You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Syed Ahmed <sa...@cloudops.com> on 2013/10/28 19:39:38 UTC
Adding "protocol" parameter to CreateLoadBalancerRule API
Hi,
As a part of implementing the SSL termination functioanlity, I was
trying to add a protocol parameter to the CreateLoadBalancerRule API so
that the correct type of LB can be created to which the certificate can
be bound. I see that the LoadBalancerVO is an extension of FirewallVO
which has its own protocol field which is used for some other purpose.
Why do we have Firewall and LB as the same entity? Also, If I were to
add protocol for the LB, is it OK if I create another field
"lb_protocol" in the load_balancing_rules table ?
Thanks,
-Syed
Re: Adding "protocol" parameter to CreateLoadBalancerRule API
Posted by Alena Prokharchyk <Al...@citrix.com>.
Got it. Anything that is specific to the LB rule, should go to loadbalacingrules table.
-Alena.
From: Syed Ahmed <sa...@cloudops.com>>
Reply-To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
Date: Monday, October 28, 2013 2:13 PM
To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
Subject: Re: Adding "protocol" parameter to CreateLoadBalancerRule API
The problem with using protocol from firewall_rules is that it uses
that field to implement firewall policies ( iptables etc ). The
protocol should be tcp,udp or icmp. I would need lb_protocol for adding
ssl and http protocols for loabalancing specifically.
Thanks,
-Syed
On Mon 28 Oct 2013 03:20:26 PM EDT, Syed Ahmed wrote:
Thanks Alena,
So adding lb_protocol in load_balancing_rules should work fine as long
as the LB providers don't use the protocol field in the firewall_rules
table to create the correct type of LB on the device which I don't see
( atleast for Netscaler).
Thanks,
-Syed
On 13-10-28 03:11 PM, Alena Prokharchyk wrote:
Syed, each network rule – PF/LB – currently has entries in in 2
tables. PublicIp/PublicPort/Protocol + State/Purpose and other
generic fields that are the same for all the networking rules, are
being stored in firewall_rules. Other information is being stored in
child tables. As an example, for PF rules we store rule to vm mapping
in portforwardingrules table.
Firewall_rules table is being used by
RulesManagerImpl/NetworkManagerImpl to manage the life cycle of all
the rules extending FirewallRule.
-Alena.
From: Syed Ahmed <sa...@cloudops.com>>
Reply-To:
"dev@cloudstack.apache.org<ma...@cloudstack.apache.org>"
<de...@cloudstack.apache.org>>
Date: Monday, October 28, 2013 11:39 AM
To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>"
<de...@cloudstack.apache.org>>
Subject: Adding "protocol" parameter to CreateLoadBalancerRule API
Hi,
As a part of implementing the SSL termination functioanlity, I was
trying to add a protocol parameter to the CreateLoadBalancerRule API so
that the correct type of LB can be created to which the certificate can
be bound. I see that the LoadBalancerVO is an extension of FirewallVO
which has its own protocol field which is used for some other purpose.
Why do we have Firewall and LB as the same entity? Also, If I were to
add protocol for the LB, is it OK if I create another field
"lb_protocol" in the load_balancing_rules table ?
Thanks,
-Syed
Re: Adding "protocol" parameter to CreateLoadBalancerRule API
Posted by Syed Ahmed <sa...@cloudops.com>.
The problem with using protocol from firewall_rules is that it uses
that field to implement firewall policies ( iptables etc ). The
protocol should be tcp,udp or icmp. I would need lb_protocol for adding
ssl and http protocols for loabalancing specifically.
Thanks,
-Syed
On Mon 28 Oct 2013 03:20:26 PM EDT, Syed Ahmed wrote:
> Thanks Alena,
>
> So adding lb_protocol in load_balancing_rules should work fine as long
> as the LB providers don't use the protocol field in the firewall_rules
> table to create the correct type of LB on the device which I don't see
> ( atleast for Netscaler).
>
> Thanks,
> -Syed
>
>
>
>
> On 13-10-28 03:11 PM, Alena Prokharchyk wrote:
>> Syed, each network rule – PF/LB – currently has entries in in 2
>> tables. PublicIp/PublicPort/Protocol + State/Purpose and other
>> generic fields that are the same for all the networking rules, are
>> being stored in firewall_rules. Other information is being stored in
>> child tables. As an example, for PF rules we store rule to vm mapping
>> in portforwardingrules table.
>>
>> Firewall_rules table is being used by
>> RulesManagerImpl/NetworkManagerImpl to manage the life cycle of all
>> the rules extending FirewallRule.
>>
>> -Alena.
>> From: Syed Ahmed <sa...@cloudops.com>>
>> Reply-To:
>> "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>"
>> <de...@cloudstack.apache.org>>
>> Date: Monday, October 28, 2013 11:39 AM
>> To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>"
>> <de...@cloudstack.apache.org>>
>> Subject: Adding "protocol" parameter to CreateLoadBalancerRule API
>>
>> Hi,
>>
>> As a part of implementing the SSL termination functioanlity, I was
>> trying to add a protocol parameter to the CreateLoadBalancerRule API so
>> that the correct type of LB can be created to which the certificate can
>> be bound. I see that the LoadBalancerVO is an extension of FirewallVO
>> which has its own protocol field which is used for some other purpose.
