[Openstack-operators] VPNaaS and FWaaS

Xav Paice xavpaice at gmail.com
Mon May 2 20:12:34 UTC 2016

On 3 May 2016 at 05:03, Matt Jarvis <matt.jarvis at datacentred.co.uk> wrote:

> Thanks for the clarification Kyle.
> On 2 May 2016 at 14:33, Kyle Mestery <mestery at mestery.com> wrote:
>> On Fri, Apr 29, 2016 at 8:01 AM, Matt Jarvis
>> <matt.jarvis at datacentred.co.uk> wrote:
>> > I know there are operators relying on these functions, particularly in
>> the
>> > public cloud space in Europe, so this would impact those people.
>> >
>> I'm actually really surprised that people are *using* FWaaS. It's been
>> marked experimental for over 3 years now, and it only recently in
>> Liberty received work which made it somewhat useful, which was the
>> ability to apply a firewall on a specific Neutron router rather than
>> all tenant routers. FWaaS in production sounds pretty risky to me, but
>> I supposed that our fault for not being clear on it's readiness.
It might be good at this stage to differentiate between the number of
people using FWaaS and VPNaaS.  It might be that the FWaaS is much less
used than VPN, and while we've had a large number of support calls
regarding VPNaaS, using the service has meant that we can operate as a
public cloud despite having a very limited amount of IPv4 address space.
Without VPNaaS, we would have to make some very difficult changes to our
operations and probably wind up pouring resources into maintaining
something that doesn't provide such a nice customer experience.  We've not
yet worked out what FWaaS is for, and our customers haven't asked us for it.

> > If we have metrics that a constituent part of the user community need
>> these
>> > functions, then we can try and find a way to help the Neutron team to
>> cover
>> > the resourcing gaps.
>> >
>> If people are using these, IMHO that's another reason to keep them
>> around. I've already said that we have at least one large user of VPN,
>> so that project will continue to be worked on even if it's removed
>> from Neutron.
I would expect large users of a project to be able to contribute at least
_some_ resources to keep the code alive.  As a small user of VPNaaS , I
would also expect to contribute some resources - but we're too small to be
a significant contributor here.

I'm not sure how OSIC would relate, particularly as this is low/absent in
their priorities, but if the only barrier to people working on VPNaaS is
getting a test/dev cluster to work with then surely it's a barrier that can
be removed.  I would expect the developer time to be the biggest hurdle.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160503/52fe5e17/attachment.html>

More information about the OpenStack-operators mailing list