04:00:03 <njohnston> #startmeeting fwaas
04:00:03 <openstack> Meeting started Wed Jul 13 04:00:03 2016 UTC and is due to finish in 60 minutes.  The chair is njohnston. Information about MeetBot at http://wiki.debian.org/MeetBot.
04:00:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
04:00:06 <openstack> The meeting name has been set to 'fwaas'
04:00:12 <chandanc_> hello all
04:00:15 <njohnston> #chair xgerman SridarK
04:00:16 <openstack> Warning: Nick not in channel: SridarK
04:00:17 <openstack> Current chairs: SridarK njohnston xgerman
04:00:36 <xgerman> O/
04:00:48 <mickeys> Hi
04:00:53 <SridarK> Hi All
04:00:53 <njohnston> Hello, everyone!  I apologize for missing the last meeting, I was at a family gathering.  Thanks xgerman for chairing!
04:01:03 <padkrish> hi all
04:01:05 <xgerman> Y.w.
04:01:27 <njohnston> Hello, SridarK!  Welcome back.
04:01:36 <SridarK> njohnston: can u pls run the mtg - still travelling
04:01:43 <njohnston> SridarK: Of course
04:01:46 <SridarK> njohnston: not sure on connectivity
04:01:48 <njohnston> #topic announcements
04:02:02 <njohnston> Tomorrow, 7/14, is the date for N-2
04:02:18 <xgerman> +1
04:02:38 <njohnston> armax said in the last Neutron team meeting that end of August was the practical cutoff for anything that needs to into g-r, like any client commands or neutron-lib
04:02:52 <njohnston> I don't think that affects us too badly though... hopefully.
04:02:59 <SridarK> some actions on vendor stuff - i will follow up on that, for cisco - i am working with some folks and will take care of it
04:03:13 <SridarK> for varmor - will sync with s3wong
04:03:21 <njohnston> Excellent.  I saw one vendor already moved their stuff out.
04:03:40 <SridarK> njohnston: +1 on the Aug cut off
04:03:55 <njohnston> #topic FWaaS v2
04:04:10 <njohnston> Let
04:04:23 <njohnston> Let's start with Paddu, you sent out a few emails.
04:04:30 <njohnston> padkrish
04:05:12 <padkrish> njohnston# yes, to summarize, i was asking if we can combine the versioned object patch with the infra changes like queue
04:05:45 <padkrish> sorry, like notification driver manager, notification queue etc like what's there for QoS
04:06:12 <SridarK> padkrish: also is the plan that there is a good common chunk across L2 and L3 ?
04:06:37 <njohnston> padkrish: Is it going well?  Do you feel close to having a change you can put into gerrit?
04:06:43 <padkrish> this portion should be common, what from whatever i can see...others can correct me...
04:06:53 <padkrish> i will try to put a WIP by this week
04:07:12 <padkrish> still unit test code is not there yet
04:07:19 <njohnston> padkrish: Thanks, I look forward to seeing it
04:07:22 <SridarK> padkrish: there could be some differences based on L2 or L3 port differences
04:07:42 <njohnston> padkrish: Don't wait on getting unit tests done, put it up there and perhaps we can help with unit tests
04:07:44 <padkrish> njohnston# sure, me too ;)
04:07:52 <SridarK> padkrish: if it is easier - u can also commonize as a refactor
04:08:00 <padkrish> njohnston# absolutely, thats the plan
04:08:02 <SridarK> as the next step
04:08:30 <njohnston> ok, good.
04:08:42 <padkrish> SridarK# sure, it certainly needs to be refactored...since i don't believe we need separate notif mgrs/queues for QoS and FWaaS
04:08:53 <SridarK> padkrish: ok
04:09:02 <njohnston> SarathMekala and chandanc_: How is your work going?
04:09:03 <padkrish> but, i need to think through this a bit more...may be as a first step, let's have it separate to get the functionality in?
04:09:25 <SridarK> padkrish: i think that is reasonable
04:10:15 <yushiro> padkrish, would you please sync with me after discussion?  Maybe I think its affect to my WIP.
04:10:16 <SarathMekala> We hit some issues where SG and FW were clobbering the ACCEPT rules of each other
04:10:17 <chandanc_> njohnston: we are at the second patch for the iptables manager.
04:10:30 <padkrish> yushiro# sure...
04:10:40 <njohnston> chandanc_: I see https://review.openstack.org/#/c/333338/ doesn't look like it's had anything happen in July... anything we can do to help?
04:10:44 <yushiro> padkrish, Thanks.
04:10:57 <SarathMekala> and a new solution which solves both the clobbering and ordering issues was arrived at
04:11:03 <SarathMekala> the same has been updated in the doc
04:11:07 <SridarK> SarathMekala: that is good
04:11:14 <njohnston> SarathMekala: Excellent!
