[openstack-dev] [neutron] Where will Neutron go in future?
changzhi1990 at gmail.com
Tue Dec 20 06:43:30 UTC 2016
Thanks for your reply. I still have a question about SG and FWaaS. VM's
east-west traffic belongs to FWaaS or SG? What about VM's north-south
I think that VM's east-west traffic belongs to SG and the north-south
traffic belongs to FWaaS, isn't it? :)
2016-12-20 1:45 GMT+08:00 Sridar Kandaswamy (skandasw) <skandasw at cisco.com>:
> Hi Zhi:
> FWaaS has been seen more as an edge (on L3 ports) use case as opposed to
> SG which is on a VM port. Also, as u can see there are differences in the
> attributes on the Rule specification at the most basic level. At this
> point, we are working thru the implementation of FWaaS on L2 ports so that
> makes ur question more relevant. At least one school of thought that we
> have been working with is that the FWaaS API can be more open and continue
> to evolve to support for instance L4-L7 use cases amongst others, but the
> SG API will continue to stay a simpler model (some have also pointed the
> need for SG to be aligned with AWS).
> This is still in evolution and we would welcome participation, if u can -
> pls do drop in to our weekly team meeting  and we can discuss further.
>  http://eavesdrop.openstack.org/#Firewall_as_a_
> From: zhi <changzhi1990 at gmail.com>
> Reply-To: OpenStack List <openstack-dev at lists.openstack.org>
> Date: Sunday, December 18, 2016 at 7:36 PM
> To: OpenStack List <openstack-dev at lists.openstack.org>
> Subject: Re: [openstack-dev] [neutron] Where will Neutron go in future?
> Hi, Nate, thanks for your reply.
> May I ask a little stupid question? What's the difference between fwaas
> and security group? In my opinion, fwaas and security group are both using
> linux iptables now. So, what's the differences between them?
> Zhi Chang
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev