Linda, Diego's answers are correct. Let me clarify the answers.
In the proposed I2NSF system with SDN, the firewall's functionalities can be distributed by SDN switches for simple packet-based filtering and a firewall VNF for more complicated firewall services, such as session-based filtering. The objective is to improve the performance of firewall depending on packet flows by leveraging the flow tables of SDN switches for simple firewall services and VNF for more complicated firewall services. Thanks. Best Regards, Paul On Thu, Jul 13, 2017 at 8:30 AM, Diego R. Lopez < [email protected]> wrote: > Hi Linda, > > > On 13 Jul 2017, at 24:46 , Linda Dunbar <[email protected]> wrote: > > Paul, Sangwon, Tae-Jin, Sue, and Diego, > > Thank you for putting this draft together, which is one of the deliverable > of I2NSF charter. > > Questions: > > Page 3 last bullet: What is “SDN switch”? What is “network-based > firewall”? in the following context: > *SDN can work as a network-based firewall system through a standard* > *interface between an SDN switch and a firewall function as a* > *vitual network function (VNF)* > > Do you mean Controller, Switch, and virtual network function can be > combined together to filter traffic to achieve the function of “firewall”? > > > Here we would be talking of the combination of a SDN-enabled switch and a > SDN application (running on a SDN controller) that is a VNF. > > > Section 5.1: Firewall: Centralized Firewall System > The wording is so close to the “centralized physical FW” where all traffic > hair pinned through the “Centralized physical FW” to be filtered before > going out or into network. > Your described scenario is more like “switch – FW” combined together to > achieve packet filtering, where only some packets are sent to FW, vs. the > traditional centralized physical FW requiring all packets to traverse the > FW. > > Correct? > > > This is how I see it. You are somehow “pushing” part of the FW > functionality down to the switch… > > Be goode, > > > -- > "Esta vez no fallaremos, Doctor Infierno" > > Dr Diego R. Lopez > Telefonica I+D > http://people.tid.es/diego.lopez/ > > e-mail: [email protected] > Tel: +34 913 129 041 > Mobile: +34 682 051 091 > ---------------------------------- > > > ------------------------------ > > Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, > puede contener información privilegiada o confidencial y es para uso > exclusivo de la persona o entidad de destino. Si no es usted. el > destinatario indicado, queda notificado de que la lectura, utilización, > divulgación y/o copia sin autorización puede estar prohibida en virtud de > la legislación vigente. Si ha recibido este mensaje por error, le rogamos > que nos lo comunique inmediatamente por esta misma vía y proceda a su > destrucción. > > The information contained in this transmission is privileged and > confidential information intended only for the use of the individual or > entity named above. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution or > copying of this communication is strictly prohibited. If you have received > this transmission in error, do not read it. Please immediately reply to the > sender that you have received this communication in error and then delete > it. > > Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, > pode conter informação privilegiada ou confidencial e é para uso exclusivo > da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário > indicado, fica notificado de que a leitura, utilização, divulgação e/ou > cópia sem autorização pode estar proibida em virtude da legislação vigente. > Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique > imediatamente por esta mesma via e proceda a sua destruição > > _______________________________________________ > I2nsf mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/i2nsf > > -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Assistant Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: [email protected], [email protected] Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
