Friday, 2019-08-09

« Thursday, 2019-08-08 Index Saturday, 2019-08-10 »
*** mattw4 has joined #openstack-neutron00:01
*** slaweq has joined #openstack-neutron00:11
*** slaweq has quit IRC00:15
*** mattw4 has quit IRC00:17
*** armax has joined #openstack-neutron00:20
*** betherly has joined #openstack-neutron00:26
*** betherly has quit IRC00:31
*** ivve has quit IRC00:32
*** whoami-rajat has quit IRC00:34
*** markvoelker has joined #openstack-neutron00:39
*** tbachman has joined #openstack-neutron00:50
*** mriedem has quit IRC00:52
openstackgerritZhouHeng proposed openstack/neutron master: fix update neutron resource with incorrect body key server return 500  https://review.opendev.org/67415300:56
*** spsurya has joined #openstack-neutron01:05
*** betherly has joined #openstack-neutron01:09
*** yamamoto has joined #openstack-neutron01:12
*** betherly has quit IRC01:14
*** baojg has joined #openstack-neutron01:23
*** igordc has quit IRC01:25
*** betherly has joined #openstack-neutron01:30
*** whoami-rajat has joined #openstack-neutron01:32
*** betherly has quit IRC01:35
*** kevinz has joined #openstack-neutron02:10
*** slaweq has joined #openstack-neutron02:11
*** slaweq has quit IRC02:15
*** betherly has joined #openstack-neutron02:34
*** yamamoto has quit IRC02:36
*** yamamoto has joined #openstack-neutron02:37
*** betherly has quit IRC02:39
*** altlogbot_1 has quit IRC02:44
*** altlogbot_0 has joined #openstack-neutron02:45
*** betherly has joined #openstack-neutron02:55
*** betherly has quit IRC03:00
*** dsneddon has quit IRC03:03
*** dsneddon has joined #openstack-neutron03:11
*** ramishra has joined #openstack-neutron03:14
*** dsneddon has quit IRC03:16
*** markvoelker has quit IRC03:18
*** betherly has joined #openstack-neutron03:28
*** betherly has quit IRC03:32
*** dsneddon has joined #openstack-neutron03:57
*** baojg has quit IRC04:03
*** dsneddon has quit IRC04:05
*** slaweq has joined #openstack-neutron04:11
*** slaweq has quit IRC04:16
*** betherly has joined #openstack-neutron04:21
*** dave-mccowan has quit IRC04:25
*** betherly has quit IRC04:26
*** dsneddon has joined #openstack-neutron04:34
*** betherly has joined #openstack-neutron04:43
*** baojg has joined #openstack-neutron04:44
*** betherly has quit IRC04:47
*** markvoelker has joined #openstack-neutron04:48
*** markvoelker has quit IRC04:52
*** ratailor has joined #openstack-neutron04:56
*** slaweq has joined #openstack-neutron05:11
*** yamamoto has quit IRC05:13
*** yamamoto has joined #openstack-neutron05:14
*** yamamoto has quit IRC05:14
*** betherly has joined #openstack-neutron05:15
*** slaweq has quit IRC05:15
*** yamamoto has joined #openstack-neutron05:18
*** yamamoto has quit IRC05:18
*** betherly has quit IRC05:19
*** dave-mccowan has joined #openstack-neutron05:33
openstackgerritMerged openstack/networking-midonet master: Disable ubuntu integration jobs  https://review.opendev.org/67440405:38
*** yamamoto has joined #openstack-neutron05:45
*** yamamoto has quit IRC05:45
*** yamamoto has joined #openstack-neutron05:45
*** panda has quit IRC05:47
*** panda has joined #openstack-neutron05:48
*** yamamoto has quit IRC05:54
*** dsneddon has quit IRC05:54
*** betherly has joined #openstack-neutron06:08
*** slaweq has joined #openstack-neutron06:11
*** betherly has quit IRC06:13
*** slaweq has quit IRC06:15
*** yamamoto has joined #openstack-neutron06:20
*** dsneddon has joined #openstack-neutron06:21
*** ramishra has quit IRC06:23
*** betherly has joined #openstack-neutron06:29
*** betherly has quit IRC06:35
*** kevinz has quit IRC06:36
*** dsneddon has quit IRC06:42
*** slaweq has joined #openstack-neutron06:42
*** ramishra has joined #openstack-neutron06:48
*** betherly has joined #openstack-neutron06:51
*** rpittau|afk is now known as rpittau06:52
*** frankwang has joined #openstack-neutron06:56
*** betherly has quit IRC06:56
*** dsneddon has joined #openstack-neutron07:00
*** tesseract has joined #openstack-neutron07:04
*** yamamoto has quit IRC07:10
*** betherly has joined #openstack-neutron07:12
*** betherly has quit IRC07:17
*** tssurya has joined #openstack-neutron07:18
*** yamamoto has joined #openstack-neutron07:22
*** mjozefcz has joined #openstack-neutron07:23
