Thursday, 2018-09-27

« Wednesday, 2018-09-26 Index Friday, 2018-09-28 »
*** longkb has joined #openstack-fwaas01:13
*** annp has joined #openstack-fwaas02:22
*** haleyb has quit IRC04:07
*** hoangcx has quit IRC06:11
*** hoangcx has joined #openstack-fwaas06:12
*** longkb has quit IRC06:13
*** njohnston has quit IRC06:14
*** longkb has joined #openstack-fwaas06:14
*** longkb has quit IRC07:41
*** longkb has joined #openstack-fwaas07:42
*** velizarx has joined #openstack-fwaas08:21
*** velizarx has quit IRC08:52
*** velizarx has joined #openstack-fwaas08:54
*** longkb has quit IRC09:38
*** longkb has joined #openstack-fwaas09:38
*** longkb has quit IRC10:03
*** yamamoto has quit IRC10:17
*** yamamoto has joined #openstack-fwaas10:25
*** yamamoto has quit IRC10:46
*** yamamoto has joined #openstack-fwaas10:48
*** yamamoto has quit IRC10:49
*** yamamoto has joined #openstack-fwaas11:23
*** annp has quit IRC12:03
*** yamamoto has quit IRC12:14
*** yamamoto has joined #openstack-fwaas12:16
*** longkb has joined #openstack-fwaas13:02
*** longkb has quit IRC13:30
*** yamamoto has quit IRC13:31
*** yamamoto has joined #openstack-fwaas13:31
*** longkb has joined #openstack-fwaas13:54
*** yushiro has joined #openstack-fwaas13:58
yushiroHi fwaas14:00
longkbhi yushiro :)14:00
yushiro#startmeeting fwaas14:01
openstackMeeting started Thu Sep 27 14:01:18 2018 UTC and is due to finish in 60 minutes.  The chair is yushiro. Information about MeetBot at http://wiki.debian.org/MeetBot.14:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:01
*** openstack changes topic to " (Meeting topic: fwaas)"14:01
openstackThe meeting name has been set to 'fwaas'14:01
yushiro#chair xgerman_14:01
openstackCurrent chairs: xgerman_ yushiro14:01
yushiroI don't see SridarK today.14:02
*** annp has joined #openstack-fwaas14:02
yushiroOK, let's begin.14:02
yushiro#topic announcements14:02
*** openstack changes topic to "announcements (Meeting topic: fwaas)"14:02
annphi14:02
annpsorry for come late14:03
yushiroannp: Hi.  1 announcement.  Currently, we're "announcement" topic.14:03
longkbo/14:03
*** SridarK has joined #openstack-fwaas14:03
yushiroHi SridarK :)14:03
yushiro#chair SridarK14:03
openstackCurrent chairs: SridarK xgerman_ yushiro14:03
annpyushiro, thanks. please go ahead.14:04
yushiroSridarK: We're "announcement" topic now :)14:04
*** SridarK_ has joined #openstack-fwaas14:04
xgerman_o/14:04
SridarK_oops sorry back14:04
yushiroOK14:04
yushiroI think there is no more announcements.  Let's move on next topic.14:05
yushiro#topic Stein14:05
*** openstack changes topic to "Stein (Meeting topic: fwaas)"14:05
xgerman_I think TC vote should close14:06
yushiroxgerman_: Aha, yes.14:06
yushiroAnything else to announce ??14:07
yushiro#chair SridarK_14:07
openstackCurrent chairs: SridarK SridarK_ xgerman_ yushiro14:07
yushiroToday, we're 4 cores :)14:07
xgerman_summit is like 6 weeks away ;-)14:08
*** SridarK has quit IRC14:08
SridarK_my evil twin14:08
SridarK_some issues with the connectivity14:08
SridarK_:-)14:08
yushiroSridarK_: Don't warry :)14:08
yushiroxgerman_: Yeah, Berlin summit.14:08
SridarK_I am multitasking in another mtg so slow14:08
xgerman_me, too14:08
yushiroWow, you are busy now.  I see.  I'm multi-task too but chat and eating :)14:09
xgerman_oh, I haven’t had breakfast14:09
SridarK_:-)14:09
yushirohaha14:10
annp:-)14:10
yushiroSo, annp, regarding regression test for fwg logging result, 2 issues are merged,14:10
yushiroright ?14:10
annpyushiro, right.14:10
yushirolongkb: You're trying to follow-up fwg logging patch, and ready for review, right ?14:11
longkbyushiro: yep14:11
yushiroOK, I'll definitely review this patch in addition to functional patch.14:12
annpyushiro, +114:12
longkbThere are 02 patches that need review: https://review.openstack.org/#/c/600660/ and https://review.openstack.org/#/c/598601/14:12
