OpenContrail

Missing Documentation: How to create service images

Asked by Colin MacGiollaEain

Hi,

I'm looking to find out the recommendations/procedure for preparing a VM image to be used as a service image e.g. linux VM providing IPTABLES based NAT or firewall service. How do I match the VM interfaces to the left, right, management?

Thanks,
Colin

Question information

Language:
English Edit question
Status:
Answered
For:
OpenContrail Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:

This question was originally filed as bug #1276086.

Revision history for this message
Colin MacGiollaEain (mcolin) said : 		#1

Hi,

I'm looking to find out the recommendations/procedure for preparing a VM image to be used as a service image e.g. linux VM providing IPTABLES based NAT or firewall service. How do I match the VM interfaces to the left, right, management?

Thanks,
Colin

Revision history for this message
Pedro Marques (5-roque) said : 		#2

Colin,
The management, left and right networks will be connected to the VMs eth0, eth1 and eth2 respectively.
The expectation is that the service template is configured such that it acts as a "bump in the wire" either by being in bridge mode and bridging left to right interface (and vice-versa) or by a policy routing mechanism.

For instance, using a virtual SRX image for NAT (which requires an L3 configuration) the template should be configured such that there is a left and right routing-instance and FBF on the interfaces that directs the traffic arriving at the left interface into the right instance. Each instance will have a default route back to its respective interface (advertised by DHCP). Similar "policy routing" mechanisms are available in most platforms.

Can you help with this problem?

Provide an answer of your own, or ask Colin MacGiollaEain for more information if necessary.

To post a message you must log in.