[openstack-dev] [Quantum] Quantum Firewall Service

Sumit Naiksatam sumitnaiksatam at gmail.com
Fri Apr 5 05:45:07 UTC 2013


Inline...

On Thu, Apr 4, 2013 at 10:37 PM, balaji patnala <patnala003 at gmail.com>wrote:

> Hi Sumit,
>
> "* The firewall resource as expressed in the model is a logical instance
> in the Quantum model. It's mapping to a physical/virtual appliance is left
> to the backend."
>
> Is it like we are trying to create a "firewall instance" in Quantum for a
> Tenant and then we want to map this Quantum Instance to "Physical" or
> "Virtual" Firewall Appliance.?
>

Sumit: Yes, the backend/plugin implementation would do this but may not be
necessarily visible to the tenant.

>
> Can you through some light on this?
>
> Regards,
> Balaji.P
>
> On Fri, Apr 5, 2013 at 6:03 AM, Sumit Naiksatam <sumitnaiksatam at gmail.com>wrote:
>
>> Just wanted to give an update on the call today - we had a fairly large
>> number of people attending from PayPal, VMware, Cisco, Big Switch (to name
>> a few that I noted).
>>
>> Discussion notes:
>>
>> * Decided to focus in the firewall_rule attributes - current definition
>> of attributes is not clear. Although the intent is to capture these as
>> flexible placeholder objects, the document is not very indicative. Needs to
>> be articulated better (e.g. source_ip_address should just be a "source"
>> string).
>>
>> * Need a little more deliberation on which attributes in the
>> firewall_rules need to form the core set of attributes; other lesser
>> used/vendor-centric attributes can be modeled as "extended attributes".
>>
>> * The zone attribute/resource definition needs to be expanded.
>>
>> * It might be more practical to model a firewall_rule to firewall_policy
>> relationship as 1:1. If we take that approach, it might be helpful to have
>> a sequence number attribute in the firewall_rule.
>>
>> * It might be helpful to model firewall instance to firewall_policy
>> relationship as 1:many
>>
>> * The firewall resource as expressed in the model is a logical instance
>> in the Quantum model. It's mapping to a physical/virtual appliance is left
>> to the backend.
>>
>> * Details on use cases are required. Will help to validate against the
>> model.
>>
>> In general, we seem to have a decent start to the base model. No major
>> objections on the workflow.
>>
>> We will continue to have discussions over emails, and have another call
>> next week.
>>
>> Please feel free to add anything I might have missed.
>>
>> Thanks,
>>
>> ~Sumit.
>>
>>  On Wed, Apr 3, 2013 at 10:47 AM, Sumit Naiksatam <
>> sumitnaiksatam at gmail.com> wrote:
>>
>>> We have set up a conference call scheduled for Thursday April 4th to
>>> discuss this topic as a preparation for the upcoming summit.
>>>
>>> Agenda:
>>> Current draft: https://wiki.openstack.org/wiki/Quantum/FWaaS/API
>>>
>>> Logistics (thanks to Vinay/Anand, PayPal):
>>>
>>> Where: Conference Bridge - (855) 227 1767 x 7152259
>>>
>>> When: Thursday, April 04, 2013 2:00 PM-3:00 PM. (UTC-08:00) Pacific Time (US & Canada)
>>>
>>>
>>> Where: Conference Bridge - (855) 227 1767 x 7152259
>>>
>>> Conf. Code 7152259
>>> Phones Numbers:
>>>
>>>
>>>
>>>    - (855) 227-1767(USA) - 08003765931(UK)
>>>    - 0008006103229 (India – Toll Free)
>>>    -
>>>
>>>
>>>    81080024322044 (Moscow), 4992701688(Moscow)
>>>
>>> Web Conf: https://myroom-na.adobeconnect.com/anandpalanisamy/
>>>
>>>
>>>
>>> More Numbers: https://www.intercallonline.com/portlets/scheduling/viewNumbers/listNumbersByCode.do?confCode=7152259&name=&email=&selectedProduct=joinMeeting
>>>
>>>
>>> Thanks,
>>>
>>> ~Sumit.
>>>
>>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130404/bf812ea4/attachment.html>


More information about the OpenStack-dev mailing list