#openstack-meeting-3 log

17:33:07 <SumitNaiksatam> #startmeeting Networking Advanced Services
17:33:08 <openstack> Meeting started Wed Aug 20 17:33:07 2014 UTC and is due to finish in 60 minutes.  The chair is SumitNaiksatam. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:33:09 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:33:11 <openstack> The meeting name has been set to 'networking_advanced_services'
17:33:28 <SumitNaiksatam> #chairs s3wong Kanzhe_ songole dougwig
17:33:40 <SumitNaiksatam> in case i get dropped
17:33:48 <dougwig> o/
17:34:09 <pcm_> hi
17:34:10 <SumitNaiksatam> #announcements Juno feature proposal freeze deadline is aug 21st
17:34:44 <SumitNaiksatam> or that was more of an info!
17:34:50 <SumitNaiksatam> we already know it
17:35:17 <SumitNaiksatam> i tried to check mestery last couple of weeks in this IRC meeting about priorities, etc
17:35:22 <SumitNaiksatam> i -> we
17:35:23 <Kanzhe_> SumitNaiksatam: I am here.
17:35:30 <SumitNaiksatam> Kanzhe_: welcome back! :-)
17:35:42 <SumitNaiksatam> i dont think mestery is around today either
17:35:44 <Kanzhe_> SumitNaiksatam: thanks.
17:35:55 <SumitNaiksatam> lets get started
17:36:07 <SumitNaiksatam> #topic Flavors
17:36:23 <SumitNaiksatam> enikanorov_ markmcclain there?
17:36:35 <enikanorov_> hi
17:36:38 <enikanorov_> i'm here
17:36:48 <SumitNaiksatam> enikanorov_: any updates on the spec?
17:37:10 <SumitNaiksatam> #link https://review.openstack.org/#/c/102723
17:37:23 <enikanorov_> no
17:37:31 <enikanorov_> unfortunately...
17:37:36 <SumitNaiksatam> enikanorov_: ok
17:37:56 <SumitNaiksatam> enikanorov_: we are still pursuing the implementation patch #link https://review.openstack.org/#/c/105982?
17:38:16 <SumitNaiksatam> i see that dougwig and pcm_ reviewed, thats great, thanks!
17:38:19 <LouisF> enikanorov_: is there going to a merge of the two specs?
17:38:40 <SumitNaiksatam> enikanorov_: perhaps just needs a rebase
17:38:45 <enikanorov_> LouisF: that's a question. I feel we're deffering whole thing to K
17:39:04 <dougwig> i asked about flavors during the neutron meeting, and got an answer that it'd make J.
17:39:31 <SumitNaiksatam> dougwig: ok
17:40:16 <enikanorov_> dougwig: well, I'd be glad if someone help me pinging Mark :)
17:40:28 <dougwig> i will.  :)
17:41:06 <SumitNaiksatam> enikanorov_: any else to add? :-)
17:41:15 <enikanorov_> the impl patch just needs a rebase bacause of migrations went ahead
17:41:22 <enikanorov_> not really.
17:41:24 <SumitNaiksatam> enikanorov_: yeah, i guessed as much
17:41:35 <SumitNaiksatam> any questions for enikanorov_ apart from the ones already asked?
17:41:54 <cathy_> which BP will be the one for flavor or it will be a merged one?
17:41:54 <SumitNaiksatam> perhaps reviewing #link https://review.openstack.org/#/c/105982
17:41:57 <SumitNaiksatam> might help
17:42:16 <SumitNaiksatam> cathy_: #link https://review.openstack.org/#/c/102723
17:42:26 <SumitNaiksatam> or some variant of it based on reviewer’s comments
17:42:28 <cathy_> SumitNaiksatam: ok, tahnsk
17:42:33 <SumitNaiksatam> enikanorov_: correct?
17:42:58 <enikanorov_> SumitNaiksatam: yes
17:43:13 <SumitNaiksatam> enikanorov_: thanks
17:43:34 <SumitNaiksatam> #topic Service base and insertion implementation update
17:43:42 <SumitNaiksatam> Kanzhe_: s3wong marios: hi
17:43:49 <s3wong> SumitNaiksatam: hello
17:43:53 <Kanzhe_> SumitNaiksatam: hi
17:44:22 <SumitNaiksatam> any updates?
