15:02:58 <tmorin> #startmeeting bgpvpn 15:02:59 <openstack> Meeting started Tue Apr 11 15:02:58 2017 UTC and is due to finish in 60 minutes. The chair is tmorin. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:03:00 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:03:02 <openstack> The meeting name has been set to 'bgpvpn' 15:03:11 <pcarver> hi 15:03:18 <tmorin> hi pcarver! 15:03:35 <tmorin> I don't know who else might join this week 15:04:21 <tmorin> hi doude, timirnich, around for bgpvpn irc weekly meeting perhaps ? 15:07:36 <tmorin> pcarver, it seems its only the two of us 15:07:42 <pcarver> looks like it 15:07:52 <tmorin> I think matrohon is off this week 15:08:05 <pcarver> I pushed a new PS for the API def but we need someone else to review 15:08:30 <tmorin> yep, I'll ask matrohon to have a look (next week I guess) 15:09:26 <pcarver> If we don't have any other topics, I'd like to talk about multiple backend support 15:09:47 <tmorin> good topic 15:10:00 <pcarver> I had some discussions around Gluon/Proton last week and have been doing compare/contrast with the existing Neutron stadium projects 15:10:23 <tmorin> and I have another one worth discussing together I think: how to push people working on SDN controller to review the blueprint we have in the pipe... 15:10:26 <pcarver> One of the design criteria of Gluon/Proton is simultaneous support of multiple interoperable backends 15:10:43 <pcarver> e.g. for migration/upgrade scenarios or possibly other reasons 15:11:35 <tmorin> pcarver: yes, we are also concerned about what can help migrate from one solution to another 15:11:39 <pcarver> ML2 definitely supports hierarchical port binding, but I'm not sure how much other cases of multiple simultaneous controllers have been thought about 15:12:16 <tmorin> pcarver: even without the "hierarchy" part, ML2 supports having multiple driver active at the same time 15:12:34 <tmorin> I'm, like you, unsure if there are other places 15:12:45 <tmorin> we have a blueprint to track this in BGPVPN 15:12:49 <pcarver> The Gluon demo from last year's OPNFV involved the multiple controllers peering with each other via BGP so that VMs could be created on the same network despite being managed by different controllers 15:13:12 <tmorin> https://blueprints.launchpad.net/bgpvpn/+spec/allow-multiple-drivers 15:13:58 <pcarver> Ok, that's good. Looking at it now. 15:14:15 <tmorin> I'm not sure it is the right starting point TBH 15:14:38 <pcarver> Gluon has had some architectural revision. At first, the idea was that the port would be used to look up *the* SDN controller. 15:14:51 <pcarver> But that doesn't support the equivalent of HPB 15:15:00 <tmorin> ah, we in fact have a bug for multiple driver support: https://bugs.launchpad.net/bgpvpn/+bug/1485515 15:15:01 <openstack> Launchpad bug 1485515 in networking-bgpvpn "multiple service drivers can't coexist" [Wishlist,Confirmed] 15:15:06 <pcarver> As I understand it, that has changed in the more recent architecture 15:16:05 <tmorin> this bug possibly ain't not related to what you have in mind either 15:16:16 <pcarver> I'm reading it now 15:17:22 <bobmel> hi tmorin, pcarver: Sorry for my absense for a few meetings 15:17:32 <pcarver> If Contrail specifically proves challenging, we might look at running two ODLs side by side (perhaps different versions to simulate an upgrade scenario?) and look at what challenges that might have. 15:17:42 <tmorin> hi bobmel 15:17:50 <tmorin> np, you're welcome 15:17:59 <bobmel> I see you disucss multiple backend drivers 15:18:02 <tmorin> yep 15:18:30 <tmorin> pcarver: for BGPVPN, what about using the following very simple idead as a starting point: 15:19:09 <tmorin> having the bgppvn service framework allow multiple simultaneously active driver, and passing all information from API calls to all of them 15:19:57 <pcarver> Yes, I think that's basically what ML2 does. 15:20:15 <tmorin> each backend would then take care of the processing for the related Neutron ports which are under its control 15:20:22 <pcarver> Call all drivers and let the drivers determine if they can/should handle the event 15:20:47 <tmorin> pcarver: well, not exactly, ML2 loops on all drivers, and one (only one) of them will be the binding driver 15:21:27 <pcarver> Are you sure about that? In the HPB case I'm pretty sure it can be multiple. 15:22:03 <pcarver> There was a demo at the Vancouver summit by folks from Cumulus and I discussed the demo with Sukdev Kapur who told me that Arista had implmented the same thing. 15:22:20 <tmorin> yes, but I'm trying to see if for BGPVPN, if just 'calling all drivers' without the "determine if they can/should handle the event" 15:22:23 <pcarver> If I remember correctly it was for VLAN 15:22:43 <tmorin> yes, sorry, with HPB probably multiple 15:23:01 <pcarver> For certain BGPVPN events we would want to call multiple. 15:23:01 <tmorin> but without hierarchy only one I think 15:23:37 <tmorin> in fact, I don't see for which call we would *not* want to call all the drivers 15:23:56 <pcarver> Yes, actually I was just thinking that 15:24:52 <bobmel> For ml2 HPB, I think the binding continues until on of the driver signals that the binding is complete 15:25:14 <tmorin> bobmel: ok 15:26:21 <tmorin> I think we can start a proposal aroung the simple "always-call-all-driver" scheme 15:26:22 <bobmel> So for example the ToR driver can do it is part of the binding, then the vswitch on the host etc 15:26:36 <pcarver> An example use case would be creating a network that spans across multiple SDN controllers, using the route target to let the controllers know to exchange routes. Then ports bound to one controller could reach ports bound to a different controller. 15:27:08 <pcarver> This would be similar to the Gluon demo from last year. 15:27:20 <tmorin> bobmel: to handle transitioning or upgrade, for BGPVPN, I don't think we will need this kind of complex cooperation between driver 15:27:42 <pcarver> They established BGP peering between multiple controllers. That allowed VMs handled by one controller to reach VMs handled by a different controller. 15:29:08 <tmorin> pcarver: yes, this can already be achieved between 2-Openstacks with one L2 BGPVPN, we would just allow this to happen without requiring having a different Openstack for each SDN controller 15:31:07 <tmorin> the part that we still do not cover with this, but this is not specific to BGPVPN (and it's perhaps fair to keep it out of scope) is: how can the newly added controller know about things that were created/done before its driver was added 15:31:47 <pcarver> That's a good question 15:32:29 <tmorin> and I still don't have the whole picture / I'm not sure we can do something meaningful in BGPVPN alone without knowing what will happen for ports, networks and routers 15:32:47 <pcarver> Yes, I was thinking that as well. 15:33:02 <tmorin> we can make the assumption that ML2 is used (although we have to exclude Contrail...) 15:33:18 <pcarver> With HPB I would think ports may be at least somewhat covered, but networks and routers might need attention 15:33:40 <pcarver> There's an ML2 driver for Contrail, although not endorsed by Juniper 15:35:31 <tmorin> ok, could be an option 15:38:10 <tmorin> so we would have: on a given Neutron network, new ports gets created on new backend (whatever is given priority by ML2 framework), they don't have connectivity to the ports that were created before via this backend base L2 functionaly, but if this network is associated to BGPVPN type l2, then both the new and the old backend will do whatever is needed and the 'new' ports will get connectivity to the 'old' ones 15:38:22 <tmorin> is this the kind of idea you had pcarver ? 15:39:13 <pcarver> tmorin: maybe. I may need to think about this more. 15:40:13 <pcarver> I hadn't thought too carefully about the time aspect. 15:40:31 <pcarver> With backends being added or removed to a longer lived Neutron. 15:40:54 <pcarver> I'll discuss this with the Gluon team as well to see if anyone has thought about how that would work. 15:43:09 <tmorin> another possible thing would be to see if HPB would make sense: at the top of the hierarchy we would have a bgpvpn mech_driver talking with the bgpvpn service plugin, allocating an l2 bgpvpn for a network (new bgpvpnl2 type driver), and down the hierarchy, the ML2 drivers of each backend would do the rest of the work to connect the l2 bgpvpn to whatever they use internally to manage L2 ... that's probably harder to achi 15:43:09 <tmorin> eve than what it sounds ... 15:43:45 <tmorin> to add a backend, you possibly need to replay old information to it, or have it sync back to neutron 15:44:12 <tmorin> to remove one, this is easier, you simply need to make sure first that its not handling any port anymore 15:45:57 <tmorin> what I would tend to conclude from this discussion: we can add to n8g-bgpvpn an ability to support multiple dirver simultaneously with an "always-call-all-drivers" behavior ; it seems it may help find interesting transition scenariis, but we aren't totally sure 15:46:43 <pcarver> I agree. That's a good place to start and see what works and what doesn't. 15:47:08 <tmorin> the behavior is not too complex to implement, except one thing: error handling (what to do when one driver raises an error and the others do not ?) 15:47:34 <pcarver> I see potential convergence between Gluon and Neutron but we need to explore the boundaries to see if there are places that are clearly distinct. 15:47:45 <tmorin> but we could still start with something simple like: fail if any of the driver fail 15:47:50 <tmorin> *fail_s_* 15:48:13 <tmorin> ok 15:48:26 <tmorin> let's keep the ideas flowing and revisit the topic soonish 15:48:30 <pcarver> tmorin: Error handling is something that HPB and Gluon/Proton have to handle too, so I'll explore what the current status is. 15:48:43 <tmorin> pcarver: yes, good idea 15:50:17 <tmorin> the other thing I wanted to briefly discuss is: 15:51:05 <tmorin> we need feedback/participation on the blueprint we have in the pipe for: port associations (think hub'n'spoke) and fine grained control of routing (static routes, local_pref and community control) 15:51:42 <tmorin> pcarver, bobmel: reviews welcome ! 15:52:00 <tmorin> pcarver, bobmel: and if you can pass the word to people you know who are working on SDN controllers BGPVPN backend, that will help as well! 15:52:56 <pcarver> tmorin: will do. Got kind of swamped, especially with going to ONS last week, but trying to dig myself out. 15:53:33 <tmorin> :) 15:53:36 <tmorin> I understand 15:54:02 <tmorin> I'm unlucky to be so far from the US I can't travel everywhere, but this gives time for other things as well :) 15:54:04 <pcarver> tmorin: I'm looking for the reviews 15:54:11 <pcarver> Are they open on Gerrit? 15:54:29 <tmorin> nope 15:54:35 <tmorin> launchpad blueprints 15:54:49 <pcarver> oh, ok. I'll take a look at Launchpad 15:54:55 <tmorin> https://blueprints.launchpad.net/bgpvpn/+spec/port-routes 15:55:06 <tmorin> https://blueprints.launchpad.net/bgpvpn/+spec/port-association 15:55:36 <tmorin> this one is not cleanup yet 15:55:51 <tmorin> the discuss on local_pref and communities control does not have its own blueprint, but https://etherpad.openstack.org/p/bgpvpn_advanced_features has lots of things 15:56:00 <tmorin> I need to sort all of this a little better 15:57:43 <tmorin> ok... 15:57:47 <tmorin> done for today ? 15:57:53 <tmorin> thanks pcarver, bobmel... 15:58:26 <tmorin> I'll be off next week, but you can still come, matrohon will possibly chair 15:58:37 <pcarver> sounds good. bye. 15:58:44 <tmorin> bye/// 15:58:46 <tmorin> #endmeeting