[openstack-dev] [neutron] [fwaas] - Collecting use cases for API improvements

Sridar Kandaswamy (skandasw) skandasw at cisco.com
Thu May 28 01:51:07 UTC 2015


Hi All:

Thanks German for articulating this – we did have this discussion on last Fri as well on the need to have more user inputs. FWaaS has been in a bit of a Catch22 situation with the experimental state. Regarding feature velocity –  it has definitely been frustrating and we also lost contributors along the journey due to their frustration with moving things forward making things worse.

Kilo has been interesting in that there are more new contributors, repo split and more in terms of vendor support has gone in than ever before. We hope that this will improve traction for the customers they represent as well. Adding more user inputs and having a concerted conversation will definitely help. I echo Kyle and can certainly speak for all the current contributors in also helping out in any way possible to get this going. New Contributors are always welcome – Slawek & Vikram among the  most recent new contributors know this well.

Thanks

Sridar

From: Vikram Choudhary <vikschw at gmail.com<mailto:vikschw at gmail.com>>
Date: Wednesday, May 27, 2015 at 5:54 PM
To: OpenStack List <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: Re: [openstack-dev] [neutron] [fwaas] - Collecting use cases for API improvements

Hi German,

Thanks for the initiative. I am currently working for few of the FWaaS BP's proposed for Liberty and definitely would like to be a part of this effort.

BTW did you mean FWaaS IRC meeting to take up this discussion further?

Thanks
Vikram


On Thu, May 28, 2015 at 4:20 AM, Kyle Mestery <mestery at mestery.com<mailto:mestery at mestery.com>> wrote:
On Wed, May 27, 2015 at 5:36 PM, Eichberger, German <german.eichberger at hp.com<mailto:german.eichberger at hp.com>> wrote:
All,


During the FWaaS session in Vancouver [1] it became apparent that both the FWaaS API and the Security Groups API are lacking in functionality and the connection between the two is not well defined.


For instance if a cloud user opens up all ports in the security groups they still can’t connect and might figure out days later that there is a second API (FWaaS) which prevents him from connecting to his service. This will probably make for a frustrating experience.


Similarly, the operators I spoke to all said that the current FWaaS implementation isn’t going far enough and needs a lot of missing functionality added to fulfill their requirements on a Firewall implementation.


With that backdrop I am proposing to take a step back and assemble a group of operators and users to collect use cases for the firewall service – both FWaaS and Security Groups based. I believe it is important at this juncture to really focus on the users and less on technical limitations. I also think this reset is necessary to make a service which meets the needs of operators and users better.


Once we have collected the use cases we can evaluate our current API’s and functionality and start making the necessary improvements to turn FWaaS into a service which covers most of the use cases and requirements.


Please join me in this effort. We have set up an etherpad [2] to start collecting the use cases and will discuss them in an upcoming meeting.


Thanks for sending this out German. I took home the same impressions that you did. Similar to what we did with the LBaaS project (to great success last summer), I think we should look at FWaaS API V2 with the new contributors coming on as equals and helping to define the new operator focused API. My suggestion is we look at doing the work to lay the foundation during Liberty for a successful launch of this API during the Mxx cycle. I'm happy to step in here and guide the new group of contributors similar to what we did for LBaaS.

Thanks,
Kyle


Thanks,

German





[1] https://etherpad.openstack.org/p/YVR-neutron-sg-fwaas-future-direction

[2] https://etherpad.openstack.org/p/fwaas_use_cases


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150528/a0d8ad33/attachment.html>


More information about the OpenStack-dev mailing list