Gave it a read through, +1 (Binding)
-kd >-----Original Message----- >From: Chip Childers [mailto:chip.child...@sungard.com] >Sent: Wednesday, January 16, 2013 12:09 PM >To: cloudstack-dev@incubator.apache.org >Subject: Re: [VOTE] Accept a donation of SRX&F5 inline mode support in >CloudStack from Citrix > >On Wed, Jan 16, 2013 at 1:53 PM, Animesh Chaturvedi ><animesh.chaturv...@citrix.com> wrote: >> Reposting with subject line VOTE >> >> Committers have binding votes for this decision. >> >> Please respond with your vote: >> +1 - Accept the donation and begin the process of bringing this >> +enhancement to CloudStack >> in via the IP clearance process >> +0 - Don't care >> -1 - Do not accept the donation >> >> This vote will remain open for ~72 hours. > >+1 > >>> -----Original Message----- >>> From: Sheng Yang [mailto:sh...@yasker.org] >>> Sent: Tuesday, January 15, 2013 5:54 PM >>> To: cloudstack-dev@incubator.apache.org >>> Subject: [IP Clearance] CLOUDSTACK-306 SRX&F5 inline mode >>> >>> Hi, >>> >>> I'd like to start the process of IP Clearance for CLOUDSTACK-306: >>> SRX&F5 inline mode support. >>> >>> Citrix would like to donate this code to Apache Cloudstack. >>> >>> This feature extended the support for external network devices for >Cloudstack. >>> >>> In the Cloudstack 4.0 release, it's only able to work with SRX and F5 >>> in side-by- side mode, which means all the traffic going through F5 >>> load balancer would bypass SRX firewall, and F5 would facing the >>> public network directly. Cloudstack >>> 4.0 still have some obsolete codes to deal with inline mode back to >>> 2.2.x era, but they're not functional after NaaS work in 3.0 release. >>> >>> After reintroducing this feature, SRX is able to working as the >>> firewall for the whole guest network(isolated network), including F5. >>> Every load balancing traffic must go through SRX, in order to reach F5. >>> >>> In order to support inline mode, in the first patch, I had >>> re-implemented the firewall part SRX to make it able to filter based >>> on public ip we're using to identify the traffic, using firewall filter of SRX. >>> >>> In the second patch, I've investigated the possibility of using one >>> F5 instance in site-by-site mode and inline-mode at the same time, >>> and found it doable. So I make "inline" a parameter for network offering, >not an option for device(e.g. >>> F5). >>> >>> And I have reimplemented the inline mode feature in the third patch. >>> >>> The whole patchset mostly deal with external devices related filres, e.g. >>> JuniperSrxResource.java, ExternalFirewallDeviceManagerImpl.java, >>> F5BigIpResource.java, ExternalLoadBalancerDeviceManagerImpl.java. >>> There are also some refactor works regarding NetworkManagerImpl.java. >>> >>> The patchset is at: >>> http://people.apache.org/~yasker/ >>> >>> Since there are three patches, I've checksumed and signed the tar ball. >>> >>> The related Jira ticket at: >>> https://issues.apache.org/jira/browse/CLOUDSTACK-306 >>> >>> The function spec is at: >>> https://cwiki.apache.org/CLOUDSTACK/network-inline-mode-functional- >>> spec.html >>> >>> The previous discussion happened on: >>> http://markmail.org/message/jnpl5b7b6cqqmrui >>> >>> There is no objection on this feature at the time of discussion. >>> >>> Thank you! >>> >>> --Sheng >>
