[Openstack-operators] VPNaaS and FWaaS
alawson at aqorn.com
Fri May 20 05:21:37 UTC 2016
We don't use FWaaS but we certainly are interested in LBaaS and VPNaaS.
Chalk us up to a vendor trying to implement these. VPNaaS is huge as it
allows customers to non-disruptively attach their organizations to a public
cloud with the same IP space as is the case with AWS. I'd be open to
letting this go IF it being addressed elsewhere in some other manner.
427 North Tatnall Street
Wilmington, Delaware 19801-2230
Toll-free: (844) 4-AQORN-NOW ext. 101
International: +1 302-387-4660
Direct: +1 916-246-2072
On Thu, May 19, 2016 at 6:52 PM, Joseph Bajin <josephbajin at gmail.com> wrote:
> We have actually started to look at VPNaaS as a way to tie two different
> region's Tenant Networks together.. This will hopefully allow us to not
> have to look at users using too many Floating IPs to just support tools and
> products that have issues with Floating IPs.
> On Tue, May 10, 2016 at 4:18 AM, Matt Jarvis <
> matt.jarvis at datacentred.co.uk> wrote:
>> We see FWaaS generally being used by customers with larger deployments,
>> where they want overall firewall rules at the boundary as well as security
>> groups. Since my original post on this thread, I went to look at the
>> numbers - it's actually being used more widely than I originally thought on
>> our platform, including many of our largest customers.
>> On 10 May 2016 at 09:03, Mariano Cunietti <mcunietti at enter.it> wrote:
>>> Hi Kyle,
>>> > I know there are operators relying on these functions, particularly in
>>> > public cloud space in Europe, so this would impact those people. I
>>> also know
>>> > this list doesn't necessarily reach all of them either, so I will try
>>> > reach out by other means as well, but it would be very useful to try
>>> and get
>>> > a clearer picture of how many people are using VPNaaS and FWaaS. If
>>> you are,
>>> > could you please respond to this thread ?
>>> We are using VPNaaS and FWaaS on entercloudsuite.com, on Juno.
>>> With VPNaaS it basically works (or: works basically) but there are some
>>> issues with the configuration of MTU and some other server side
>>> configurations that drop some client connections. I can can provide more
>>> details if you want on a private thread.
>>> With FWaaS we are providing it but we also deprecate it; moreover, it’s
>>> generating a lot of confusion and overlap with Security Groups
>>> I'm actually really surprised that people are *using* FWaaS. It's been
>>> marked experimental for over 3 years now, and it only recently in
>>> Liberty received work which made it somewhat useful, which was the
>>> ability to apply a firewall on a specific Neutron router rather than
>>> all tenant routers. FWaaS in production sounds pretty risky to me, but
>>> I supposed that our fault for not being clear on it's readiness.
>>> Agree, but the words EXPERIMENTAL and NOT PRODUCTION READY are pretty
>>> visible in the documentation.
>>> So, not your fault at all
>>> > If we have metrics that a constituent part of the user community need
>>> > functions, then we can try and find a way to help the Neutron team to
>>> > the resourcing gaps.
>>> If people are using these, IMHO that's another reason to keep them
>>> around. I've already said that we have at least one large user of VPN,
>>> so that project will continue to be worked on even if it's removed
>>> from Neutron.
>>> Here’s what WE’D LOVE to have:
>>> - VPNaaS
>>> - IDS or some TAPaaS to redirect router traffic to a tenant’s
>>> instance (remember we all sell instances)
>>> - IPS, that is the ability not only to eavesdrop but also to drop
>>> traffic using Snort or better Suricata + ELK (
>>> - FWaaS meant as multiple firewall “flavors”. Lots of customers ask
>>> for PFSense or their own Linux/FreeBSD solution
>>> - Network analytics in general (with InfluxDB or Monasca)
>> DataCentred Limited registered in England and Wales no. 05611763
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-operators