#openstack-meeting-3 log

18:31:18 <SumitNaiksatam> #startmeeting Networking FWaaS
18:31:19 <openstack> Meeting started Wed Dec  3 18:31:18 2014 UTC and is due to finish in 60 minutes.  The chair is SumitNaiksatam. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:31:20 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:31:23 <openstack> The meeting name has been set to 'networking_fwaas'
18:31:34 <SumitNaiksatam> #info SPD: Monday 12-8-2014 SAD: Monday 12-15-2014
18:31:54 <SumitNaiksatam> #info Kilo-1 is 12-18-2014
18:32:17 <SumitNaiksatam> any other related announcements anyone would like to share for the benefit of the team?
18:32:51 <SumitNaiksatam> #topic Bugs
18:33:11 <SridarK> SumitNaiksatam: nothing new
18:33:32 <SumitNaiksatam> SridarK: yes
18:33:51 <SumitNaiksatam> i did a quick review on this: #link https://review.openstack.org/#/c/104132/
18:33:58 <Swami> hi
18:34:20 <SridarK> Swami: hi
18:34:45 <SridarK> SumitNaiksatam: yes u beat me to it - i was trying to understand when i saw ur review go by :-)
18:34:55 <SumitNaiksatam> Swami: hi
18:35:12 <SumitNaiksatam> SridarK: ah ok, do you disagree with the change?
18:35:16 <SridarK> SumitNaiksatam: seems fairly straight forward
18:35:36 <SridarK> SumitNaiksatam: no was just trying compare the change with the original
18:35:46 <SridarK> SumitNaiksatam: it is good
18:35:53 <SumitNaiksatam> SridarK: i thought the change was trying to make things consistent
18:36:01 <SridarK> SumitNaiksatam: yes
18:36:04 <SumitNaiksatam> i however did not have a chance to actually test it out
18:36:16 <SumitNaiksatam> it would be nice if some actually can
18:36:29 <SridarK> SumitNaiksatam: i will try to get to this later today
18:36:35 <SumitNaiksatam> SridarK: sweet
18:36:53 <SumitNaiksatam> i guess we are missing badveli not sure if anything showed up on his bug triage radar
18:37:09 <SumitNaiksatam> #topic Docs
18:37:23 <SumitNaiksatam> i guess we have three pending items here
18:37:44 <SridarK> SumitNaiksatam: yes - i could not even look at any of this trying to get specs out
18:37:44 <SumitNaiksatam> Swami: anything for us to review or contribute in terms of DVR?
18:38:08 <SumitNaiksatam> SridarK: np, that definitely is high priority too
18:38:45 <Swami> SumitNaiksatam: I have created a document for the documentation folks to consume.
18:39:01 <Swami> I have added a section for the services and added a high level note for all the services.
18:39:06 <Swami> #link https://docs.google.com/document/d/1qmKoP4GVdjeEEVvqf3tYptVuvUzVIeQmJiTPWPoi_E0/edit
18:39:31 <Swami> If you can take a look at the services part and if you feel like I have missed anything please fill in the gap.
18:40:02 <Swami> I am working with "Elke Vorgheise" on the documentation. I think she is the tech writer for the networking guide.
18:40:10 <SumitNaiksatam> Swami: ah ok
18:40:17 <SumitNaiksatam> thanks for the link
18:41:26 <SridarK> Swami: thx - overview on services covers major points - will see if we need to add any more details
18:41:29 <SumitNaiksatam> Swami: perhaps we need to add some notes on the migration to the legacy mode (or the lack of when using FWaaS)
18:41:58 <SridarK> Swami: over the the quick scan of the doc for DVR - looks really good and comprehensive
18:42:00 <SumitNaiksatam> but the team here can this a little more detailed read, and provide feedback
18:42:12 <SumitNaiksatam> SridarK: +1, great job Swami!
18:42:24 <Swami> Yes, we can add a section on migration and how the services are handled.
18:42:41 <Swami> I will take a first stab at it and you can add your feedback or data to this document.
18:42:52 <SridarK> Swami: i see a book deal coming :-) Swami signing DVR books at Vancouver :-)
18:42:56 <Swami> SumitNaiksatam: sure.
18:43:11 <SumitNaiksatam> lol!
18:43:34 <Swami> SridarK: Sure, I like the idea.
18:43:38 <SumitNaiksatam> Swami: also, conf is missing, not sure that is meant for this document thought
18:43:41 <SridarK> :-)
18:44:00 <Swami> SumitNaiksatam: When you say config, are you talking about multinode config or single node config.
18:44:29 <Swami> I think I had a section on configuration that deals with the DVR specific configurations.
18:44:32 <SumitNaiksatam> yeah, and specifically in the context of FWaaS what needs to be set on which node
18:45:10 <SumitNaiksatam> i dont think that is terribly different from the DVR base configuration, but i vaguely recall that we had one or two extra things in there
18:45:19 <SumitNaiksatam> just need to confirm
18:45:22 <SridarK> SumitNaiksatam: i don't think we need to set anything specific for FWaaS
18:45:33 <SumitNaiksatam> SridarK: okay
18:45:41 <Swami> For DVR there is no specific action that is required for Firewall configuration. As far as the firewall service is enabled, it should work.
18:46:03 <SridarK> FWaaS just looks at the 'distributed' flag
18:46:03 <SumitNaiksatam> next doc item - #link https://bugs.launchpad.net/openstack-manuals/+bug/1373674
18:46:12 <SumitNaiksatam> SridarK: okay
18:46:48 <SumitNaiksatam> i am not sure if we need address the “openstack-api-site” related documentation
18:47:20 <SumitNaiksatam> third doc item was: #link https://bugs.launchpad.net/openstack-manuals/+bug/1346986
18:47:31 <SumitNaiksatam> i believe there isnt an update on this
18:47:41 <SridarK> SumitNaiksatam: not sure on that the second one - but i recall last week we saw that it was fixed
18:48:03 <SumitNaiksatam> SridarK: it was fixed in one of the documents but it shows open in the other
18:48:15 <SridarK> SumitNaiksatam: hmm ok
18:48:20 <SridarK> sorry missed that
18:48:34 <SumitNaiksatam> SridarK: if this doesnt swap out of my memory i will try to ping the guy :-)
18:48:42 <SumitNaiksatam> #topic Kilo Blueprints
18:48:56 <SumitNaiksatam> we have to post the blueprints by Dec 8th
18:49:06 <SridarK> SumitNaiksatam: badveli just sent an email - he is running late
18:49:33 <SumitNaiksatam> SridarK: thanks, yeah i saw that earlier, was hoping he would make it
18:49:46 <SumitNaiksatam> make it before we get to security groups
18:49:54 <SumitNaiksatam> *service groups
18:50:02 <RuiZang> what do you mean by "post the blueprints by Dec 8th"?
18:50:04 <vishwanathj> SumitNaiksatam, SridarK: I will upload a patch later today to address your comments
18:50:07 <SridarK> I pushed some comments out on service groups a little early today
18:50:08 <SumitNaiksatam> commute is bad today!
18:50:48 <SumitNaiksatam> RuiZang: i meant post a gerrit spec for review; i think you are good since you already posted your blueprint
18:50:52 <SumitNaiksatam> vishwanathj: sure, np
18:51:00 <SumitNaiksatam> SridarK: nice, i did not notice that
18:51:07 <SridarK> SumitNaiksatam: mostly nits on service groups
18:51:07 <SumitNaiksatam> so lets take one bp at a time
18:51:31 <SridarK> SumitNaiksatam: oops sorry - are we on service groups ?
18:51:40 <RuiZang> SumitNaiksatam> Oh OK
18:52:00 <SumitNaiksatam> lets start with hot spec of the day - FWaaS Insertion Model on a Single Router - #link https://review.openstack.org/#/c/138672/
18:52:10 <SridarK> :-)
18:52:16 <SumitNaiksatam> SridarK: your baby :-)
18:52:32 <SridarK> SumitNaiksatam: thanks for the comments
18:52:37 <SumitNaiksatam> hot spec puts you in the hot seat ;-P
18:52:41 <SridarK> :-)
18:52:42 <SumitNaiksatam> SridarK: sure
18:52:49 <SumitNaiksatam> probably folks havent had a chance to review it
18:52:58 <SumitNaiksatam> please do so and provide comments at the earliest
18:53:22 <SridarK> SumitNaiksatam: i think i have tried to capture most of the discussions from the summit and also in the mtgs
18:53:24 <SumitNaiksatam> this is probably the most important bp/spec for FWaaS for Kilo
18:53:51 <SumitNaiksatam> SridarK: and very articulated at that!
18:54:07 <SridarK> :-)
18:54:40 <badveli> hello all
18:54:51 <badveli> sorry delayed due to weather
18:55:17 <SridarK> I am hoping that if we get most things thrashed out this week - next week can get some core attention
18:55:20 <SridarK> badveli: hi
18:55:28 <SumitNaiksatam> badveli: yes, glad you could make it, and pretty much at the right time
18:55:28 <badveli> hello sridark
18:55:35 <badveli> oh..thanks
18:55:45 <SridarK> SumitNaiksatam: of course thanks of the core attention from u
18:55:52 <SridarK> *for
18:56:08 <SumitNaiksatam> SridarK: yeah, i would say we pre-emptively approach some of the other cores
18:56:21 <SridarK> SumitNaiksatam: ok sounds good - will do that
18:56:23 <SumitNaiksatam> SridarK: i think we should add all the cores to the review
18:56:31 <SumitNaiksatam> SridarK: you want me to do that?
18:56:35 <SridarK> SumitNaiksatam: ok sure
18:56:57 <SumitNaiksatam> SridarK: ok done :-)
18:57:27 <SumitNaiksatam> did anyone else get a chance to look at Sridar’s spec?
18:57:36 <SumitNaiksatam> in case we want to spend a few mins discussing here
18:57:40 <SridarK> SumitNaiksatam: definitely want to thrash out some of the extensions related areas - i have left that a bit open as i am not sure how to proceed there with all the changes
18:57:44 <badveli> just going through
18:58:04 <SumitNaiksatam> is glebo here?
18:58:41 <badveli> no i do not see him here
18:58:44 <SumitNaiksatam> the next bp is Service group and Service Object for firewall as a service: #link https://review.openstack.org/#/c/131596
18:59:20 <SumitNaiksatam> badveli: looks like we again have some formatting and grammar nit issues
18:59:32 <SridarK> badveli: i provided some comments earlier today
18:59:34 <SumitNaiksatam> looking at SridarK’s comment
18:59:38 <SumitNaiksatam> *comments
18:59:46 <SumitNaiksatam> ideally we should have been way past this point now
18:59:48 <SridarK> badveli: mostly looks good except for the nits
18:59:49 <badveli> taking a look
19:00:23 <SumitNaiksatam> badveli: did you or glebo hear from any of the other cores that glebo had approached to review this?
19:00:37 <badveli> we did not get anything
19:00:44 <badveli> we are still waiting
19:00:45 <SumitNaiksatam> badveli: hmmm
19:01:00 <SumitNaiksatam> badveli: once you get a new rev out, i will review immediately
19:01:03 <SridarK> badveli: possibly the 2 issues i have listed - if u change the wording on that or clarify and with the nits fixed - i am good
19:01:29 <SumitNaiksatam> badveli: would appreciate if you can send a headup when you do to the entire team
19:01:40 <SumitNaiksatam> *headsup
19:01:49 <badveli> ok
19:02:03 <badveli> i will give a heads up on the new review
19:02:09 <SumitNaiksatam> the third bp is regarding FWaaS for E-W traffic when deploying DVR
19:02:14 <SumitNaiksatam> badveli: thanks
19:02:33 <SumitNaiksatam> Swami sent out a proposal last week: #link https://docs.google.com/document/d/11Gp62Yfyi1WH6yM6E_308OB4CC9A6xhxKZJ8B5jOwLc/edit
19:02:42 <SumitNaiksatam> and we had a brief discussion
19:03:07 <SumitNaiksatam> Swami: have you identified a preferred path in terms of what is feasible on the DVR side of things?
19:03:30 <Swami> SumitNaiksatam: I was counting on vivek to give me some feedback on proposal 1.
19:03:38 <SumitNaiksatam> Swami: ah ok
19:03:44 <Swami> But he was busy on something else.
19:04:06 <SumitNaiksatam> so i am a bit concerned that we are cutting too close to the SPD, since we dont have a spec in place yet
19:04:18 <SumitNaiksatam> how do we want to go about pursuing this?
19:04:25 <Swami> SumitNaiksatam: So I have to take up the task to investigate the pros and cons of option 1>
19:04:25 <Swami> Option 2: is prety much straight forward and DVR will not have any impact.
19:04:43 <Swami> But I personnally like option1 since the firewall rules will be in one single place.
19:05:07 <badveli> yes swami, i think option 1 is looking good
19:05:10 <SumitNaiksatam> we need to firm on both - (1) the technical path that we want to take, and (2) the logisitics of who will post the spec
19:05:19 <Swami> Did you guys do a round table discussion on both options? If so what do you like or see as a valuable going forward.
19:05:53 <SumitNaiksatam> on (2) we need to decide whether we need 2 specs (one for DVR and another for FWaaS) or 1
19:06:21 <SumitNaiksatam> Swami: a  meeting dedicated to this would definitely be helpful, lets take that offline and set up one for the earliest
19:06:41 <SridarK> SumitNaiksatam: Swami: Yes i think that will be good
19:06:45 <Swami> In either case, if we choose either of the options mentioned above, this addition of a new bridge or addition of a new rule to redirect the packets to the router should only happen if there is a firewall enabled.
19:06:50 <SumitNaiksatam> #action SumitNaiksatam to setup DVR E-W traffic discussion meeting
19:07:09 <SumitNaiksatam> Swami: so seems like we are shooting for two specs?
19:07:10 <Swami> SumitNaiksatam: Yes I agree with you on having a separate chat on this.
19:07:56 <Swami> SumitNaiksatam: No at this point let us keep the implementation decision out of the spec.
19:08:18 <Swami> Let us file a blueprint of applying the firewall rules for the DVR East-West.
19:08:36 <Swami> I don't think we are going to introduce any API change at this time or any database change for this feature.
19:09:11 <SridarK> Swami: A sort of tangential but related question
19:09:15 <SumitNaiksatam> Swami: okay lets discuss further in the meeting
19:09:35 <badveli> to me it lloked like option 1  is better
19:09:36 <Swami> Yes sounds good.
19:09:46 <SumitNaiksatam> Swami: do you think Vivek needs to attend the meeting or you would sync up offline with him? (that will help to set the time for the meeting)
19:09:54 <SumitNaiksatam> badveli: Swami: yes i agree
19:10:10 <SridarK> Swami: With DVR is there some significance for an  interface that carries the E -W traffic ?
19:10:26 <badveli> thanks sumit
19:10:27 <Swami> SumitNaiksatam: Yes I will investigate it further and if we need viveks help we can pull in as required. He seems to busy in some other work.
19:11:06 <SridarK> Swami: or is the interface just a logical entity and we cannot discriminate or associate E - W traffic with a specific Router interface ?
19:11:10 <SumitNaiksatam> Swami: okay some i am shooting for 9 AM PST tomorrow (if that works for everyone)
19:11:31 <Swami> SridarK: I don't think there is any significane on interface that is driving traffic for E-W. But we can easily sort out there are different ports that direct traffic for North-South and for East-West.
