We don't use FWaaS but we certainly are interested in LBaaS and VPNaaS. Chalk us up to a vendor trying to implement these. VPNaaS is huge as it allows customers to non-disruptively attach their organizations to a public cloud with the same IP space as is the case with AWS. I'd be open to letting this go IF it being addressed elsewhere in some other manner.
//adam *Adam Lawson* AQORN, Inc. 427 North Tatnall Street Ste. 58461 Wilmington, Delaware 19801-2230 Toll-free: (844) 4-AQORN-NOW ext. 101 International: +1 302-387-4660 Direct: +1 916-246-2072 On Thu, May 19, 2016 at 6:52 PM, Joseph Bajin <josephba...@gmail.com> wrote: > We have actually started to look at VPNaaS as a way to tie two different > region's Tenant Networks together.. This will hopefully allow us to not > have to look at users using too many Floating IPs to just support tools and > products that have issues with Floating IPs. > > On Tue, May 10, 2016 at 4:18 AM, Matt Jarvis < > matt.jar...@datacentred.co.uk> wrote: > >> We see FWaaS generally being used by customers with larger deployments, >> where they want overall firewall rules at the boundary as well as security >> groups. Since my original post on this thread, I went to look at the >> numbers - it's actually being used more widely than I originally thought on >> our platform, including many of our largest customers. >> >> On 10 May 2016 at 09:03, Mariano Cunietti <mcunie...@enter.it> wrote: >> >>> Hi Kyle, >>> >>> > I know there are operators relying on these functions, particularly in >>> the >>> > public cloud space in Europe, so this would impact those people. I >>> also know >>> > this list doesn't necessarily reach all of them either, so I will try >>> and >>> > reach out by other means as well, but it would be very useful to try >>> and get >>> > a clearer picture of how many people are using VPNaaS and FWaaS. If >>> you are, >>> > could you please respond to this thread ? >>> >>> >>> We are using VPNaaS and FWaaS on entercloudsuite.com, on Juno. >>> With VPNaaS it basically works (or: works basically) but there are some >>> issues with the configuration of MTU and some other server side >>> configurations that drop some client connections. I can can provide more >>> details if you want on a private thread. >>> With FWaaS we are providing it but we also deprecate it; moreover, it’s >>> generating a lot of confusion and overlap with Security Groups >>> >>> >>> > >>> I'm actually really surprised that people are *using* FWaaS. It's been >>> marked experimental for over 3 years now, and it only recently in >>> Liberty received work which made it somewhat useful, which was the >>> ability to apply a firewall on a specific Neutron router rather than >>> all tenant routers. FWaaS in production sounds pretty risky to me, but >>> I supposed that our fault for not being clear on it's readiness. >>> >>> >>> Agree, but the words EXPERIMENTAL and NOT PRODUCTION READY are pretty >>> visible in the documentation. >>> So, not your fault at all >>> >>> >>> > If we have metrics that a constituent part of the user community need >>> these >>> > functions, then we can try and find a way to help the Neutron team to >>> cover >>> > the resourcing gaps. >>> > >>> If people are using these, IMHO that's another reason to keep them >>> around. I've already said that we have at least one large user of VPN, >>> so that project will continue to be worked on even if it's removed >>> from Neutron. >>> >>> >>> Here’s what WE’D LOVE to have: >>> >>> - VPNaaS >>> - IDS or some TAPaaS to redirect router traffic to a tenant’s >>> instance (remember we all sell instances) >>> - IPS, that is the ability not only to eavesdrop but also to drop >>> traffic using Snort or better Suricata + ELK ( >>> https://github.com/StamusNetworks/SELKS/blob/master/README.rst) >>> - FWaaS meant as multiple firewall “flavors”. Lots of customers ask >>> for PFSense or their own Linux/FreeBSD solution >>> - Network analytics in general (with InfluxDB or Monasca) >>> >>> Thanks >>> >>> Mariano >>> >>> >>> >> >> DataCentred Limited registered in England and Wales no. 05611763 >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > >
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