yushirolongkb: +114:12
yushiroOK, anything else for fwg logging ?14:12
longkbah, don't forget your python-client patch :D yushiro14:13
yushirolongkb: Sure.  But it is not for fwg logging but also SNAT one :)14:13
yushiros/not/not only14:13
longkbyushiro: +114:13
yushiroNext:  remote fwg14:13
xgerman_yeah, not much progress… lot’s of internal stuff14:14
xgerman_hoping to some stuff inthe next few days14:14
yushiroxgerman_: Sure.  have you fixed DB issue??  If not, we can take a look.14:14
xgerman_No, my hunch is still some version mismatch…14:15
yushiroannp: Can you take a look https://review.openstack.org/#/c/521207/41  if you have bandwidth?14:17
annpyushiro, sure. I will take a look.14:17
yushiroannp: :)14:17
yushiro#topic specs14:17
*** openstack changes topic to "specs (Meeting topic: fwaas)"14:17
yushirofwaas 2.0 address groups support:  https://review.openstack.org/55713714:18
SridarK_I recall the contributor had some code in progress14:18
yushirowkite is not here today.14:19
yushiroSridarK_: OK14:19
yushiro(hongbin) fwaas: add support for dynamic rules https://review.openstack.org/#/c/597724/14:19
yushiroWe've discussed at PTG but I haven't reviewed yet.  will reflect my comment.14:20
yushirohongbin is not here today.14:20
yushiroSame as extend firewall group inclusion https://review.openstack.org/#/c/600261/14:20
yushiro#topic Horizon support14:21
*** openstack changes topic to "Horizon support (Meeting topic: fwaas)"14:21
yushiroSarath is not here today.  I'll figure out what improvements are necessary in Stein.14:22
yushiro#topic bugs14:23
*** openstack changes topic to "bugs (Meeting topic: fwaas)"14:23
yushirohttps://bugs.launchpad.net/neutron/+bug/159544014:24
openstackLaunchpad bug 1595440 in neutron "neutron-fwaas ships /usr/bin/neutron-l3-agent a 2nd time" [High,Confirmed]14:24
yushiroI think it is not issue at present.14:25
yushiroIt's ok to set 'invalid' or other status as reedip said.14:25
annpyushiro, +114:26
yushiroDVR + L3-HA issue: https://review.openstack.org/#/c/580552/14:26
yushiroI'm sorry.  I don't have much bandwidth these month.  I need volunteer for this patch.14:27
yushiroIn case of L3-HA, we should apply fwg rules not only 'active' router but also all of 'standby' routers.14:28
yushiroannp: longkb:  I think fwg logging also includes same issue in case of L3-ha.14:28
annpyushiro, I can help you :)14:28
xgerman_thanks14:28
annpyushiro, I'm not sure. Let's us dig more.14:29
longkb+1 annp :)14:29
yushiroannp: NFLOG rules(logging rules in iptables) should be configured both 'active' and 'standby' routers.14:30
yushiroWhen switching over from 'active' to 'standby' router, only conntrack information should be migrated.  That is current specification of L3-Ha.14:30
yushiroIn order to apply fwg rules or fwg logging after switch over, we should apply same rule in advance..14:31
*** yamamoto has quit IRC14:32
annpyushiro, yes. I think so.14:32
yushiroannp: currently, we are finding router namespace from a neutron port.  Current logic can get only namespace with 'standby' router!!14:33
*** yamamoto has joined #openstack-fwaas14:33
*** yamamoto has quit IRC14:33
*** yamamoto has joined #openstack-fwaas14:34
yushiro#topic Open Discussion14:34
*** openstack changes topic to "Open Discussion (Meeting topic: fwaas)"14:34
yushiroWow, today is so fast :-)14:34
annpyushiro, I'll look at the DVR + L3HA after I gain some knowledge.14:34
xgerman_I am thinking about throwing up. a patch to enabling ovs L2 by default in our devstack plugin…. Thoughts?14:35
annpxgerman_ +114:35
SridarK_yushiro: sorry had "stepped in" to the other mtg14:35
yushiroSridarK_: OK :)14:35
SridarK_yushiro: +1 on the L3 HA - will sched some time to discuss with u14:35
yushiroannp: thanks.14:36
yushiroxgerman_: +114:36
annpregards to L7 filtering14:36
