incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manan Shah <manan.s...@citrix.com>
Subject Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
Date Wed, 20 Mar 2013 18:49:47 GMT
Hi Koushik,

Can you please confirm if the LB functionality (via VR or VPX) would be
supported in 4.2 or not?

Regards,
Manan Shah




On 3/19/13 5:00 AM, "Koushik Das" <koushik.das@citrix.com> wrote:

>Inline
>
>> 
>> On 18/03/13 7:37 PM, "Sailaja Mada" <sailaja.mada@citrix.com> wrote:
>> 
>> >+
>> >
>> >7) During Guest Network shutdown, Do we release the ASA association
>> >with Guest Network and Even change guest_port_profile configuration as
>> >Cloudstack releases VLAN and Network will go to allocated state?
>> >
>
>Yes. Necessary stuff should get cleaned up
>
>> >8) When the Guest Network is updated from ASA firewall  offering to VR
>> >Offering ,  Please share the sequence of configuration steps called out
>> >@ ASA/VNMC?
>> >
>
>Not sure I understand the scenario completely. Can you elaborate on the
>use case that this is going to provide?
>
>> >Thanks,
>> >Sailaja.M
>> >
>> >-----Original Message-----
>> >From: Sailaja Mada [mailto:sailaja.mada@citrix.com]
>> >Sent: Monday, March 18, 2013 5:32 PM
>> >To: cloudstack-dev@incubator.apache.org; Koushik Das
>> >Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
>> >
>> >Hi,
>> >
>> >1) Section: CiscoVNMCElement::implement() :
>> >
>> >1A) vservice_node  is configured with fail-mode close .  This is to
>> >drop the packets if there is no connectivity to VEM , It means ESXi
>> >host is not reachable. I see that we are going to configure with fail
>> >mode as close
>> >
>> >Is there any use case where packets will get forwarded with fail-mode
>> >open ?
>> >
>
>If required this can be moved to a configuration later on. For now
>'close' should be good.
>
>> >1B) vservice_node   configuration has ip address 10.1.1.1 .  Can you
>> >please share from where this IP address is picked up when the
>> >configuration is done thru cloudstack?
>> >
>
>ASA acts as the default gateway and this is the gateway IP.
>
>> >2) When the guest network is deleted/Account it deleted, Will you be
>> >deleting the vethernet asa in_port_profile defined @ VSM while
>> >releasing the VLAN .
>> >
>
>Yes
>
>> >3) Can you please update  FS with Edge security profile details that
>> >will get configured @ ASA when firewall rules are configured from
>> Cloudstack.
>> >
>
>ESP is configured in VNMC. There will be rules created under NAT,
>Egress/Ingress ACLs
>
>> >4) When Guest Network is restarted what are the sequence of operations
>> >will happen when it  has ASA firewall ?
>> >
>
>ASA firewall will get implemented as a network element that participates
>in the orchestration. Let me know what specific sequence are you
>referring to?
>
>> >5) Is there  any change with API's that are used to configure Firewall
>> >rules?
>> >
>
>No
>
>> >6) Use Cases / Flow  -  I see that LB as Netscaler with isolated
>> >Network is not available.  Are we supporting only VR?
>> >
>
>Not in 4.2. Its mentioned in FS.
>
>> >Please clarify.
>> >
>> >Thanks,
>> >Sailaja.M
>> >
>> >-----Original Message-----
>> >From: Koushik Das [mailto:koushik.das@citrix.com]
>> >Sent: Monday, March 11, 2013 6:41 PM
>> >To: Koushik Das; cloudstack-dev@incubator.apache.org
>> >Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
>> >
>> >Updated the FS with following changes:
>> >
>> >- Use case section updated, classified use cases that will be supported