17:44:23 <Kanzhe_> We are making progress in implementation.
17:44:28 <SumitNaiksatam> Kanzhe_: good
17:44:45 <s3wong> So I had a meeting with blogan and dougwig last Thurs - and concluded that we won't  migrate LBaaS v1 to service insertion framework
17:44:53 <SumitNaiksatam> s3wong: okay
17:45:03 <s3wong> and I met with Kanzhe_ and kevinbenton last Friday to divide up work
17:45:18 <s3wong> the conclusion is that we will only do an experimental migration on vpnaas only
17:45:26 <LouisF> will fwaas use service base?
17:45:42 <SumitNaiksatam> s3wong: yeah, my question too ^^^?
17:45:45 <s3wong> LouisF: Not before Thursday deadline
17:46:00 <SumitNaiksatam> is SridarK here?
17:46:17 <s3wong> (technically once the change to ServicePluginBase is in, all services will be "using" it)
17:46:33 <SumitNaiksatam> s3wong: so you guys narrowed down on vpnaas because its easier?
17:46:33 <s3wong> but of course, none of them will do anything w.r.t. service interfaces
17:46:39 <SumitNaiksatam> or rather limited in scope?
17:46:40 <s3wong> SumitNaiksatam: yes :-)
17:47:04 <SumitNaiksatam> in my opinion, fwaas was the one which would have benefited the most
17:47:20 <SumitNaiksatam> so on vpnaas, is marios here
17:47:22 <SumitNaiksatam> ?
17:47:23 <s3wong> SumitNaiksatam: certainly - but also the most work on the service (FWaaS) itself
17:47:50 <SumitNaiksatam> s3wong: i believe SridarK had prepped for this, but we need to check with him
17:48:00 <Kanzhe_> SumitNaiksatam, agree, based on the schedule, it is more realistic to do VPN at first.
17:48:06 <s3wong> at this point, I think it is a stretch to expect SridarK to have it ready by tomorrow
17:48:36 <s3wong> (also, we still don't have neutron python-client...)
17:48:41 <SumitNaiksatam> s3wong: i meant my understanding was that there was some prep already done on this front, but anyway we can check offline
17:48:51 <s3wong> SumitNaiksatam: sure
17:49:05 <SumitNaiksatam> s3wong: the client is not bound by milestone constrains
17:49:27 <s3wong> SumitNaiksatam: good to know! :-)
17:49:30 <SumitNaiksatam> so there should be a little more flexibility there
17:49:47 <SumitNaiksatam> yeah, client code is released independently
17:49:56 <SumitNaiksatam> anyway, on the technical aspects
17:50:16 <SumitNaiksatam> Kanzhe_ s3wong: any blockers?
17:50:37 <Kanzhe_> SumitNaiksatam:  we will meet later today for initial integration.
17:50:37 <SumitNaiksatam> anything we need to discuss in this meeting, or any course corrections we had to make?
17:50:44 <Kanzhe_> we will know then. :-)
17:50:44 <SumitNaiksatam> Kanzhe_: ok good to know
17:50:52 <s3wong> SumitNaiksatam: my patch will depend on Kanzhe_ 's, so technically that is a blocker :-)
17:51:15 <SumitNaiksatam> s3wong: :-)
17:51:43 <SumitNaiksatam> marios had the vpnaas patch in place
17:52:08 <SumitNaiksatam> so i am assuming you are coordinating with him?
17:52:37 <s3wong> SumitNaiksatam: marios: yes, we will
17:53:01 <SumitNaiksatam> s3wong: you have the link to your WIP patch?
17:53:24 <s3wong> #link https://review.openstack.org/#/c/113975/
17:53:29 <SumitNaiksatam> and it would be helpful if you can update the wiki page: #link https://wiki.openstack.org/wiki/Neutron/AdvancedServices/JunoPlan
17:53:38 <s3wong> SumitNaiksatam: sure
17:53:52 <SumitNaiksatam> s3wong: Kanzhe_: thanks
17:54:03 <SumitNaiksatam> any questions for s3wong, Kanzhe_ ?