annpxgerman_, SridarK, yushiro, I've just update spec at https://review.openstack.org/#/c/600714/4/specs/stein/fwaas_l7_filtering.rst14:37
xgerman_sweet14:37
SridarK_annp: oh great14:37
yushiroannp: +10014:37
annpSo could you take a look at it and give me some comment.14:37
yushiroOK.14:37
*** yamamoto has quit IRC14:38
annpI will make it more better :-)14:38
annpone more,14:38
SridarK_annp: so u are thinking eBPF ?14:38
annpSridarK_, yes.14:39
yushirocool14:39
yushiroI think eBPF is suitable solution.14:39
SridarK_annp: nice14:39
yushiroFinally, we can offload some hardwares e.g. smartNIC or FPGA..14:40
yushiroby using eBPF14:40
annpyushiro, Not sure. :-)14:40
SridarK_yushiro: +114:40
SridarK_i think some vendors are supporting this14:40
yushirowow, that's a good news14:41
xgerman_+114:41
annpcurrently, I've just have a  very simple http filter with eBPF14:41
annphttps://github.com/annp1987/http_filter_with_xdp14:41
annpSo I think eBPF is suitable for L7 filtering.14:42
*** yamamoto has joined #openstack-fwaas14:43
annpBut please note that L7AgentExtension can load other driver except L7 dirver based eBPF14:43
xgerman_yeah, cilium is betting their whole business on that fact :-)14:43
annpThat's my idea.14:43
yushiroxgerman_: +1   Cilium is good example :)14:43
*** longkb has quit IRC14:44
annpxgerman_, +114:44
annpOne more information from me :-)14:44
annpRegards to libnetfilter_log, I'd like to moving this part to neutron-lib14:45
annpBut neutron-lib doesn't allow eventlet. So I discussed with neutron-folks.14:45
annpThey suggested libnetfilter_log should place at neutron repo as first implementation for SNAT logging.14:46
annpSo there's duplicate code of libnetfilter_log between neutron-fwaas and neutron14:47
yushiroOK14:47
annpCan I moving libnetfilter_log and import back to neutron-fwaas?14:47
yushiroannp: In the future, libnetfilter_log should be migrated into neutron-lib, right ?14:48
annpSame as way, we call some agent stuff from neutron?14:48
annpyushiro, Yes. in next cycle.14:49
yushiroannp: So, i think it's OK to keep on current code for fwaas.14:49
yushiroannp: In next cycle, we can migrate them.14:50
annpyushiro, ok. I see.14:50
annpthat's all from me14:50
yushiroOK, anything else to discuss ?14:50
SridarK_nothing from me14:51
yushiroIf not, we're closing a little earlier.14:51
SridarK_+114:51
yushiroOK, thanks fwaas guys today!!14:51
yushiro#endmeeting14:51
*** openstack changes topic to "Queens (Meeting topic: fwaas)"14:51
openstackMeeting ended Thu Sep 27 14:51:32 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:51
openstackMinutes:        http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-09-27-14.01.html14:51
SridarK_thanks all14:51
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-09-27-14.01.txt14:51
SridarK_bye14:51
openstackLog:            http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-09-27-14.01.log.html14:51
annpthanks all,14:51
annpSee you next week.14:52
*** yushiro has quit IRC14:52
*** yamamoto has quit IRC14:52
*** Swami has joined #openstack-fwaas14:59
*** annp has quit IRC15:02
*** yamamoto has joined #openstack-fwaas15:28
*** njohnston has joined #openstack-fwaas15:47
*** yamamoto has quit IRC16:02
*** velizarx has quit IRC16:04
*** Swami has quit IRC16:46
*** SridarK_ has quit IRC17:25
*** yamamoto has joined #openstack-fwaas18:00
*** Swami has joined #openstack-fwaas18:10
*** hongbin has joined #openstack-fwaas18:47
*** yamamoto has quit IRC19:01
*** yamamoto has joined #openstack-fwaas20:59
*** openstackgerrit has joined #openstack-fwaas21:30
openstackgerritGerman Eichberger proposed openstack/neutron-fwaas master: Make ovs the default option for L2 FWaaS V2  https://review.openstack.org/60586621:30
*** yamamoto has quit IRC21:48
*** hongbin has quit IRC23:26
*** Swami has quit IRC23:45
« Wednesday, 2018-09-26 Index Friday, 2018-09-28 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!