#openstack-meeting-4 log

14:01:01 <SridarK> #startmeeting fwaas
14:01:02 <openstack> Meeting started Tue Apr 18 14:01:01 2017 UTC and is due to finish in 60 minutes.  The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:01:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:01:06 <openstack> The meeting name has been set to 'fwaas'
14:01:17 <SridarK> #chair yushiro xgerman
14:01:17 <openstack> Current chairs: SridarK xgerman yushiro
14:01:36 <SridarK> I think today is my turn to run
14:01:39 <SridarK> the mtg
14:01:51 <yushiro> SridarK, yes :)
14:01:56 <SridarK> :-)
14:02:06 <yushiro> Please going on :)
14:02:21 <reedip_> o/
14:02:52 <SridarK> I have been caught up with multiple other things at work so last week has been slow on fwaas
14:02:55 <SridarK> for me
14:03:15 <SridarK> so folks pls hound me if something is waiting on me
14:03:19 <SridarK> #topic Pike
14:03:45 <SridarK> Lets start with our priorities
14:03:54 <SridarK> L2 Driver changes
14:03:59 <SridarK> chandanc: pls go ahead
14:04:30 <chandanc> I have progressed in understanding the packet flow for the OVS tables,
14:04:48 <chandanc> Last time i had shared the output of the standalone driver
14:05:30 <chandanc> the stand alone driver  is easy to implement for fwaas based on the SG driver code
14:05:42 <SridarK> chandanc: that is good to hear
14:05:47 <chandanc> this time i looked into the merging of packet flow
14:06:02 <chandanc> i have got most of the things figured out
14:06:09 <SridarK> chandanc: nice
14:06:23 <chandanc> have prepared a ppt and excel sheet about the chanhes needed
14:06:27 <chandanc> *changes
14:06:46 <chandanc> Will be sending out to the team,
14:06:57 <SridarK> chandanc: thx that will be useful
14:07:20 <chandanc> The OVS driver is a bit different in terms of implementation as it depends a lot on connection tracking
14:07:35 <chandanc> and it is important to understand the conntrack part
14:08:23 <chandanc> I have come got some comments in the excel sheet as to how i would like to proceed
14:08:41 <chandanc> it will be helpful if the team also looks through it
14:08:49 <SridarK> chandanc: ok
14:09:07 <chandanc> On the code side, the changes will be simpler then the iptables changes
14:09:20 <cuongnv> o/
14:09:23 <chandanc> i have tested some changes already
14:09:49 <chandanc> thats all from my side will be sending the documents by mail
14:10:32 <SridarK> chandanc: now the sequence of FWaaS and SG on the packet flow will be something that we will hardcode ?
14:10:53 <chandanc> ya, for nos FWaaS tables sit in front of SG
14:10:55 <SridarK> In general with multiple features we will establish a pre-determined order
14:11:14 <SridarK> chandanc: ok sounds good
14:11:28 <chandanc> ok , i am using tables 40 to 50
14:11:32 <chandanc> sure
14:12:40 <SridarK> chandanc: great thx for the update, we can plan on some testing and see how we can come up with a demo snippet
14:12:57 <chandanc> ok SridarK
14:13:06 <yushiro> chandanc, Thank you
14:13:14 <chandanc> thanks yushiro
14:13:29 <SridarK> Lets move on the L2 Agent and Default FWG
14:13:34 <SridarK> yushiro: pls go ahead
14:13:39 <yushiro> OK
14:14:00 <yushiro> #link https://review.openstack.org/#/c/323971/21
14:14:07 <yushiro> 1. L2-agent
14:14:51 <yushiro> In this patch, there is missing to judge fwg's status(ACTIVE or other)
14:15:53 <yushiro> I'll implement it and test with default fwg tomorrow.
14:16:24 <SridarK> yushiro: sounds good
14:16:27 <yushiro> #linkc https://review.openstack.org/#/c/425769/13
14:16:37 <yushiro> 2. default fwg
14:16:58 <yushiro> Paddu has commented for this patch and I'll reflect his comment.