17:55:12 <SumitNaiksatam> #topic Service Chaining
17:55:19 <SumitNaiksatam> songole: hi
17:55:27 <songole> SumitNaiksatam: hello
17:55:35 <SumitNaiksatam> songole: updates?
17:55:43 <SumitNaiksatam> i believe you have the CLI patch as well
17:55:44 <songole> We are making progress on the implementation
17:56:09 <LouisF> SumitNaiksatam: i had that question on direction at last meeting
17:56:11 <SumitNaiksatam> songole: links to the patches?
17:56:13 <songole> I will be uploading patches
17:56:29 <songole> https://review.openstack.org/#/c/113737/
17:56:41 <songole> https://review.openstack.org/#/c/113738/
17:56:58 <songole> 2nd link is CLI patch
17:57:11 <SumitNaiksatam> songole: thanks!
17:57:24 <SumitNaiksatam> can you update the wiki page: #link https://wiki.openstack.org/wiki/Neutron/AdvancedServices/JunoPlan
17:57:32 <songole> ok
17:57:38 <SumitNaiksatam> LouisF: sorry go ahead
17:58:36 <LouisF> there is a list of services but the order is not ambiguous
17:58:50 <LouisF> remove not^
17:59:10 <SumitNaiksatam> LouisF: you mean the order is ambigous?
17:59:17 <LouisF> SumitNaiksatam: yes
17:59:35 <SumitNaiksatam> LouisF: is this in the context of the return traffic?
17:59:51 <LouisF> SumitNaiksatam: yes
18:00:24 <LouisF> my comment in the most recent patch describes a solution
18:00:25 <songole> LouisF: for Juno we are keeping it simple
18:00:39 <songole> LouisF: the order will be reversed for return traffic
18:00:44 <SumitNaiksatam> LouisF: my understanding from the reading the spec and the comments was that there is only one order
18:01:19 <LouisF> the order is specified but with respect to what?
18:01:31 <SumitNaiksatam> #link https://review.openstack.org/#/c/93524
18:01:42 <cathy_> SumitNaiksatam: I have given similar comments before and raise this in a previous meeting and there is an action item for this.
18:02:00 <SumitNaiksatam> cathy_: i thought that comment was responded to in the spec
18:02:07 <mandeep> The order of the services application is specified explicitly in the spec.
18:02:12 <cathy_> no AFAIK
18:02:27 <SumitNaiksatam> cathy_: ok so i might be confusing the responses
18:02:29 <hemanthravi> SumitNaiksatam, i forgot to do that
18:02:36 <cathy_> Let me descirbe the problem here again
18:02:41 <SumitNaiksatam> hemanthravi: ah the action item was for hemanthravi :-)
18:03:02 <hemanthravi> the order of the services is the reverse order for outgoing traffic
18:03:12 <SumitNaiksatam> songole: can you point to the line in the spec which mentions order clarification (just for the benefit of everyone here)?
18:03:24 <SumitNaiksatam> hemanthravi: line number in spec?
18:03:44 <LouisF> SumitNaiksatam: line 207 208 mention ingress / egress traffic but they are undefined
18:04:05 <hemanthravi> 162
18:04:06 <songole> LouisF: correct :)
18:04:07 <SumitNaiksatam> LouisF: ah yes, the example
18:04:33 <cathy_> The service chain API specifies sequence of the service functions, eg. FW and IPS, Then it specifies a neutorn port for it. The neutron port is between a subnet and a router, so the quesiton is
18:04:34 <SumitNaiksatam> hemanthravi: thanks, yeah 161 and 162
18:04:35 <mandeep> LouisF: The example states the exact order.
18:04:37 <LouisF> SumitNaiksatam: yes
18:05:14 <LouisF> mandeep: yes there is an order but ingress/egress is undefined
18:05:17 <mandeep> LouisF: Lines 181-184
18:05:27 <cathy_> is the sequnce "subnet, fw, ips, router" or "router, fw, ips, subnet"
18:05:30 <cathy_> ?
18:06:06 <mandeep> cathy_: What is subnet in this context? A service?
