18:32:51 #startmeeting Networking FWaaS 18:32:52 Meeting started Wed Nov 19 18:32:51 2014 UTC and is due to finish in 60 minutes. The chair is SumitNaiksatam. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:32:54 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:32:57 The meeting name has been set to 'networking_fwaas' 18:34:13 #announce SPD: Monday 12-8-2014 SAD: Monday 12-15-2014 18:34:24 pc_m: vishwanathj: hi 18:34:35 vi 18:34:38 hi 18:35:21 hope the SPD and SAD dates are not too intimidating ;-) 18:35:34 SumitNaiksatam: SPD, SAD are fast upon us 18:35:46 did not realize the timeline earlier either 18:36:09 yes, so lets focus on what we want to get in by that, we will pick that up in just a bit 18:36:46 #topic Bugs 18:36:49 december 15th 18:36:53 glebo: hi 18:36:56 #undo 18:36:57 Removing item from minutes: 18:37:20 okay since we have some more critical mass here 18:37:36 * glebo is here, but tied up on another call, so not really paying much attention. If needed, ping me unicast, and I'll pay attention to group 18:37:44 just wanted to clarify if the spec approval is by december 15tt 18:37:46 i wanted bring up the question that we had discussed in the adv services’ meeting as well yesterday 18:38:05 do we need this sub-team and this meeting? 18:38:10 badveli: yes 18:38:28 thanks sridar 18:38:43 * pc_m hi. I'm multitasking meetings. 18:38:57 badveli: ? 18:39:17 sumit, i was confirming the spec approval date 18:39:23 SumitNaiksatam: my vote is that it helps us discuss details as we get more into the specs and code especially 18:39:38 SumitNaiksatam: i don't think we can discuss this in the neutron mtg 18:39:51 SridarK: okay, what do other folks present here think? glebo vishwanathj badveli pc_m? 18:40:12 previously when we wanted to discuss 18:40:20 i think we need this meeting because we are still really FAR behind the feature set required to be genuinely useful to operators, and once we get split done, we need to run like bats of out hell getting caught up, and the rest of the community doesn't need to be a part of that 18:40:23 in late juno cycle 18:40:32 * glebo goes back to other mtg 18:40:41 SumitNaiksatam: I'm just monitoring to keep a pulse on FWaaS (and make sure you're keeping things in line :) 18:40:48 we used to join the meeting when we want 18:40:48 glebo: +1 18:40:49 pc_m: :-) 18:41:05 SumitNaiksatam: Not sure if need this meeting or can include in Adv Svcs meeting as a topic. 18:41:06 pc_m: with his baseball bat :-) 18:41:08 my question is when we need info can we 18:41:15 join the meeting 18:41:31 ? 18:41:40 i am fine wither way 18:41:45 either way 18:41:55 pc_m: its proposed that this will be a standing item on the adv services meeting 18:42:26 pc_m: however our past experience is that we have used up the one hour of the FWaaS meetings prety regularly 18:42:41 pc_m: and i am sure LBaaS tends to use theirs as well (in their meeting) 18:43:11 pc_m: so i would tend to think that the adv services’ meeting would be more of an update from each of the services’ teams to the rest of the group 18:43:16 SumitNaiksatam: That may make for the argument to keep it sep. 18:43:32 pc_m: rather than deeper technical discussions (which we tend to have here) 18:43:34 pc_m: yeah 18:43:48 SumitNaiksatam: makes sense 18:43:50 SumitNaiksatam: i feel that this is a time that is blocked in our calendars and an opportunity for a quick sync up to discuss issues on hand 18:43:56 * pc_m putting bat back in drawer 18:44:02 SridarK: okay 18:44:03 SumitNaiksatam: else we may land up doing this adhoc 18:44:05 * pc_m :) 18:44:09 SridarK +1 18:44:17 pc_m: Whew! :-) 18:44:20 vishwanathj: okay 18:44:25 pc_m: :-) 18:44:49 okay so it seems that this team wants to continue this collaboration as a sub-team, and continue the meetings as well 18:44:51 sumit, having the item in the adv service meeting will also give an opportuniy in asking qurestions which we are not sure 18:45:19 badveli: yes, i explained earlier what we will be doing in each of the meetings 18:45:35 ok moving on 18:45:38 #topic Bugs 18:46:36 so we dont seem to have any new high priority bugs on reported 18:46:45 SumitNaiksatam: yes nothing new 18:46:49 the highest priority one is this on the client side: 18:47:14 #link https://bugs.launchpad.net/python-neutronclient/+bug/1318617 18:47:48 the priority for this was bumped up, not sure why 18:48:32 lets review the patch: #link https://review.openstack.org/#/c/104132/ 18:48:52 badveli: anything else on your bug triaging radar? 