O'Reilly logo

Learning OpenStack Networking (Neutron) by James Denton

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Summary

It is important to know the differences between the two methods of securing network traffic to instances. Where security group rules are implemented at the network bridge connected to an instance on a compute node, firewall rules created with FWaaS are implemented on a Neutron router at the edge of the tenant network. FWaaS is not intended to replace security group functionality, and it serves more as a complement to security groups, especially in its current state. FWaaS is currently lacking functionality that security groups provide, including the inability to specify the direction of traffic that should be filtered. The opposite can said for security groups, too, as they lack the ability to create specific deny rules as all traffic ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required