*** yamamoto has quit IRC07:30
*** yamamoto has joined #openstack-neutron07:31
*** betherly has joined #openstack-neutron07:34
*** takamatsu has joined #openstack-neutron07:35
*** betherly has quit IRC07:38
*** rcernin has quit IRC07:46
*** ratailor has quit IRC07:49
*** bobmel has joined #openstack-neutron08:00
*** yamamoto_ has joined #openstack-neutron08:00
*** yamamoto has quit IRC08:02
*** betherly has joined #openstack-neutron08:05
*** ralonsoh has joined #openstack-neutron08:06
*** betherly has quit IRC08:10
*** yamamoto has joined #openstack-neutron08:12
*** yamamoto_ has quit IRC08:13
*** ivve has joined #openstack-neutron08:15
*** lucasagomes has joined #openstack-neutron08:16
*** ociuhandu has joined #openstack-neutron08:18
*** betherly has joined #openstack-neutron08:22
*** ratailor has joined #openstack-neutron08:22
*** david-lyle has joined #openstack-neutron08:24
*** dklyle has quit IRC08:24
*** jistr is now known as jistr|afk08:24
*** kevko has joined #openstack-neutron08:27
*** ramishra_ has joined #openstack-neutron08:27
kevkohi, anybody here ? i want to little bit discuss https://review.opendev.org/#/c/612617/08:28
*** ramishra has quit IRC08:29
openstackgerritBernard Cafarelli proposed openstack/neutron master: Sort network_ids in test_dhcp_agent_scheduler.test_filter_bindings  https://review.opendev.org/67555608:30
bcafarelralonsoh: slaweq: ^ this is for https://bugs.launchpad.net/neutron/+bug/1839595 I just filled, if you could take a look and confirm I am not going crazy08:31
openstackLaunchpad bug 1839595 in neutron "neutron.tests.unit.scheduler.test_dhcp_agent_scheduler.TestNetworksFailover.test_filter_bindings test can fail depending on generated UUIDs" [Undecided,In progress] - Assigned to Bernard Cafarelli (bcafarel)08:31
bcafarelI am not sure why the test always works in gates but mostly fails for me, but I hope I described the issue correctly08:32
*** dsneddon has quit IRC08:37
ralonsohbcafarel, I'll need to check this manually, but do you think the problem is in the net_id order?08:39
ralonsohbcafarel, if you don't order the net_id, where is the test failing?08:39
bcafarelralonsoh: I think so, also I left the test running overnight with a sorted list and not a single failure08:40
bcafarelit's failing the assert in https://github.com/openstack/neutron/blob/master/neutron/tests/unit/scheduler/test_dhcp_agent_scheduler.py#L522 (I gave an example in the LP)08:41
slaweqbcafarel: looking now08:41
*** kevinz has joined #openstack-neutron08:48
slaweqbcafarel: I didn't run tests but it makes sense for me what You are saying08:48
slaweqbcafarel: but isn't problem caused by L514 (network_obj.NetworkDhcpAgentBinding.get_objects(self.ctx)) which IMO not guarantee order of returned objects08:49
slaweq?08:49
ralonsohslaweq, exactly08:52
ralonsohslaweq, the problem is there. The order of the dhcpagents must be the same as the order of construction.08:53
slaweqralonsoh: yes, I agree08:53
ralonsohbcafarel, you should order the NetworkDhcpAgentBinding objects depending on the network_id08:54
slaweqthat is at least my understanding of the issue08:54
ralonsohmust be the same as the order of the network list08:54
bcafareloh I was looking at https://github.com/openstack/neutron/blob/master/neutron/objects/network.py#L172 but that's not the correct get_objects indeed08:54
bcafarelralonsoh: slaweq: thanks it makes more sense now :)08:55
*** frankwang has quit IRC09:05
*** frankwang has joined #openstack-neutron09:05
*** dsneddon has joined #openstack-neutron09:10
*** markvoelker has joined #openstack-neutron09:18
*** markvoelker has quit IRC09:23
*** tesseract has quit IRC09:28
*** tesseract has joined #openstack-neutron09:28
*** tesseract has quit IRC09:29
*** tesseract has joined #openstack-neutron09:29
*** frankwang has quit IRC09:41
bcafarelthat also explains why changing sqlite version impacted that test09:42
openstackgerritMerged openstack/neutron stable/stein: Check for agent restarted after checking for DVR port  https://review.opendev.org/67196409:44
openstackgerritMichal Arbet proposed openstack/neutron-fwaas master: Default firewall group rules from configuration file  https://review.opendev.org/61261709:44
