[Openstack-operators] VPNaaS and FWaaS

Kyle Mestery mestery at mestery.com
Mon May 2 20:58:50 UTC 2016

On Mon, May 2, 2016 at 3:12 PM, Xav Paice <xavpaice at gmail.com> wrote:
> On 3 May 2016 at 05:03, Matt Jarvis <matt.jarvis at datacentred.co.uk> wrote:
>> Thanks for the clarification Kyle.
>> On 2 May 2016 at 14:33, Kyle Mestery <mestery at mestery.com> wrote:
>>> On Fri, Apr 29, 2016 at 8:01 AM, Matt Jarvis
>>> <matt.jarvis at datacentred.co.uk> wrote:
>>> > I know there are operators relying on these functions, particularly in
>>> > the
>>> > public cloud space in Europe, so this would impact those people.
>>> >
>>> I'm actually really surprised that people are *using* FWaaS. It's been
>>> marked experimental for over 3 years now, and it only recently in
>>> Liberty received work which made it somewhat useful, which was the
>>> ability to apply a firewall on a specific Neutron router rather than
>>> all tenant routers. FWaaS in production sounds pretty risky to me, but
>>> I supposed that our fault for not being clear on it's readiness.
> It might be good at this stage to differentiate between the number of people
> using FWaaS and VPNaaS.  It might be that the FWaaS is much less used than
> VPN, and while we've had a large number of support calls regarding VPNaaS,
> using the service has meant that we can operate as a public cloud despite
> having a very limited amount of IPv4 address space.  Without VPNaaS, we
> would have to make some very difficult changes to our operations and
> probably wind up pouring resources into maintaining something that doesn't
> provide such a nice customer experience.  We've not yet worked out what
> FWaaS is for, and our customers haven't asked us for it.
>>> > If we have metrics that a constituent part of the user community need
>>> > these
>>> > functions, then we can try and find a way to help the Neutron team to
>>> > cover
>>> > the resourcing gaps.
>>> >
>>> If people are using these, IMHO that's another reason to keep them
>>> around. I've already said that we have at least one large user of VPN,
>>> so that project will continue to be worked on even if it's removed
>>> from Neutron.
> I would expect large users of a project to be able to contribute at least
> _some_ resources to keep the code alive.  As a small user of VPNaaS , I
> would also expect to contribute some resources - but we're too small to be a
> significant contributor here.
> I'm not sure how OSIC would relate, particularly as this is low/absent in
> their priorities, but if the only barrier to people working on VPNaaS is
> getting a test/dev cluster to work with then surely it's a barrier that can
> be removed.  I would expect the developer time to be the biggest hurdle.
I don't think OSIC relates at all. The issue is not test HW or
resources, but actual people writing code, maintaining the code, and
pushing the ball forward.

> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

More information about the OpenStack-operators mailing list