor works regarding NetworkManagerImpl.java.
> >>
> >> The patchset is at:
> >> http://people.apache.org/~yasker/
> >>
> >> Since there are three patches, I've checksumed and signed the tar ball=
.
> >>
> >> The related Jira ticket at:
> >> https://issues.apache.org/jira/browse/CLOUDSTACK-306
> >>
> >> The function spec is at:
> >> https://cwiki.apache.org/CLOUDSTACK/network-inline-mode-functional-
> >> spec.html
> >>
> >> The previous discussion happened on:
> >> http://markmail.org/message/jnpl5b7b6cqqmrui
> >>
> >> There is no objection on this feature at the time of discussion.
> >>
> >> Thank you!
> >>
> >> --Sheng