openstackgerritBernard Cafarelli proposed openstack/neutron master: Fix sort issue in test_dhcp_agent_scheduler.test_filter_bindings  https://review.opendev.org/67555609:46
openstackgerritBernard Cafarelli proposed openstack/neutron stable/ocata: fix update port bug  https://review.opendev.org/67497109:54
tbarrongregwork: tidwellr: so iiuc on a shared provider network one doesn't have the anti-arp attack stuff based on ebtables that's on by default on other neutron networks?09:57
*** hoonetorg has quit IRC09:57
tbarrongregwork: tidwellr: I'd been thinking that ebtables in concert with neutron security rules to disallow ingress would yield reasonable isolation between the nfs clients09:58
*** davidsha has joined #openstack-neutron10:05
*** aedc has quit IRC10:06
*** aedc has joined #openstack-neutron10:06
*** gcheresh has joined #openstack-neutron10:08
*** yamamoto has quit IRC10:17
*** jistr|afk is now known as jistr10:18
*** hoonetorg has joined #openstack-neutron10:20
*** yamamoto has joined #openstack-neutron10:34
*** tbachman has quit IRC10:38
*** betherly has quit IRC10:38
*** gcheresh has quit IRC10:40
*** dsneddon has quit IRC10:40
*** yamamoto has quit IRC10:49
*** tbachman has joined #openstack-neutron10:57
*** yamamoto has joined #openstack-neutron10:59
*** dsneddon has joined #openstack-neutron11:15
*** gcheresh has joined #openstack-neutron11:17
*** keesm has joined #openstack-neutron11:24
*** cheng1 has quit IRC11:26
*** cheng1 has joined #openstack-neutron11:27
*** yamamoto has quit IRC11:28
*** yamamoto has joined #openstack-neutron11:29
*** yamamoto has quit IRC11:29
*** kevinz has quit IRC11:32
*** kevinz has joined #openstack-neutron11:32
*** yamamoto has joined #openstack-neutron11:36
*** ramishra_ has quit IRC11:38
*** gcheresh has quit IRC11:40
openstackgerritMerged openstack/networking-ovn master: Fix gateway blockers  https://review.opendev.org/67457411:47
openstackgerritMaciej Józefczyk proposed openstack/networking-ovn master: Update port_status to ACTIVE during live-migration  https://review.opendev.org/67380311:51
openstackgerritMaciej Józefczyk proposed openstack/networking-ovn master: Enable live-migration tempest test for OVN  https://review.opendev.org/67388411:52
openstackgerritMaciej Józefczyk proposed openstack/networking-ovn master: Update OVN LB Algorithm to SOURCE_IP_PORT  https://review.opendev.org/66036911:54
keesmhi there, is there anyone out there familiar with the "Could not load networking_l2gw.services.l2gateway.service_drivers.rpc_l2gw.L2gwRpcDriver" error in regard to networking-l2gw?11:59
*** markvoelker has joined #openstack-neutron11:59
*** kevinz has quit IRC12:01
keesmmarkvoelker: are you familiar with networking-l2gw, by any chance?12:01
openstackgerritMaciej Józefczyk proposed openstack/networking-ovn stable/stein: Do not modify passed by reference variables in mechanism_driver  https://review.opendev.org/67560212:08
*** yamamoto has quit IRC12:10
openstackgerritMaciej Józefczyk proposed openstack/networking-ovn stable/rocky: Do not modify passed by reference variables in mechanism_driver  https://review.opendev.org/67560312:11
*** cheng1 has quit IRC12:15
*** jamesdenton has quit IRC12:17
openstackgerritMaciej Józefczyk proposed openstack/networking-ovn stable/queens: Do not modify passed by reference variables in mechanism_driver  https://review.opendev.org/67560712:17
*** cheng1 has joined #openstack-neutron12:18
*** dsneddon has quit IRC12:18
openstackgerritMaciej Józefczyk proposed openstack/networking-ovn master: Handle events in separate IDL  https://review.opendev.org/67326912:22
openstackgerritMaciej Józefczyk proposed openstack/networking-ovn master: Don't allow mixing IPv4/IPv6 configuration  https://review.opendev.org/67425512:22
openstackgerritMaciej Józefczyk proposed openstack/networking-ovn master: WIP Add missing unittests to OVN provider driver  https://review.opendev.org/67426112:22
openstackgerritBence Romsics proposed openstack/neutron-lib master: New api-def: extraroute-atomic  https://review.opendev.org/67084912:25
openstackgerritLucas Alvares Gomes proposed openstack/networking-ovn master: Add fragmentation support  https://review.opendev.org/67176612:26
