openstack team mailing list archive

Thread
Date

Re: [Quantum] Anybody implemented DMZ?

To: Aaron Rosen <arosen@xxxxxxxxxx>
From: David Kang <dkang@xxxxxxx>
Date: Thu, 4 Apr 2013 10:51:50 -0700 (PDT)
Cc: "openstack@xxxxxxxxxxxxxxxxxxx \(openstack@xxxxxxxxxxxxxxxxxxx\)" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CANAD0X_sW-VOG9-1xyGs-PxG1jxWe3hTwD-Zd4AKU0aueKEvFw@mail.gmail.com>

 
 Hi Aron,

 Thank you for your reply.

 We deploy one (quantum) subnet as a DMZ network and the other (quantum) subnet
as a non-DMZ network.
They are routed to the network node where quantum services (dhcp, l3, linuxbridge)
are running.
They can talk each other through network node, now.

 However, we do not want to the network node to route the traffic between them directly.
Instead we want them to be routed to different (external) routers such that
we can apply filtering/firewall/etc. on the traffic from DMZ network.

 Do you think is it possible using two l3-agents or any other way?
Currently, I manually set up routings for those two subnets.

 Thanks,
 David

----- Original Message -----
> Hi David,
> 
> 
> The quantum network node would route traffic between the non-DMZ-DMZ
> network if both of those subnets are uplinked to the same quantum
> router. I believe if you create another router for your dmz hosts then
> traffic in/out of that network should route our to your physical
> infrastructure which will go through your router to do filtering.
> 
> 
> Thanks,
> 
> 
> Aaron
> 
> 
> 
> On Wed, Apr 3, 2013 at 8:26 AM, David Kang < dkang@xxxxxxx > wrote:
> 
> 
> 
> Hi,
> 
> We are trying to set up Quantum network for non-DMZ and DMZ networks.
> The cloud has both non-DMZ networks and a DMZ network.
> We need to route traffic from DMZ network to a specific router before
> it reaches
> anywhere else in non-DMZ networks.
> However, Quantum Network Node routes the traffic between DMZ network
> and
> non-DMZ network within itself by default.
> Have anybody configured Quantum for this case?
> Any help will be appreciated.
> We are using Quantum linuxbridge-agent.
> 
> Thanks,
> David
> 
> --
> ----------------------
> Dr. Dong-In "David" Kang
> Computer Scientist
> USC/ISI
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp

-- 
----------------------
Dr. Dong-In "David" Kang
Computer Scientist
USC/ISI

Follow ups

Re: [Quantum] Anybody implemented DMZ?
From: Aaron Rosen, 2013-04-04

References

Re: [Quantum] Anybody implemented DMZ?
From: Aaron Rosen, 2013-04-04