This paper addresses the question of how many firewalls are required to secure data flows between an arbitrary number of virtual machines in a data center. While the problem is both relevant and timely, the paper fails to conclusively answer the questions presented.

For the first version of the problem, where multiple firewalls can be placed at a network vertex, the authors describe an algorithm that determines the optimal number of firewalls. However, they neither prove their thesis, nor provide the algorithm.

For the second version of the problem, where only one firewall can be placed at each vertex, they provide two theorems, which they say they can prove. Neither proof is presented in the paper.

The authors are testing their algorithms in a production data center. They say they are obtaining promising results, which are not included in the paper.

I look forward to a future revision of this paper, including proofs of the theorems presented, a comparison of predictions with test results, and the implications for deployment of firewalls in a virtual environment. Until these are included, the paper reads more like an abstract, and is of limited value to the practitioner or the researcher.