[openstack-dev] [Neutron] FWaaS IceHouse summit prep and IRC meeting

Sumit Naiksatam sumitnaiksatam at gmail.com
Wed Oct 30 05:59:26 UTC 2013 

I believe people would like to define the zone based on the router port
(corresponding to that router's interface). The zone definition at
port-level granularity allows one to do that.

I think your other question is answered as well (firewall will be supported
on particular routers).

Thanks,
~Sumit.


On Mon, Oct 28, 2013 at 7:12 PM, <fank at vmware.com> wrote:

> My mainly concern is using neutron port for zones may cause
> confusion/misconfig while you can have two ports connected to same
> network/subnet in different zone. Using network, or subnet (in the form of
> network/subnet uuid), on the other hand, is more general and can still be
> mapped to any interface that has port in those network/subnet.
>
> Also, which "ports" we're talking about here? Router's port (but a
> Firewall doesn't necessary associate with a router in current model)?
> Firewall's ports (does Firewall even have ports now? In addition, this
> means we're not able to create a rule with zones before a Firewall is
> created)? Definitely not VM's port....
>
> Thanks,
>
> -Kaiwei
>
>
> ------------------------------
> *From: *"Rajesh Mohan" <rajesh.mlists at gmail.com>
> *To: *"OpenStack Development Mailing List" <
> openstack-dev at lists.openstack.org>
> *Sent: *Thursday, October 24, 2013 2:48:39 PM
> *Subject: *Re: [openstack-dev] [Neutron] FWaaS IceHouse summit prep and
> IRC        meeting
>
> This is good discussion.
>
> +1 for using Neutron ports for defining zones. I see Kaiwei's point but
> for DELL, neutron ports makes more sense.
>
> I am not sure if I completely understood the bump-in-the-wire/zone
> discussion. DELL security appliance allows using different zones with
> bump-in-the-wire. If the firewall is inserted in bump-in-the-wire mode
> between router and LAN hosts, then it does makes sense to apply different
> zones on ports connected to LAN and Router. The there are cases where the
> end-users apply same zones on both sides but this is a decision we should
> leave to end customers. We should allow configuring zones in
> bump-in-the-wire mode as well.
>
>
>
>
>
> On Wed, Oct 23, 2013 at 12:08 PM, Sumit Naiksatam <
> sumitnaiksatam at gmail.com> wrote:
>
>> Log from today's meeting:
>>
>>
>> http://eavesdrop.openstack.org/meetings/networking_fwaas/2013/networking_fwaas.2013-10-23-18.02.log.html
>>
>> Action items for some of the folks included.
>>
>> Please join us for the meeting next week.
>>
>> Thanks,
>> ~Sumit.
>>
>> On Tue, Oct 22, 2013 at 2:00 PM, Sumit Naiksatam <
>> sumitnaiksatam at gmail.com> wrote:
>>
>>> Reminder - we will have the Neutron FWaaS IRC meeting tomorrow Wednesday
>>> 18:00 UTC (11 AM PDT).
>>>
>>> Agenda:
>>> * Tempest tests
>>> * Definition and use of zones
>>> * Address Objects
>>> * Counts API
>>> * Service Objects
>>> * Integration with service type framework
>>> * Open discussion - any other topics you would like to bring up for
>>> discussion during the summit.
>>>
>>> https://wiki.openstack.org/wiki/Meetings/FWaaS
>>>
>>> Thanks,
>>> ~Sumit.
>>>
>>>
>>> On Sun, Oct 13, 2013 at 1:56 PM, Sumit Naiksatam <
>>> sumitnaiksatam at gmail.com> wrote:
>>>
>>>> Hi All,
>>>>
>>>> For the next of phase of FWaaS development we will be considering a
>>>> number of features. I am proposing an IRC meeting on Oct 16th Wednesday
>>>> 18:00 UTC (11 AM PDT) to discuss this.
>>>>
>>>> The etherpad for the summit session proposal is here:
>>>> https://etherpad.openstack.org/p/icehouse-neutron-fwaas
>>>>
>>>> and has a high level list of features under consideration.
>>>>
>>>> Thanks,
>>>> ~Sumit.
>>>>
>>>>
>>>>
>>>
>>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131029/3a77433e/attachment.html>

More information about the OpenStack-dev mailing list