*** ramishra has joined #openstack-neutron12:32
*** kevinz has joined #openstack-neutron12:34
*** keesm has quit IRC12:34
*** dsneddon has joined #openstack-neutron12:41
*** dsneddon has quit IRC12:45
openstackgerritBence Romsics proposed openstack/neutron master: New extension: extraroute-atomic  https://review.opendev.org/67085012:46
openstackgerritBence Romsics proposed openstack/neutron master: Implement extension: extraroute-atomic  https://review.opendev.org/67085112:47
*** yamamoto has joined #openstack-neutron12:49
*** kevinz has quit IRC12:55
*** yamamoto has quit IRC12:57
*** kevinz has joined #openstack-neutron12:57
*** henriqueof has joined #openstack-neutron12:58
*** nweinber has joined #openstack-neutron12:59
*** nweinber has quit IRC13:02
*** nweinber has joined #openstack-neutron13:02
*** ociuhandu has quit IRC13:03
*** ociuhandu has joined #openstack-neutron13:03
AJaegernetworking-odl team, we moved api-ref documents, could you update one link, please? here's a trival patch https://review.opendev.org/67359913:05
*** ociuhandu has quit IRC13:07
*** tbachman has quit IRC13:09
*** mriedem has joined #openstack-neutron13:10
*** ramishra has quit IRC13:10
*** panda has quit IRC13:14
*** panda has joined #openstack-neutron13:15
*** yamamoto has joined #openstack-neutron13:17
*** jamesdenton has joined #openstack-neutron13:21
*** jamesdenton has quit IRC13:22
tidwellrtbarron: you get anti-spoofing, the discussion was about taking that a step farther13:23
*** kevinz has quit IRC13:23
*** Conqueror has quit IRC13:24
*** kevinz has joined #openstack-neutron13:24
tbarrontidwellr: thanks, just wanted to make sure.  I guess I'm trying to get a sense of how vulnerable nfs-clients belonging to difft tenants would be to one another13:24
tbarrontidwellr: if they have the ebtables protection and appropriate neutron security policy disallowing ingress connections13:25
tidwellrtbarron: yeah, that's all there13:25
tbarrontidwellr: not against "another level" with pvlan at all, just educating myself13:25
*** kevinz has quit IRC13:25
tidwellrtbarron: when dealing with auditors and compliance, sometimes that's not isolated enough13:26
tbarrontidwellr: cool.  pvlan would provide protection even if the nfs clients didn't use appropriate security policies.13:26
tbarrontidwellr: ack w.r.t. auditors13:27
*** ociuhandu has joined #openstack-neutron13:27
*** BjoernT has joined #openstack-neutron13:28
tidwellrtbarron: on the flip side of that coin, if the concern is there don't expose a shared network to untrusted tenants13:28
*** jistr is now known as jistr|call13:29
tbarrontidwellr: eventually we want separate ganesha servers for each tenant, in which case we can attach them directly to tenant owned nets but13:30
tbarrontidwellr: today there is only one ganesha server, with one NFS interface13:30
tidwellrand the only way to expose it is through a provider network?13:30
tidwellryou'll have to forgive my ignorance around manila and ganesha13:31
tbarrontidwellr: well in our downstream implementation it's on its own data centre vlan13:31
tbarrontidwellr: could be flat, it's own isolated network13:31
tbarronits13:32
tidwellrcan tenants access it from behind a router, from their own network which is isolated by the overlay?13:32
tbarrontidwellr: we could have an unshared provider net and route it13:32
*** Conqueror has joined #openstack-neutron13:33
*** ivve has quit IRC13:33
tbarrontidwellr: then if we have one shared overlay network we have the same kind of issue there13:33
tbarrontidwellr: if we have one overlay network per tenatn13:33
tbarrontenant13:33
tbarrontidwellr: then I don't know how that can be a tenant-self-provisioned network and13:34
tbarrontidwellr: get the return routes to the tenant network set up automatically13:34
tidwellrBGP13:34
tidwellrneutron-dynamic-routing13:34
tidwellror floating IP's13:34
tbarrontidwellr: i've thought of floating IPs but want to avoid that13:35
tbarrontidwellr: would rather not NAT this and would rather have a solution that works the same way for IPv4 and IPv613:35
tidwellrneutron-dynamic-routing gets the job done, no NAT involved13:36
tidwellrbut it's not for everyone13:36
tbarrontidwellr: with BGP can I have a tenant-owned overlay network and tenant-owned router that attaches to the common provider net and13:36
