x
/
fuel-plugin-neutron-fwaas
Code Issues Proposed changes

Blueprint: support-fwaas-in-mos 

- Implement FUEL plugins for FWaaS functionality in MOS

Implements blueprint: support-fwaas-in-mos

Change-Id: Ibc17a4fcc8e696683defd186fda8dd207bc6b271
This commit is contained in:
Andrey Epifanov 2015-02-02 22:39:38 +03:00
parent 27fd0aeb58
commit 104621117b
1 changed files with 135 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
specs/fuel-plugin-fwaas.rst Normal file
View File

@ -0,0 +1,135 @@
===============================================
Fuel plugin for FWaaS functionality in Neutron
===============================================
https://blueprints.launchpad.net/fuel/+spec/support-fwaas-in-mos
FWaaS (FireWall-as-a-Service) is Neutron extension that introduces firewall
feature set.
Neutron FwaaS provides a cloud-centric abstractions for a security feature
set spanning traditional L2/L3 firewalls to richer application-aware
next-generation firewalls.
This plugin uses IPTables driver.
Problem description
===================
FWaaS is a very popular and useful feature, which controls the incoming and
outgoing network traffic based on an applied rule set. A firewall establishes
a barrier between a trusted, secure internal network and another network
(e.g., the Internet) that is assumed not to be secure and trusted. Today
it is a neccesary functionality for the using OpenStack in production.
Proposed change
===============
Implement FUEL plugin which will configure FWaaS functionality in Neutron
and Horizon.
Alternatives
------------
It also might be implemented as a part of FUEL core, but we decided to make
it as a plugin for several reasons:
* Community decided to separate FWaaS and other aaS services into their own
project(repo), so we would do it the same way.
* Another reason is that any new additional functionality makes a project and
testing more difficult, which is an additional risk for the FUEL release.
Data model impact
-----------------
None
REST API impact
---------------
None
Upgrade impact
--------------
None
Security impact
---------------
None
Notifications impact
--------------------
None
Other end user impact
---------------------
None
Performance Impact
------------------
None
Other deployer impact
---------------------
None
Developer impact
----------------
None
Implementation
==============
Assignee(s)
-----------
Primary assignee:
Feature Lead: Andrey Epifanov
Mandatory Design Reviewers: Stanislaw Bogatkin, Sergey Kolekonov,
Sergey Vasilenko
Developers: Andrey Epifanov
QA: Timur Nurlygayanov
Work Items
----------
* Implement FUEL plugin.
* Implement puppet manifests.
* Testing.
* Write documentation.
Dependencies
============
* FUEL 6.0 and higher.
Testing
=======
* Prepare a test plan.
* Test deployment with activated plugin for all FUEL deployment modes.
* Test FWaaS functionality as well:
https://wiki.openstack.org/wiki/Quantum/FWaaS/Testing
* Integration tests with other OpenStack components and Neutron plugins.
Documentation Impact
====================
* Deployment Guide (how to prepare an env for installation, how to install
the plugin, how to deploy OpenStack env with the plugin).
* User Guide (which features the plugin provides, how to use them in the
deployed OS env).
* Test Plan.
* Test Report.
References
==========
* https://wiki.openstack.org/wiki/Neutron/FWaaS
* https://wiki.openstack.org/wiki/Neutron/FWaaS/HowToInstall
* https://wiki.openstack.org/wiki/Quantum/FWaaS/Testing