#openstack-meeting-3 log

18:33:01 <SumitNaiksatam> #startmeeting Networking FWaaS
18:33:03 <openstack> Meeting started Wed Oct 29 18:33:01 2014 UTC and is due to finish in 60 minutes.  The chair is SumitNaiksatam. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:33:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:33:06 <openstack> The meeting name has been set to 'networking_fwaas'
18:33:46 <SumitNaiksatam> badveli: we can keep this meeting short since i imagine people are preparing for attending the summit
18:33:58 <badveli> fine sumit
18:34:00 <SumitNaiksatam> #topic bugs
18:34:37 <badveli> i did not see any new ones
18:34:41 <glebo> lo m8s
18:35:25 <SumitNaiksatam> glebo: hi there
18:35:37 <SumitNaiksatam> there was some discussion in the ML around this: #link https://bugs.launchpad.net/neutron/+bug/1386543
18:36:13 <badveli> yes i was seeing it
18:36:19 <SumitNaiksatam> this in a artifact of the underlying reference driver we use (i.e. iptables)
18:36:42 <SumitNaiksatam> we use the same iptables lib as security groups
18:36:52 <SumitNaiksatam> so this is not specifically a FWaaS issue per say
18:37:21 <SumitNaiksatam> glebo: badveli: thoughts?
18:38:05 <badveli> iptables should be repopulated
18:38:53 <badveli> looks like we had not seen the issue, back
18:39:12 <SumitNaiksatam> badveli: we do repopulate iptables rules
18:39:25 <SumitNaiksatam> badveli: however i believe that does not affect existing connections
18:41:10 <badveli> fine sumit, i am not sure how this is happening
18:41:25 <SumitNaiksatam> badveli: i think that is expected, right?
18:41:54 <badveli> once the rule exists, it should take into affect
18:43:38 <SumitNaiksatam> the related bug file in SG is #link https://bugs.launchpad.net/neutron/+bug/1335375
18:44:19 <badveli> may there is a first rule that is allowing
18:44:48 <SumitNaiksatam> and this is the related bp: #link https://blueprints.launchpad.net/neutron/+spec/conntrack-in-security-group
18:46:03 <SumitNaiksatam> the suggestion is to use conntrack for handling existing connections
18:47:03 <badveli> sumit, you might be right
18:47:29 <badveli> i need to check what is happening, should we try with adding connection track?
18:47:38 <badveli> its an option
18:47:46 <badveli> in the ip table ruke
18:47:49 <SumitNaiksatam> badveli: yes
18:47:55 <badveli> sorry rule
18:48:17 <SumitNaiksatam> badveli: however i believe this has to be made part of the underlying iptables lib
18:48:28 <SumitNaiksatam> badveli: but you can certainly experiment and see if it works
18:48:48 <SumitNaiksatam> badveli: shoudl we assign the bug to you?
18:49:21 <badveli> fine with me
18:49:42 <badveli> as you remember in service groups we said idle time out
18:50:17 <badveli> if we have the connection track it might be easier for us to implement in reference implementation
18:50:25 <SumitNaiksatam> badveli: yes
18:50:36 <SumitNaiksatam> issue summarized here: #link http://www.redhat.com/archives/rhl-list/2006-January/msg03171.html
18:51:32 <SumitNaiksatam> depends on how we have configured our iptables rules, if we have “RELATED,ESTABLISHED”
18:51:41 <SumitNaiksatam> which i believe we do
18:52:36 <badveli> it might be harder for some protocols
18:52:57 <SumitNaiksatam> badveli: have assigned the bug to you
18:53:23 <SumitNaiksatam> please update the bug and provide a reference to the SG bug
18:54:46 <SumitNaiksatam> badveli: i dont see any other critical or high priority bugs
18:54:46 <badveli> fine sumit,  looks like the connection track would be available for most of the protocols
18:55:07 <SumitNaiksatam> badveli: do you see any other high priority bugs?
18:55:39 <badveli> i was looking in the reverse order
18:55:47 <badveli> so could not see this immediately
18:55:55 <SumitNaiksatam> badveli: sure, we first need to triage any untriaged bugs
18:55:58 <glebo> fyi, on https://blueprints.launchpad.net/neutron/+spec/conntrack-in-security-group the text is a bit too mangled for me to understand. Do others get it?
