14:05:19 <SridarK> #startmeeting fwaas
14:05:20 <openstack> Meeting started Thu Oct  4 14:05:19 2018 UTC and is due to finish in 60 minutes.  The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:05:21 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:05:24 <openstack> The meeting name has been set to 'fwaas'
14:05:41 <xgerman_> o/
14:06:30 <xgerman_> mmh, we prob. loast control
14:06:40 <SridarK_> xgerman_: back
14:06:43 <SridarK_> got bounced
14:06:50 <xgerman_> ok
14:07:07 <SridarK_> dont see much in terms of quorum
14:07:13 <xgerman_> yeah
14:07:14 <SridarK_> perhaps some local holiday
14:07:37 <SridarK_> may be we can wait for a few mins
14:07:41 <xgerman_> maybe - people told me Monday is a holiday in UT
14:08:44 <SridarK_> there was nothing major to go thru anyways
14:09:48 <xgerman_> yeah, makes sense. Wanted to let people know that I need to cut back my OpenStack involvements a bit…
14:10:22 <xgerman_> I need to see how that k8s stuff shakes out…
14:10:23 <SridarK> oops bounced again
14:10:28 <xgerman_> ok
14:10:33 <SridarK> xgerman_: +1
14:10:44 <njohnston> xgerman_: Good luck in k8s land, they are lucky to have you :-)
14:10:57 <xgerman_> well, you made it back — so there is hope
14:11:20 <SridarK> xgerman_: so pls what happened - i think i missed something as i got bounced
14:11:46 <xgerman_> ah, RAX is emphasizing k8s a lot and wnats me to focus more on that and less on OpenStack
14:11:48 <annp> Hi
14:11:54 <annp> Sorry I'm late
14:12:14 <SridarK> xgerman_: ah yes ok - u have been on that path for some time now anyways
14:12:23 <SridarK> annp: hi
14:12:33 <SridarK> no worries - not much quorum today
14:12:43 <annp> Hi SridarK, thanks. :-)
14:12:44 <xgerman_> yep, and they are now more looking into k8s on AWS, Azure, GKE p less on OpenStack
14:13:18 <SridarK> xgerman_: i think a bit of that is in the air everywhere
14:13:42 <xgerman_> yeah, I think Redhat/Suse/Huawei are the last bullwark
14:14:07 <SridarK> it seems that the SPs and the Edge Cloud folks are driving OpenStack more and more
14:14:15 <SridarK> xgerman_: +1
14:14:39 <SridarK> annp: we are just chatting
14:14:50 <SridarK> annp: anything specific u would like to discuss ?
14:15:16 <annp> SridarK, I want to mention Firewall group with L3HA
14:15:23 <xgerman_> ok
14:15:32 <SridarK> ok lets run thru the topics
14:15:38 <SridarK> #chair xgerman_
14:15:39 <openstack> Current chairs: SridarK xgerman_
14:16:04 <SridarK> #topic Bugs : FWG and L3HA
14:16:08 <SridarK> go ahead annp
14:16:08 <annp> https://review.openstack.org/#/c/580552/
14:16:14 <SridarK> how is that looking
14:16:44 <annp> Regards this bug: I've tested the patch, it's work fine.
14:17:03 <SridarK> annp: ok
14:17:09 <annp> I guess that yushiro was missing configure enable fwaas_v2 in network node
14:17:29 <SridarK> and did u verify that conntrack entries are replicated by HA infra ?
14:17:30 <annp> so there no firewall rule is applied on active router.
14:17:34 <SridarK> that was my concern
14:18:10 <annp> SridarK, From my understanding, we no need to migrate conntrack entries
14:18:11 <SridarK> ah ok - this was something that was puzzling initially as to why it was not applied correctly
14:18:36 <SridarK> annp: yes we dont have to but i thought they are migrated automatically ?
14:18:39 <annp> SridarK, Have you check my comment in gerrit?
14:18:46 <SridarK> sorry not yet
14:19:36 <annp> Because the first packet in router HA is not SYN sent, so It will not marked as INVALID
14:19:54 <annp> So it will be accepted by firewall rule in router HA
14:20:05 <annp> This is my understanding.