*** jamesdenton has joined #openstack-neutron13:36
tidwellris ganesha being stood up on a neutron-managed network?13:37
tbarronthe tenant-owned router would announce the return routes without having similar trust issues?13:37
tbarronganesha is being stood up on a controller node with a pacemaker-corosync managed VIP for NFS service13:38
*** jistr|call is now known as jistr13:38
tbarronon a data centre network (typically a vlan)13:39
tbarronand we set up a neutron provider network mapped to that data centre network13:39
tbarrontidwellr: today it is shared so tenant vms can attach to it directly13:40
tbarrontidwellr: ganesha is just a daemon running on a controller node, not a process running in a VM or somehting like that13:42
*** ociuhandu has quit IRC13:43
tidwellrif you present it on something other than a neutron-managed network, it could actually be cleaner in the case where a tenant directly routes their floating IP's13:43
*** ociuhandu has joined #openstack-neutron13:44
tidwellrtraffic just goes out the external network, and at that point you just need to route it (which you're likely already doing)13:44
*** lbragstad has joined #openstack-neutron13:45
*** bnemec is now known as beekneemech13:45
tidwellrtbarron: the tenant can choose to use floating IP's for connectivity as well. Embedding the NFS endpoint on a provider network seems unnecessary, running it elsewhere allows you to put more controls in place without involving neutron13:46
*** zufar has joined #openstack-neutron13:47
zufarHi all, happy friday13:47
zufaranyone here know article or videos explain in deep and detail about networking neutron in OVN?13:47
*** david-lyle is now known as dklyle13:48
zufarsomething like this, https://www.youtube.com/watch?v=uKgMp5c6R-4 but this video using ovs as backend.13:48
*** ociuhandu has quit IRC13:49
tbarrontidwellr: ack, I need to review why we had a hard requirement to use a separate isolated network and keep the traffic from traversing the external network13:50
*** tbachman has joined #openstack-neutron13:53
*** spsurya has quit IRC13:54
*** mlavalle has joined #openstack-neutron13:55
*** ociuhandu has joined #openstack-neutron13:55
*** lbragstad has quit IRC13:58
*** gcheresh has joined #openstack-neutron14:03
*** lbragstad has joined #openstack-neutron14:04
*** lbragstad has quit IRC14:14
openstackgerritMerged openstack/neutron master: Clear skb mark on encapsulating packets  https://review.opendev.org/67505414:15
*** liuyulong has joined #openstack-neutron14:28
*** ociuhandu has quit IRC14:34
*** ociuhandu has joined #openstack-neutron14:35
*** gcheresh has quit IRC14:36
*** ivve has joined #openstack-neutron14:39
*** ociuhandu has quit IRC14:40
*** ociuhandu has joined #openstack-neutron14:41
*** dsneddon has joined #openstack-neutron14:42
*** ociuhandu has quit IRC14:42
*** ramishra has joined #openstack-neutron14:44
openstackgerritMaciej Józefczyk proposed openstack/networking-ovn master: Update OVN LB Algorithm to SOURCE_IP_PORT  https://review.opendev.org/66036914:46
*** yamamoto has quit IRC14:46
*** dsneddon has quit IRC14:46
*** ratailor has quit IRC14:47
*** yamamoto has joined #openstack-neutron14:48
*** yamamoto has quit IRC14:48
*** yamamoto has joined #openstack-neutron14:49
*** liuyulong_ has joined #openstack-neutron14:50
liuyulong_mlavalle, slaweq: https://review.opendev.org/#/c/658511/5/specs/train/l3-ips-metering.rst@66 I tested the TC filter without polices, it will NOT have statistic data.14:51
liuyulong_So we need a default rate/burst value for the TC filter when L3 agent fip_qos and gateway_ip_qos are not enabled. What do you think?14:51
*** yamamoto has quit IRC14:52
*** yamamoto has joined #openstack-neutron14:52
*** Conqueror has left #openstack-neutron14:55
slaweqliuyulong_: IMO, if it is needed, we may make it maybe discoverable by checking banwidth of all physical NICs in the node and set as this default limit highest value of them14:57
slaweqliuyulong_: what do You think about this?14:57
*** dklyle has quit IRC14:58
*** david-lyle has joined #openstack-neutron14:58
*** liuyulong has quit IRC14:59
mlavalleslaweq: ++14:59
