Hi Zhi: FWaaS has been seen more as an edge (on L3 ports) use case as opposed to SG which is on a VM port. Also, as u can see there are differences in the attributes on the Rule specification at the most basic level. At this point, we are working thru the implementation of FWaaS on L2 ports so that makes ur question more relevant. At least one school of thought that we have been working with is that the FWaaS API can be more open and continue to evolve to support for instance L4-L7 use cases amongst others, but the SG API will continue to stay a simpler model (some have also pointed the need for SG to be aligned with AWS).
This is still in evolution and we would welcome participation, if u can - pls do drop in to our weekly team meeting [1] and we can discuss further. Thanks Sridar [1] http://eavesdrop.openstack.org/#Firewall_as_a_Service_(FWaaS)_Team_Meeting From: zhi <[email protected]<mailto:[email protected]>> Reply-To: OpenStack List <[email protected]<mailto:[email protected]>> Date: Sunday, December 18, 2016 at 7:36 PM To: OpenStack List <[email protected]<mailto:[email protected]>> Subject: Re: [openstack-dev] [neutron] Where will Neutron go in future? Hi, Nate, thanks for your reply. May I ask a little stupid question? What's the difference between fwaas and security group? In my opinion, fwaas and security group are both using linux iptables now. So, what's the differences between them? Thanks Zhi Chang
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