18:49:09 nothing much i am checking the other one 18:49:31 badveli: which other one? 18:49:32 tear down existing session 18:49:42 when there is an update 18:49:45 badveli: ah okay 18:49:49 badveli: the iptables issue ? 18:49:52 yes 18:50:00 yeah we discussed last week 18:50:04 badveli: can you post the link? 18:51:31 https://bugs.launchpad.net/neutron/+bug/1386543 18:51:58 may be not much may need to be done on this 18:52:04 yes 18:52:08 from the fw side 18:52:39 ok good 18:52:52 badveli: please keep tracking since its assigned to you 18:52:59 #topic Docs 18:53:23 SridarK: and I had an AI last week to follow up on the FWaaS/DVR documentation 18:53:28 SumitNaiksatam: yes 18:53:32 just heard back from swami 18:53:50 yes we looks like it is WIP 18:53:53 SridarK: from what i understood, he will be making the doc changes? 18:54:01 I will be in sync with Swami 18:54:36 I could provide a description of the fw side of the world 18:54:45 SridarK: ok cool, perhaps we can pass the link to the rest of the team as well (should help to get more eyes on the review) 18:54:46 anyways will sync with Swami 18:55:01 ok will do when i get it 18:55:05 SridarK: thanks 18:55:24 SridarK: any other docs activity showing up your radar? 18:55:37 the other is one is: 18:55:42 #link https://bugs.launchpad.net/openstack-manuals/+bug/1346986 18:56:05 this seems to be an update on a section for the Security Guide 18:56:27 and it is quite dated - so am confused by what is actually reqd 18:56:38 as the general docs cover FWaaS 18:57:06 I should reach out to the submitter for some clarification - should have done that earlier - apologies 18:57:07 yeah this is the one which rudrajit was assigned to 18:57:11 will take care of this 18:57:16 seems to be sitting there for a long time 18:57:21 if it is not relevant we can close it 18:57:23 not sure if its even relevant any more 18:57:28 yeah exactly 18:57:35 yes and it involves a lot of other things not just fwaas 18:57:45 there are a bunch of doc bugs mentioned in the neutron meeting: 18:57:52 #link https://wiki.openstack.org/wiki/Network/Meetings 18:58:44 we need to scrub this list to see if there is anything that we need to contribute to 18:59:11 #link https://bugs.launchpad.net/openstack-manuals/+bugs?field.tag=neutron 18:59:11 SumitNaiksatam: i will do this and reach out to Edgar if more clarification is needed 18:59:19 SridarK: great, thanks@ 18:59:47 its interesting there are references to quantum in that list ;-) 18:59:53 :-) 19:00:18 i would like to see positron or quark or whatever in the next cycle :-) 19:00:40 i think we need to pay attention to this: #lik https://bugs.launchpad.net/openstack-manuals/+bug/1373674 19:00:44 #link https://bugs.launchpad.net/openstack-manuals/+bug/1373674 19:01:22 perhaps follow up with anne gentle on this 19:01:31 SridarK: you want to take that AI? 19:01:42 SumitNaiksatam: yes pls 19:02:05 #action SridarK to follow up with ann gentle on #link https://bugs.launchpad.net/openstack-manuals/+bug/1373674 19:02:33 SridarK: please cc me (and anyone else interested) as well, so that we can jump in if required 19:02:40 SumitNaiksatam: will do 19:03:05 SridarK: thanks 19:03:07 moving on 19:03:10 yes 19:03:14 #topic Kilo Blueprints 19:03:45 badveli’s security objects and groups: 19:03:52 yes sumit 19:04:29 badveli: thanks for addressing my review comments 19:04:35 #link