incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Huang <Alex.Hu...@citrix.com>
Subject RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
Date Mon, 11 Feb 2013 18:44:29 GMT
Yup.  I don't believe there's one way to auto-scale VPXes.  It's very difficult to get it right
for one code to auto-scale everything.  OTOH, you can actually expose APIs for admins to spin
up with they need, including assigning ip addresses in the management network etc but the
APIs should not be a CloudStack generic API.  The plugin provider should just provide their
own.

Pre-create is a good interim solution.  The one problem with it is we have get back our old
code that leave VMs outside of CloudStack's naming nomenclature alone.  We used to do that
precisely to share the resource pool with other VMs but we've lost that sometime in the 2.2
time frame.  We need to bring that back.  Without it, it means they have to have their own
physical servers outside of CloudStack's management to spin up and down VPXes.

--Alex

> -----Original Message-----
> From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
> Sent: Monday, February 11, 2013 9:57 AM
> To: Koushik Das; cloudstack-dev@incubator.apache.org
> Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
> 
> Yeah, the spinning up of virtual appliances on demand is a problem across
> almost all vendors:
> 1. The management ip of the virtual appliance needs to be programmed
> 2. There could be license management issues, or the VA needs to be
> registered with some kind of controller
> 3. The appliance may be need to be configured with a new password
> 
> I see this as a problem with say Vyatta, Netscaler VPX, etc.
> 
> For these appliances we can assume that the admin has pre-created enough
> appliances and configured them appropriately. We can also assume a 1-1
> mapping between VPC and appliance.
> 
> On 2/11/13 5:38 AM, "Koushik Das" <koushik.das@citrix.com> wrote:
> 
> >Updated the FS with API, Db changes and current deployment limitations.
> >Also updated the UI section as to what all needs to be added.
> >
> >Chiradeep,
> >I looked at the option of spinning up templates from ovf template but
> >didn't find a way (was looking for some samples) to pass custom
> >parameters like vnmc  ip, password etc. while creating VM instance. So
> >for now the ASA instance creation is a manual step similar to VNMC
> >appliance. In case there is a way out, the auto-creation can be done as a
> >future enhancement.
> >
> >Thanks,
> >Koushik
> >
> >> -----Original Message-----
> >> From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
> >> Sent: Friday, January 25, 2013 1:39 AM
> >> To: CloudStack DeveloperList
> >> Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
> >>
> >> Thanks for the FS updates.
> >> Good progress.
> >> I had forgotten about registering the ASA 1000v with VNMC < that makes
> >>it
> >> harder to spin these appliances up/down. However we can plan to login
> >>via
> >> the CLI just for this step.
> >>
> >> I believe it is better to use a pre-setup pool of ASA appliances. Let's
> >>say we
> >> start with N appliances (created via an admin API call to CloudStack).
> >> createASA1000vPool(ovf template id, zone, vnmc ip, N, increment,
> >> threshold) Then as the capacity reaches threshold%, the pool capacity is
> >> incremented by increment% asynchronously.
> >>
> >>
> >>
> >>
> >>
> >> On 1/21/13 12:46 AM, "Koushik Das" <koushik.das@citrix.com> wrote:
> >>
> >> >Thanks Chiradeep for explaining the vnmc/asa integration stuff that you
> >> >are working on and listing down all the use cases.
> >> >
> >> >Manan,
> >> >CLOUDSTACK-742 is covered as part of Chiradeep's work (refer use cases
> >> >#1 and #2 from the doc).
> >> >
> >> >-Koushik
> >> >
> >> >-----Original Message-----