19:11:31 <badveli> 
19:11:59 <Swami> Tomorrow 9 a.m should work.
19:12:08 <badveli> 
19:12:28 <badveli> sumit, can we do a bit late
19:12:31 <vishwanathj> 9AM PST works
19:12:35 <SridarK> Swami: ok lets discuss more on this, i am trying to think in terms of the router insertion work that we are planning to see if we can leverage that for handling this case
19:13:20 <SridarK> SumitNaiksatam: i am okay with any time in the morning
19:13:25 <Swami> SridarK: Yes we can discuss this in futher details in the meeting tomorrow.
19:14:04 <SumitNaiksatam> okay i will send out an invite accordingly
19:14:18 <SumitNaiksatam> next vendor blueprints
19:14:25 <badveli> i have a doctor appointment in the morning
19:14:34 <SumitNaiksatam> badveli: okay lets discuss offline
19:14:39 <badveli> i will try to attend it
19:15:03 <SumitNaiksatam> we currently have only one vendor spec posted on the wiki: #link https://wiki.openstack.org/wiki/Meetings/FWaaS#Vendor_Blueprints
19:15:12 <SridarK> #link https://review.openstack.org/#/c/129836/
19:15:13 <SumitNaiksatam> however we have at least a couple of more
19:15:30 <SumitNaiksatam> SridarK: ah i guess we need to update the link
19:15:33 <RuiZang> Do I have to post the review on wiki by myself?
19:15:37 <SridarK> SumitNaiksatam: ok will do
19:15:40 <SumitNaiksatam> vishwanathj: RuiZang: can you update the wiki page
19:15:40 <RuiZang> Sorry, I am totallynew to this
19:15:52 <RuiZang> Sure, I can
19:15:57 <SumitNaiksatam> RuiZang: no worries, it wil be great if you can update the wiki
19:16:01 <vishwanathj> SumitNaiksatam, will update
19:16:29 <SumitNaiksatam> RuiZang: this not a required step, its a nice to have since it will be visible to other FWaaS team member for ready reference and they can provide reviews
19:16:29 <SridarK> RuiZang: pls feel free to reach out if u have any questions
19:16:37 <SumitNaiksatam> we will also track every week
19:16:55 <SumitNaiksatam> RuiZang: i did a quick read through, and provided a couple of high level comments
19:17:01 <SumitNaiksatam> RuiZang: but mostly looks good to me
19:17:04 <RuiZang> SumitNaikstam: Sridark: thanks you guys, I will update the wiki
19:17:26 <SumitNaiksatam> RuiZang: are you the one shepherding this spec or is it isaku?
19:17:42 <RuiZang> Isaku is on relocation to U.S
19:17:46 <SumitNaiksatam> RuiZang: sorry, i know you have two specs
19:17:50 <RuiZang> So currently it is me
19:17:58 <SumitNaiksatam> RuiZang: i was referring to the first one, which is the L3 plugin
19:18:09 <SumitNaiksatam> RuiZang: i have not yet read through the fwaas driver
19:18:29 <RuiZang> SumitNaiksatam: yes I am responsible for both of them
19:18:33 <SumitNaiksatam> RuiZang: great
19:18:54 <SumitNaiksatam> RuiZang: as SridarK mentioned please feel free to reach out to this team if you need any help
19:19:03 <SumitNaiksatam> vishwanathj: any blockers for your spec?
19:19:27 <RuiZang> SumitNaiksatam: Sridark: Sure, thanks very much
19:19:54 <vishwanathj> SumitNaiksatam, None at this time, I need to upload the next patch set addressing SridarK and your comments
19:20:02 <SumitNaiksatam> vishwanathj: ok great
19:20:28 <SumitNaiksatam> btw, Spec for introducing Brocade Vyatta Firewall solution using a new vendor specific device driver for Neutron L3 agent: #link https://review.openstack.org/136953
19:21:03 <SumitNaiksatam> and Ruiz’s specs are: l3-router: add mcafee ngfw l3 router plugin #link https://review.openstack.org/134198
19:21:05 <vishwanathj> SumitNaiksatam, I have updated the wiki and added link to brocade vyatta firewall spec
19:21:28 <SumitNaiksatam> and, firewall: add mcafee ngfw driver support: #link https://review.openstack.org/#/c/91286/
19:21:39 <SumitNaiksatam> vishwanathj: nice, thanks!
