dnsaas and fwaas

DNSaaS & FWaaSAugust 2013

Alex Barreto2013 August 27

DNSaaS & FWaaS - 2013 Aug 27DOC144908-20130524r3

● Red Hat is moving the “core” forward● Features, stability, maturity, supportability

● 3rd parties are working on Operational aspects● e.g., How do you provision, configure and administer

● Our current customer base (telcos, OEMS, etc)have their own infrastructure - will build around RHOS

● Enterprises want a complete product

● Automate & manage deployment, configuration,etc● In many cases want traditional virtualization features too

OPENSTACK: REFERENCE ARCHITECTURES

RHCI - 2013 Aug 12 - Target

OPENSTACK: DNS-as-a-Service (DNSaaS)


● Drivers● Simplification of DNS Infrastructure

● Vendors (Bind/Nominum), COS (QE vs Prod) and tools

● Standardization for Automation

● Project Designate provides DNSaaS services for OpenStack:

● REST API for domain/record management

● Multi-tenant

● Integrated with Keystone for authentication

● Framework in place to integrate with Nova and Quantum notifications (for auto-generated records)

● Support for PowerDNS and Bind9 out of the box

● Status

● Applying for incubation

What is DNS AS A SERVICE?


● Provides managed DNS

● Entry point: creating, updating, maintaining and deleting DNS data using the Designate API,

● Providing DNS resolution for users.

● Allows the use of whatever DNS server and organization demands, or the database where DNS data is stored.

● Intended to work in conjunction with other components such as Nova.

● Using a REST API or Designate Sink which consumes events from Nova or Quantum, or any other service that has events that would necessitate DNS changes.

● Replaces Nova DNS bindings

● Adds a missing piece of data-center functionality, automating the name resolution changes required for the creation and deletion of Nova instances or other components.

PROJECT DESIGNATE


● Roadmap

● Current release

● REST API for domain/record management● Multi-tenant● Integrated with Keystone for authentication● Framework in place to integrate with Nova and Quantum notifications (for auto-

generated records)● Support for PowerDNS, MySQLBind, and Bind out of the box● Command Line Interface● Python Bindings

● Future release plans

● DNSSEC● Development of functionality to utilize designate-sink to process events from

Nova and Quantum● Import/Export of Domains via BIND9 style zone files● Private/Internal DNS servers

●

PROJECT DESIGNATE


BEFORE DESIGNATE


WITH DESIGNATE

Row 1 Row 2 Row 3 Row 40

2

4

6

8

10

12

Column 1

Column 2

Column 3


● Forward Records (A Record) (GET, POST, PUT and DELETE)

● Reverse Records (PTR Record) (GET, POST, PUT and DELETE)

● DDNS Forward Records (PUT, GET, DELETE)

● DDNS Reverse Records (PUT, GET and DELETE)

DESIGNATE APIs

RHCI - 2013 Aug 12 - Target

OPENSTACK: Firewall-as-a-Service (FWaaS)


● FWaaS is Networking Zoning with firewall partitioning

● Each virtual Firewall instance is associated with one or more Firewall Policies

● Each Firewall Policy is an ordered list of Firewall Rules

● A Firewall Policy serves as a template, and the logical Firewall provides for an instantiation of that template

● Status: Neutron blueprint

What is FIREWALL AS A SERVICE?


FWaaS – How it operates


FWaaS – Models


FWaaS FEATURES


FWaaS – Use Cases

● Large Scale Data Center●


FWaaS – Model


FWaaS – L3 Agent Flow


FWaaS – L3 Agent - Process


FWaaS – IPTables Driver – Neutron Router

20

THANK YOU!

dnsaas and fwaas

Technology