<div dir="ltr">Hi, Srider.<div><br></div><div>Thanks for your reply. I still have a question about SG and FWaaS. VM's east-west traffic belongs to FWaaS or SG? What about VM's north-south traffic? </div><div><br></div><div>I think that VM's east-west traffic belongs to SG and the north-south traffic belongs to FWaaS, isn't it? :) </div><div><br></div><div><br></div><div>Thanks</div><div>Zhi Chang</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-12-20 1:45 GMT+08:00 Sridar Kandaswamy (skandasw) <span dir="ltr"><<a href="mailto:skandasw@cisco.com" target="_blank">skandasw@cisco.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">
<div>Hi Zhi:</div>
<div><br>
</div>
<div>FWaaS has been seen more as an edge (on L3 ports) use case as opposed to SG which is on a VM port. Also, as u can see there are differences in the attributes on the Rule specification at the most basic level. At this point, we are working thru the implementation
of FWaaS on L2 ports so that makes ur question more relevant. At least one school of thought that we have been working with is that the FWaaS API can be more open and continue to evolve to support for instance L4-L7 use cases amongst others, but the SG API
will continue to stay a simpler model (some have also pointed the need for SG to be aligned with AWS).</div>
<div><br>
</div>
<div>This is still in evolution and we would welcome participation, if u can - pls do drop in to our weekly team meeting [1] and we can discuss further. </div>
<div><br>
</div>
<div>Thanks</div>
<div><br>
</div>
<div>Sridar</div>
<div>[1] <a href="http://eavesdrop.openstack.org/#Firewall_as_a_Service_(FWaaS)_Team_Meeting" target="_blank">http://eavesdrop.<wbr>openstack.org/#Firewall_as_a_<wbr>Service_(FWaaS)_Team_Meeting</a></div>
<div><br>
</div>
<div><br>
</div>
<span id="m_2552921379837154678OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri;font-size:11pt;text-align:left;color:black;BORDER-BOTTOM:medium none;BORDER-LEFT:medium none;PADDING-BOTTOM:0in;PADDING-LEFT:0in;PADDING-RIGHT:0in;BORDER-TOP:#b5c4df 1pt solid;BORDER-RIGHT:medium none;PADDING-TOP:3pt">
<span style="font-weight:bold">From: </span>zhi <<a href="mailto:changzhi1990@gmail.com" target="_blank">changzhi1990@gmail.com</a>><br>
<span style="font-weight:bold">Reply-To: </span>OpenStack List <<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.<wbr>openstack.org</a>><br>
<span style="font-weight:bold">Date: </span>Sunday, December 18, 2016 at 7:36 PM<br>
<span style="font-weight:bold">To: </span>OpenStack List <<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.<wbr>openstack.org</a>><span class=""><br>
<span style="font-weight:bold">Subject: </span>Re: [openstack-dev] [neutron] Where will Neutron go in future?<br>
</span></div><div><div class="h5">
<div><br>
</div>
<div>
<div>
<div dir="ltr">Hi, Nate, thanks for your reply.
<div><br>
</div>
<div>May I ask a little stupid question? What's the difference between fwaas and security group? In my opinion, fwaas and security group are both using linux iptables now. So, what's the differences between them?</div>
<div><br>
</div>
<div>Thanks</div>
<div>Zhi Chang </div>
</div>
</div>
</div>
</div></div></span>
</div>
<br>______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.<wbr>openstack.org?subject:<wbr>unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack-dev</a><br>
<br></blockquote></div><br></div>