[openstack-dev] [Neutron] FWaaS IceHouse summit prep and IRC meeting

Harshad Nakil hnakil at contrailsystems.com
Fri Oct 25 15:32:04 UTC 2013


Bump in wire service can be within network (intra network) as you suggest
OR between network ( inter network ).
Advantage of bump in wire is one does not need networking config inside the
service.
Inter network bump in wire service is analogous to having service inserted
on link between  two routers without the routers knowing about it.

Regards
-Harshad


On Oct 24, 2013, at 10:22 PM, Sumit Naiksatam <sumitnaiksatam at gmail.com>
wrote:

The bump-in-the-wire mode we were referring to here is the one where the
firewall has both legs on the same subnet/network. The point that was
trying to be made was that applying zones in that case would not make as
much sense. At this point there is no proposal though to validate and
restrict this particular case, or for that matter any combination of ports
for the zone. If anyone has suggestions on what criteria to use to restrict
the port membership for zones, we can definitely discuss it, but there is
none on the table at the moment.

Thanks,
~Sumit.


On Thu, Oct 24, 2013 at 2:48 PM, Rajesh Mohan <rajesh.mlists at gmail.com>wrote:

> This is good discussion.
>
> +1 for using Neutron ports for defining zones. I see Kaiwei's point but
> for DELL, neutron ports makes more sense.
>
> I am not sure if I completely understood the bump-in-the-wire/zone
> discussion. DELL security appliance allows using different zones with
> bump-in-the-wire. If the firewall is inserted in bump-in-the-wire mode
> between router and LAN hosts, then it does makes sense to apply different
> zones on ports connected to LAN and Router. The there are cases where the
> end-users apply same zones on both sides but this is a decision we should
> leave to end customers. We should allow configuring zones in
> bump-in-the-wire mode as well.
>
>
>
>
>
> On Wed, Oct 23, 2013 at 12:08 PM, Sumit Naiksatam <
> sumitnaiksatam at gmail.com> wrote:
>
>> Log from today's meeting:
>>
>>
>> http://eavesdrop.openstack.org/meetings/networking_fwaas/2013/networking_fwaas.2013-10-23-18.02.log.html
>>
>> Action items for some of the folks included.
>>
>> Please join us for the meeting next week.
>>
>> Thanks,
>> ~Sumit.
>>
>> On Tue, Oct 22, 2013 at 2:00 PM, Sumit Naiksatam <
>> sumitnaiksatam at gmail.com> wrote:
>>
>>> Reminder - we will have the Neutron FWaaS IRC meeting tomorrow Wednesday
>>> 18:00 UTC (11 AM PDT).
>>>
>>> Agenda:
>>> * Tempest tests
>>> * Definition and use of zones
>>> * Address Objects
>>> * Counts API
>>> * Service Objects
>>> * Integration with service type framework
>>> * Open discussion - any other topics you would like to bring up for
>>> discussion during the summit.
>>>
>>> https://wiki.openstack.org/wiki/Meetings/FWaaS
>>>
>>> Thanks,
>>> ~Sumit.
>>>
>>>
>>> On Sun, Oct 13, 2013 at 1:56 PM, Sumit Naiksatam <
>>> sumitnaiksatam at gmail.com> wrote:
>>>
>>>> Hi All,
>>>>
>>>> For the next of phase of FWaaS development we will be considering a
>>>> number of features. I am proposing an IRC meeting on Oct 16th Wednesday
>>>> 18:00 UTC (11 AM PDT) to discuss this.
>>>>
>>>> The etherpad for the summit session proposal is here:
>>>> https://etherpad.openstack.org/p/icehouse-neutron-fwaas
>>>>
>>>> and has a high level list of features under consideration.
>>>>
>>>> Thanks,
>>>> ~Sumit.
>>>>
>>>>
>>>>
>>>
>>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131025/672a313d/attachment.html>


More information about the OpenStack-dev mailing list