[openstack-dev] [Quantum] Quantum Firewall Service

Yapeng Wu Yapeng.Wu at huawei.com
Fri Apr 5 14:36:31 UTC 2013

Hello, Sumit,

Regarding of "* It might be helpful to model firewall instance to firewall_policy relationship as 1:many"

Can you elaborate in what user case this is required?


From: Sumit Naiksatam [mailto:sumitnaiksatam at gmail.com]
Sent: Thursday, April 04, 2013 8:34 PM
To: OpenStack Development Mailing List
Subject: Re: [openstack-dev] [Quantum] Quantum Firewall Service

Just wanted to give an update on the call today - we had a fairly large number of people attending from PayPal, VMware, Cisco, Big Switch (to name a few that I noted).

Discussion notes:

* Decided to focus in the firewall_rule attributes - current definition of attributes is not clear. Although the intent is to capture these as flexible placeholder objects, the document is not very indicative. Needs to be articulated better (e.g. source_ip_address should just be a "source" string).

* Need a little more deliberation on which attributes in the firewall_rules need to form the core set of attributes; other lesser used/vendor-centric attributes can be modeled as "extended attributes".

* The zone attribute/resource definition needs to be expanded.

* It might be more practical to model a firewall_rule to firewall_policy relationship as 1:1. If we take that approach, it might be helpful to have a sequence number attribute in the firewall_rule.

* It might be helpful to model firewall instance to firewall_policy relationship as 1:many

* The firewall resource as expressed in the model is a logical instance in the Quantum model. It's mapping to a physical/virtual appliance is left to the backend.

* Details on use cases are required. Will help to validate against the model.

In general, we seem to have a decent start to the base model. No major objections on the workflow.

We will continue to have discussions over emails, and have another call next week.

Please feel free to add anything I might have missed.



On Wed, Apr 3, 2013 at 10:47 AM, Sumit Naiksatam <sumitnaiksatam at gmail.com<mailto:sumitnaiksatam at gmail.com>> wrote:
We have set up a conference call scheduled for Thursday April 4th to discuss this topic as a preparation for the upcoming summit.

Current draft: https://wiki.openstack.org/wiki/Quantum/FWaaS/API

Logistics (thanks to Vinay/Anand, PayPal):

Where: Conference Bridge - (855) 227 1767 x 7152259<tel:%28855%29%20227%201767%20x%207152259>

When: Thursday, April 04, 2013 2:00 PM-3:00 PM. (UTC-08:00) Pacific Time (US & Canada)

Where: Conference Bridge - (855) 227 1767 x 7152259<tel:%28855%29%20227%201767%20x%207152259>

Conf. Code 7152259

Phones Numbers:

*        (855) 227-1767<tel:%28855%29%20227-1767>(USA) - 08003765931(UK)

*        0008006103229 (India - Toll Free)

*        81080024322044 (Moscow), 4992701688(Moscow)

Web Conf: https://myroom-na.adobeconnect.com/anandpalanisamy/

More Numbers: https://www.intercallonline.com/portlets/scheduling/viewNumbers/listNumbersByCode.do?confCode=7152259&name=&email=&selectedProduct=joinMeeting



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130405/b58861d5/attachment.html>

More information about the OpenStack-dev mailing list