>> >for 4.2 and beyond. Also removed items like VSG and VXLAN support to
>> >"Open items" section as not planning to do them as part of "ASA
>> >integration".
>> >- Updated the deployment model section and added HV limitation (Vmware
>> >only feature)
>> >- Also updated the API section with parameter details.
>> >
>> >Comments/feedback?
>> >
>> >Thanks,
>> >Koushik
>> >
>> >> -----Original Message-----
>> >> From: Koushik Das [mailto:koushik.das@citrix.com]
>> >> Sent: Monday, February 11, 2013 7:08 PM
>> >> To: cloudstack-dev@incubator.apache.org
>> >> Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
>> >>
>> >> Updated the FS with API, Db changes and current deployment
>>limitations.
>> >> Also updated the UI section as to what all needs to be added.
>> >>
>> >> Chiradeep,
>> >> I looked at the option of spinning up templates from ovf template but
>> >>didn't find a way (was looking for some samples) to pass custom
>> >>parameters like vnmc  ip, password etc. while creating VM instance. So
>> >>for now the ASA instance creation is a manual step similar to VNMC
>> >>appliance. In case there is a way out, the auto-creation can be done
>> >>as a future enhancement.
>> >>
>> >> Thanks,
>> >> Koushik
>> >>
>> >> > -----Original Message-----
>> >> > From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
>> >> > Sent: Friday, January 25, 2013 1:39 AM
>> >> > To: CloudStack DeveloperList
>> >> > Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
>> >> >
>> >> > Thanks for the FS updates.
>> >> > Good progress.
>> >> > I had forgotten about registering the ASA 1000v with VNMC < that
>> >> > makes it harder to spin these appliances up/down. However we can
>> >> > plan to login via the CLI just for this step.
>> >> >
>> >> > I believe it is better to use a pre-setup pool of ASA appliances.
>> >> > Let's say we start with N appliances (created via an admin API call
>> >> > to
>> >> CloudStack).
>> >> > createASA1000vPool(ovf template id, zone, vnmc ip, N, increment,
>> >> > threshold) Then as the capacity reaches threshold%, the pool
>> >> > capacity is incremented by increment% asynchronously.
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > On 1/21/13 12:46 AM, "Koushik Das" <koushik.das@citrix.com> wrote:
>> >> >
>> >> > >Thanks Chiradeep for explaining the vnmc/asa integration stuff
>> >> > >that you are working on and listing down all the use cases.
>> >> > >
>> >> > >Manan,
>> >> > >CLOUDSTACK-742 is covered as part of Chiradeep's work (refer use
>> >> > >cases
>> >> > >#1 and #2 from the doc).
>> >> > >
>> >> > >-Koushik
>> >> > >
>> >> > >-----Original Message-----
>> >> > >From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
>> >> > >Sent: Saturday, January 19, 2013 1:30 AM
>> >> > >To: CloudStack DeveloperList
>> >> > >Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v into CloudStack
>> >> > >
>> >> > >Take a look here:
>> >> >
>> >>
>> >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Cisco+VNMC+i
>> >> > nteg
>> >> > >rat
>> >> > >i
>> >> > >on
>> >> > >
>> >> > >
>> >> > >This is something I had been prototyping without any real
>>enthusiasm.
>> >> > >
>> >> > >There's 3 ways to control the ASA1000v:
>> >> > >1. By logging in via the CLI. Strongly against this.
>> >> > >2. By using VNMC
>> >> > >3. Via Cisco's Network Services Manager (NSM)[1]
>> >> > >
>> >> > >The NSM is comprehensive, covers a large range of physical and
>> >> > >virtual devices and has an easy northbound API. This would be my
