+1 -----Original Message----- From: Koushik Das [mailto:koushik....@citrix.com] Sent: Thursday, January 17, 2013 10:20 AM To: cloudstack-dev@incubator.apache.org Subject: RE: [VOTE] Accept a donation of SRX&F5 inline mode support in CloudStack from Citrix
+1 > -----Original Message----- > From: Abhinandan Prateek [mailto:abhinandan.prat...@citrix.com] > Sent: Thursday, January 17, 2013 9:45 AM > To: cloudstack-dev@incubator.apache.org > Subject: Re: [VOTE] Accept a donation of SRX&F5 inline mode support in > CloudStack from Citrix > > +1 > > On 17/01/13 9:26 AM, "Rajesh Battala" <rajesh.batt...@citrix.com> wrote: > > >+1 > > > >-----Original Message----- > >From: Angeline Shen [mailto:angeline.s...@citrix.com] > >Sent: Thursday, January 17, 2013 1:23 AM > >To: cloudstack-dev@incubator.apache.org > >Subject: RE: [VOTE] Accept a donation of SRX&F5 inline mode support > >in CloudStack from Citrix > > > >+1 angie > > > >-----Original Message----- > >From: Animesh Chaturvedi [mailto:animesh.chaturv...@citrix.com] > >Sent: Wednesday, January 16, 2013 10:53 AM > >To: cloudstack-dev@incubator.apache.org > >Subject: [VOTE] Accept a donation of SRX&F5 inline mode support in > >CloudStack from Citrix > > > >Reposting with subject line VOTE > > > >Committers have binding votes for this decision. > > > >Please respond with your vote: > >+1 - Accept the donation and begin the process of bringing this > >+enhancement to CloudStack > >in via the IP clearance process > >+0 - Don't care > >-1 - Do not accept the donation > > > >This vote will remain open for ~72 hours. > > > > > >> -----Original Message----- > >> From: Sheng Yang [mailto:sh...@yasker.org] > >> Sent: Tuesday, January 15, 2013 5:54 PM > >> To: cloudstack-dev@incubator.apache.org > >> Subject: [IP Clearance] CLOUDSTACK-306 SRX&F5 inline mode > >> > >> Hi, > >> > >> I'd like to start the process of IP Clearance for CLOUDSTACK-306: > >> SRX&F5 inline mode support. > >> > >> Citrix would like to donate this code to Apache Cloudstack. > >> > >> This feature extended the support for external network devices for > >>Cloudstack. > >> > >> In the Cloudstack 4.0 release, it's only able to work with SRX and > >> F5 in side-by- side mode, which means all the traffic going through > >> F5 load balancer would bypass SRX firewall, and F5 would facing the > >> public network directly. Cloudstack > >> 4.0 still have some obsolete codes to deal with inline mode back to > >> 2.2.x era, but they're not functional after NaaS work in 3.0 release. > >> > >> After reintroducing this feature, SRX is able to working as the > >> firewall for the whole guest network(isolated network), including F5. > >> Every load balancing traffic must go through SRX, in order to reach F5. > >> > >> In order to support inline mode, in the first patch, I had > >>re-implemented the firewall part SRX to make it able to filter based > >>on public ip we're using to identify the traffic, using firewall > >>filter of SRX. > >> > >> In the second patch, I've investigated the possibility of using one > >>F5 instance in site-by-site mode and inline-mode at the same time, > >>and found it doable. So I make "inline" a parameter for network > >>offering, not an option for device(e.g. > >> F5). > >> > >> And I have reimplemented the inline mode feature in the third patch. > >> > >> The whole patchset mostly deal with external devices related > >>filres, e.g. > >> JuniperSrxResource.java, ExternalFirewallDeviceManagerImpl.java, > >> F5BigIpResource.java, ExternalLoadBalancerDeviceManagerImpl.java. > >> There are also some refactor works regarding NetworkManagerImpl.java. > >> > >> The patchset is at: > >> http://people.apache.org/~yasker/ > >> > >> Since there are three patches, I've checksumed and signed the tar ball. > >> > >> The related Jira ticket at: > >> https://issues.apache.org/jira/browse/CLOUDSTACK-306 > >> > >> The function spec is at: > >> https://cwiki.apache.org/CLOUDSTACK/network-inline-mode-functional- > >> spec.html > >> > >> The previous discussion happened on: > >> http://markmail.org/message/jnpl5b7b6cqqmrui > >> > >> There is no objection on this feature at the time of discussion. > >> > >> Thank you! > >> > >> --Sheng