04:12:09 <mickeys> The mechanism in the doc looks like it will work, so you have all the ideas that you need to make it work. I don't think the actual organization of the chains is nailed down yet.
04:12:19 <mickeys> Did you have code changes around the last idea?
04:12:28 <chandanc_> I have one comments from Sarath, do you have any review comments ? any enhancement ?
04:12:50 <mickeys> I replied by email directly.
04:13:05 <SarathMekala> we will work on the idea this week.. and post a WIP review
04:13:31 <mickeys> Regarding the chains themselves, the jump from FORWARD to neutron-openvswi-FORWARD happens in IptablesManager. I don't think you can change that. You have to work with it or around it.
04:14:45 <njohnston> Next, yushiro please tell us how your WIP is going?
04:15:20 <SarathMekala> thanks Mickey... will check it out today
04:15:34 <yushiro> njohnston, yes, currently, my patch is slow progress(sorry...) Yesterday, I've just updated my patch for reflecting chandanc_ and SarathMekala's comment.
04:17:14 <njohnston> I haven't seen shwetaap recently, I will probably ping her change to see how it's going
04:17:41 <njohnston> SridarK: I know you're travelling, any thoughts on your end-to-end testing?
04:17:41 <SridarK> njohnston: i think she had made some progress b4 i left on PTO
04:18:05 <SridarK> njohnston: yes i have some changes to the db patch - was trying to get this to a logical point and push some code up
04:18:22 <SridarK> i am trying to create a firewall - group
04:18:38 <SridarK> but last week things have been tough for me to get something done
04:18:56 <SridarK> i will target to find some time this week to get that taken care off
04:19:02 <SridarK> and i am back home on Tue
04:19:19 <SridarK> next week
04:19:49 <njohnston> SridarK: OK.  Please let us know if there is any part of it that we can handle while you're out.
04:20:15 <njohnston> or that you could transition to us, to keep the velocity going
04:20:20 <SridarK> njohnston: on the db patch once i push a skeleton up for Create - u will have some work
04:20:33 <SridarK> njohnston: will do
04:20:48 <njohnston> SridarK: Sounds good - push to the db change as soon as you feel comfortable.
04:20:57 <SridarK> njohnston: ok thx
04:21:03 <njohnston> OK, did I miss anyone?
04:22:03 <njohnston> OK, moving on then.
04:22:10 <njohnston> #topic L3 aget extension
04:22:41 <njohnston> The first patch, to make the l2 agent extension framework generic, looks like it is close: https://review.openstack.org/329701
04:23:00 <njohnston> ajo and ihrachys both said nice things about it
04:23:08 <SridarK> njohnston: great
04:23:09 <yushiro> njohnston, awesome!
04:23:50 <SridarK> njohnston: on the L3 agent - just before the long week - had a call with padkrish and mfranc213_ - to go over fwaas L3 things
04:24:04 <SridarK> njohnston: i think i have answered all open questions on that front
04:24:21 <njohnston> SridarK: Yes, I believe you have, and mfranc213_ and I have been working since then :-)
04:24:38 <njohnston> it was very helpful, mfranc213_ told me
04:24:50 <SridarK> njohnston: great - let me know if there are any missing pieces and we can talk
04:24:55 <njohnston> But that change doesn't change much code, it just rearranges code that is there.  I have filed the second patch in the sequence, https://review.openstack.org/339246/ "Implement L3 Agent Extension Manager", to add the new code
04:25:18 <SridarK> njohnston: i believe so too -
04:25:42 <SridarK> njohnston: i will look at this change set
04:26:07 <yushiro> njohnston, If your patch(https://review.openstack.org/#/c/339246) will be merged,  l3 agent extension is also necessary at FWaaS side, isn't it?
04:26:40 <njohnston> yushiro: Yes; this is just the code on the agent side, the last part is the code on the FWaaS side to plug in to the agent's extension capability
04:26:57 <njohnston> yushiro: Am I recalling correctly that you were working on that?
04:27:49 <yushiro> njohnston, Yes. I'm trying to push L3 agent side patch.  But I'm not sure about other resources dependency.
04:28:14 <njohnston> yushiro: Just push your patch, and then let's work on resolving the dependencies together. :-)
04:29:15 <yushiro> njohnston, Sure:)  I'll push ASAP.  However, I'd like to sync some works with you and padkrish.  Would you have some time to discuss after this IRC meeting?
