In my reply I suggested you to create two quantum routers which I believe should solve this for you.
quantum net-create DMZ-net --external=True quantum subnet-create --name DMZ-Subnet1 DMZ-net <dmz_cidr> # Public ip pool quantum net-create non-DMZ --external=True quantum subnet-create --name nonDMZ-Subnet1 non-DMZ <non_dmz_cidr> # Public ip pool quantum router-create DMZ-router quantum router-create non-DMZ-router quantum router-interface-add DMZ-router DMZ DMZ-Subnet1 quantum router-interface-add non-DMZ-router nonDMZ-Subnet1 quantum router-gateway-set DMZ-router DMZ-net quantum router-gateway-set non-DMZ-router non-DMZ On Thu, Apr 4, 2013 at 10:51 AM, David Kang <[email protected]> wrote: > > > Hi Aron, > > Thank you for your reply. > > We deploy one (quantum) subnet as a DMZ network and the other (quantum) > subnet > as a non-DMZ network. > They are routed to the network node where quantum services (dhcp, l3, > linuxbridge) > are running. > They can talk each other through network node, now. > > However, we do not want to the network node to route the traffic between > them directly. > Instead we want them to be routed to different (external) routers such that > we can apply filtering/firewall/etc. on the traffic from DMZ network. > > Do you think is it possible using two l3-agents or any other way? > Currently, I manually set up routings for those two subnets. > > Thanks, > David > > ----- Original Message ----- > > Hi David, > > > > > > The quantum network node would route traffic between the non-DMZ-DMZ > > network if both of those subnets are uplinked to the same quantum > > router. I believe if you create another router for your dmz hosts then > > traffic in/out of that network should route our to your physical > > infrastructure which will go through your router to do filtering. > > > > > > Thanks, > > > > > > Aaron > > > > > > > > On Wed, Apr 3, 2013 at 8:26 AM, David Kang < [email protected] > wrote: > > > > > > > > Hi, > > > > We are trying to set up Quantum network for non-DMZ and DMZ networks. > > The cloud has both non-DMZ networks and a DMZ network. > > We need to route traffic from DMZ network to a specific router before > > it reaches > > anywhere else in non-DMZ networks. > > However, Quantum Network Node routes the traffic between DMZ network > > and > > non-DMZ network within itself by default. > > Have anybody configured Quantum for this case? > > Any help will be appreciated. > > We are using Quantum linuxbridge-agent. > > > > Thanks, > > David > > > > -- > > ---------------------- > > Dr. Dong-In "David" Kang > > Computer Scientist > > USC/ISI > > > > _______________________________________________ > > Mailing list: https://launchpad.net/~openstack > > Post to : [email protected] > > Unsubscribe : https://launchpad.net/~openstack > > More help : https://help.launchpad.net/ListHelp > > -- > ---------------------- > Dr. Dong-In "David" Kang > Computer Scientist > USC/ISI >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