18:56:57 <SumitNaiksatam> glebo: i think the high order bit is that they want to use the conntrack tools
18:57:11 * SumitNaiksatam realizes that he stating the obvious as he typed it ;-P
18:57:26 <badveli> glebo, based on the protocols there may be different states
18:57:27 <SumitNaiksatam> glebo: i dont think a spec has been created
18:57:48 <glebo> ack
18:57:54 <SumitNaiksatam> glebo: we will get more clarity when we see that
18:57:56 <badveli> ftp for example initially uses control and data seperately
18:58:14 <badveli> it would be hard to affect the existing connections with the rules
18:58:20 <SumitNaiksatam> badveli: true, i think all that gets abstracted into the use of the conntrack tools
18:58:43 <badveli> yes sumit
18:58:51 <SumitNaiksatam> natarajk: SridharRamaswamy: noticed you guys joined! :-)
18:59:12 <natarajk> yes, hi
18:59:15 <SumitNaiksatam> we are having a short meeting today though in anticipation of the f2f time in paris next week
18:59:22 <natarajk> sure
18:59:22 <SumitNaiksatam> ok moving on
18:59:25 <SumitNaiksatam> #topic docs
18:59:28 <badveli> hello all
18:59:40 <SumitNaiksatam> SridarK is not here today
19:00:03 <SumitNaiksatam> #action SumitNaiksatam to follow up with SridarK on open documentation bugs
19:00:16 <SumitNaiksatam> #topic Paris summit planning
19:00:41 <SumitNaiksatam> so, we are all aware that we dont have a dedicated fwaas design summit session
19:01:14 <natarajk> i have voted for FwaaS lightning talk
19:01:22 <SumitNaiksatam> natarajk: nice, thanks :-)
19:01:32 <natarajk> wouldn't we get some time in Adv services spin out ?
19:01:43 <SumitNaiksatam> natarajk: yes sure, getting to that
19:01:51 <glebo> natarajk: link for where we vote likewise? I'll do it now. So will badveli
19:02:12 <natarajk> https://www.surveymonkey.com/s/RLTPBY6
19:02:23 <glebo> do we need to vote for the adv services spin out, or that's already set?
19:02:24 <SumitNaiksatam> natarajk: ah nice, i did not see notice that
19:02:31 <glebo> natarajk: ack. thx
19:02:32 <SumitNaiksatam> thanks for the link
19:02:39 <SumitNaiksatam> #link https://www.surveymonkey.com/s/RLTPBY6
19:03:21 <natarajk> Please vote for servicevm (tacker) also
19:03:52 <SumitNaiksatam> natarajk: sure
19:04:07 * glebo voting now
19:04:17 * glebo but also paying attention
19:04:36 <glebo> this one will help us too:
19:04:37 <badveli> it always pushed down even if we want to see at 1
19:04:58 <glebo> "Gaps in Neutron from the Operators point of view"
19:05:12 <glebo> because the Ops can't run Neutron if they can't LB and FW and such
19:05:53 <glebo> That's the very real state of things from our customers. Customers had been VERY excited and active on OS, and are now backing off because of the lack of stability, features, and fullness to run their cloud
19:06:13 <badveli> glebo+100
19:06:16 <SumitNaiksatam> glebo: but you want to make sure that talk has the same PoV as yours :-)
19:06:25 <glebo> So that session should be be, in part, a promo session for our efforts, both here and in service insertion and GBP
19:06:27 <SumitNaiksatam> glebo: this is a lightening talk not a discussion
19:06:52 <glebo> SumitNaiksatam:  That can be influenced, given customer relationship
19:06:55 <glebo> ;-)
19:07:17 <SumitNaiksatam> glebo: the proposer of that session has in the past expressed taht services’ related work is not the highest priority
19:08:32 <SumitNaiksatam> i would not be surprised that particular session is only focussed on “stability” and in fact discouraging new features
19:08:44 <SumitNaiksatam> but there are no abstracts posted
19:08:48 <SumitNaiksatam> so this is just my guess
19:08:53 <SumitNaiksatam> anyway, moving on
19:09:06 <SumitNaiksatam> we will also get some roundtable time on Friday
19:09:13 <glebo> SumitNaiksatam: yeah,
19:09:36 <glebo> SumitNaiksatam:  it's the age old "connect, then secure, then scale"
19:09:45 <SumitNaiksatam> glebo: true
19:09:54 <SumitNaiksatam> for that discussion lets all contribute to the etherpad: #link https://etherpad.openstack.org/p/neutron-fwaas
19:10:00 <glebo> services aren't a hi pri until basic conn works
19:10:22 <glebo> but as soon as basic conn works, security is super hi pri because people can't go production w/o sec
19:11:15 <SumitNaiksatam> glebo: very well said, wish others appreciated that as well!
19:12:08 <SumitNaiksatam> we also need to participate/lead in the adv services’ spin out discussion: #link http://kilodesignsummit.sched.org/event/8a0b7c1d64883c08286e4446e163f1a6#.VFE774t4r4z
19:14:12 <SumitNaiksatam> so we need to meet and plan for that
19:14:32 <glebo> SumitNaiksatam: +1 to everyone participating in adv serv discussion
19:14:44 <glebo> +1
19:14:49 <SumitNaiksatam> how about we meet sometime on tuesday afternoon/evening to start discussion on these things?
