My mainly concern is using neutron port for zones may cause confusion/misconfig
while you can have two ports connected to same network/subnet in different
zone. Using network, or subnet (in the form of network/subnet uuid), on the
other hand, is more general and can still be mapped to any interface that has
port in those network/subnet.
Also, which ports we're talking about here? Router's port (but a Firewall
doesn't necessary associate with a router in current model)? Firewall's ports
(does Firewall even have ports now? In addition, this means we're not able to
create a rule with zones before a Firewall is created)? Definitely not VM's
port
Thanks,
-Kaiwei
- Original Message -
From: Rajesh Mohan rajesh.mli...@gmail.com
To: OpenStack Development Mailing List openstack-dev@lists.openstack.org
Sent: Thursday, October 24, 2013 2:48:39 PM
Subject: Re: [openstack-dev] [Neutron] FWaaS IceHouse summit prep and IRC
meeting
This is good discussion.
+1 for using Neutron ports for defining zones. I see Kaiwei's point but for
DELL, neutron ports makes more sense.
I am not sure if I completely understood the bump-in-the-wire/zone discussion.
DELL security appliance allows using different zones with bump-in-the-wire. If
the firewall is inserted in bump-in-the-wire mode between router and LAN hosts,
then it does makes sense to apply different zones on ports connected to LAN and
Router. The there are cases where the end-users apply same zones on both sides
but this is a decision we should leave to end customers. We should allow
configuring zones in bump-in-the-wire mode as well.
On Wed, Oct 23, 2013 at 12:08 PM, Sumit Naiksatam sumitnaiksa...@gmail.com
wrote:
Log from today's meeting:
http://eavesdrop.openstack.org/meetings/networking_fwaas/2013/networking_fwaas.2013-10-23-18.02.log.html
Action items for some of the folks included.
Please join us for the meeting next week.
Thanks,
~Sumit.
On Tue, Oct 22, 2013 at 2:00 PM, Sumit Naiksatam sumitnaiksa...@gmail.com
wrote:
blockquote
Reminder - we will have the Neutron FWaaS IRC meeting tomorrow Wednesday 18:00
UTC (11 AM PDT).
Agenda:
* Tempest tests
* Definition and use of zones
* Address Objects
* Counts API
* Service Objects
* Integration with service type framework
* Open discussion - any other topics you would like to bring up for discussion
during the summit.
https://wiki.openstack.org/wiki/Meetings/FWaaS
Thanks,
~Sumit.
On Sun, Oct 13, 2013 at 1:56 PM, Sumit Naiksatam sumitnaiksa...@gmail.com
wrote:
blockquote
Hi All,
For the next of phase of FWaaS development we will be considering a number of
features. I am proposing an IRC meeting on Oct 16th Wednesday 18:00 UTC (11 AM
PDT) to discuss this.
The etherpad for the summit session proposal is here:
https://etherpad.openstack.org/p/icehouse-neutron-fwaas
and has a high level list of features under consideration.
Thanks,
~Sumit.
/blockquote
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
/blockquote
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev