04:00:02 <njohnston> #startmeeting fwaas
04:00:02 <openstack> Meeting started Wed Jul 20 04:00:02 2016 UTC and is due to finish in 60 minutes.  The chair is njohnston. Information about MeetBot at http://wiki.debian.org/MeetBot.
04:00:03 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
04:00:06 <openstack> The meeting name has been set to 'fwaas'
04:00:09 <SridarK> Hi All
04:00:19 <njohnston> Hello everyone, happy ${localtime} to you.
04:00:23 <njohnston> Welcome back SridarK!
04:00:28 <njohnston> #chair SridarK xgerman
04:00:29 <openstack> Current chairs: SridarK njohnston xgerman
04:00:30 <SarathMekala> Hi all
04:00:43 <SridarK> njohnston: can u pls run the mtg - just landed and got back home
04:00:55 <SridarK> njohnston: thx good to be back
04:00:55 <njohnston> SridarK: Absolutely.
04:01:09 <SridarK> njohnston: thx
04:01:29 <njohnston> #topic Announcements
04:01:31 <mickeys> Hi
04:01:49 <njohnston> So N-2 is out, we are now on the road to N-3!
04:02:11 <njohnston> Time to really focus on landing functionality
04:02:27 <SridarK> yes and we have just enough time
04:02:36 <SridarK> njohnston: +1
04:03:20 <njohnston> #topic FWaaS v2
04:03:47 <njohnston> So, let's start with SarathMekala - how has your progress been?
04:04:12 <SarathMekala> I am working on the changes mentioned in the last meeting
04:04:22 <SarathMekala> http://paste.openstack.org/compare/538765/526708/
04:04:30 <SarathMekala> basic constructs are getting generated
04:04:45 <SarathMekala> need to streamline the flow.. right now its a bit broken
04:05:52 <njohnston> Very interesting.  Good stuff.
04:06:20 <njohnston> Anything you need as far as the streamlining/unbreaking the flow?
04:06:26 <SridarK> SarathMekala: would there be an easy way to do some testing with some UT's ?
04:06:27 <njohnston> that the team can assist with>
04:06:28 <njohnston> ?
04:07:15 <SarathMekala> the flow is not proper yet..
04:07:37 <SridarK> SarathMekala: ok
04:07:45 <SarathMekala> once i fix it .. I will start a discussion on the UT cases
04:08:14 <SridarK> SarathMekala: sounds good - this is an area where we will need some good testing
04:08:24 <njohnston> definitely
04:08:28 <SarathMekala> chandan is on leave last week.. I was also down sick for a few days.. so could not make the progress I desired
04:08:49 <SridarK> hopefully other pieces will start falling in to place so we can do some integration soon too
04:08:54 <njohnston> yep
04:08:59 <SridarK> SarathMekala: understood
04:09:07 <SarathMekala> hoping to make some progress this week
04:09:26 <njohnston> Well, yushiro is out this week due to company functions...
04:09:37 <njohnston> padkrish: Were you able to make any progress this week?
04:09:57 <padkrish> njohnston# yes, i have a patch sent out last week
04:10:02 <padkrish> https://review.openstack.org/#/c/342476/
04:10:08 <padkrish> ofcourse, it's a WIP
04:10:23 <padkrish> added most of you as reviewers
04:11:15 <padkrish> some stuffs in neutron notification drivers can be generalized.... but that patch may be in the scope of neutron
04:11:23 <njohnston> Yep, I read through it, it's definitely a good start.  Do you want to get anything done on it before we start reviewing, or should we start?
04:12:03 <SridarK> padkrish: if we can manage without neutron changes that will be good
04:12:06 <padkrish> feel free to start, if we are ok with the contents of the patch and approach, i can clean it up
04:12:18 <SridarK> we can open a bug and refactor later on - is that possible ?
04:12:28 <padkrish> sridar, sure...we can do that
04:12:40 <padkrish> inspite of that, some resources still need to be defined in neutron
04:13:14 <padkrish> those are the things, i need some suggestions with
04:13:18 <SridarK> padkrish: ok - we can discuss this more
04:13:57 <SridarK> padkrish: maybe we can have a discussion with njohnston: & mfranc213_
04:14:01 <padkrish> sridarK# i even had a prototype of the neutron patch
04:14:03 <njohnston> padkrish perhaps we can work on this later this week.  I would like to help
04:14:34 <padkrish> njohnston, sridarK# sure, let's talk this week
04:14:40 <njohnston> #action padkrish to talk with SridarK njohnston mfranc213_
04:14:50 <padkrish> sounds good
04:15:04 <njohnston> Any update from shwetaap?
04:15:33 <SridarK> njohnston: looks like she is not on, i will ping her in the morning
04:15:39 <njohnston> OK, sounds good.
