I believe people would like to define the zone based on the router port (corresponding to that router's interface). The zone definition at port-level granularity allows one to do that.
I think your other question is answered as well (firewall will be supported on particular routers). Thanks, ~Sumit. On Mon, Oct 28, 2013 at 7:12 PM, <f...@vmware.com> wrote: > My mainly concern is using neutron port for zones may cause > confusion/misconfig while you can have two ports connected to same > network/subnet in different zone. Using network, or subnet (in the form of > network/subnet uuid), on the other hand, is more general and can still be > mapped to any interface that has port in those network/subnet. > > Also, which "ports" we're talking about here? Router's port (but a > Firewall doesn't necessary associate with a router in current model)? > Firewall's ports (does Firewall even have ports now? In addition, this > means we're not able to create a rule with zones before a Firewall is > created)? Definitely not VM's port.... > > Thanks, > > -Kaiwei > > > ------------------------------ > *From: *"Rajesh Mohan" <rajesh.mli...@gmail.com> > *To: *"OpenStack Development Mailing List" < > openstack-dev@lists.openstack.org> > *Sent: *Thursday, October 24, 2013 2:48:39 PM > *Subject: *Re: [openstack-dev] [Neutron] FWaaS IceHouse summit prep and > IRC meeting > > This is good discussion. > > +1 for using Neutron ports for defining zones. I see Kaiwei's point but > for DELL, neutron ports makes more sense. > > I am not sure if I completely understood the bump-in-the-wire/zone > discussion. DELL security appliance allows using different zones with > bump-in-the-wire. If the firewall is inserted in bump-in-the-wire mode > between router and LAN hosts, then it does makes sense to apply different > zones on ports connected to LAN and Router. The there are cases where the > end-users apply same zones on both sides but this is a decision we should > leave to end customers. We should allow configuring zones in > bump-in-the-wire mode as well. > > > > > > On Wed, Oct 23, 2013 at 12:08 PM, Sumit Naiksatam < > sumitnaiksa...@gmail.com> wrote: > >> Log from today's meeting: >> >> >> http://eavesdrop.openstack.org/meetings/networking_fwaas/2013/networking_fwaas.2013-10-23-18.02.log.html >> >> Action items for some of the folks included. >> >> Please join us for the meeting next week. >> >> Thanks, >> ~Sumit. >> >> On Tue, Oct 22, 2013 at 2:00 PM, Sumit Naiksatam < >> sumitnaiksa...@gmail.com> wrote: >> >>> Reminder - we will have the Neutron FWaaS IRC meeting tomorrow Wednesday >>> 18:00 UTC (11 AM PDT). >>> >>> Agenda: >>> * Tempest tests >>> * Definition and use of zones >>> * Address Objects >>> * Counts API >>> * Service Objects >>> * Integration with service type framework >>> * Open discussion - any other topics you would like to bring up for >>> discussion during the summit. >>> >>> https://wiki.openstack.org/wiki/Meetings/FWaaS >>> >>> Thanks, >>> ~Sumit. >>> >>> >>> On Sun, Oct 13, 2013 at 1:56 PM, Sumit Naiksatam < >>> sumitnaiksa...@gmail.com> wrote: >>> >>>> Hi All, >>>> >>>> For the next of phase of FWaaS development we will be considering a >>>> number of features. I am proposing an IRC meeting on Oct 16th Wednesday >>>> 18:00 UTC (11 AM PDT) to discuss this. >>>> >>>> The etherpad for the summit session proposal is here: >>>> https://etherpad.openstack.org/p/icehouse-neutron-fwaas >>>> >>>> and has a high level list of features under consideration. >>>> >>>> Thanks, >>>> ~Sumit. >>>> >>>> >>>> >>> >>> >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
