<div dir="ltr">I believe people would like to define the zone based on the router port (corresponding to that router's interface). The zone definition at port-level granularity allows one to do that.<div><br></div><div>
I think your other question is answered as well (firewall will be supported on particular routers).</div><div><br></div><div>Thanks,</div><div>~Sumit.<br><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Oct 28, 2013 at 7:12 PM, <span dir="ltr"><<a href="mailto:fank@vmware.com" target="_blank">fank@vmware.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-size:12pt;font-family:times new roman,new york,times,serif"><p>My mainly concern is using neutron port for zones may cause confusion/misconfig while you can have two ports connected to same network/subnet in different zone. Using network, or subnet (in the form of network/subnet uuid), on the other hand, is more general and can still be mapped to any interface that has port in those network/subnet.</p>
<p><span style="font-size:12pt">Also, which "ports" we're talking about here? Router's port (but a Firewall doesn't necessary associate with a router in current model)? Firewall's ports (does Firewall even have ports now? In addition, this means we're not able to create a rule with zones before a Firewall is created)? Definitely not VM's port....</span></p>
<p><span style="font-size:12pt">Thanks,</span></p><p><span style="font-size:12pt">-Kaiwei</span></p><div><br></div><div><br></div><hr><div style="font-size:12pt;font-style:normal;font-family:Helvetica,Arial,sans-serif;text-decoration:none;font-weight:normal">
<b>From: </b>"Rajesh Mohan" <<a href="mailto:rajesh.mlists@gmail.com" target="_blank">rajesh.mlists@gmail.com</a>><br><b>To: </b>"OpenStack Development Mailing List" <<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.org</a>><br>
<b>Sent: </b>Thursday, October 24, 2013 2:48:39 PM<br><b>Subject: </b>Re: [openstack-dev] [Neutron] FWaaS IceHouse summit prep and IRC meeting<br><div><br></div><div dir="ltr">This is good discussion.<div><br></div>
<div>+1 for using Neutron ports for defining zones. I see Kaiwei's point but for DELL, neutron ports makes more sense.</div><div><br></div><div>I am not sure if I completely understood the bump-in-the-wire/zone discussion. DELL security appliance allows using different zones with bump-in-the-wire. If the firewall is inserted in bump-in-the-wire mode between router and LAN hosts, then it does makes sense to apply different zones on ports connected to LAN and Router. The there are cases where the end-users apply same zones on both sides but this is a decision we should leave to end customers. We should allow configuring zones in bump-in-the-wire mode as well.</div>
<div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div><br></div><div class="gmail_quote">On Wed, Oct 23, 2013 at 12:08 PM, Sumit Naiksatam <span dir="ltr"><<a href="mailto:sumitnaiksatam@gmail.com" target="_blank">sumitnaiksatam@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Log from today's meeting:<div>
<p><span><a href="http://eavesdrop.openstack.org/meetings/networking_fwaas/2013/networking_fwaas.2013-10-23-18.02.log.html" target="_blank">http://eavesdrop.openstack.org/meetings/networking_fwaas/2013/networking_fwaas.2013-10-23-18.02.log.html</a></span></p>
</div><div><br></div><div>Action items for some of the folks included.</div><div><br></div><div>Please join us for the meeting next week.</div><div><div class="gmail_extra"><br>Thanks,</div><div class="gmail_extra">~Sumit.</div>
<div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 22, 2013 at 2:00 PM, Sumit Naiksatam <span dir="ltr"><<a href="mailto:sumitnaiksatam@gmail.com" target="_blank">sumitnaiksatam@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Reminder - we will have the Neutron FWaaS IRC meeting tomorrow <span style="font-family:arial,sans-serif;font-size:13px">Wednesday 18:00 UTC (11 AM PDT).</span><div>
<span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div><div><span style="font-family:arial,sans-serif;font-size:13px">Agenda:</span></div><div><span style="font-family:arial,sans-serif;font-size:13px">* Tempest tests</span></div><div><span style="font-family:arial,sans-serif;font-size:13px">* Definition and use of zones</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px">* Address Objects</span></div><div><span style="font-family:arial,sans-serif;font-size:13px">* Counts API</span></div><div><span style="font-family:arial,sans-serif;font-size:13px">* Service Objects</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px">* Integration with service type framework</span></div><div><span style="font-family:arial,sans-serif;font-size:13px">* Open discussion - any other topics you would like to bring up for discussion during the summit.</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span face="arial, sans-serif" style="font-family:arial,sans-serif"><a href="https://wiki.openstack.org/wiki/Meetings/FWaaS" target="_blank">https://wiki.openstack.org/wiki/Meetings/FWaaS</a></span><br>
</div><div><span face="arial, sans-serif" style="font-family:arial,sans-serif"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:13px">Thanks,</span></div><div><span style="font-family:arial,sans-serif;font-size:13px">~Sumit.</span></div>
</div><div class="gmail_extra"><br><div><br></div><div class="gmail_quote">On Sun, Oct 13, 2013 at 1:56 PM, Sumit Naiksatam <span dir="ltr"><<a href="mailto:sumitnaiksatam@gmail.com" target="_blank">sumitnaiksatam@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Hi All,<div><br></div><div>For the next of phase of FWaaS development we will be considering a number of features. I am proposing an IRC meeting on Oct 16th Wednesday 18:00 UTC (11 AM PDT) to discuss this.</div>
<div><br></div><div>The etherpad for the summit session proposal is here:</div><div><a href="https://etherpad.openstack.org/p/icehouse-neutron-fwaas" target="_blank">https://etherpad.openstack.org/p/icehouse-neutron-fwaas</a><br>
</div><div>
<br></div><div>and has a high level list of features under consideration.</div><div><br>Thanks,</div><div>~Sumit.</div><div><br></div><div> </div></div>
</blockquote></div><br></div>
</blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>OpenStack-dev mailing list<br><a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</div><div><br></div></div></div><br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div></div></div>