liuyulong_slaweq: network nodes may be various. But it is achievable. So each node may have different bandwidth.15:01
slaweqliuyulong_: but that will only make that each router's port will have limit set as max as possible physical limit on the node where it is15:04
slaweqso in fact there will be no limit and You will have Your counters, right?15:04
liuyulong_Correct15:04
*** ramishra has quit IRC15:06
liuyulong_slaweq, mlavalle: I will upload the POC today.15:08
mlavalleliuyulong_: thanks!15:09
*** tbachman has quit IRC15:15
slaweqliuyulong_: thx15:15
*** david-lyle is now known as dklyle15:16
*** panda has quit IRC15:19
*** panda has joined #openstack-neutron15:20
*** yamamoto has quit IRC15:31
*** yamamoto has joined #openstack-neutron15:32
*** mjozefcz has quit IRC15:34
*** yamamoto has quit IRC15:37
henriqueofCan someone helps with a question I have?15:39
henriqueofI created a gateway port on the router that never switches to the active state, but if I create a router with another provider network gateway ip it does.15:40
henriqueofThe network that does not work is the same that my controller public IP is located, so there is a vlan tagged interface on the controller addressed to that IP.15:40
henriqueofCan this be the reason?15:41
*** tbachman has joined #openstack-neutron15:49
henriqueofMy l3 agent logs show: RouterNotCompatibleWithAgent: Router 'fddaa8c6-9483-4f8e-890f-bc9b6526c591' is not compatible with this agent.15:51
*** ccamposr has quit IRC15:53
*** ccamposr has joined #openstack-neutron15:54
*** ash2307 has joined #openstack-neutron15:55
*** ash2307 has left #openstack-neutron15:57
*** tssurya has quit IRC16:03
openstackgerritLIU Yulong proposed openstack/neutron master: L3 agent metering extension  https://review.opendev.org/67565416:04
*** dklyle has quit IRC16:06
*** atmark has quit IRC16:08
*** guimaluf has quit IRC16:09
AJaegermlavalle, slaweq, we moved api-ref documents, could you review updating one link, please? here's a trival patch https://review.opendev.org/67359916:11
*** lucasagomes has quit IRC16:12
mlavalleAJaeger: done. Thanks!16:14
*** henriqueof has quit IRC16:14
slaweqAJaeger: sorry, mlavalle was faster :)16:15
mlavalleLOL16:15
mlavalleyou can pile in if you want16:15
slaweqmlavalle: no, it's fine :)16:16
* mlavalle thinks the correct expression is "pile on"16:17
*** ash2307 has joined #openstack-neutron16:18
*** aedc has quit IRC16:20
*** davidsha has quit IRC16:26
*** dklyle has joined #openstack-neutron16:26
AJaegerthanks!16:27
*** mattw4 has joined #openstack-neutron16:28
openstackgerritMerged openstack/networking-odl master: Update api-ref location  https://review.opendev.org/67359916:34
*** rpittau is now known as rpittau|afk16:35
AJaegeryeah!16:36
*** AJaeger has left #openstack-neutron16:36
*** dklyle has quit IRC16:37
*** tidwellr has quit IRC16:37
*** dklyle has joined #openstack-neutron16:37
*** markvoelker has quit IRC16:41
*** dsneddon has joined #openstack-neutron16:42
*** markvoelker has joined #openstack-neutron16:44
*** ccamposr__ has joined #openstack-neutron16:46
*** irclogbot_3 has quit IRC16:47
*** dsneddon has quit IRC16:47
*** irclogbot_3 has joined #openstack-neutron16:48
*** irclogbot_3 has quit IRC16:49
*** ccamposr has quit IRC16:50
*** irclogbot_3 has joined #openstack-neutron16:50
*** tesseract has quit IRC17:00
*** dklyle has quit IRC17:07
*** jcosmao has left #openstack-neutron17:07
*** david-lyle has joined #openstack-neutron17:07
*** david-lyle has quit IRC17:10
*** david-lyle has joined #openstack-neutron17:10
*** dsneddon has joined #openstack-neutron17:13
*** igordc has joined #openstack-neutron17:17
*** betherly has joined #openstack-neutron17:22
*** ash2307 has left #openstack-neutron17:24
*** zufar has quit IRC17:27
*** betherly has quit IRC17:39
*** betherly has joined #openstack-neutron17:50
openstackgerritMerged openstack/networking-ovn master: Update port_status to ACTIVE during live-migration  https://review.opendev.org/67380317:51
gregworktbarron: hey tom17:56
gregworkjust reading up (greg from symcor)17:57
gregworkso i think the issue here is we dont want to assume the tenants/clients are doing the right thing from a security pov17:57
