The documentation for this feature is up at https://reviews.apache.org/r/8812/
Thanks -Radhika -----Original Message----- From: Chip Childers [mailto:chip.child...@sungard.com] Sent: Thursday, January 17, 2013 1:39 AM To: cloudstack-dev@incubator.apache.org Subject: Re: [VOTE] Accept a donation of SRX&F5 inline mode support in CloudStack from Citrix On Wed, Jan 16, 2013 at 1:53 PM, Animesh Chaturvedi <animesh.chaturv...@citrix.com> wrote: > Reposting with subject line VOTE > > Committers have binding votes for this decision. > > Please respond with your vote: > +1 - Accept the donation and begin the process of bringing this > +enhancement to CloudStack > in via the IP clearance process > +0 - Don't care > -1 - Do not accept the donation > > This vote will remain open for ~72 hours. +1 >> -----Original Message----- >> From: Sheng Yang [mailto:sh...@yasker.org] >> Sent: Tuesday, January 15, 2013 5:54 PM >> To: cloudstack-dev@incubator.apache.org >> Subject: [IP Clearance] CLOUDSTACK-306 SRX&F5 inline mode >> >> Hi, >> >> I'd like to start the process of IP Clearance for CLOUDSTACK-306: >> SRX&F5 inline mode support. >> >> Citrix would like to donate this code to Apache Cloudstack. >> >> This feature extended the support for external network devices for >> Cloudstack. >> >> In the Cloudstack 4.0 release, it's only able to work with SRX and F5 >> in side-by- side mode, which means all the traffic going through F5 >> load balancer would bypass SRX firewall, and F5 would facing the >> public network directly. Cloudstack >> 4.0 still have some obsolete codes to deal with inline mode back to >> 2.2.x era, but they're not functional after NaaS work in 3.0 release. >> >> After reintroducing this feature, SRX is able to working as the >> firewall for the whole guest network(isolated network), including F5. >> Every load balancing traffic must go through SRX, in order to reach F5. >> >> In order to support inline mode, in the first patch, I had >> re-implemented the firewall part SRX to make it able to filter based >> on public ip we're using to identify the traffic, using firewall filter of >> SRX. >> >> In the second patch, I've investigated the possibility of using one >> F5 instance in site-by-site mode and inline-mode at the same time, >> and found it doable. So I make "inline" a parameter for network offering, >> not an option for device(e.g. >> F5). >> >> And I have reimplemented the inline mode feature in the third patch. >> >> The whole patchset mostly deal with external devices related filres, e.g. >> JuniperSrxResource.java, ExternalFirewallDeviceManagerImpl.java, >> F5BigIpResource.java, ExternalLoadBalancerDeviceManagerImpl.java. >> There are also some refactor works regarding NetworkManagerImpl.java. >> >> The patchset is at: >> http://people.apache.org/~yasker/ >> >> Since there are three patches, I've checksumed and signed the tar ball. >> >> The related Jira ticket at: >> https://issues.apache.org/jira/browse/CLOUDSTACK-306 >> >> The function spec is at: >> https://cwiki.apache.org/CLOUDSTACK/network-inline-mode-functional- >> spec.html >> >> The previous discussion happened on: >> http://markmail.org/message/jnpl5b7b6cqqmrui >> >> There is no objection on this feature at the time of discussion. >> >> Thank you! >> >> --Sheng >
