added 3 new method to strip partition information from VirtualServer, LBPool, VLAN api response.
With BigIP V11.x VirtualServer, LBPool, VLAN api response has been modified.
Now BigIP returns resource name with user partition information
ex: if vlanname is vlan-100 then the get_list() will return /Common/vlan-100 (/Common -> Suer portition)
This method will strip the partition information and only returns a list with vlan name (vlan-100)
Signed-off-by: Rajani Karuturi <rajanikaruturi@gmail.com>
Increased the ram size of Internal load balancer vm service offering also
Backported from fix by Harikrishna Patnala <harikrishna.patnala@citrix.com>
https://reviews.apache.org/r/17941/
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
The proxy-arp add/del is done on firewall rule add/del.
The proxy-arp rule is deleted only when there is no static nat or dest nat rule is not using the ip.
When there is static nat or PF and firewall rule
a. Delete firewall rule. It skips delete proxy-arp because the rule is used by static nat rule.
b. After deleting fw rule if we disable static nat there is no way to delete proxy-arp rule.
On VM expunge we are deleting firewall rules first then static nat rules. This caused the stale proxy-arp
rules.
With this fix adding/deleting proxy arp rule on static nat/PF rule add/del.
(cherry picked from commit 19668713ed)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
after network orchestrator refactor, only network elements providingg
services as defined by network offering, are invloved network design and
imlement phase. So OVS network element need to be enables as
'Connectivity' service provider to make GRE tunnels work. This fix
introduced 'Ovs' provider as Connectivity service provider.
(cherry picked from commit 2e004878b1)
Signed-off-by: Animesh Chaturvedi <animesh@apache.org>
Replaced HttpClient#execute(HttpUriRequest) with
HttpClient#execute(HttpUriRequest,ResponseHandler<T>).
The former requires extra EntityUtils#consume(HttpEntity).
(cherry picked from commit 09e27fd7bf)
Signed-off-by: Animesh Chaturvedi <animesh@apache.org>
introduces a force option in delete network to forcifully delete a
network. This comes handy in rare cases where network fails to implenet
and network is in shutdown state, but network shutdown to rollback
implement process fails as well.
vxlan code. Users can set a physical network to isolation type 'vxlan',
put public traffic on that physical network, and it will still attempt
to use 'vlan' isolation on the KVM hosts. This is going to be an issue
for other isolation types as well, but I'm not familiar with them, so
I'm just fixing vxlan for now.
service and not used for LB
Fix adds a boolean flag to addNetscalerLoadBalancer api, which
will mark added NetScaler for exclusive GSLB service. A netscaler marked
as exclusive gslb service provider is not picked for any guest network's
lb provider.
Conflicts:
engine/schema/src/com/cloud/network/dao/ExternalLoadBalancerDeviceVO.java
plugins/network-elements/f5/src/com/cloud/network/element/F5ExternalLoadBalancerElement.java
plugins/network-elements/netscaler/src/com/cloud/api/commands/AddNetscalerLoadBalancerCmd.java
plugins/network-elements/netscaler/src/com/cloud/api/response/NetscalerLoadBalancerResponse.java
plugins/network-elements/netscaler/src/com/cloud/network/element/NetscalerElement.java
server/src/com/cloud/network/ExternalLoadBalancerDeviceManager.java
server/src/com/cloud/network/ExternalLoadBalancerDeviceManagerImpl.java
setup/db/db/schema-421to430.sql
1. Egress default policy rules is send to the firewall provider. It is up to the
provider to configure the rules.
2. The default policy rules are send for both allow and deny default policy.
3. On network shutdown rules for delete are send.
4. For VR and SRX, by default deny the traffic. So no default rule to deny traffic is required.
Those bugs are related to classes not implementing Serializable, nox overriding the equals and/or hashCode methods and with empty finalize method.
Signed-off-by: Hugo Trippaers <htrippaers@schubergphilis.com>
This patch adds a network plugin to support Palo Alto Networks firewall (their appliance and their VM series firewall).
More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration
Features supported are:
- List/Add/Delete Palo Alto service provider
- List/Add/Delete Palo Alto network service offering
- List/Add/Delete Palo Alto network with above service offering
- Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule)
- List/Add/Delete Ingress Firewall rule
- List/Add/Delete Egress Firewall rule
- List/Add/Delete Port Forwarding rule
- List/Add/Delete Static Nat rule
- Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come)
- Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come)
Knowns limitations:
- Only supports one public IP range in CloudStack.
- Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall.
- Currently not tracking usage on Public IPs.
Signed-off-by: Sheng Yang <sheng.yang@citrix.com>
Rohit Yadav
Sudhansu
Sachchidanand Vaidya
Sujaya Maiyya
Jayapal
Sebastien Goasguen
Will Stevens
Rajani Karuturi
Alena Prokharchyk
Hugo Trippaers
Daan Hoogland
Murali Reddy
Hiroaki KAWAI
Animesh Chaturvedi
sbalineni
Jayapal
Sheng Yang
Marcus Sorensen
Koushik Das
Syed Ahmed
Darren Shepherd
Rajesh Battala
John Kinsella
wilderrodrigues
wilderrodrigues