[openstack-dev] [Openstack-operators][neutron][fwaas] Removing FWaaS V1 in Stein

German Eichberger German.Eichberger at rackspace.com
Wed Sep 19 18:29:44 UTC 2018


With the Stein release we will remove support for FWaaS V1 [1]. It has been marked deprecated since Liberty (2015)  and was an experimental API. It is being replaced with FWaaS V2 [2] which has been available since the Newton release.

What is Neutron FWaaS?

Firewall-as-a-Service is a neutron project which provides router (L3) and port (L2) firewalls to protect networks and vms. [3]

What is Neutron FWaaS V1?

FWaaS V1 was the first implementation of Firewall-as-a-Service and focused on the router port. This implementation has been ported to FWaaS V2.

What is FWaaS V2?

FWaaS V2 extends Firewall-as-a-Service to any neutron port - thus offering the same functionality as Security Groups but with a richer API (e.g. deny/reject traffic).

Why is FWaaS V1 being removed?

FWaaS V1 has been deprecated since 2015 and with FWaaS V2 being released for several cycles it is time to remove FWaaS V1.

How do I migrate?

Existing firewall policies and rules need to be recreated with FWaaS V2. At this point we don’t offer an automated migration tool.

[1] https://developer.openstack.org/api-ref/network/v2/#fwaas-v1-0-deprecated-fw-firewalls-firewall-policies-firewall-rules

[2] https://developer.openstack.org/api-ref/network/v2/#fwaas-v2-0-current-fwaas-firewall-groups-firewall-policies-firewall-rules

[3] https://www.youtube.com/watch?v=9Wkym4BeM4M

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180919/7c260a37/attachment.html>

More information about the OpenStack-dev mailing list