19:22:07 <SumitNaiksatam> the other blueprint/work we need to discuss with high priority is the L3 agent refactoring
19:22:17 <SumitNaiksatam> #topic L3 Agent refactoring
19:23:44 <SumitNaiksatam> #link https://review.openstack.org/#/q/status:open+project:openstack/neutron+branch:master+topic:bp/restructure-l3-agent,n,z
19:23:55 <SumitNaiksatam> this will affect the firewall agent
19:24:07 <SumitNaiksatam> so just want to confirm who signed up for this
19:24:16 <SumitNaiksatam> SridarK: was it you and pc_m?
19:24:26 <pc_m> yup
19:24:36 <SumitNaiksatam> pc_m: okay great, thanks!
19:24:38 <pc_m> I'm doing VPN
19:24:43 <SumitNaiksatam> pc_m: ah okay
19:24:54 <pc_m> And have started on the refactoring.
19:24:55 <SumitNaiksatam> pc_m: who is doing firewall?
19:25:13 <pc_m> I thought SridarK signed up.
19:25:22 <SumitNaiksatam> pc_m: okay
19:25:50 <SumitNaiksatam> badveli: i vaguely recall glebo mentioning that you were going to look at this too
19:26:10 <SumitNaiksatam> pc_m: i am guessing that the scope of this work in the context of fwaas is pretty limited, right?
19:26:27 <badveli> sumit, i am planning to do the e-w spec side
19:26:41 <SumitNaiksatam> badveli: ah okay, got it
19:26:51 <pc_m> SumitNaiksatam: yes.
19:26:58 <badveli> i will get the details from pc_m
19:27:25 <pc_m> SumitNaiksatam: Mostly will be determining the hook points for L3 agent notifications to the services
19:27:39 <SumitNaiksatam> pc_m: right
19:27:48 <badveli> 
19:27:48 <SumitNaiksatam> i think we lost SridarK for a bit there
19:27:50 <SridarK_> sorry network glitch
19:27:53 <pc_m> SumitNaiksatam: And of course, teasing apart the inheritance tree
19:27:55 <SumitNaiksatam> SridarK: np
19:28:07 <pc_m> #link https://review.openstack.org/#/c/131535
19:28:12 <pc_m> Is the BP spec.
19:28:12 <SumitNaiksatam> SridarK: we were discussing the l3 agent refactor and its implications for the fwaas agent
19:28:18 <Swami> pc_m: is there design doc for this hook points
19:28:28 <SumitNaiksatam> SridarK: trying to nail down who signed up for this at our end
19:28:34 <SumitNaiksatam> SridarK: did you?
19:28:38 <SridarK_> on this L3 refactor, Carl pinged me on the fwaas side to see if i can take a look - so will look into that
19:28:40 <pc_m> Swami: no. There was some discussion on the ML and some info in the BP
19:28:59 <SridarK_> SumitNaiksatam: so i have signed up
19:29:04 <pc_m> Please look at the BP spec and comment from a FW POV
19:29:21 * pc_m just check - it's approved
19:29:30 <SumitNaiksatam> pc_m: yeah, was going to say :-)
19:29:39 <pc_m> Still would give the main points.
19:30:16 <SumitNaiksatam> so i think we proposed  in the adv services’ meeting yesterday we will target this for Kilo-2
19:30:23 <SumitNaiksatam> ok folks we are out of time
19:30:30 <SumitNaiksatam> hope we didnt miss anything
19:30:34 <SumitNaiksatam> thanks for joining
19:30:35 <SumitNaiksatam> bye!
19:30:39 <SumitNaiksatam> #endmeeting