https://review.openstack.org/#/c/131596/ 19:04:38 thanks sridar, for review 19:04:58 i think sumit wants to rephrase some of them 19:05:06 badveli: i think once u have addressed the latest round from SumitNaiksatam - i think i am good 19:05:12 i added some review comments 19:05:23 badveli: thanks 19:05:27 yes i am in the process, but one thing in the work items 19:05:41 how can we explain more 19:06:00 i had mentioned this process, we need to tighten up the content otherwise it creates unnecessary misunderstanding 19:06:10 my problem is if i do not put them after * 19:06:15 and we should not have to waste cycles on grammar and typos 19:06:30 this should be run through spell checkers upfront 19:07:02 having reviewers tell you to correct grammar, and then having to spend the back and forth cycles on doing it, is just a big waste of time 19:07:05 do we have some kind of tool 19:07:27 badveli: be creative :-) 19:07:30 i am just editing in the vi, 19:07:53 easy to copy paste in a word-like editor :-) 19:08:20 okay, any other objections or blockers on the techincal front with respect to this blueprint? 19:08:31 or any suggestions for badveli? 19:08:47 SumitNaiksatam: none from me - i think the model resembles Sec Grps 19:09:12 SridarK: okay 19:09:16 SumitNaiksatam: badveli confirmed this in terms of object to group association 19:09:27 thanks sridar 19:09:32 SridarK: that we cannot resuse objects across groups? 19:09:38 SumitNaiksatam: yes 19:09:46 okay 19:10:01 SumitNaiksatam: we can take a call on the approach 19:10:02 the reuse is at the group level 19:10:23 SumitNaiksatam: yes 19:10:41 yes 19:11:31 so this is consistent with the FWaaS rule and policy association as well, right? 19:11:36 SumitNaiksatam: i think this is fine but this should not become a roadblock on Dec 14 - i think this kind of adopts the Sec grp way of doing things 19:11:56 yes this is similar to sec grp way 19:11:57 we cant reuse rules across firewall policies 19:12:06 *firewall rules 19:12:23 SumitNaiksatam: yes so this is consistent 19:12:34 yes 19:13:52 as long as we are clear there is no issue here 19:14:04 so once badveli puts out the new rev, lets try to push forward 19:14:26 glebo: did you get a response to the email you had sent regarding the service groups blueprint? 19:14:42 badveli: after ur next rev - i will go thru one other scan and i can +1 19:15:04 SumitNaiksatam: I don't think so 19:15:10 * glebo double checking now 19:15:15 thanks sridar, sumit 19:15:17 glebo: okay, yeah just checking, since i did not see anything 19:18:02 the next one we are tracking is the router-specific firewall insertion 19:18:08 SridarK: any progress? 19:18:18 SumitNaiksatam: few options 19:18:28 Option 1: Revive Service Insertion - i am not sure about how this will fly. 19:18:44 Option 2: Insert FW on a specific Router. (what Mark wanted) 19:18:53 Option 3: Insert FW on neutron port(s) (we can validate to ensure that if it is a list they are all associated with a single router) 19:19:04 My personal opinion is that if we are not doing Option 1, Option 3 is reasonable - it can achieve the requirement from Mark and yet is more flexible. 19:19:29 the Spec deadlines got me boltibg 19:19:33 *bolting 19:19:34 I agree, why essentially waste effort on a something halfbacked as option 2 19:19:35 SridarK: yeah i dont think we are doing option 1 19:19:55 i have started putting things down for a spec 19:20:03 bobmel: i agree, though that comes with the risk of a -2 19:20:11 will get a first cut out by end of week 19:20:25 and i am willing to vote in favor of that option if everyone in the team here feels likewise 19:20:26 bobmel: yes 19:20:39 bobmel: btw, welcome to the fwaas meeting ;-) 19:21:04 SumitNaiksatam: Yes but it is a bit insane to -2 something that is more useful in practice 19:21:37 bobmel: i will let history speak for itself! ;-) 19:21:45 SumitNaiksatam: Like pc_m I monitor every step... :-) Hope I can actively contribute going forward though. 