14:17:35 <yushiro> In this patch, we need to decide default fwg rule.  As we discussed in ML, but not decided yet.
14:18:11 <yushiro> In my opinion,  Egress: Any, Ingress: Deny all  for both IPv4 and IPv6.
14:18:20 <chandanc> yushiro, i have some thoughts on the default FWG, will reply to the thread
14:18:28 <yushiro> chandanc, OK.
14:18:58 <SridarK> sounds good - yes we do need to decide a few things on this
14:19:00 <yushiro> I'd like to avoid VM instance cannot get DHCP packet from DHCP server.
14:19:14 <chandanc> +1 yushiro
14:19:15 <SridarK> both the actual rule and the switch option (as proposed by reedip )
14:19:33 <SridarK> yushiro: that is a good point
14:20:44 <yushiro> Thanks.  OK, I'll modify it and agree with reedip's opinion.
14:21:28 <SridarK> Lets close this on the email thread
14:21:32 <yushiro> I'll send you how to integrate these patches.
14:22:05 <yushiro> SridarK, That's all from me.  Thank you.
14:22:26 <SridarK> yushiro: yes that is a good approach as u had done initially - to have an etherpad so folks can do some independent verification
14:22:51 <yushiro> SridarK, aha, yes.  I'll write on etherpad!
14:23:01 <SridarK> yushiro: thx
14:23:09 <yushiro> OK, that's all for me.
14:23:15 <SridarK> So we can target some basic integration by next week
14:23:24 <SridarK> yushiro: thx
14:23:39 <SridarK> #topic Horizon changes
14:24:00 <SridarK> SarathMekala: pls go ahead
14:24:07 <SarathMekala> I have made some good progress this week
14:24:18 <SarathMekala> Rules tab is fully functional now
14:24:26 <SridarK> SarathMekala: great
14:24:34 <SarathMekala> Policy tab CRUD is functional
14:24:48 <SarathMekala> only rule insertion and deletion pending
14:25:00 <yushiro> wow  :)
14:25:03 <SarathMekala> #link https://docs.google.com/document/d/1iZy3Kw-OCZk1VLj-pq3FOdV1-mXw2M0laGchCtMO8G0/edit?usp=sharing
14:25:16 <SarathMekala> take a look at some screenshots i have captured
14:25:22 <yushiro> Looking
14:25:36 <reedip> Looks good :)
14:25:58 <yushiro> reedip, yeah
14:26:08 <yushiro> SarathMekala, Great!!  LGTM
14:26:18 <SarathMekala> thanks yushiro
14:26:21 <hoangcx> SarathMekala: Is this in Horizon plugin?
14:26:25 <SridarK> SarathMekala: nice
14:26:26 <SarathMekala> yes
14:26:31 <SarathMekala> thanks SridarK
14:26:41 <SarathMekala> I am having some problem with rule insertion and deletion working on it
14:26:42 <hoangcx> I mean fwaas-dashboard
14:26:49 <yushiro> we all hope to publish in Boston :)
14:26:53 <chandanc> cool :) SarathMekala
14:26:54 <SarathMekala> yes hoangcx
14:27:02 <hoangcx> SarathMekala: Cool
14:27:18 <SarathMekala> I am aiming to get it done by next week so that I can fix the new plugin structure by Boston summit
14:27:20 <hoangcx> SarathMekala: Great work :-)
14:27:28 <SarathMekala> thanks hoangcx
14:27:44 <SarathMekala> I am feeling a bit excited looking at the UI
14:28:04 <SridarK> SarathMekala: how does it render the topology - will we have a display of that as well
14:28:33 <SarathMekala> SridarK, I did not check it
14:28:41 <SarathMekala> will check and update the same link
14:28:45 <SridarK> SarathMekala: this is great - will definitely improve teh usability
14:28:50 <yushiro> SarathMekala, sounds excellent.  However, I think it's OK to use this plugin to Boston.  New structure plugin is OK to next stage.
