Virtual Chassis and Virtual Domains
435 views
Skip to first unread message
Antoine Siral
Jun 1, 2018, 9:00:01 AM6/1/18
to NetBox
Hi,
I would like to discuss here about virtual chassis and virtual domain.
The new object Virtual Chassis is a good feature but could be improved in my opinion.
All my thinking is based of a need to represent a cluster (named Virtual Chassis in Netbox) of two Fortigate firewalls and its vdom in Netbox.
About the Virtual Chassis:
In Netbox, ip addresses are assigned on the members of the virtual chassis. But in fact the management IP address is not related to any physical member.
In my opinion the virtual chassis should be seen as a device with the attributes inherited from members (interfaces) and its own attributes (name, ip address, tenant, role, virtual interface)
About the second point, the virtual domains:
A Fortigate firewall may contain several domains (vdom) wich are "logical firewall instances" within this physical firewall.
So, the trick I did for this is to create a cluster with one member and then, a virtual machine represents a virtual domain. But this trick does not allow to attach physical interface to one vdom (or VM in Netbox)
Plus, in case of a virtual Chassis of two firewalls, it cannot be done since a virtual chassis is not a device, so it cannot be integrated within a cluster.
This is why I think a Virtual Chassis should be seen as a device with its own attributes, inherits its interfaces from members and be available to integrate in a cluster and finally, as extra, bridge its physical interface to virtual machine.
I am speaking about Fortigate but other vendors do axactly the same (Palo Alto, Checkpoint, ...)
I would like to discuss here about virtual chassis and virtual domain.
The new object Virtual Chassis is a good feature but could be improved in my opinion.
All my thinking is based of a need to represent a cluster (named Virtual Chassis in Netbox) of two Fortigate firewalls and its vdom in Netbox.
About the Virtual Chassis:
In Netbox, ip addresses are assigned on the members of the virtual chassis. But in fact the management IP address is not related to any physical member.
In my opinion the virtual chassis should be seen as a device with the attributes inherited from members (interfaces) and its own attributes (name, ip address, tenant, role, virtual interface)
About the second point, the virtual domains:
A Fortigate firewall may contain several domains (vdom) wich are "logical firewall instances" within this physical firewall.
So, the trick I did for this is to create a cluster with one member and then, a virtual machine represents a virtual domain. But this trick does not allow to attach physical interface to one vdom (or VM in Netbox)
Plus, in case of a virtual Chassis of two firewalls, it cannot be done since a virtual chassis is not a device, so it cannot be integrated within a cluster.
This is why I think a Virtual Chassis should be seen as a device with its own attributes, inherits its interfaces from members and be available to integrate in a cluster and finally, as extra, bridge its physical interface to virtual machine.
I am speaking about Fortigate but other vendors do axactly the same (Palo Alto, Checkpoint, ...)
If anyone has some other tricks or suggestion to this, let me know.
Reply all
Reply to author
Forward
0 new messages