> >> >From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
> >> >Sent: Saturday, January 19, 2013 1:30 AM
> >> >To: CloudStack DeveloperList
> >> >Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
> >> >
> >> >Take a look here:
> >> >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Cisco+VNM
> C+i
> >> nteg
> >> >rat
> >> >i
> >> >on
> >> >
> >> >
> >> >This is something I had been prototyping without any real enthusiasm.
> >> >
> >> >There's 3 ways to control the ASA1000v:
> >> >1. By logging in via the CLI. Strongly against this.
> >> >2. By using VNMC
> >> >3. Via Cisco's Network Services Manager (NSM)[1]
> >> >
> >> >The NSM is comprehensive, covers a large range of physical and virtual
> >> >devices and has an easy northbound API. This would be my preferred
> >> >solution.
> >> >
> >> >However as of now (NSM v5.0.2), the ASA1000v  is not supported.
> >> >It may also be the case that using VNMC may be a cheaper (albeit less
> >> >supported) option
> >> >
> >> >[1] http://www.cisco.com/en/US/products/ps11636/index.html
> >> >
> >> >On 1/17/13 9:26 PM, "Koushik Das" <koushik.das@citrix.com> wrote:
> >> >
> >> >>Manan,
> >> >>Can you answer the questions that Chiradeep has raised?
> >> >>
> >> >>Chiradeep,
> >> >>I saw that you have started working on asa/vnmc here
> >> >>(https://git-wip-us.apache.org/repos/asf/incubator-
> cloudstack/repo?p=i
> >> >>n
> >> >>cub
> >>
> >>>>ator-cloudstack.git;a=shortlog;h=refs/heads/cisco-vnmc-api-integration)
> >>>>.
> >> >>I would like to understand the functionalities that you are planning
> >> >>to cover and what is the overlap between your work and the feature
> >> >>that Manan has proposed (supporting asa1000v as an external firewall).
> >> >>
> >> >>Thanks,
> >> >>Koushik
> >> >>
> >> >>> -----Original Message-----
> >> >>> From: Alex Huang [mailto:Alex.Huang@citrix.com]
> >> >>> Sent: Sunday, January 06, 2013 2:18 AM
> >> >>> To: cloudstack-dev@incubator.apache.org
> >> >>> Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
> >> >>>
> >> >>> Manan,
> >> >>>
> >> >>> Can you address the issues that Chiradeep has brought up?  I think
> >> >>>for a  requirements discussion it is just as important to indicate
> >> >>>what we will not do  or what is considered a feature of a later
> >> >>>release.
> >> >>>
> >> >>> --Alex
> >> >>>
> >> >>> > -----Original Message-----
> >> >>> > From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
> >> >>> > Sent: Thursday, January 03, 2013 6:16 PM
> >> >>> > To: CloudStack DeveloperList
> >> >>> > Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
> >> >>> >
> >> >>> > There cannot be feature parity since the ASA1000v is only
> >> >>> > supported on VMWare.
> >> >>> >
> >> >>> > Should the ASA1000v be created on demand, or do we expect
the
> >> >>> > admin to provision a pool of virtual ASAs?
> >> >>> >
> >> >>> > Should we support VXLAN as the isolation technology or VLANs?
> >> >>> >
> >> >>> >
> >> >>> > On 1/3/13 5:08 PM, "Manan Shah" <manan.shah@citrix.com>
> wrote:
> >> >>> >
> >> >>> > >Hi,
> >> >>> > >
> >> >>> > >I would like to propose a new feature for integrating
Cisco ASA
> >> >>> > >1000v in CS 4.1. I have created a JIRA ticket and provided
the
> >> >>> > >requirements at the following location.  Please provide
feedback
> >> >>> > >on the
> >> >>>requirements.
> >> >>> > >
> >> >>> > >JIRA Ticket: https://issues.apache.org/jira/browse/CLOUDSTACK-
> 742
> >> >>> > >Requirements:
> >> >>> >
> >> >>>
> >> >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Integrate+Ci
> >> >>> >s
> >> >>> >c
> >> >>> > >o
> >> >>> > +ASA
> >> >>> > >+
> >> >>> > >1000v+as+a+FW+for+CloudStack
> >> >>> > >
> >> >>> > >Additional details would be provided in the FS.
> >> >>> > >
> >> >>> > >Regards,
> >> >>> > >Manan Shah
> >> >>> > >
> >> >>
> >> >
> >


Mime
View raw message