No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionCloud 6.3.0 Solution Description 05

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Implementation Principles

Implementation Principles

Architecture

Figure 13-3 shows the logical architecture of VFW.

Figure 13-3 Logical architecture of VFW
Table 13-1 Component description

Component Type

Component Name

Description

Console layer

LVS

Provides level-1 load balancing.

Nginx

Provides level-2 load balancing.

Network Console

You can use this console to manage all VFW-related resources.

API/service layer

HAProxy

Provides load balancing for Combined APIs.

Network Service

Provides interfaces for Network Console to manage VFW resources.

Common component

API Gateway

Third-party applications call ECS APIs through API Gateway.

SDR

Provides the resource metering and billing function.

DNS/NTP

Provides domain name resolution and time synchronization.

TaskCenter

Displays the task status.

Resource pool

Glance

Provides the Image Management Service (IMS).

Nova

Manages the life cycle of cloud servers in the FusionSphere OpenStack system, for example, creating cloud servers in batches, and scheduling or stopping cloud servers on demand.

Cinder

Provides persistent block storage for running cloud servers. Its pluggable drives facilitate block storage creation and management.

Neutron

Provides APIs for network connectivity and addressing.

Management zone

IAM

Provides Identity and Access Management (IAM).

eSight

Provides performance monitoring and alarm generation.

Service OM

Provides FusionSphere OpenStack management and resource configuration.

Metering

Provides the resource metering and billing function using SDR.

Workflow

Figure 13-4 shows the vFW workflow.

Figure 13-4 vFW workflow

The tasks in all steps are as follows:

  1. Log in to the ManageOne operation plane.
  2. Perform the IAM authentication on the ManageOne operation plane.
  1. On the vFW page, create a vFW or add a firewall rule.
  2. Invoke the vFW interfaces provided by the Network Service to deliver configurations.
  3. Network Service calls the vfw/fwaas interface provided by the OpenStack Neutron to create a VFW.
  4. Type I: The Neutron server uses the RPC to instruct the Neutron agent to configure the iptable rule of the Linux operating system.
  5. Type II: The Neutron server controls the AC to configure the vsys rule of physical firewalls.
Translation
Download
Updated: 2019-04-23

Document ID: EDOC1100026685

Views: 150300

Downloads: 262

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next