18:06:39 <mandeep> cathy_: See lines 181-184
18:06:40 <cathy_> That is the example in your spec, a neutorn port between a subnet and a router
18:06:47 <regXboi> hmm
18:06:49 <cathy_> the subnet is a sub network
18:06:59 <mandeep> Why is that in the service chain?
18:07:12 <mandeep> It is not a service
18:07:20 <regXboi> so I see the spec and it is very clear
18:07:30 <mandeep> regXboi: Thanks
18:07:41 <regXboi> but I'm not really happy about a service chain *requiring* mirror image on return traffic
18:07:52 <cathy_> mandeep: could you refer to the example in your spec about the neutron port?
18:07:57 <regXboi> I would have preferred that to be a parameter of the chain itself
18:08:08 <mandeep> regXboi: This was for first stage of implementation (Juno)
18:08:25 <regXboi> mandeep: is there a blue print on loosening that up?
18:08:37 <mandeep> regXboi: In future, we canallow different orders, but I wanted to harmonize that with traffic steering and hence avoided gerring into that now
18:08:48 <mandeep> 'getting'
18:08:59 <regXboi> mandeep: I liked gerriting :)
18:09:09 <SumitNaiksatam> regXboi: :-)
18:09:38 <mandeep> cathy_: I did not understand your question.
18:09:47 <mandeep> regXboi: ;-)
18:09:57 <cathy_> mandeep: no really. Ok, let me try again
18:10:08 <regXboi> we have an underlying implementation that already allows different orders - hence my question
18:10:14 <cathy_> the neutorn port is between an externale network and a router
18:10:16 <regXboi> or not question - comment
18:10:31 <SumitNaiksatam> cathy_: i believe the port is on a network
18:10:47 <SumitNaiksatam> i mean all “ports” are on a network
18:10:51 <LouisF> mandeep: the direction traffic is not defined - the example imples the N1 - > E1 is egress - right?
18:10:51 <cathy_> what is the sequence: "extenral network, FW, IPS, router" or "router, FW, IPS, external network"?
18:11:00 <mandeep> regXboi: I agree that it is a nice feature to have, particularly for interoperation with NFV
18:11:09 <regXboi> port is scoped by network, but if you look at the "device_owner" it's the router
18:11:34 <SumitNaiksatam> regXboi: true
18:11:34 <mandeep> regXboi: But I was worried that if we added it now, it might need to get updated when we have TS integrated
18:11:34 <cathy_> regXboi: I already gave such comments twice before in the spec and raised it in a previous meeting
18:11:47 <hemanthravi> LouisF, that's correct
18:11:53 <regXboi> mandeep: point taken
18:12:11 <mandeep> regXboi: So I created a simpler spec for Juno, which can always evolve later if we need more control.
18:12:59 <regXboi> ok, so I think LouisF and cathy_ are asking the same thing, just in different ways
18:13:02 <mandeep> cathy_: I will try to address that in an email
18:13:10 <LouisF> hemanthravi: so between any two networks the direction is undefined  - right?
18:13:29 <hemanthravi> mandeep, on lines 207/28 for the chain [FW, LB] is the sequence correct or should it be reversed
18:13:40 <hemanthravi> that should be 208
18:13:42 <SumitNaiksatam> so is the difference in understanding with respect to the implicit convention (currently) versus explicit for specifying directions?
18:13:55 <regXboi> SumitNaiksatam: it looks like it
18:14:05 <cathy_> mandeep: Could you just provide an answer to my simple example? That will help calrify my simple question:-)
18:14:35 <SumitNaiksatam> regXboi: okay, when we reviewed the spec it seemed that those concerns were addressed in the spec and was made explicit, but perhaps not as clear
18:14:52 <mandeep> cathy_: I believe the problem is in the question, so the example will probably not address it.
18:15:04 <regXboi> I'd say the implicit convention is that ingress is from network through port and egress is through port to network (based on the example)
18:15:21 <cathy_> mandeep: just for my example, could you let us know what is the sequence?
18:15:28 <mandeep> hemanthravi: it is correct
18:15:42 <cathy_> I think existing API is ambigous about that
18:15:43 <LouisF> SumitNaiksatam: so convention internal network to external net = egress direction?