04:29:40 <njohnston> yushiro: sure, I'll be awake for a little while :-)
04:29:45 <padkrish> yushiro# sure
04:30:26 <njohnston> ok
04:30:33 <njohnston> #topic client
04:31:12 <njohnston> Given that the client libraries close earlier than the others, I wanted to checkpoint and see for FWaaS v2 if we have a need to get client commands in place
04:31:25 <njohnston> Because if so we need to start putting effort into that very soon
04:31:28 <SridarK> njohnston: we will need to
04:31:43 <SridarK> njohnston: as our resource definitions have changed
04:32:04 <njohnston> OK; I know that the change to make poython-neutronclient a plugin for openstack client either just merged or is about to
04:32:19 <njohnston> so we should get that change going in python-neutronclient soon
04:32:43 <SridarK> njohnston: are we allowed to make client changes before we have the backend in place ?
04:33:36 <njohnston> SridarK: We should be working on it in tandem, so the client change is ready.  I can tell you from experience, that no matter the state of the back-end, if we hit the early library freeze date and the client stuff is not merged, then the feature won't get into Newton, full-stop
04:34:04 <SridarK> njohnston: that i agree completely
04:34:50 <SridarK> but now should the library freeze date be the date for us to make sure we have some parts of the backend in place
04:35:36 <SridarK> if we are allowed to have the client pieces in with some stubs or no backend then that can proceed to completion
04:35:38 <njohnston> yes, it should be the target date for at least a basic end-to-end so the CLI has something to use
04:35:52 <SridarK> njohnston: ok
04:35:56 <njohnston> So SridarK knows what changes need to happen at the CLI level, does anyone else have that knowledge so we can start working on this?
04:36:06 * njohnston respects Sridar's PTO
04:36:44 <SridarK> njohnston: essentially the spec should outline this
04:37:13 <SridarK> njohnston: but some with some CLI experience can help us push things faster so we know how to plug in to the basic structure
04:37:38 <SridarK> *someone with CLI experience ^^
04:38:15 <njohnston> I have a little, I can jump in and at least start roughing it in in a few days unless someone jumps in before me
04:39:01 <SridarK> maybe if a few of us get together to figure this out and then whoever has bandwidth can jump in
04:39:22 <SridarK> i am open to spending half a day with anyone next week after i am back
04:39:32 <SridarK> to get a feel for the basic structure
04:39:58 <njohnston> Sounds good.  Whoever wants to, drop your name on the "client" section of the agenda: https://etherpad.openstack.org/p/fwaas-meeting
04:40:07 <njohnston> and we'll figure out a time that works for all
04:40:11 <SridarK> njohnston: i can help u if someone is not picking this up this week
04:40:14 <SridarK> njohnston: perfect
04:40:15 <yushiro> njohnston, SridarK I'd like to help it.  Please let me call.
04:40:22 <SarathMekala> If we can make some progress on the driver area .. I can chip in a bit..
04:40:50 <SridarK> ok perfect
04:40:54 <njohnston> Excellent, I love the interest! :-)
04:41:25 <njohnston> OK, we will talk about it again next meeting, since you will have just returned, yes?
04:41:31 <njohnston> ^ SridarK
04:41:33 <SridarK> njohnston: yes
04:41:53 <SridarK> i get back on next Tue afternoon
04:42:03 <njohnston> #topic Open Discussion
04:42:29 <njohnston> Schedule reminders: yushiro will be out for the 7/20 meeting, and I will be out for the 7/27 meeting
04:42:45 <SridarK> njohnston: thx
04:42:53 <chandanc_> i will be out next week
04:42:55 <yushiro> njohnston, Thanks.
04:43:05 <SridarK> shall we talk abt the virtual coding sprint
04:43:17 <mickeys> You all might want to check out https://bugs.launchpad.net/neutron/+bug/1577488
04:43:17 <openstack> Launchpad bug 1577488 in neutron "[RFE]"Fast exit" for compute node egress flows when using DVR" [Wishlist,Triaged]
04:43:45 <mickeys> The way the discussion was going at the end, late May, early June, they are leaning towards moving away from symmetric routing of the gateway port in DVR.
04:44:01 <mickeys> That means even the gateway router port will not work for FWaaS (v1 or v2) with DVR
04:44:10 <mickeys> East/west router ports have long been a lost cause
04:44:19 <mickeys> VIF ports will always work with DVR
04:44:45 <SridarK> mickeys: thx hmm that will be a problem
04:45:31 <SridarK> although right now v1 does not use the gw port - uses all the internal router ports
04:45:39 <njohnston> mickeys: Thanks, that is good to track
04:45:47 <mickeys> For DVR? I thought it was only the gateway port?
04:45:54 <SridarK> but that could be a problem as well
04:46:15 <SridarK> v1 puts the rules on qr*
04:46:26 <SridarK> of the specified router
04:46:45 <mickeys> Internal router ports are asymmetric, conntrack would only see one direction of traffic
04:47:19 <yushiro> mickeys, correct.
