NSX-V Service insertion support
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vmware-nsx |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
https:/
Dear bug triager. This bug was created since a commit was marked with DOCIMPACT.
Your project "openstack/
commit ce9003f4989c79d
Author: Adit Sarfaty <email address hidden>
Date: Thu Jun 9 13:35:53 2016 +0300
NSX-V Service insertion support
The service insertion feature allows us to redirect some of the NSX traffic to an external
security vendor like Palo-Alto or checkpoint for advanced inspection.
The implementation contains:
Enable the flow classifier plugin, and use it to create redirect rules on NSX
When the flow classifier plugin is initialized a new security group is created
and added to the configured service profile
When a vm port with port security is created/updated, it is added to this security group
When the admin user create a flow classifier entry, a backed redirect rule will be created.
DocImpact: new NSXV Configuration parameters:
service_
DocImpact: The flow classifier methods should be added to the policy.json as admin only
Change-Id: I67a132d4b35764
Changed in vmware-nsx: | |
status: | New → Fix Committed |
status: | Fix Committed → Fix Released |