Open Stack

My mainly concern is using neutron port for zones may cause confusion/misconfig while you can have two ports connected to same network/subnet in different zone. Using network, or subnet (in the form of network/subnet uuid), on the other hand, is more general and can still be mapped to any interface that has port in those network/subnet. 

Also, which "ports" we're talking about here? Router's port (but a Firewall doesn't necessary associate with a router in current model)? Firewall's ports (does Firewall even have ports now? In addition, this means we're not able to create a rule with zones before a Firewall is created)? Definitely not VM's port.... 

Thanks, 

-Kaiwei 


----- Original Message -----

From: "Rajesh Mohan" <rajesh.mlists at gmail.com> 
To: "OpenStack Development Mailing List" <openstack-dev at lists.openstack.org> 
Sent: Thursday, October 24, 2013 2:48:39 PM 
Subject: Re: [openstack-dev] [Neutron] FWaaS IceHouse summit prep and IRC meeting 

This is good discussion. 

+1 for using Neutron ports for defining zones. I see Kaiwei's point but for DELL, neutron ports makes more sense. 

I am not sure if I completely understood the bump-in-the-wire/zone discussion. DELL security appliance allows using different zones with bump-in-the-wire. If the firewall is inserted in bump-in-the-wire mode between router and LAN hosts, then it does makes sense to apply different zones on ports connected to LAN and Router. The there are cases where the end-users apply same zones on both sides but this is a decision we should leave to end customers. We should allow configuring zones in bump-in-the-wire mode as well. 





On Wed, Oct 23, 2013 at 12:08 PM, Sumit Naiksatam < sumitnaiksatam at gmail.com > wrote: 



Log from today's meeting: 


http://eavesdrop.openstack.org/meetings/networking_fwaas/2013/networking_fwaas.2013-10-23-18.02.log.html 

Action items for some of the folks included. 

Please join us for the meeting next week. 

Thanks, 
~Sumit. 

On Tue, Oct 22, 2013 at 2:00 PM, Sumit Naiksatam < sumitnaiksatam at gmail.com > wrote: 

<blockquote>

Reminder - we will have the Neutron FWaaS IRC meeting tomorrow Wednesday 18:00 UTC (11 AM PDT). 

Agenda: 
* Tempest tests 
* Definition and use of zones 
* Address Objects 
* Counts API 
* Service Objects 
* Integration with service type framework 
* Open discussion - any other topics you would like to bring up for discussion during the summit. 

https://wiki.openstack.org/wiki/Meetings/FWaaS 

Thanks, 
~Sumit. 


On Sun, Oct 13, 2013 at 1:56 PM, Sumit Naiksatam < sumitnaiksatam at gmail.com > wrote: 

<blockquote>

Hi All, 

For the next of phase of FWaaS development we will be considering a number of features. I am proposing an IRC meeting on Oct 16th Wednesday 18:00 UTC (11 AM PDT) to discuss this. 

The etherpad for the summit session proposal is here: 
https://etherpad.openstack.org/p/icehouse-neutron-fwaas 

and has a high level list of features under consideration. 

Thanks, 
~Sumit. 






</blockquote>



_______________________________________________ 
OpenStack-dev mailing list 
OpenStack-dev at lists.openstack.org 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev 


</blockquote>



_______________________________________________ 
OpenStack-dev mailing list 
OpenStack-dev at lists.openstack.org 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131028/ddd883c9/attachment.html>