14:20:20 <SridarK> Hmm
14:20:28 <SridarK> So:
14:21:04 <SridarK> 1) We have an active connection - with the 3 way handshake happened on the ACTIVE
14:21:19 <SridarK> 2) after some time the switchover happens
14:21:45 <SridarK> 3) Now this flow is seen on the new ACTIVE (which has not seen the 3 way handshake)
14:22:11 <SridarK> what is the behavior on this new ACTIVE ?
14:22:41 <annp> you mean first packet in new session?
14:22:51 <SridarK> yes
14:23:10 <annp> it's will be accept or drop by firewall rule in router ACTIVE
14:23:10 <SridarK> is it a new session ?
14:23:41 <SridarK> Is an ICMP sent back to trigger a new session
14:23:47 <annp> Yes. I think so.
14:23:51 <SridarK> or is it the old session continued
14:24:02 <SridarK> oh so it will be a new session ?
14:24:15 <annp> I think it will be a new session
14:25:06 <SridarK> ok - i thought conntrack entries are migrated by the HA code (just that we dont need to do it). yushiro spoke to some folks at the PTG - atleast this is how i understood him
14:25:12 <SridarK> ok
14:25:15 <annp> But, actually I'm not sure. Let's me check it and will confirm to you
14:25:35 <SridarK> annp: ok - we can discuss with yushiro and close this i believe
14:25:43 <SridarK> thx annp for debugging further
14:26:08 <annp> SridarK, you're always welcome. :-)
14:26:16 <SridarK> ok lets move on
14:26:36 <SridarK> #topic Remote FWG
14:26:47 <SridarK> xgerman_: anything u would like to bring up
14:30:11 <SridarK> ok perhaps xgerman_ walked away
14:30:19 <xgerman_> MO, STILL HERE
14:30:27 <SridarK> ouch sorry
14:30:30 <SridarK> :-)
14:30:35 <SridarK> pls go ahead
14:30:36 <xgerman_> caps lock got stuck
14:30:43 <xgerman_> sorry
14:30:43 <SridarK> :-)
14:30:57 <SridarK> new Mac keyboard ?
14:31:02 <SridarK> :-)
14:31:31 <xgerman_> no, I have one of those tiny external mac BT keyboards
14:31:38 <xgerman_> missing keys half the time
14:32:13 <xgerman_> anyhow, didn’t do much. I am hoping to get a minute here and there but if someone has cycles
14:32:14 <SridarK> ok
14:32:25 <SridarK> xgerman_: understand
14:33:19 <SridarK> ok
14:33:27 <SridarK> #topic Open Discussion
14:33:40 <xgerman_> TC got elected…
14:33:45 <SridarK> +1
14:34:26 <annp> +1
14:34:54 <xgerman_> also never heard criticism of deleting FWaaS V1 - so if someone could prepare a patch
14:35:47 <njohnston> in the neutron ci meeting we are talking about the transition to zuul v3 jobs and python3-first patches.  One thing that has not really been talked about is that according to governance, we should be testing on the latest LTS release available as fo the start of the cycle
14:36:01 <SridarK> yes so it seems - someone will ask most likely after it is removed
14:36:09 <xgerman_> ;-)
14:36:15 <annp> :-)
14:36:22 <njohnston> which in this case is now ubuntu-bionic, so that transition will start to get rolling and will take some CI sensitivity because the transition may not be smooth
14:36:38 <SridarK> njohnston: thx for the heads up
14:36:47 <xgerman_> yep, johnso(m) was having trouble with bionic and multinode
14:37:05 <njohnston> it's definitely not something you can take for granted
14:37:36 <xgerman_> no, but I am hoping this will clean up our tests — still thinking we don’t pull in the latest neutron somehow
14:39:58 <SridarK> ok
14:40:11 <SridarK> ok if nothing else we can end and hopefully next week will have more quorum
14:40:24 <xgerman_> +!
14:40:37 <SridarK> Ok all thx for joining and have a great week.
14:40:43 <SridarK> #endmeeting