neutron

FWaaS changes to support Distributed Virtual Router(DVR)

Registered by Sridar Kandaswamy on 2014-07-10

The DVR model breaks basic FWaaS implementation as FWaaS relies on seeing both directions of traffic (stageful) at the router programmed with Firewall rules. DVR by design distributes routing across compute nodes to achieve scalability and this has unfavorable consequences for FWaaS. The first step is to at least ensure that we have an L3 Perimeter Firewall working for the North-South traffic use case.

Read the full specification

Blueprint information

Status:: Complete

Approver:: Kyle Mestery

Priority:: High

Drafter:: Sridar Kandaswamy

Direction:: Approved

Assignee:: Sridar Kandaswamy

Definition:: Approved

Series goal:: Accepted for juno

Implementation:: Implemented

Milestone target:: 2014.2

Started by: Sridar Kandaswamy on 2014-08-12

Completed by: Kyle Mestery on 2014-09-11

Related branches

Related bugs

Sprints

Whiteboard

20-July (mestery): Juno-3 as high priority.

You should not set a milestone target unless the blueprint has been properly prioritized by the project drivers.
(This is an automated message)

Gerrit topic: https://review.openstack.org/#q,topic:bp/neutron-dvr-fwaas,n,z

Addressed by: https://review.openstack.org/106225 (Merged)
Specification for FWaaS changes for DVR

Addressed by: https://review.openstack.org/113359 (Merged)
Changes to support FWaaS in a DVR based environment

Gerrit topic: https://review.openstack.org/#q,topic:bug/1360351,n,z

Addressed by: https://review.openstack.org/116372 (Merged)
Set firewall state to CREATED when dealing with DVR

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Baohua Yang

david martin

Koteswara Rao Kelam

Shanthakumar K

Sridhar Ramaswamy