>> >> > >preferred solution.
>> >> > >
>> >> > >However as of now (NSM v5.0.2), the ASA1000v  is not supported.
>> >> > >It may also be the case that using VNMC may be a cheaper (albeit
>> >> > >less
>> >> > >supported) option
>> >> > >
>> >> > >[1] http://www.cisco.com/en/US/products/ps11636/index.html
>> >> > >
>> >> > >On 1/17/13 9:26 PM, "Koushik Das" <koushik.das@citrix.com>
wrote:
>> >> > >
>> >> > >>Manan,
>> >> > >>Can you answer the questions that Chiradeep has raised?
>> >> > >>
>> >> > >>Chiradeep,
>> >> > >>I saw that you have started working on asa/vnmc here
>> >> > >>(https://git-wip-us.apache.org/repos/asf/incubator-cloudstack/rep
>> >> > >>o
>> >> > >>?p
>> >> > >>=i
>> >> > >>n
>> >> > >>cub
>> >> > >>ator-cloudstack.git;a=shortlog;h=refs/heads/cisco-vnmc-api-
>> >> integration).
>> >> > >>I would like to understand the functionalities that you are
>> >> > >>planning to cover and what is the overlap between your work
and
>> >> > >>the feature that Manan has proposed (supporting asa1000v as
an
>> >>external firewall).
>> >> > >>
>> >> > >>Thanks,
>> >> > >>Koushik
>> >> > >>
>> >> > >>> -----Original Message-----
>> >> > >>> From: Alex Huang [mailto:Alex.Huang@citrix.com]
>> >> > >>> Sent: Sunday, January 06, 2013 2:18 AM
>> >> > >>> To: cloudstack-dev@incubator.apache.org
>> >> > >>> Subject: RE: [DISCUSS] Integrate Cisco ASA 1000v into
>> >> > >>> CloudStack
>> >> > >>>
>> >> > >>> Manan,
>> >> > >>>
>> >> > >>> Can you address the issues that Chiradeep has brought
up?  I
>> >> > >>>think for a  requirements discussion it is just as important
to
>> >> > >>>indicate what we will not do  or what is considered a feature
of
>> >> > >>>a later release.
>> >> > >>>
>> >> > >>> --Alex
>> >> > >>>
>> >> > >>> > -----Original Message-----
>> >> > >>> > From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
>> >> > >>> > Sent: Thursday, January 03, 2013 6:16 PM
>> >> > >>> > To: CloudStack DeveloperList
>> >> > >>> > Subject: Re: [DISCUSS] Integrate Cisco ASA 1000v
into
>> >> > >>> > CloudStack
>> >> > >>> >
>> >> > >>> > There cannot be feature parity since the ASA1000v
is only
>> >> > >>> > supported on VMWare.
>> >> > >>> >
>> >> > >>> > Should the ASA1000v be created on demand, or do we
expect the
>> >> > >>> > admin to provision a pool of virtual ASAs?
>> >> > >>> >
>> >> > >>> > Should we support VXLAN as the isolation technology
or VLANs?
>> >> > >>> >
>> >> > >>> >
>> >> > >>> > On 1/3/13 5:08 PM, "Manan Shah" <manan.shah@citrix.com>
>> wrote:
>> >> > >>> >
>> >> > >>> > >Hi,
>> >> > >>> > >
>> >> > >>> > >I would like to propose a new feature for integrating
Cisco
>> >> > >>> > >ASA 1000v in CS 4.1. I have created a JIRA ticket
and
>> >> > >>> > >provided the requirements at the following location.
 Please
>> >> > >>> > >provide feedback on the
>> >> > >>>requirements.
>> >> > >>> > >
>> >> > >>> > >JIRA Ticket:
>> >> > >>> > >https://issues.apache.org/jira/browse/CLOUDSTACK-742
>> >> > >>> > >Requirements:
>> >> > >>> >
>> >> > >>>
>> >> >
>> >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Integrate+C
>> >> > >i
>> >> > >>> >s
>> >> > >>> >c
>> >> > >>> > >o
>> >> > >>> > +ASA
>> >> > >>> > >+
>> >> > >>> > >1000v+as+a+FW+for+CloudStack
>> >> > >>> > >
>> >> > >>> > >Additional details would be provided in the FS.
>> >> > >>> > >
>> >> > >>> > >Regards,
>> >> > >>> > >Manan Shah
>> >> > >>> > >
>> >> > >>
>> >> > >
>> >
>


Mime
View raw message