From 104621117b2c8ffdfd2e4146162f5227cb89c6a4 Mon Sep 17 00:00:00 2001 From: Andrey Epifanov Date: Mon, 2 Feb 2015 22:39:38 +0300 Subject: [PATCH] Blueprint: support-fwaas-in-mos - Implement FUEL plugins for FWaaS functionality in MOS Implements blueprint: support-fwaas-in-mos Change-Id: Ibc17a4fcc8e696683defd186fda8dd207bc6b271 --- specs/fuel-plugin-fwaas.rst | 135 ++++++++++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) create mode 100644 specs/fuel-plugin-fwaas.rst diff --git a/specs/fuel-plugin-fwaas.rst b/specs/fuel-plugin-fwaas.rst new file mode 100644 index 0000000..b604a0d --- /dev/null +++ b/specs/fuel-plugin-fwaas.rst @@ -0,0 +1,135 @@ +=============================================== +Fuel plugin for FWaaS functionality in Neutron +=============================================== + +https://blueprints.launchpad.net/fuel/+spec/support-fwaas-in-mos + +FWaaS (FireWall-as-a-Service) is Neutron extension that introduces firewall +feature set. +Neutron FwaaS provides a cloud-centric abstractions for a security feature +set spanning traditional L2/L3 firewalls to richer application-aware +next-generation firewalls. +This plugin uses IPTables driver. + +Problem description +=================== + +FWaaS is a very popular and useful feature, which controls the incoming and +outgoing network traffic based on an applied rule set. A firewall establishes +a barrier between a trusted, secure internal network and another network +(e.g., the Internet) that is assumed not to be secure and trusted. Today +it is a neccesary functionality for the using OpenStack in production. + +Proposed change +=============== + +Implement FUEL plugin which will configure FWaaS functionality in Neutron +and Horizon. + +Alternatives +------------ + +It also might be implemented as a part of FUEL core, but we decided to make +it as a plugin for several reasons: +* Community decided to separate FWaaS and other aaS services into their own + project(repo), so we would do it the same way. +* Another reason is that any new additional functionality makes a project and + testing more difficult, which is an additional risk for the FUEL release. + +Data model impact +----------------- + +None + +REST API impact +--------------- + +None + +Upgrade impact +-------------- + +None + +Security impact +--------------- + +None + +Notifications impact +-------------------- + +None + +Other end user impact +--------------------- + +None + +Performance Impact +------------------ + +None + +Other deployer impact +--------------------- + +None + +Developer impact +---------------- + +None + +Implementation +============== + +Assignee(s) +----------- + +Primary assignee: + +Feature Lead: Andrey Epifanov +Mandatory Design Reviewers: Stanislaw Bogatkin, Sergey Kolekonov, +Sergey Vasilenko +Developers: Andrey Epifanov +QA: Timur Nurlygayanov + +Work Items +---------- + +* Implement FUEL plugin. +* Implement puppet manifests. +* Testing. +* Write documentation. + +Dependencies +============ + +* FUEL 6.0 and higher. + +Testing +======= + +* Prepare a test plan. +* Test deployment with activated plugin for all FUEL deployment modes. +* Test FWaaS functionality as well: + https://wiki.openstack.org/wiki/Quantum/FWaaS/Testing +* Integration tests with other OpenStack components and Neutron plugins. + +Documentation Impact +==================== + +* Deployment Guide (how to prepare an env for installation, how to install + the plugin, how to deploy OpenStack env with the plugin). +* User Guide (which features the plugin provides, how to use them in the + deployed OS env). +* Test Plan. +* Test Report. + +References +========== + +* https://wiki.openstack.org/wiki/Neutron/FWaaS +* https://wiki.openstack.org/wiki/Neutron/FWaaS/HowToInstall +* https://wiki.openstack.org/wiki/Quantum/FWaaS/Testing