18:16:04 <mandeep> cathy_: The error is that subnet is not a service and you are confusing data-path with service order
18:16:13 <regXboi> LouisF: how did you get to that?
18:16:31 <LouisF> regXboi: based on the example
18:16:40 <cathy_> I am not saying a subnet is a service.
18:16:44 <cathy_> It is never a service
18:16:48 <regXboi> I don't see where internal network shows up in the example
18:16:57 <regXboi> I see external network, router and port
18:17:12 <SumitNaiksatam> cathy_: i believe what you are saying is the traffic originating on the internal network/subnet?
18:17:16 <mandeep> LouisF: See lines 204-209
18:17:17 <regXboi> let me restate that :)
18:17:44 <LouisF> regXboi: 177 - 179
18:17:45 <regXboi> yes, I see that the example talks about internal networks, but they are only window dressing and don't really matter
18:17:48 <cathy_> SumitNaiksatam: Let me tyr again. I am using the example given in the service chain spec.
18:18:11 <SumitNaiksatam> cathy_: sure
18:18:23 <mandeep> cathy_: Line numbers?
18:18:32 <hemanthravi> in this eg, the chain [FW, LB] is between ext-net and N1/N2
18:19:11 <cathy_> How about this? I am going to send an email to the alias
18:19:13 <mandeep> cathy_: And the order there is specified on lines 204-209 exactly
18:19:28 <mandeep> cathy_: OK
18:19:46 * regXboi wonders if he's helping or not
18:20:11 * mandeep is wondering the same thing
18:20:31 * regXboi wonders if mandeep is wondering about self or about regXboi :)
18:20:56 * mandeep about myself ;-)
18:21:17 * regXboi quotes "join the club, we've got jackets"
18:22:03 <SumitNaiksatam> ok lets park this for now
18:22:35 <songole> cathy_: it helps if you explain your implementation briefly as well in the mail.
18:22:37 <SumitNaiksatam> i think mandeep songole hemanthravi feel that this is clarified in the spec, but its not clear to cathy_ and LouisF
18:22:44 <cathy_> regXboi: I see your reply "I'd say the implicit convention is that ingress is from network through port and egress is through port to network (based on the example)"
18:22:50 <LouisF> mandeep: it would help if there was text stating the convention for traffic direction
18:22:53 <SumitNaiksatam> so lets follow up to clarify that
18:22:56 <cathy_> That is my question
18:23:27 <SumitNaiksatam> #action SumitNaiksatam to reach out to cathy_ LouisF mandeep songole hemanthravi to clarify on the spec
18:23:32 <cathy_> I think it is better to make it explict instead of guessing the "implicit"
18:23:36 <mandeep> The spec says - On port P1: FW->LB->R1 for ingress traffic
18:23:52 <mandeep> R1->LB->FW for egress traffic.
18:24:12 <regXboi> mandeep: yes, and that makes the implicit convention that I stated above
18:24:13 <mandeep> The Port, the direction, the order are all exactly specified
18:24:28 <mandeep> hence my confusion on what is ambigious?
18:24:45 <mandeep> that is why I am not able to parse the question
18:24:49 <SumitNaiksatam> mandeep: okay lets circle back on that
18:24:55 <cathy_> Today Louis and I have the question on the "implicit", tomorrow other people might have same questions or needs to guess the "implicit". That is my whole purpose of raining this quesiton. Could we make it "explicit"?
18:25:18 <SumitNaiksatam> cathy_: LouisF: lets circle back today itself, sounds okay?
18:25:24 <hemanthravi> would it be less confusing to say P1->FW->LB and LB->FW->P1
18:25:38 <mandeep> hemanthravi: I disagree
18:26:05 <SumitNaiksatam> okay, i think we have to yield to a couple of other sub-topics
18:26:10 <regXboi> mandeep: +1
18:26:16 <SumitNaiksatam> #topic Traffic Steering
18:26:16 <LouisF> mandeep: that is in the example, would better if added to line 125, 146
18:26:18 <regXboi> SumitNaiksatam: +2 :)
18:26:19 <SumitNaiksatam> cgoncalves: hi
18:26:26 <SumitNaiksatam> i know we are not pursuing this for Juno
18:26:44 <SumitNaiksatam> but any quick updates?