14:29:07 <SridarK> SarathMekala: no worries - something to look at
14:29:10 <SridarK> yushiro: +1
14:29:32 <SarathMekala> yeah.. thanks
14:29:57 <SridarK> great we are on track here
14:30:33 <SarathMekala> SridarK, i think so.. the tricky party will be the Firewall Group tab
14:31:05 <SarathMekala> will try to put in more time this week..
14:31:47 <SarathMekala> that it from my side
14:32:03 <SridarK> SarathMekala: sounds good, FWG may be fine - ingress, egress policy association and port associations
14:32:37 <SridarK> the plugin has validations to disallow multiple FWG association on a port
14:33:02 <SridarK> but u will need to do some handling to make it nice for the users
14:33:22 <SridarK> ok great thx again SarathMekala
14:33:24 <SridarK> lets move on
14:33:25 <SarathMekala> yes SridarK, the port association will require some new UI
14:33:40 <SridarK> SarathMekala: yes that i guess will be the tricky part
14:34:06 <SarathMekala> yeah
14:34:47 <SridarK> #topic neutron lib
14:34:50 <reedip> guys, simple patch : https://review.openstack.org/#/c/455422/
14:34:52 <SridarK> reedip: pls go ahead
14:35:10 <reedip> Except that I am reiterating nate's patch
14:35:30 <reedip> I am not sure what happened but the patch got a new Link
14:35:49 <reedip> https://review.openstack.org/#/c/456511/
14:36:03 <reedip> CUrrent issue with this patch is it cannot find the firewall resource
14:36:07 <reedip> seems to be a bit tricky
14:36:21 <reedip> except that , I am following up with boden's commits
14:36:36 <reedip> and there have been no major changes in FWaaS for now.
14:36:51 <reedip> nothing else to add as of now
14:37:43 <reedip> I would be on leave this week and next, so , please understand that the progress on lib patches would be lighter :)
14:38:25 <SridarK> reedip: ok will check on this
14:38:33 <yushiro> reedip thank you.  If I can update it, I will.  Ah, I just commented super nit one.
14:38:49 <yushiro> Please chekt it after :)
14:38:59 <reedip> did u ? , I will
14:39:30 <yushiro> reedip, yes
14:39:42 <reedip> ok, please continue with the next topic
14:39:54 <SridarK> reedip: understood
14:40:16 <SridarK> #topic Performance (Netlink)
14:40:25 <SridarK> cuongnv: pls go ahead
14:40:41 <SridarK> #link https://review.openstack.org/#/c/438445/
14:40:51 <cuongnv> 2 ps got merged last week
14:40:55 <cuongnv> only 1 left
14:40:58 <SridarK> i think this is ready to go in ? I am looking at it now
14:41:01 <cuongnv> yes, above link of SridarK
14:41:11 <cuongnv> pls do so SridarK
14:41:19 <yushiro> I'm OK for this patch.
14:41:29 <cuongnv> thanks yushiro
14:41:47 <SridarK> great thx cuongnv and hoangcx for ur patience
14:42:14 <SridarK> are the next steps to look at SG ?
14:42:22 <hoangcx> SridarK: next step would be backport to ocata after the above patch got merged
14:42:28 <hoangcx> SridarK: Yes.
14:42:31 <SridarK> also how do u plan for transtion to ovs ?
14:42:37 <SridarK> hoangcx: ok got it
14:42:53 <hoangcx> SridarK: next step will continue with SG and FWaaS v2
14:43:20 <hoangcx> But we need to make performance test for current implementation first.
14:43:26 <SridarK> hoangcx: ok perfect
14:44:09 <SridarK> ok good anything else to discuss cuongnv and hoangcx ?
14:44:19 <cuongnv> no from my side, pls go ahead
14:44:28 <SridarK> I will work on 438445 today
14:44:34 <cuongnv> cool
14:44:40 <SridarK> thx again
14:44:54 <cuongnv> thank you
14:44:59 <SridarK> #topic Summit Prep
14:45:20 <SridarK> #link https://etherpad.openstack.org/p/fwaas-presentation
14:45:28 <SridarK> yushiro: thx for getting this started
14:45:55 <yushiro> SridarK, NP :)
14:46:43 <yushiro> thank you all for comment.
