[openstack-dev] [neutron] [fwaas] - Collecting use cases for API improvements

Kyle Mestery mestery at mestery.com
Wed May 27 22:50:36 UTC 2015


On Wed, May 27, 2015 at 5:36 PM, Eichberger, German <
german.eichberger at hp.com> wrote:

> All,
>
>
> During the FWaaS session in Vancouver [1] it became apparent that both the
> FWaaS API and the Security Groups API are lacking in functionality and the
> connection between the two is not well defined.
>
>
> For instance if a cloud user opens up all ports in the security groups
> they still can’t connect and might figure out days later that there is a
> second API (FWaaS) which prevents him from connecting to his service. This
> will probably make for a frustrating experience.
>
>
> Similarly, the operators I spoke to all said that the current FWaaS
> implementation isn’t going far enough and needs a lot of missing
> functionality added to fulfill their requirements on a Firewall
> implementation.
>
>
> With that backdrop I am proposing to take a step back and assemble a group
> of operators and users to collect use cases for the firewall service – both
> FWaaS and Security Groups based. I believe it is important at this juncture
> to really focus on the users and less on technical limitations. I also
> think this reset is necessary to make a service which meets the needs of
> operators and users better.
>
>
> Once we have collected the use cases we can evaluate our current API’s and
> functionality and start making the necessary improvements to turn FWaaS
> into a service which covers most of the use cases and requirements.
>
>
> Please join me in this effort. We have set up an etherpad [2] to start
> collecting the use cases and will discuss them in an upcoming meeting.
>
>
Thanks for sending this out German. I took home the same impressions that
you did. Similar to what we did with the LBaaS project (to great success
last summer), I think we should look at FWaaS API V2 with the new
contributors coming on as equals and helping to define the new operator
focused API. My suggestion is we look at doing the work to lay the
foundation during Liberty for a successful launch of this API during the
Mxx cycle. I'm happy to step in here and guide the new group of
contributors similar to what we did for LBaaS.

Thanks,
Kyle


>
> Thanks,
>
> German
>
>
>
>
>
> [1] https://etherpad.openstack.org/p/YVR-neutron-sg-fwaas-future-direction
>
> [2] https://etherpad.openstack.org/p/fwaas_use_cases
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150527/6fa10f55/attachment.html>


More information about the OpenStack-dev mailing list