19:21:45 SridarK: option 1 is already rejected by markmcclain --- during Friday's meeting in Paris, markmcclain talked about FW able to run on selected routers without a new service insertion framework 19:21:56 bobmel: yes agree i think we can find a reasonable ground 19:22:17 ah s3wong, we have lots of people watching over our shoulders today! :-) 19:22:23 s3wong: yes i think we can work with option 3 that will satisfy the requirement 19:22:29 and i thought we were lacking critical mass 19:23:08 hopefully no one came with weapons 19:23:10 :-) 19:23:15 SridarK: lol 19:23:42 SridarK: sorry to push, any ETA on posting the spec? 19:23:44 SumitNaiksatam: ok i will put things down in a spec 19:23:49 SridarK: keep in mind that markmcclain wants to have the ability to backport to stable branches, so a new framework would be out of question, too much to port 19:23:53 will try for end of week 19:24:31 s3wong: hmm we will need to add an extension 19:24:37 SumitNaiksatam: just got out of my day job meeting -- and was attracted by the term "service insertion" :-) 19:25:06 s3wong: u are a riot (meant as a compliment) :-) 19:25:17 SridarK: not sure why an extension is required 19:25:27 SridarK: but lets take it offline 19:25:37 SumitNaiksatam: u are saying add it as an attribute to the resource 19:25:50 SumitNaiksatam: yes we can discuss more 19:25:59 SridarK: i am also curious as to what the default would be with ports 19:26:21 SridarK: i am sure you have given this thought, so lets see it in the spec 19:26:37 SridarK: as far as the spec is concerned, you can keep it simple and cut to the chase 19:26:44 SridarK: easier to read that way :-) 19:26:46 SumitNaiksatam: more thought is needed here - will ping u offline 19:26:49 please let me know also when you are discussing this 19:26:50 SumitNaiksatam: yes will do 19:26:59 SridarK: extra details can be added per request 19:27:02 * glebo just resent that email to mestery & markmcclain trying to nail down required reviewers for Service Object & Groups spec 19:27:10 badveli: sure 19:27:16 SumitNaiksatam: ok sounds good 19:27:22 anything else to discuss on this topic? 19:27:30 SumitNaiksatam: nothing from me 19:27:44 #topic Open Discussion 19:27:51 anything more to cover for today? 19:27:57 SumitNaiksatam: we wil also be pushing a vendor bp 19:28:03 SridarK: sure 19:28:19 it is out already ( i have resubmitted from Juno) 19:28:20 anyone else planning to push a vendor bp, so that we can track it? 19:28:27 fwass-related that is 19:28:28 vishwanathj: ? 19:28:32 Brocade will soon 19:28:51 vishwanathj: if u have intent for Kilo u should do that soon 19:29:06 SridarK, understood 19:29:18 FYI: I'm starting on some L3 agent refactoring. Starting with extracting out device driver logic. Please look at https://review.openstack.org/#/c/135392/ if you get a chance. 19:29:35 vishwanathj: karhik will need to get his router stuff out too 19:29:39 vishwanathj: yeah, you might have missed earlier, SPD: Monday 12-8-2014 SAD: Monday 12-15-2014 19:29:40 Teasing out FW, VPN, LB device driver loading. 19:29:42 *karthik 19:29:55 SridarK, I think Karthik already did that for the router last week 19:30:00 ok 19:30:02 pc_m: sweet, great that you could get started on this 19:30:31 would love and FW centric feedback on what's happening there. 19:30:43 pc_m: is such situations it will help proactively add us reviewers so that it readily shows up on our radars 19:30:46 SumitNaiksatam: What is SPD and what is SAD 19:30:47 (and LB too) 19:31:01 vishwanathj: spec proposal deadline, spec approval deadline 19:31:06 pc_m: u have my feedback 19:31:08 Thanks 19:31:15 SridarK: Thanks! 19:31:23 vishwanathj: propose the spec latest by the first deadline and get it approved by the second 19:31:32 ok thanks all 19:31:33 we are minute over 19:31:37 bye 19:31:37 thanks for joining 19:31:38 Ok 19:31:39 bye! 19:31:41 bye 19:31:43 vishwanathj: ping me offline 19:31:44 #endmeeting