Hi Linda,
On 13 Jul 2017, at 24:46 , Linda Dunbar <[email protected]<mailto:[email protected]>> wrote: Paul, Sangwon, Tae-Jin, Sue, and Diego, Thank you for putting this draft together, which is one of the deliverable of I2NSF charter. Questions: Page 3 last bullet: What is “SDN switch”? What is “network-based firewall”? in the following context: SDN can work as a network-based firewall system through a standard interface between an SDN switch and a firewall function as a vitual network function (VNF) Do you mean Controller, Switch, and virtual network function can be combined together to filter traffic to achieve the function of “firewall”? Here we would be talking of the combination of a SDN-enabled switch and a SDN application (running on a SDN controller) that is a VNF. Section 5.1: Firewall: Centralized Firewall System The wording is so close to the “centralized physical FW” where all traffic hair pinned through the “Centralized physical FW” to be filtered before going out or into network. Your described scenario is more like “switch – FW” combined together to achieve packet filtering, where only some packets are sent to FW, vs. the traditional centralized physical FW requiring all packets to traverse the FW. Correct? This is how I see it. You are somehow “pushing” part of the FW functionality down to the switch… Be goode, -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: [email protected] Tel: +34 913 129 041 Mobile: +34 682 051 091 ---------------------------------- ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
