Jump to: navigation, search

Difference between revisions of "Neutron/FWaaS/HavanaPlan"

< Neutron‎ | FWaaS
 
(18 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
==== Neutron FWaaS Havana ====
 +
The following is the proposed plan/schedule for design and implementation of the Firewall As A Service feature in OpenStack Networking for the Havana release. While our long term goal for FWaaS is to make it very feature rich, we will follow a pragmatic path - develop in iterations, and deliver a basic experimental reference implementation that will allow us to evaluate the API, resource model and usability of this feature. This will allow us to gather feedback, and make enhancements if required.
  
The following is the proposed plan/schedule for design and implementation of the Firewall As A Service feature in OpenStack Networking for the Havana release. While our long term goal for FWaaS is to make it very feature rich, we will follow a pragmatic path - develop in iterations, and deliver a basic experimental reference implementation that will allow us to evaluate the API, resource model and usability of this feature. This will allow us to gather feedback, and make enhancements if required.
+
===== Community Blueprints =====
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 8: Line 10:
 
| API, Resource and DB Models || https://blueprints.launchpad.net/quantum/+spec/quantum-fwaas || H2 (merged in H3)
 
| API, Resource and DB Models || https://blueprints.launchpad.net/quantum/+spec/quantum-fwaas || H2 (merged in H3)
 
|-
 
|-
| FW Service Plugin || https://blueprints.launchpad.net/quantum/+spec/quantum-fwaas-plugin || H2
+
| FW Service Plugin || https://blueprints.launchpad.net/quantum/+spec/quantum-fwaas-plugin || H2 (merged in H3)
 +
|-
 +
| FW Agent || https://blueprints.launchpad.net/quantum/+spec/quantum-fwaas-agent || H2 (merged in H3)
 
|-
 
|-
| FW Agent || https://blueprints.launchpad.net/quantum/+spec/quantum-fwaas-agent || H2
+
| FW Driver || https://blueprints.launchpad.net/quantum/+spec/quantum-fwaas-iptables-driver || H2 (merged in H3)
 
|-
 
|-
| FW Driver || https://blueprints.launchpad.net/quantum/+spec/quantum-fwaas-iptables-driver || H2
+
| Client library & CLI || https://blueprints.launchpad.net/python-quantumclient/+spec/fwaas-client-cli || H2 (merged in H3)
 
|-
 
|-
| Client library & CLI || https://blueprints.launchpad.net/python-quantumclient/+spec/fwaas-client-cli || H2
+
| Horizon || https://blueprints.launchpad.net/horizon/+spec/fwaas-horizon || H3 (merged in H3)
 
|-
 
|-
| Horizon || https://blueprints.launchpad.net/horizon/+spec/fwaas-horizon || H3
+
| Devstack || https://blueprints.launchpad.net/devstack/+spec/quantum-fwaas-devstack || H3 (merged in H3)
 
|-
 
|-
| Devstack || https://blueprints.launchpad.net/devstack/+spec/quantum-fwaas-devstack || H3
+
| Admin guide || Admin guide: https://blueprints.launchpad.net/openstack-manuals/+spec/neutron-fwaas-deployment || H3 (merged)
 
|-
 
|-
| Documentation || Admin guide: https://blueprints.launchpad.net/openstack-manuals/+spec/neutron-fwaas-deployment, API:  || H3
+
| API doc || API: https://bugs.launchpad.net/openstack-api-site/+bug/1203864 || H3 (merged)
 
|-
 
|-
| Heat || https://blueprints.launchpad.net/heat/+spec/fwaas-heat || H3 (stretch goal)
+
| <strike>Explicit Commit for firewall API</strike> || <strike>https://blueprints.launchpad.net/neutron/+spec/neutron-fwaas-explicit-commit</strike> || <strike>H3</strike> I release
 +
|-
 +
| <strike>Explicit Commit for firewall CLI</strike> || <strike>https://blueprints.launchpad.net/python-neutronclient/+spec/fwaas-commit-operation</strike> || <strike>H3</strike> I release
 +
|-
 +
| Heat || https://blueprints.launchpad.net/heat/+spec/fwaas-heat || H3 (merged in H3)
 
|}
 
|}
  
 
===== Reference Implementation =====
 
===== Reference Implementation =====
The current plan is to provide an Iptables (possibly using Ipsets) based reference backend implementation to realize the firewall rules. The Iptables configuration will be realized by an angent-driver combination that will program the Iptables rules on a gateway host. This agent will most likely be collocated with the L3 agent (possibly leveraged as a mixin class).
+
The current plan is to provide an Iptables (possibly using Ipsets) based reference backend implementation to realize the firewall rules. The Iptables configuration will be realized by an agent-driver combination that will program the Iptables rules on a gateway host. This agent will most likely be collocated with the L3 agent (possibly leveraged as a mixin class).
  