19:15:11 <glebo> can we have a pre-meeting to that this week, maybe Thur or Fri?
19:15:23 <glebo> via web conf
19:15:30 <SumitNaiksatam> glebo: its tight, but i am up for it
19:15:49 <SumitNaiksatam> glebo: so you want to do this with the fwaas folks?
19:16:06 <glebo> I was thinking adv services folks,
19:16:07 <natarajk> i can attend next tuesday evening
19:16:21 <glebo> was trying to begin the planning here, in FWaaS
19:16:28 <SumitNaiksatam> glebo: sure
19:16:31 <glebo> then role it out to the others
19:16:37 * glebo checking calenar
19:16:38 <SumitNaiksatam> natarajk: great
19:17:24 <SumitNaiksatam> glebo: natarajk badveli: when are you folks reaching paris?
19:17:37 <glebo> how about either 10 am PDT Thur (tomorrow) , ie right before GBP, or
19:17:45 <glebo> 2pm PDT Thur?
19:17:50 <glebo> either of those work for others?
19:18:04 <natarajk> I travelling tomorrow and reaching Paris on Friday
19:18:04 <glebo> well, about that...
19:18:20 <glebo> badveli and I not able to make it in person.
19:18:55 <glebo> I've got immovable personal commitment (hosting mother's 70 bday party, big event)
19:19:03 <glebo> and badveli has code deadlines
19:19:20 <glebo> But gary duan, and Yi Sun from vArmour will be there in person
19:19:28 <glebo> gary arrives there later tonight
19:19:35 <glebo> not sure about Yi Sun
19:19:35 <SumitNaiksatam> glebo: that is an absolute bummer!
19:19:47 <glebo> SumitNaiksatam: hold on,
19:19:53 <SumitNaiksatam> glebo: shoot
19:19:55 <glebo> SumitNaiksatam:  don't cry me a beer just yet
19:20:06 <SumitNaiksatam> glebo: i was heavily looking forward to your participation
19:20:11 <SumitNaiksatam> glebo: i already did!
19:20:26 <glebo> SumitNaiksatam:  we are all staying very tight on this stuff, and have met a few times this week to stay sync'd up, get priorities and place, and such
19:20:27 <SumitNaiksatam> glebo: any chance you can make it later in the week?
19:20:42 <glebo> SumitNaiksatam: and i will b participating remotely
19:20:51 <SumitNaiksatam> glebo: its not the same
19:20:54 <SumitNaiksatam> glebo: anyway
19:21:11 * glebo would like to talk about remote participation tactics after this scheduling thing
19:21:19 <SumitNaiksatam> glebo: okay
19:21:32 <SumitNaiksatam> glebo: so lets check with folks on what time works best 10 or 2 tomorrow
19:21:35 <glebo> so, adv services planning mtg tomorrow:  which works?
19:21:38 <SumitNaiksatam> natarajk: wont be able to make it
19:21:58 <SumitNaiksatam> glebo: can you send an email to the team, if not, i can
19:25:12 <SumitNaiksatam> alright we have 5 mins
19:25:24 <SumitNaiksatam> so conf call tomorrow to decide the paris summit logistics
19:25:30 <glebo> SumitNaiksatam: well, can us there decide on a time, then I'll propose that? 10 or 2?
19:25:32 <SumitNaiksatam> anything else folks to discuss here?
19:25:46 <SumitNaiksatam> glebo: just sent an email on that
19:25:48 <glebo> s/us there/us here
19:25:58 <glebo> SumitNaiksatam: wow, u fast man
19:27:00 <SumitNaiksatam> glebo: badveli: if nothing else, lets wrap up for today
19:27:23 <SumitNaiksatam> #topic blueprints
19:27:43 <SumitNaiksatam> badveli: have you submitted the service groups spec?
19:29:03 <SumitNaiksatam> badveli: glebo: still there?
19:29:17 <glebo> y
19:29:44 * glebo was beating badveli over head with wet noodle about service group spec not yet submitted
19:30:09 <glebo> he'll have it in today, tomorrow latest
19:30:45 <SumitNaiksatam> glebo: ok great!
19:30:52 <SumitNaiksatam> glebo: dont be too harsh :-P
19:31:00 <SumitNaiksatam> glebo: we love badveli !
19:31:18 <SumitNaiksatam> on that love festy note, lets wrap for today
19:31:23 <SumitNaiksatam> thanks all for joining
19:31:27 <SumitNaiksatam> #endmeeting