vmware-nsx

NSX-V Service insertion support

Bug #1604566 reported by OpenStack Infra on 2016-07-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	vmware-nsx	Fix Released	Undecided	Unassigned

Bug Description

https://review.openstack.org/327580
Dear bug triager. This bug was created since a commit was marked with DOCIMPACT.
Your project "openstack/vmware-nsx" is set up so that we directly report the documentation bugs against it. If this needs changing, the docimpact-group option needs to be added for the project. You can ask the OpenStack infra team (#openstack-infra on freenode) for help if you need to.

commit ce9003f4989c79d14b05d434843b6d1756a65e1f
Author: Adit Sarfaty <email address hidden>
Date: Thu Jun 9 13:35:53 2016 +0300

NSX-V Service insertion support

The service insertion feature allows us to redirect some of the NSX traffic to an external
security vendor like Palo-Alto or checkpoint for advanced inspection.

    The implementation contains:
    Enable the flow classifier plugin, and use it to create redirect rules on NSX
    When the flow classifier plugin is initialized a new security group is created
    and added to the configured service profile

When a vm port with port security is created/updated, it is added to this security group
When the admin user create a flow classifier entry, a backed redirect rule will be created.

DocImpact: new NSXV Configuration parameters:
service_insertion_profile_id = <service profile id, i.e. serviceprofile-1>

DocImpact: The flow classifier methods should be added to the policy.json as admin only

Change-Id: I67a132d4b35764c6940516a8365a2749d574aad2

Tags:

Adit Sarfaty (asarfaty) on 2020-07-29

Changed in vmware-nsx:
status:	New → Fix Committed
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.