gregworkpvlan set by the cloud admin on the storage nfs network makes this pretty secure and layer 217:57
gregworkpvlan in general would make doing l2 shared services pretty nice17:59
*** betherly has quit IRC18:03
*** betherly has joined #openstack-neutron18:15
*** betherly has quit IRC18:23
gregworkcisco has a really nice overview of the utility of pvlan: https://www.cisco.com/c/dam/en/us/td/i/100001-200000/180001-190000/182001-183000/182773.eps/_jcr_content/renditions/182773.jpg18:26
gregworkso the ganesha port would be in promisc mode18:26
gregworkall client ports would be in isolated mode18:26
gregworkthere are a lot of interesting applications for this capability in neutron i think18:27
*** yamamoto has joined #openstack-neutron18:29
*** yamamoto has quit IRC18:34
tbarrongregwork:hi greg was afk but am now reading your cisco pvlan link18:36
gregworkhttps://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/layer2/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Layer_2_Switching_Configuration_Guide/b_Cisco_Nexus_9000_Series_NX-OS_Layer_2_Switching_Configuration_Guide_chapter_0101.html#con_134415518:37
tbarrongregwork: looking at, rather :)18:37
gregworki mean thats the actual writeup18:37
gregworkthey have a blurb on how it works but that picture is a thousand words18:37
tbarrongregwork: yup, i like it18:37
gregworki feel that a significant amount of network complexity for segmentation could be reduced by neutron adding pvlan capability18:38
gregworkseems like a big enough deal to almost deserve its own spot as a subset of security groups18:38
gregworkonly for layer 218:38
gregworkaka18:41
gregworkhttp://www.reactiongifs.com/r/mgc.gif18:41
tbarrongregwork: and until you get this magic you'd need clients to attach to regular overlay networks that are routed to the StorageNFS network?18:43
gregworkwell so the way we built our cloud we used the rh doc method we piloted with you a year ago, so storageNFS is a dc vlan18:44
gregworkmaybe it should be something else today, but regardless of that18:45
gregworkgiven two tenants, both have to plug in a dedicated nic on that vlan to access ganesha18:45
*** brault has joined #openstack-neutron18:45
gregworknon existant or badly configured security groups on those instance tenants == exposure18:45
gregworkcant trust tenants to do the right thing18:45
tbarrongregwork: ack18:45
gregworkpvlan lets me deploy ganesha and the clients are isolated from each other18:47
gregworkthey can only see their destination18:47
tbarrongregwork: we document what they should do here but I take the point anyways: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html/storage_guide/ch-shares18:47
tbarrongregwork: got it, but I've been thinking about routed solutions as well since we need those for spine-leaf topologies18:48
tbarrongregwork: there we can't extend the vlan (even pvlan) to all leaves18:49
*** brault has quit IRC18:49
gregworkthats definitely another use case, but the folks that want to offer fast layer 2 securely is a good one18:50
tbarrongregwork: yeah, I'm not arguing against neutron supporting pvlan if that can happen :)18:50
openstackgerritRyan Tidwell proposed openstack/neutron-tempest-plugin master: Move neutron-dynamic-routing BGP tests from stadium  https://review.opendev.org/65209919:00
*** betherly has joined #openstack-neutron19:25
*** betherly has quit IRC19:34
*** BjoernT has quit IRC19:44
*** ralonsoh has quit IRC19:57
openstackgerritRyan Tidwell proposed openstack/neutron-tempest-plugin master: Move neutron-dynamic-routing BGP tests from stadium  https://review.opendev.org/65209920:09
*** whoami-rajat has quit IRC20:12
*** betherly has joined #openstack-neutron20:17
*** betherly has quit IRC20:27
*** betherly has joined #openstack-neutron20:36
*** nweinber has quit IRC20:37
*** dsneddon has quit IRC20:42
*** ccamposr__ has quit IRC20:43
*** ccamposr__ has joined #openstack-neutron20:43
*** ccamposr__ has quit IRC20:46
*** ccamposr__ has joined #openstack-neutron20:46
*** ijw has joined #openstack-neutron20:48
*** mjozefcz has joined #openstack-neutron20:52
*** betherly has quit IRC20:53
openstackgerritBrian Haley proposed openstack/neutron-specs master: [WIP] Toward Convergence of ML2+OVS+DVR and OVN  https://review.opendev.org/65841420:55