>> Why do we have Firewall and LB as the same entity? Also, If I were to
>> add protocol for the LB, is it OK if I create another field
>> "lb_protocol" in the load_balancing_rules table ?
>>
>> Thanks,
>> -Syed
>>
>>
>
Re: Adding "protocol" parameter to CreateLoadBalancerRule API
Posted by Alena Prokharchyk <Al...@citrix.com>.
Why not use the protocol field in firewall_rules table? And make NS provider to read it from there.
-Alena.
From: Syed Ahmed <sa...@cloudops.com>>
Date: Monday, October 28, 2013 12:20 PM
To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
Cc: Alena Prokharchyk <al...@citrix.com>>
Subject: Re: Adding "protocol" parameter to CreateLoadBalancerRule API
Thanks Alena,
So adding lb_protocol in load_balancing_rules should work fine as long
as the LB providers don't use the protocol field in the firewall_rules
table to create the correct type of LB on the device which I don't see (
atleast for Netscaler).
Thanks,
-Syed
On 13-10-28 03:11 PM, Alena Prokharchyk wrote:
Syed, each network rule – PF/LB – currently has entries in in 2 tables. PublicIp/PublicPort/Protocol + State/Purpose and other generic fields that are the same for all the networking rules, are being stored in firewall_rules. Other information is being stored in child tables. As an example, for PF rules we store rule to vm mapping in portforwardingrules table.
Firewall_rules table is being used by RulesManagerImpl/NetworkManagerImpl to manage the life cycle of all the rules extending FirewallRule.
-Alena.
From: Syed Ahmed <sa...@cloudops.com>>
Reply-To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
Date: Monday, October 28, 2013 11:39 AM
To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
Subject: Adding "protocol" parameter to CreateLoadBalancerRule API
Hi,
As a part of implementing the SSL termination functioanlity, I was
trying to add a protocol parameter to the CreateLoadBalancerRule API so
that the correct type of LB can be created to which the certificate can
be bound. I see that the LoadBalancerVO is an extension of FirewallVO
which has its own protocol field which is used for some other purpose.
Why do we have Firewall and LB as the same entity? Also, If I were to
add protocol for the LB, is it OK if I create another field
"lb_protocol" in the load_balancing_rules table ?
Thanks,
-Syed
Re: Adding "protocol" parameter to CreateLoadBalancerRule API
Posted by Syed Ahmed <sa...@cloudops.com>.
Thanks Alena,
So adding lb_protocol in load_balancing_rules should work fine as long
as the LB providers don't use the protocol field in the firewall_rules
table to create the correct type of LB on the device which I don't see (
atleast for Netscaler).
Thanks,
-Syed
On 13-10-28 03:11 PM, Alena Prokharchyk wrote:
> Syed, each network rule – PF/LB – currently has entries in in 2 tables. PublicIp/PublicPort/Protocol + State/Purpose and other generic fields that are the same for all the networking rules, are being stored in firewall_rules. Other information is being stored in child tables. As an example, for PF rules we store rule to vm mapping in portforwardingrules table.
>
> Firewall_rules table is being used by RulesManagerImpl/NetworkManagerImpl to manage the life cycle of all the rules extending FirewallRule.
>
> -Alena.
> From: Syed Ahmed <sa...@cloudops.com>>
> Reply-To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
> Date: Monday, October 28, 2013 11:39 AM
> To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
> Subject: Adding "protocol" parameter to CreateLoadBalancerRule API
>
> Hi,
>
> As a part of implementing the SSL termination functioanlity, I was
> trying to add a protocol parameter to the CreateLoadBalancerRule API so
> that the correct type of LB can be created to which the certificate can
> be bound. I see that the LoadBalancerVO is an extension of FirewallVO
> which has its own protocol field which is used for some other purpose.
> Why do we have Firewall and LB as the same entity? Also, If I were to
> add protocol for the LB, is it OK if I create another field
> "lb_protocol" in the load_balancing_rules table ?
>
> Thanks,
> -Syed
>
>
Re: Adding "protocol" parameter to CreateLoadBalancerRule API
Posted by Alena Prokharchyk <Al...@citrix.com>.
Syed, each network rule – PF/LB – currently has entries in in 2 tables. PublicIp/PublicPort/Protocol + State/Purpose and other generic fields that are the same for all the networking rules, are being stored in firewall_rules. Other information is being stored in child tables. As an example, for PF rules we store rule to vm mapping in portforwardingrules table.
Firewall_rules table is being used by RulesManagerImpl/NetworkManagerImpl to manage the life cycle of all the rules extending FirewallRule.
-Alena.
From: Syed Ahmed <sa...@cloudops.com>>
Reply-To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
Date: Monday, October 28, 2013 11:39 AM
To: "dev@cloudstack.apache.org<ma...@cloudstack.apache.org>" <de...@cloudstack.apache.org>>
Subject: Adding "protocol" parameter to CreateLoadBalancerRule API
Hi,
As a part of implementing the SSL termination functioanlity, I was
trying to add a protocol parameter to the CreateLoadBalancerRule API so
that the correct type of LB can be created to which the certificate can
be bound. I see that the LoadBalancerVO is an extension of FirewallVO
which has its own protocol field which is used for some other purpose.
Why do we have Firewall and LB as the same entity? Also, If I were to
add protocol for the LB, is it OK if I create another field
"lb_protocol" in the load_balancing_rules table ?
Thanks,
-Syed