FWaaS changes to support Distributed Virtual Router(DVR)
FWaaS needs to see both sides of the traffic and is stateful in that connections are tracked.To maintain the requirement of seeing both sides of the traffic we propose to add a bridge before the internal bridge and tunnel bridge and add the fwaas rules in the bridge, that way both directions of traffic can be inspected in a stateful manner, for traffic between VMs that are hosted in the same node firewall rules are applied on router name space.
Blueprint information
- Status:
- Complete
- Approver:
- Kyle Mestery
- Priority:
- Undefined
- Drafter:
- badveli_vishnuus
- Direction:
- Needs approval
- Assignee:
- badveli_vishnuus
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Armando Migliaccio
Related branches
Related bugs
Sprints
Whiteboard
Nov-13-2015(armax): If someone is interested in pursuing it, this must be re-submitted according to guidelines defined in [1], especially in light of fwaas v2 api proposal.
[1] http://
-----------------
Gerrit topic: https:/
Addressed by: https:/
FWaaS needs to see both sides of the traffic and is stateful in that connections are tracked. This blue print address the issue of applying the firewall rules in a generic way to cover all the cases. Implements: blueprint kilo-dvr-fwaas Change-Id: I9a8fc3