Ask Your Question

cbenito's profile - activity

2018-12-27 12:20:24 -0500 received badge  Famous Question (source)
2017-03-06 12:33:38 -0500 received badge  Notable Question (source)
2017-02-01 09:51:15 -0500 received badge  Enthusiast
2017-02-01 06:01:47 -0500 received badge  Notable Question (source)
2017-01-31 08:59:44 -0500 received badge  Famous Question (source)
2017-01-31 02:08:53 -0500 commented question Neutron firewall

And then, being able to use Neutron API to use that firewall "backend", that's why we woulk need to extend the Neutron API and all other questions.

2017-01-31 02:07:20 -0500 commented question Neutron firewall

That Vyatta driver is not valid in our cloud scenario. That's why we believe the Neutron FWaaS does not meet our requirement. It's more like Cinder when you choose and you decide which storage backend you want. In our case, we would like to install, configure and set up a Vyatta out of OpenStack.

2017-01-30 12:47:51 -0500 received badge  Popular Question (source)
2017-01-30 05:52:03 -0500 asked a question Neutron firewall

We currently have a cloud infrastructure meeting our own requirements. Let’s focus on some Networking features (firewall, instances isolation, spoofing control). We are thinking about moving to OpenStack and when we focus on these Networking features, Neutron comes into play. We are currently using Vyattas for these networking features (firewall, instance isolation, spoofing control) and we would like to keep it as it is right now. Therefore, if we move to OpenStack we would like Neutron to orchestrate these Vyattas but these Vyattas would be places in an outter layer, out of OpenStack. A good comparison we find is Cinder. In Cinder you can configure your storage backend (this storage backend is an external “agent” to OpenStack) and the idea with this networking features would be the same (being able to configure in Neutron our firewall backend).

This is our desired scenario, and these are the questions that we arise. We would appreciate very much your feedback:

  • We believe the current Neutron FWaaS does not meet our requirement. It’s not able to “talk” to an external firewall “backend”. Are we right?
  • In case FWaaS does not meet our requirements, we can think of implementing/modifying the Neutron source code. I don’t know exactly what this implies, but if we are in the right direction, a new Neutron API set of methods would be needed. Do you think the OpenStack community would accept this change?
  • Again, if we are right, apart from changing the Neutron source code to make it able to “talk” to an external firewall, we would also need to implement the firewall driver that matches the new API set of methods with the corresponding methods of the vendor’s API (in our case Vyatta). Are we right?

If you think this is a wrong forum to discuss all these questions, please, could you tell us another place to discuss all this?

Thank you very much for your help and attention. We appreciate it.

2016-11-30 08:52:10 -0500 received badge  Popular Question (source)
2016-11-20 02:56:03 -0500 received badge  Notable Question (source)
2016-11-18 18:26:14 -0500 received badge  Popular Question (source)
2016-11-18 07:03:52 -0500 answered a question Assign IP to nova instance without neutron

Thank you for your answer. So, If I understood correctly you either need to configure the pool of IPs in deprecated nova-netword or neutron. But there is no way to absolutely get rid of OpenStack in order to manage the pool of IPs.

2016-11-16 10:38:36 -0500 asked a question Assign IP to nova instance without neutron

I am wondering if I can deploy OpenStack with keystone, nova, cinder and glance modules, without installing neutron module. Let's say we have a pool of IPs from an external source and we want to assing IPs from this pool to the instances launched in Nova. Is that possible?

It would be something like:

nova floating-ip-associate <instance> <ip_from_external_source>

Once the instance is terminated, what would happen with the IP assigned to the instance?

Thank you for your help.

2016-11-16 10:38:36 -0500 asked a question Assign IP to nova instance without neutron

I am wondering if I can deploy OpenStack with keystone, nova, cinder and glance modules, without installing neutron module. Let's say we have a pool of IPs from an external source and we want to assing IPs from this pool to the instances launched in Nova. Is that possible?

It would be something like:

nova floating-ip-associate <instance> <ip_from_external_source>

Once the instance is terminated, what would happen with the IP assigned to the instance?

Thank you for your help.