neutron

[Neutron][Firewall] Extend FWaaS to provide DSCP filtering

Bug #1738738 reported by Reedip on 2017-12-18

8

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Won't Fix	Wishlist	Unassigned

Bug Description

Currently Firewall-as-a-Service provides filteration based on the protocol , Source and Destination Port and IP address.
However, there is a scope for implementing a deeper packet inspection , by implementing DSCP based filtering in FWaaS.

Intention of this bug is to submit a request for feature enhancement to include DSCP based filtering in the current Firewall implementation.

A similar proposal was pursued in [1]. This is a similar proposal in line with the Neutron's procedure for filing Feature Enhancements.

References:

[1]: https://blueprints.launchpad.net/neutron/+spec/neutron-fwaas-extension-dscp

Tags:

Reedip (reedip-banerjee-deactivatedaccount) on 2017-12-18

Changed in neutron:
assignee:	nobody → Reedip (reedip-banerjee)
tags:	added: fwaas

Revision history for this message

German Eichberger (german-eichberger) wrote on 2017-12-18:

#1

Having more L7 type filtering is definitely on the roadmap so this is a good feature.

Revision history for this message

Lujin Luo (luo-lujin) wrote on 2017-12-19:

#2

Is this a request for RFE? If so, could you please add [RFE] at the beginning of the title and bring it to Neuton team IRC meeting?

Revision history for this message

Reedip (reedip-banerjee-deactivatedaccount) wrote on 2017-12-19:

#3

Hi Lujin, this is probably an RFE, but I guess the Driver team would be best to comment on it, if it can be accepted as a feature or would be treated as a simple bug fix. Thats why I didnt put the [RFE} in the title yet.
I am waiting for one of the Driver Team core members to comment on this.
FWIW this is an RFE from FWaaS team

Slawek Kaplonski (slaweq) on 2017-12-19

tags:

added: rfe

Revision history for this message

YAMAMOTO Takashi (yamamoto) wrote on 2017-12-22:

#4

is fwaas v2 already stable? otherwise adding new features might not be a good idea for now.

Revision history for this message

Reedip (reedip-banerjee-deactivatedaccount) wrote on 2017-12-23:

#5

Point noted, but implementation would be at a later stage, if there is a spec required for it.

Miguel Lavalle (minsel) on 2018-01-18

Changed in neutron:
importance:	Undecided → Wishlist

Revision history for this message

Miguel Lavalle (minsel) wrote on 2018-01-25:

#6

The FWaaS team indicated recently in regards to another RFE that they consider the V2.0 API stable enough to start adding features. I will move this RFE to the confirmed stage, based on German's feedback above and will ask other FWaaS team members to chime in

tags:	added: rfe-confirmed
Changed in neutron:
status:	New → Confirmed

Revision history for this message

Sridar Kandaswamy (skandasw) wrote on 2018-02-05:

#7

Yes I am +1 on this as well, it is a common use case where DSCP marks are used to convey some information (for example a L4-L7 classification) and enabling some filtering on that is good. I did file [1] referenced in the description above with this intent. Now I think the API is at a point to start looking at this.

Miguel Lavalle (minsel) on 2018-02-16

tags:

added: rfe-triaged
removed: rfe-confirmed

Revision history for this message

Miguel Lavalle (minsel) wrote on 2018-03-22:

#8

This RFE is approved

tags:

added: rfe-approved
removed: rfe-triaged

Revision history for this message

Slawek Kaplonski (slaweq) wrote on 2020-03-24:

#9

Regarding current status of neutron-fwaas project I'm going to mark this one as won't fix for now.

Changed in neutron:
assignee:	Reedip (reedip-banerjee) → nobody
tags:	removed: rfe
Changed in neutron:
status:	Confirmed → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.