[openstack-dev] [neutron] Where will Neutron go in future?

zhi changzhi1990 at gmail.com
Tue Dec 20 06:43:30 UTC 2016

Hi, Srider.

Thanks for your reply. I still have a question about SG and FWaaS. VM's
east-west traffic belongs to FWaaS or SG? What about VM's north-south

I think that VM's east-west traffic belongs to SG and the north-south
traffic belongs to FWaaS, isn't it? :)

Zhi Chang

2016-12-20 1:45 GMT+08:00 Sridar Kandaswamy (skandasw) <skandasw at cisco.com>:

> Hi Zhi:
> FWaaS has been seen more as an edge (on L3 ports) use case as opposed to
> SG which is on a VM port. Also, as u can see there are differences in the
> attributes on the Rule specification at the most basic level. At this
> point, we are working thru the implementation of FWaaS on L2 ports so that
> makes ur question more relevant. At least one school of thought that we
> have been working with is that the FWaaS API can be more open and continue
> to evolve to support for instance L4-L7 use cases amongst others, but the
> SG API will continue to stay a simpler model (some have also pointed the
> need for SG to be aligned with AWS).
> This is still in evolution and we would welcome participation, if u can -
> pls do drop in to our weekly team meeting [1] and we can discuss further.
> Thanks
> Sridar
> [1] http://eavesdrop.openstack.org/#Firewall_as_a_
> Service_(FWaaS)_Team_Meeting
> From: zhi <changzhi1990 at gmail.com>
> Reply-To: OpenStack List <openstack-dev at lists.openstack.org>
> Date: Sunday, December 18, 2016 at 7:36 PM
> To: OpenStack List <openstack-dev at lists.openstack.org>
> Subject: Re: [openstack-dev] [neutron] Where will Neutron go in future?
> Hi, Nate, thanks for your reply.
> May I ask a little stupid question? What's the difference between fwaas
> and security group? In my opinion, fwaas and security group are both using
> linux iptables now. So, what's the differences between them?
> Thanks
> Zhi Chang
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161220/e22f45ff/attachment.html>

More information about the OpenStack-dev mailing list