[Openstack-operators] VPNaaS and FWaaS
Adam Lawson
alawson at aqorn.com
Fri May 20 05:21:37 UTC 2016
We don't use FWaaS but we certainly are interested in LBaaS and VPNaaS.
Chalk us up to a vendor trying to implement these. VPNaaS is huge as it
allows customers to non-disruptively attach their organizations to a public
cloud with the same IP space as is the case with AWS. I'd be open to
letting this go IF it being addressed elsewhere in some other manner.
//adam
*Adam Lawson*
AQORN, Inc.
427 North Tatnall Street
Ste. 58461
Wilmington, Delaware 19801-2230
Toll-free: (844) 4-AQORN-NOW ext. 101
International: +1 302-387-4660
Direct: +1 916-246-2072
On Thu, May 19, 2016 at 6:52 PM, Joseph Bajin <josephbajin at gmail.com> wrote:
> We have actually started to look at VPNaaS as a way to tie two different
> region's Tenant Networks together.. This will hopefully allow us to not
> have to look at users using too many Floating IPs to just support tools and
> products that have issues with Floating IPs.
>
> On Tue, May 10, 2016 at 4:18 AM, Matt Jarvis <
> matt.jarvis at datacentred.co.uk> wrote:
>
>> We see FWaaS generally being used by customers with larger deployments,
>> where they want overall firewall rules at the boundary as well as security
>> groups. Since my original post on this thread, I went to look at the
>> numbers - it's actually being used more widely than I originally thought on
>> our platform, including many of our largest customers.
>>
>> On 10 May 2016 at 09:03, Mariano Cunietti <mcunietti at enter.it> wrote:
>>
>>> Hi Kyle,
>>>
>>> > I know there are operators relying on these functions, particularly in
>>> the
>>> > public cloud space in Europe, so this would impact those people. I
>>> also know
>>> > this list doesn't necessarily reach all of them either, so I will try
>>> and
>>> > reach out by other means as well, but it would be very useful to try
>>> and get
>>> > a clearer picture of how many people are using VPNaaS and FWaaS. If
>>> you are,
>>> > could you please respond to this thread ?
>>>
>>>
>>> We are using VPNaaS and FWaaS on entercloudsuite.com, on Juno.
>>> With VPNaaS it basically works (or: works basically) but there are some
>>> issues with the configuration of MTU and some other server side
>>> configurations that drop some client connections. I can can provide more
>>> details if you want on a private thread.
>>> With FWaaS we are providing it but we also deprecate it; moreover, it’s
>>> generating a lot of confusion and overlap with Security Groups
>>>
>>>
>>> >
>>> I'm actually really surprised that people are *using* FWaaS. It's been
>>> marked experimental for over 3 years now, and it only recently in
>>> Liberty received work which made it somewhat useful, which was the
>>> ability to apply a firewall on a specific Neutron router rather than
>>> all tenant routers. FWaaS in production sounds pretty risky to me, but
>>> I supposed that our fault for not being clear on it's readiness.
>>>
>>>
>>> Agree, but the words EXPERIMENTAL and NOT PRODUCTION READY are pretty
>>> visible in the documentation.
>>> So, not your fault at all
>>>
>>>
>>> > If we have metrics that a constituent part of the user community need
>>> these
>>> > functions, then we can try and find a way to help the Neutron team to
>>> cover
>>> > the resourcing gaps.
>>> >
>>> If people are using these, IMHO that's another reason to keep them
>>> around. I've already said that we have at least one large user of VPN,
>>> so that project will continue to be worked on even if it's removed
>>> from Neutron.
>>>
>>>
>>> Here’s what WE’D LOVE to have:
>>>
>>> - VPNaaS
>>> - IDS or some TAPaaS to redirect router traffic to a tenant’s
>>> instance (remember we all sell instances)
>>> - IPS, that is the ability not only to eavesdrop but also to drop
>>> traffic using Snort or better Suricata + ELK (
>>> https://github.com/StamusNetworks/SELKS/blob/master/README.rst)
>>> - FWaaS meant as multiple firewall “flavors”. Lots of customers ask
>>> for PFSense or their own Linux/FreeBSD solution
>>> - Network analytics in general (with InfluxDB or Monasca)
>>>
>>> Thanks
>>>
>>> Mariano
>>>
>>>
>>>
>>
>> DataCentred Limited registered in England and Wales no. 05611763
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160519/4604c6e7/attachment.html>
More information about the OpenStack-operators
mailing list