Firewall as a Service API 2.0
This bp introduces a few enhancements to Firewall as a Service (FWaaS) API including making it more granular by giving the users the ability to apply the firewall rules at the port level rather than at the router level. Support is extended to various types of Neutron ports, including VM ports and SFC ports as well as router ports. It also aims to provide better grouping mechanisms (security groups and service groups) and discuss the use of a common classifier in achieving it.
Blueprint information
- Status:
- Complete
- Approver:
- Sridar Kandaswamy
- Priority:
- Medium
- Drafter:
- Aishwarya Thangappa
- Direction:
- Approved
- Assignee:
- Sridar Kandaswamy
- Definition:
- Approved
- Series goal:
- Accepted for queens
- Implementation:
-
Implemented
- Milestone target:
-
queens-3
- Started by
- German Eichberger
- Completed by
- Akihiro Motoki
Related branches
Related bugs
Sprints
Whiteboard
COMPLETED L2 Support was the major outstanding item - this has been addressed in Queens. And additional misc features will be evaluated for use cases and addressed as separate blueprints or RFE (by xgerman or SridarK)
I marked this as Implemented based on the above and today's fwaas team meeting discussion -- amotoki, Feb 2, 2018
---
Feb-06-2016(armax): patches below still need merging.
* https:/
* https:/
* https:/
Jan-09-
1.) https:/
2.) https:/
3.) https:/
Dec-01-2016(armax): lots of progress on CLI, testing and docs, getting close to completion.
Sep-12-2016(armax): missing CLI, testing, docs, deferred to Oacata
(SridarK): We are running thru integration of the L3 pieces - we are definitely running behind - but targeting to get a basic flow end of the week to early next week.
Aug-8-2015(armax): nothing substantial [1] merged since the beginning of Newton and we are a few weeks from feature freeze. Nothing merged with the target topic [2]. It is increasingly likely this is going to be deferred.
[1] https:/
[2] https:/
Apr-4-2016(armax): To assess if it needs new owners (to be confirmed in the next few days). Some code available on:
Mar-3-2016(armax): Moved to Newton. Please ensure you re-submit spec if necessary.
Jan-18-
Jan-18-2016(armax): no major code nor documentation as of today. Changes of getting in Mitaka are getting slim. This was always a long shot anyway.
Dec-07-2015(armax): iterating on the spec, but consensus is close. some planning done. Non controversial work about to start.
Gerrit topic: https:/
Addressed by: https:/
FWaaS V2 Plugin
Addressed by: https:/
FWaaS v2 Database
Addressed by: https:/
FWaaS v2 L3 Agent Extension
Addressed by: https:/
The Iptables manager and firewall driver in Neutron must be enhanced for co-existence of SecurityGroup and FWaaS v2 APIs. This patch re-factors the IPTables driver for enabling FWaaS and SG chain to be interleaved preserving ordering of rules.
Addressed by: https:/
FwaaS v2 REST API
Addressed by: https:/
FWaaS v2 utilize L3 Agent Extension framework
Addressed by: https:/
Add support FWaaS v2 CRUD
Addressed by: https:/
[WIP] FWaaS v2 extension for L2 agent
Gerrit topic: https:/
Addressed by: https:/
FWaaS v2 Database rule insert/remove operations support
Addressed by: https:/
[WIP] FWaaS v2 driver for L2 ports
Addressed by: https:/
[WIP] FWaaS v2 Tempest API tests
Addressed by: https:/
[WIP] FWaaS v2 API reference
Addressed by: https:/
[WIP] Tempest Scenario tests for FWaaS V2
Gerrit topic: https:/
Gerrit topic: https:/
Addressed by: https:/
Update policy.json for FWaaS v2
Gerrit topic: https:/
Gerrit topic: https:/
Addressed by: https:/
[WIP] Apply default firewall group for port
Addressed by: https:/
FWaaS v2 Tempest API tests
Gerrit topic: https:/
Addressed by: https:/
Fix functional/tempest v2 failures
Addressed by: https:/
Tempest Scenario tests for FWaaS V2
Addressed by: https:/
[WIP] Add configurable option for default_
Addressed by: https:/
OVS based l2 Firewall driver for FWaaS v2
Gerrit topic: https:/
Gerrit topic: https:/
Gerrit topic: https:/
Addressed by: https:/
Add reno for "OVS based l2 Firewall driver for FWaaS v2"