14:46:52 <SridarK> I will add some as well and we can sync up on the final version
14:47:22 <SridarK> i think we are in good shape to provide a demo of L2 as well and the dashboard
14:47:49 <SridarK> in terms of merging all our code - we may have some dependency on neutron
14:47:53 <chandanc> i think so
14:48:05 <yushiro> indeed
14:48:40 <SridarK> i think most of our patches (L2, L2Agent, Def FWG and Horizon) are in pretty decent shape and could possibly make it for a merge before the summit
14:48:49 <SridarK> but we will need to be gated by neutron
14:48:52 <SridarK> on all of these
14:49:44 <SridarK> i think if we are in decent shape we can highlight that during the presentation as well - so any potential users can understand the state
14:50:15 <reedip> SIDE NOTE: bytheway, py35 related tests have been started to be investigated in neutron. ihrachys posted something yesterday, which we can also use in FWaaS for tempest and gating...
14:50:39 <SridarK> reedip: thx
14:51:01 <SridarK> ok we can spend some cycles next meeting on the summit stuff
14:51:07 <SridarK> #topic Open Discussion
14:51:19 <SridarK> lets discuss outstanding bugs next week
14:51:36 <yushiro> sure
14:51:44 <igordcard> hi all, sorry for shamelessly invading this meeting
14:51:57 <SridarK> igordcard: pls go ahead
14:52:43 <SridarK> reedip: how long are u gone for (the big event) :-)
14:52:44 <igordcard> I understand some people here are interested in the common classification framework, just wanted to invite again to take a look at the spec - especially after the next patchset (due in a couple of hours)
14:53:07 <igordcard> #link https://review.openstack.org/#/c/333993
14:53:09 <igordcard> thanks all
14:53:10 <SridarK> igordcard: +1 thx for the info
14:53:19 <yushiro> igordcard, +1
14:53:24 <reedip> SridarK : its this sunday , so from Thursday till atleast 29th
14:53:28 <SridarK> yes this is indeed of interest to the team
14:53:51 <reedip> igordcard : I think yushiro and I would be definetly going through it  once more
14:53:57 <SridarK> reedip: ah very close :-)
14:54:16 <reedip> 4 days ! Last time to be a bachelor :(
14:54:18 <reedip> :P
14:54:28 <yushiro> reedip, sure
14:54:47 <SridarK> reedip: u may need be adding more "permit" than "deny" in ur life from now on - get used to it :-)
14:55:08 <SridarK> get used to saying "yes" for everything !!! ;-)
14:55:36 <reedip> SridarK : hehehehe .. I understand you are telling from your own experience :D
14:55:43 <reedip> just kidding
14:55:45 <SridarK> reedip: ofcourse indeed
14:55:54 <SarathMekala> reedip, its universal experience :)
14:56:01 <SridarK> :-)
14:56:05 <reedip> Hahahaha :D
14:56:05 <SarathMekala> you will learn soon ;)
14:56:13 <reedip> Thanks for the heads up :)
14:56:21 <SridarK> reedip: Best wishes and enjoy the break
14:56:32 <reedip> yeah , thanks SridarK ..
14:56:33 <SridarK> sorry to miss u at Boston
14:56:43 <reedip> Yeah, me too
14:57:16 <SridarK> ok if nothing else we can end
14:57:23 <reedip> anyways, catch up with you all 2 weeks from now, unless I get PERMIT next week :P
14:57:32 <SridarK> thx all for joining and have a great week
14:57:33 <SarathMekala> yushiro... i need 2 mins of your time
14:57:40 <SridarK> reedip: :-)
14:57:40 <yushiro> SarathMekala, sure.
14:57:42 <SarathMekala> pinged you on a separate chat window
14:57:46 <yushiro> reedip, please enjoy :)
14:57:53 <reedip> :)
14:57:59 <SridarK> ok bye all
14:58:04 <yushiro> bye bye
14:58:07 <SarathMekala> bye all O/
14:58:08 <SridarK> #endmeeting fwaas