 
===== Firewall Mode =====
 
===== Firewall Mode =====
 
Based on the above deployment configuration, this reference implementation will serve as a perimeter firewall. In the future, we will extend this with firewall drivers that will allow us to demonstrate the firewall deployment in other modes (e.g. L2, bump-in-the-wire).
 
Based on the above deployment configuration, this reference implementation will serve as a perimeter firewall. In the future, we will extend this with firewall drivers that will allow us to demonstrate the firewall deployment in other modes (e.g. L2, bump-in-the-wire).
 +
 +
===== Vendor Blueprints =====
 +
{| class="wikitable"
 +
|-
 +
! Task !! Blueprint !! Milestone
 +
|-
 +
| vArmour Agent/Driver || https://blueprints.launchpad.net/neutron/+spec/varmour-fwaas-driver || H3 (merged)
 +
|-
 +
| NVP FWaaS Plugin || https://blueprints.launchpad.net/neutron/+spec/nvp-fwaas-plugin || H3 (merged)
 +
|}
 +
 +
===== Bugs =====
 +
 +
;Neutron: https://bugs.launchpad.net/neutron/+bugs?field.tag=fwaas
 +
;Neutron Client: https://bugs.launchpad.net/python-neutronclient/+bugs?field.tag=fwaas
 +
;Horizon: https://bugs.launchpad.net/horizon/+bugs?field.tag=fwaas
 +
;Heat: https://bugs.launchpad.net/heat/+bugs?field.tag=fwaas

Latest revision as of 07:45, 11 November 2013

Neutron FWaaS Havana

The following is the proposed plan/schedule for design and implementation of the Firewall As A Service feature in OpenStack Networking for the Havana release. While our long term goal for FWaaS is to make it very feature rich, we will follow a pragmatic path - develop in iterations, and deliver a basic experimental reference implementation that will allow us to evaluate the API, resource model and usability of this feature. This will allow us to gather feedback, and make enhancements if required.

Community Blueprints
Task Blueprint Milestone
API, Resource and DB Models https://blueprints.launchpad.net/quantum/+spec/quantum-fwaas H2 (merged in H3)
FW Service Plugin https://blueprints.launchpad.net/quantum/+spec/quantum-fwaas-plugin H2 (merged in H3)
FW Agent https://blueprints.launchpad.net/quantum/+spec/quantum-fwaas-agent H2 (merged in H3)
FW Driver https://blueprints.launchpad.net/quantum/+spec/quantum-fwaas-iptables-driver H2 (merged in H3)
Client library & CLI https://blueprints.launchpad.net/python-quantumclient/+spec/fwaas-client-cli H2 (merged in H3)
Horizon https://blueprints.launchpad.net/horizon/+spec/fwaas-horizon H3 (merged in H3)
Devstack https://blueprints.launchpad.net/devstack/+spec/quantum-fwaas-devstack H3 (merged in H3)
Admin guide Admin guide: https://blueprints.launchpad.net/openstack-manuals/+spec/neutron-fwaas-deployment H3 (merged)
API doc API: https://bugs.launchpad.net/openstack-api-site/+bug/1203864 H3 (merged)
Explicit Commit for firewall API https://blueprints.launchpad.net/neutron/+spec/neutron-fwaas-explicit-commit H3 I release
Explicit Commit for firewall CLI https://blueprints.launchpad.net/python-neutronclient/+spec/fwaas-commit-operation H3 I release
Heat https://blueprints.launchpad.net/heat/+spec/fwaas-heat H3 (merged in H3)
Reference Implementation

The current plan is to provide an Iptables (possibly using Ipsets) based reference backend implementation to realize the firewall rules. The Iptables configuration will be realized by an agent-driver combination that will program the Iptables rules on a gateway host. This agent will most likely be collocated with the L3 agent (possibly leveraged as a mixin class).

Firewall Mode

Based on the above deployment configuration, this reference implementation will serve as a perimeter firewall. In the future, we will extend this with firewall drivers that will allow us to demonstrate the firewall deployment in other modes (e.g. L2, bump-in-the-wire).

Vendor Blueprints
Task Blueprint Milestone
vArmour Agent/Driver https://blueprints.launchpad.net/neutron/+spec/varmour-fwaas-driver H3 (merged)
NVP FWaaS Plugin https://blueprints.launchpad.net/neutron/+spec/nvp-fwaas-plugin H3 (merged)
Bugs
Neutron
https://bugs.launchpad.net/neutron/+bugs?field.tag=fwaas
Neutron Client
https://bugs.launchpad.net/python-neutronclient/+bugs?field.tag=fwaas
Horizon
https://bugs.launchpad.net/horizon/+bugs?field.tag=fwaas
Heat
https://bugs.launchpad.net/heat/+bugs?field.tag=fwaas