Paul, Sangwon, Tae-Jin, Sue, and Diego, Thank you for putting this draft together, which is one of the deliverable of I2NSF charter.
Questions: Page 3 last bullet: What is "SDN switch"? What is "network-based firewall"? in the following context: SDN can work as a network-based firewall system through a standard interface between an SDN switch and a firewall function as a vitual network function (VNF) Do you mean Controller, Switch, and virtual network function can be combined together to filter traffic to achieve the function of "firewall"? Section 5.1: Firewall: Centralized Firewall System The wording is so close to the "centralized physical FW" where all traffic hair pinned through the "Centralized physical FW" to be filtered before going out or into network. Your described scenario is more like "switch - FW" combined together to achieve packet filtering, where only some packets are sent to FW, vs. the traditional centralized physical FW requiring all packets to traverse the FW. Correct? Thanks, Linda
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
