No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


FusionCloud Solution Description 04

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Implementation Principles

Implementation Principles


Figure 14-3 shows the logical architecture of VFW.

Figure 14-3 Logical architecture of VFW
Table 14-1 Component details




Console layer


Provides level-1 load balancing.


Provides level-2 load balancing.

Network Console

You can use this console to manage all VFW-related resources.

API/Service layer


Provides load balancing for Combined APIs.

Network Service

Provides interfaces for Network Console to manage VFW resources.

Common component

API Gateway

Third-party applications call ECS APIs through API Gateway.


Provides the resource metering and billing function.


Provides domain name resolution and time synchronization.


Displays the task status.

Resource pool


Provides the Image Management Service (IMS).


Manages the life cycle of cloud servers in the FusionSphere OpenStack system, for example, creating cloud servers in batches, and scheduling or stopping cloud servers on demand.


Provides persistent block storage for running cloud servers. Its pluggable drives facilitate block storage creation and management.


Provides APIs for network connectivity and addressing.

Management zone


Provides Identity and Access Management (IAM).


Provides performance monitoring and alarm generation.

Service OM

Provides FusionSphere OpenStack management and resource configuration.


Provides the resource metering and billing function using SDR.


Figure 14-4 shows the vFW workflow.

Figure 14-4 vFW workflow

The tasks in all steps are as follows:

  1. Log in to the ManageOne operation plane.
  2. Perform the IAM authentication on the ManageOne operation plane.
  1. On the vFW page, create a vFW or add a firewall rule.
  2. Invoke the vFW interfaces provided by the Network Service to deliver configurations.
  3. Network Service calls the vfw/fwaas interface provided by the OpenStack Neutron to create a VFW.
  4. Type I: The Neutron server uses the RPC to instruct the Neutron agent to configure the iptable rule of the Linux operating system.
  5. Type II: The Neutron server controls the AC to configure the vsys rule of physical firewalls.

Updated: 2019-10-23

Document ID: EDOC1100063247

Views: 64654

Downloads: 182

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next