18:26:54 <SumitNaiksatam> or any feedback you need from the team?
18:28:19 <SumitNaiksatam> perhaps cgoncalves is not around
18:28:26 <SumitNaiksatam> #topic Tap
18:28:34 <SumitNaiksatam> anil_rao: vinay_yadhav: here?
18:28:34 <vinay_yadhav> Hi
18:28:42 <anil_rao> Hi
18:28:53 <vinay_yadhav> We will put up an updated version of the spec this week
18:28:57 <SumitNaiksatam> vinay_yadhav anil_rao hi, sorry for making you wait for two meetings for this ;-(
18:29:04 <SumitNaiksatam> vinay_yadhav: ok great
18:29:23 <vinay_yadhav> with some changes clarifiing some question
18:29:49 <SumitNaiksatam> vinay_yadhav: thats good, and perhaps an email to the -dev mailing list will draw attention to this topic
18:30:06 <vinay_yadhav> we are also checking up on implementation parts of the spec
18:30:13 <vinay_yadhav> sumit: sure
18:30:20 <SumitNaiksatam> vinay_yadhav: oh good
18:30:27 <SumitNaiksatam> vinay_yadhav: we still have the WIP patch?
18:30:45 <vinay_yadhav> of the code u mean
18:30:50 <SumitNaiksatam> vinay_yadhav: yeah
18:30:59 <vinay_yadhav> sumit: we have not put it up
18:31:06 <vinay_yadhav> but would like to do it
18:31:13 <SumitNaiksatam> vinay_yadhav: okay whenever you are ready
18:31:19 <SumitNaiksatam> vinay_yadhav: anil_rao: thanks for the update
18:31:28 <SumitNaiksatam> #topic Open Discussion
18:31:31 <SumitNaiksatam> we have hit the hour
18:32:14 <SumitNaiksatam> so last week some of the cores mentioned in this meeting that we should reconsider the work here, based on priorities, and in the context of the “incubator” proposal
18:33:10 <SumitNaiksatam> given that the direction came pretty late in the cycle, my understanding here is that the team at least wants to get a shot at the patches in J3, and hence we will try to meet the FPF deadline
18:33:10 <cathy_> SumitNaiksatam: do you know which BP under this umbrella will go to J release?
18:33:26 <SumitNaiksatam> if we dont meet that we are obviously out
18:33:31 <SumitNaiksatam> cathy_: good question :-)
18:33:33 <s3wong> SumitNaiksatam: any more discussion on this (within the cores)? service insertion got a lot of heat last week
18:33:56 <SumitNaiksatam> cathy_: that said once we have a working implementation, we can decide where to go with it
18:34:09 <SumitNaiksatam> cathy_: so as a team, we just got to keep working together
18:34:21 <cathy_> SumitNaiksatam: sure
18:34:26 <SumitNaiksatam> IMHO it does not matter whether its the main repo or not
18:34:34 <songole> SumitNaiksatam: +1
18:34:41 <SumitNaiksatam> as long as we can get the right implementation in, and have some users use it
18:35:40 <SumitNaiksatam> in general i think it was already suggested in the past that adv services should be a separate service/project
18:35:51 <SumitNaiksatam> so this might evolve in that direction, who knows
18:36:24 <SumitNaiksatam> i believe our mission in this team was to have clean interfaces defined in neutron to be able to facilitate the integration of services
18:36:41 <SumitNaiksatam> most of what we have discussed today is towards that end
18:36:50 <SumitNaiksatam> i dont think any that has changed, right?
18:37:15 <cathy_> SumitNaiksatam: +1
18:37:43 <SridarK> SumitNaiksatam: +1 without that not sure how things can be even moved out
18:37:47 <mandeep> SridarK: +1
18:37:58 <SumitNaiksatam> ok we are well over
18:37:59 <mandeep> SumitNaiksatam: +1
18:38:03 <SumitNaiksatam> any other parting thoughts?
18:38:48 <SumitNaiksatam> i am having a bad connection again
18:38:58 <SumitNaiksatam> thanks all for joining
18:39:11 <SumitNaiksatam> #endmeeting