04:47:27 <SridarK> on E - W
04:47:30 <njohnston> Yeah, tough to tell between an established connection and a maliciously spoofed established connection when you only see one side of the conversation
04:47:35 <mickeys> I thought you changed v1 so that it is internal router ports for centralized, but gateway port for DVR?
04:48:05 <SridarK> no we did not use gw ports because of pre NAT post NAT specification of ip
04:48:12 <SridarK> there was some talk on that
04:48:17 <mickeys> FIP?
04:48:22 <SridarK> yes
04:48:40 <mickeys> With fast exit, you won't have symmetry across FIP either
04:48:44 <SridarK> so the change was to target only the ns on the network node
04:49:03 <SridarK> mickeys: yes will need to look more into this - thx for ptr
04:50:03 <njohnston> ok, so back to the topic of the virtual sprint
04:50:11 <SridarK> yes
04:50:24 <njohnston> I know we talked about a possible time period for it, but I don't recall when that was
04:50:38 <SridarK> i think a 2 or 3 1/2 day type thing could work well
04:50:49 <njohnston> agreed
04:50:57 <SridarK> we can have a couple of them over the next weeks
04:51:23 <SridarK> njohnston: i think u are out week of 7/25 ?
04:51:44 <SridarK> i think chandanc_ is out week of 7/18 ?
04:51:47 <njohnston> how soon do you think we can start?  Is like 7/21 to 7/22 too early, if we're going to try for more than one?
04:52:10 <chandanc_> yes sridark
04:52:15 <SridarK> i was initially thinking 7/21, 7/22
04:52:23 <njohnston> Yes, I am out the entire weel of 7/25 to 7/29.  But if you can make progress without me please don't let me stop you! :-)
04:52:32 <njohnston> s/weel/week/g
04:52:36 <SridarK> before njohnston heads out on PTO
04:53:02 <njohnston> How does everyone feel about that?  Who would be interested in attending?
04:53:05 <SridarK> may be we can keep that, at least to shake up things on the db, plugin agent
04:53:20 <SridarK> so it is ok if chandanc_ is out
04:54:04 <njohnston> I'll put up an etherpad for it, and send it out on email, so people can put their names on if they are interested
04:54:14 <SridarK> I am up for this for sure, with njohnston mfranc213_ padkrish yushiro and shwetaap
04:54:16 <padkrish> njohnston# +1
04:54:18 <njohnston> and we can outline what we want to get accomplished there as well
04:54:23 <SridarK> we could move things
04:54:40 <yushiro> +1
04:54:43 <SridarK> then on the follwing sprint we can work thru the driver pieces
04:55:12 <njohnston> #action njohnston to put up an etherpad for 7/21-22 virtual sprint, and send it out on email, so people can put their names on if they are interested
04:55:30 <SridarK> it does not have to be too formal - just a block of time - where we all can focus and be available to each other for questions
04:55:53 <SridarK> njohnston: +1
04:56:27 <njohnston> Excellent!  Well, we have 3.5 minutes left, does anyone have anything else?
04:56:55 <padkrish> very fundamental :), do we have a NoOP driver, if not do we require one?
04:57:16 <SridarK> Apologies have to take care of multiple things on this bit of travel and have struggled to stay connected with almost continuous travel.
04:57:19 <njohnston> interesting question, padkrish.  AFAIK we do not have such a driver.
04:57:26 <xgerman> No
04:57:28 <SridarK> Look fwd to get back.
04:57:37 <njohnston> Safe travels, SridarK!
04:57:44 <xgerman> But I think we are good without
04:57:56 <SridarK> padkrish: i think not too - if we are not configured then no effect.
04:57:56 <yushiro> SridarK, have a good travels :)
04:58:02 <SridarK> xgerman: +1
04:58:10 <SridarK> Thx
04:58:20 <xgerman> Njohns
04:58:31 <xgerman> Safe travels
04:58:35 <SridarK> thx
04:58:53 <SridarK> xgerman: now a midwesterner ? :-)
04:58:58 <padkrish> sridarK, xgerman# ok, thanks...thought, will help in testing...but agree, there are other ways..LBaaS used to have a NoOP...
04:59:03 <njohnston> xgerman: At the end of the month?  I'm not going anywhere, just volunteering for the county fair. :-)
04:59:10 <xgerman> Yes'
04:59:34 <SridarK> njohnston: watch out for all that food
04:59:37 <SridarK> :-)
04:59:42 <xgerman> LBaaS did to make driver development easier
04:59:58 <njohnston> SridarK: I will try, but history says I will not be very successful.
05:00:02 <njohnston> #endmeeting