04:16:02 <SridarK> and on the db, plugin, will get patch revision out tomorrow
04:16:17 <njohnston> SridarK: Excellent, looking forward to it!
04:16:38 <njohnston> Any other updates for FWaaS v2 stuff?
04:16:41 <SridarK> last week was just too crazy and i could not really get on at all, glad to be back and need to close these out
04:16:47 <njohnston> +1
04:17:03 <SridarK> njohnston: on the CLI we will discuss later in the week ?
04:17:17 <SridarK> atleast we can have a plan before u go on PTO
04:17:20 <njohnston> #topic CLI
04:17:26 <SridarK> ah ok :-)
04:17:30 <njohnston> Thanks for that segue, SridarK :-)
04:17:36 <SridarK> :-)
04:17:59 <njohnston> So in the Neutron team meeting earlier the status of subprojects transitioning to OSC (OpenStackClient) was discussed.
04:18:18 <njohnston> amotoki has a successful template that he used for VPNaaS that he said he would share with us.
04:18:36 <njohnston> So I am hoping we can take that and use it for at least the base plugin integration capability.
04:19:04 <SridarK> njohnston: that is great - hopefully will make life a bit easier
04:19:49 <njohnston> My question is this: from an API perspective, our position is that we are keeping both v1 and v2 alive at the same time.  But I don't think we can support such an approach from the CLI perspective.  I assume for an OSC integration we would move forward with v2 and disregard v1 CLI.  Is that correct from your point of view?
04:20:31 <SridarK> njohnston: i think that sounds reasonable - off the top of my head
04:20:55 <SridarK> njohnston: i think we need not allow v1 & v2 to be operational concurrently
04:21:26 <njohnston> SridarK: Sounds good  - and this is not the final word on the subject, should we find we need to revisit it
04:21:41 <SridarK> njohnston: ok we can talk more on this too
04:21:58 <njohnston> #topic L3 Agent Extensions
04:22:25 <njohnston> So the first part of the l3 agent extension work, the extrapolation of the l2 agent extensions out, was merged today
04:22:27 <njohnston> #link https://review.openstack.org/329701
04:22:48 <njohnston> So now the focus comes to the second part, which is the actual introduction of the l3 agent extension and manager
04:22:57 <njohnston> #link https://review.openstack.org/339246/
04:23:10 <SridarK> njohnston: congrats - i am just catching up - great work
04:23:13 <njohnston> Right now that is looking conceptually all right, but it needs additional tests
04:23:43 <njohnston> I am working on a fullstack test where I set up a dummy l3 extension and register it, and then make sure that when I send router events that the extensions handle methods get called
04:24:04 <njohnston> but that is complex, and will take a bit, so may be split into another change
04:24:34 <SridarK> njohnston: perhaps we could sync offline - so i can get some context quickly after i take a first pass at the changeset
04:24:52 <njohnston> SridarK: Yes, definitely, let's set a time tomorrow
04:25:24 <SridarK> njohnston: ok perfect - we can coordinate on IRC or email tomorrow - possibly in the afternoon
04:25:26 <njohnston> So above and beyond that the last bit is creating the actual l3 agent extension for FWaaS, which I believe yushiro was working on IIRC
04:25:36 <njohnston> SridarK: Great, just let me know.
04:25:40 <SridarK> ok
04:26:22 <njohnston> #topic Virtual Sprint
04:26:43 <njohnston> So per our discussion last meeting we had discussed doing a virtual sprint thursday and friday of this week
04:26:59 <njohnston> I set up an etherpad for it: https://etherpad.openstack.org/p/fwaas-virtual-sprint-2016-1
04:27:10 <njohnston> please drop in any topics you would like to discuss
04:27:14 <SridarK> njohnston: +1
04:27:45 <SridarK> if we want to do a conference call type setting - i can take care of the logistics
04:27:51 <njohnston> Also, I have no secret sauce as far as how best to communicate - videoconferencing or other options.  If people have a preference, or something they would like to offer, please note it in the etherpad.
04:28:55 <njohnston> Do we want to gather at any specific time on Thursday to kick it off?
04:29:18 <SridarK> sounds good - i lean towards a video conference type setting to improve interaction - but we can go on consensus on the etherpad
04:30:02 <SridarK> njohnston: lets decide on the etherpad, i just want to run thru email to make sure abt my calendar
04:30:14 <njohnston> sounds prudent
04:30:32 <njohnston> OK, please folks put your thoughts into the etherpad - that is the best way we can get the most out of this
04:30:39 <SridarK> +1
04:31:17 <njohnston> #topic Open Discussion
04:31:40 <mickeys> I wanted to discuss an alternative implementation for L2 FWaaS v2: OVN
04:31:53 <mickeys> We have been discussing the possibility of FWaaS on OVN internally in IBM.