TheJuliaGreetings Neutron folks, We're seeing a weird falure with networking-baremetal that may seem to trace back to neturon/tests/base.py. https://logs.opendev.org/98/673598/1/check/openstack-tox-py27/9d72845/testr_results.html.gz  which makes me think that the ml2 mech interface has changed subtly. Is anyone aware of any sort of change?20:57
*** mjozefcz has quit IRC20:57
TheJulialooks like its a recent change... in the behavior21:00
*** igordc has quit IRC21:01
*** markvoelker has quit IRC21:01
*** armax has quit IRC21:01
*** shachar has quit IRC21:01
*** shachar has joined #openstack-neutron21:01
*** armax has joined #openstack-neutron21:01
TheJuliaand without a release... we can't run unit tests downstream, and ugh21:03
gregworktbarron: is there a proper way to request features like pvlan? should we just go bug redhat or is there a more vendor agnostic way21:03
gregworkTheJulia: hello :)21:04
tbarrongregwork: when I was a customer I always did a earth-land-sea attack :)21:04
tbarrongregwork: that is, I'd propose the idea upstream, perhaps on neutron meeting agenda -- others in this channel can advise better21:05
tbarrongregwork: and then there's the matter of getting resources aligned to work on YourCoolIdea21:06
gregworkwhere is the place to make such an upstream proposal ?21:06
tbarrongregwork: so working the account people etc. whom you pay money to always helps21:06
tbarrongregwork: i can answer for manila but not for neutron21:07
gregworkor is this raiding the neutron PTG meeting at summit and providing beer21:07
gregwork:P21:07
TheJuliabeer ++21:07
tbarrongregwork: if you do that pls invite me21:07
gregworkhaha21:07
TheJuliagregwork: you may have just committed to something....21:07
TheJulia;)21:07
tbarrongregwork: but yes, if you are coming to Shanghai go to neutron forums and PTG21:07
tbarrongregwork: and I will join you even w/o beer21:08
gregworki wish i could get the shanghai trip approved :/21:08
gregworkive already done my openstack summit trip this year  at denver21:08
gregworkare they keeping the name open infra21:09
gregworkor going back to openstack21:09
tbarrongregwork: open infra21:09
* tbarron is talking a lot in this channel and he's not really a neutron guy, color me apologetic but brash21:10
*** slaweq has quit IRC21:10
TheJuliathe flight to PVG was surprisingly inexpensive....21:10
*** markvoelker has joined #openstack-neutron21:11
tbarronTheJulia: yeah, it's a good deal but a bit knee-cramped21:11
tbarronTheJulia: reportedly even hotels are reasonable21:11
TheJuliaAs long as I can get to the restroom I'll be happy21:13
*** dsneddon has joined #openstack-neutron21:13
haleybTheJulia: https://review.opendev.org/#/c/645645/ is most likely the culprit - there are now default vif details21:13
TheJuliahaleyb: thanks, I just found that about a minute ago and shipped a patch into networking-baremetal to rip the validation of it out since we don't use it and it seems senseless to not just let that pass-through21:14
haleybTheJulia: you might want to add Rodolfo (ralansoh) so he knows he broke something, although he's on pto...21:15
TheJuliahaleyb: thanks!21:16
openstackgerritBrian Haley proposed openstack/networking-ovn master: Start enforcing E125 flake8 directive  https://review.opendev.org/67570221:20
*** markvoelker has quit IRC21:21
*** slaweq has joined #openstack-neutron21:26
*** betherly has joined #openstack-neutron21:31
*** slaweq has quit IRC21:32
*** dsneddon has quit IRC21:47
*** betherly has quit IRC21:48
*** dsneddon has joined #openstack-neutron21:50
*** slaweq has joined #openstack-neutron21:51
*** slaweq has quit IRC21:56
*** dsneddon has quit IRC22:10
*** betherly has joined #openstack-neutron22:11
*** betherly has quit IRC22:15
*** mriedem has quit IRC22:17
*** betherly has joined #openstack-neutron22:22
*** markvoelker has joined #openstack-neutron22:23
*** betherly has quit IRC22:27
*** markvoelker has quit IRC22:28
*** panda has quit IRC22:30
*** panda has joined #openstack-neutron22:32
*** weifan has joined #openstack-neutron23:19
*** weifan has quit IRC23:22
*** mattw4 has quit IRC23:46
« Thursday, 2019-08-08 Index Saturday, 2019-08-10 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!