04:32:08 <mickeys> This made me realize that it is much simpler and much less work to add than the reference implementation.
04:32:24 <mickeys> In OVN itself (OVS repository), we would need to add a second ACL pipeline stage.
04:32:33 <njohnston> mickeys: I had been wondering if it would be easier to do that.
04:32:55 <mickeys> None of the IBM people available for this work other than me know anything about OVN, so I would probably have to generate that patch. I should be able to get to it next week.
04:33:06 <mickeys> The part I have not thought about, and where most of the work is, is on the networking-ovn side.
04:33:07 * njohnston is very interested to see that
04:33:23 <mickeys> Not sure about modularity, how to set up the relationship between networking-ovn and fwaas
04:33:51 <mickeys> Most of the security groups code should be reusable. It transforms security groups into address sets and ACLs. The ACL model already supports deny and priority.
04:33:59 <SridarK> mickeys: that was something i was wondering - if it is easy to switch over to ovn
04:34:17 <SridarK> mickeys: hopefully we can ride on the SG work
04:34:38 <mickeys> Reusability is much higher. Once you have a separate pipeline stage, the code is largely reusable. None of this interleaving chains that you have to deal with in iptables in order to get both features to play.
04:34:51 <njohnston> I like that
04:34:52 <mickeys> I have to convince the OVN leads that a second ACL pipeline stage is a good idea.
04:34:58 <SridarK> mickeys: yes will be cleaner
04:35:13 <SridarK> mickeys: are there some scale impacts or differences ?
04:35:15 <mickeys> They like to consider ideas with code. So I have to write the patch first.
04:35:50 <mickeys> We have found that scale is much better, since it avoids rabbitmq issues and such
04:35:59 <SridarK> mickeys: ok
04:36:06 <njohnston> mickeys: Do you think this stands a shot at making it in Newton?
04:36:08 <mickeys> However, there are some issues around address sets/groups of addresses.
04:36:19 <mickeys> For NB and SB database, this just made it in, which is good.
04:36:28 <mickeys> However, in the data plane they are still expanding to separate rules per IP address.
04:36:46 <mickeys> However, there is cacheing magic in OVS. I have no idea how much that helps performance.
04:37:26 <mickeys> I think there is a chance at Newton. Not sure about resource issues. Interfacing with networking-ovn plugin is a different architecture than the reference implementation.
04:37:49 <mickeys> The OVS OVN part should be easy in the Newton timeframe, as long as they accept the basic concept.
04:38:22 <SridarK> So just to be clear we will continue with the iptables work that mickeys, chandanc and SarathMekala have been going thru, and push this as an alternate approach
04:38:38 <njohnston> always good to have a backup plan
04:38:39 <mickeys> That is probably the safer way to go
04:38:53 <SarathMekala> sounds good
04:38:58 <njohnston> sounds good
04:39:00 <SridarK> ok sounds good, thanks mickeys for bringing this up
04:39:14 <mickeys> The question is who can drive integration with networking-ovn? No chance unless someone takes that up.
04:39:29 <mickeys> Let me ask what the resource picture looks like within IBM, but given the short time frame I am skeptical.
04:40:03 <njohnston> OK, administrative note: I will be on PTO 7/25 to 7/30 and then again 8/3 to 8/5, so I will miss the next 2 meetings.
04:40:13 <SridarK> mickeys: ok i guess IBM and Redhat are the major players and resources there would be the best
04:40:17 <njohnston> SridarK: will you be able to lead them?
04:40:26 <SridarK> njohnston: yes now i am back
04:40:34 <njohnston> SridarK: excellent, thanks!
04:40:35 <SridarK> and will be around
04:40:54 <mickeys> I will also miss the next two meetings, just interruptions on those evenings. I will be around in general, though rather busy with other things.
04:40:55 <SridarK> njohnston: thx for covering the last 2 weeks
04:41:13 <njohnston> Also, have you heard anything from the driver teams on their spinout?
04:42:04 <njohnston> varmour, vyatta, and cisco are what I see in tree
04:42:22 <SridarK> njohnston: yes - i will close on this - this week
04:43:02 <njohnston> SridarK: thanks
04:43:48 <njohnston> Does anyone have anything else they would like to bring up?
04:44:39 <SridarK> I have nothing to discuss
04:44:54 <njohnston> In closing, let me say I am looking forward to seeing you all soon on the virtual sprint later this week!  Please keep an eye on that etherpad.
04:45:02 <SridarK> +1
04:45:03 <njohnston> https://etherpad.openstack.org/p/fwaas-virtual-sprint-2016-1
04:45:22 <njohnston> And with that, I bid you a lovely day!
04:45:25 <njohnston> #endmeeting