18:32:31 <SridarK> #startmeeting Networking FWaaS 18:32:32 <openstack> Meeting started Wed Jun 17 18:32:31 2015 UTC and is due to finish in 60 minutes. The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:32:34 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:32:36 <openstack> The meeting name has been set to 'networking_fwaas' 18:32:44 <sballe> o/ 18:32:46 <badveli> hello all 18:32:52 <SridarK> hi all 18:32:59 <hoangcx> Hi all 18:33:11 <SridarK> #topic Bugs 18:33:13 <badveli> hello sridark 18:33:27 <SridarK> quick recap on bugs 18:33:42 <SridarK> #link https://bugs.launchpad.net/neutron/+bug/1455863 18:33:43 <openstack> Launchpad bug 1455863 in neutron "FWAAS- FW Rule editing puts FW to error state " [Undecided,In progress] - Assigned to vishwanath jayaraman (vishwanathj) 18:33:53 <SridarK> Thanks Vish for addressing all the comments 18:34:14 <SridarK> i think we are good to go on this just waiting on some core attention 18:34:15 <vishwanathj> no problem 18:34:26 <SridarK> vishwanathj: did u have anything to discuss or add 18:34:40 <vishwanathj> no... 18:34:59 <SridarK> vishwanathj: ok cool 18:35:12 <vishwanathj> would be good if amotoki reviewed the test cases 18:35:14 <SridarK> #link https://bugs.launchpad.net/horizon/+bug/1454974 18:35:15 <openstack> Launchpad bug 1454974 in OpenStack Dashboard (Horizon) "FWAAS- FW rules table is asymmetric." [Undecided,New] - Assigned to Kahou Lei (kahou82) 18:35:42 <SridarK> vishwanathj: i think u were not able to recreate this 18:35:42 <vishwanathj> i was not able to see the issue 18:35:47 <vishwanathj> yes 18:36:09 <SridarK> vishwanathj: thx - lets wait on the submitter to confirm - if this is not indeed an issue 18:36:18 <vishwanathj> ok 18:36:32 <SridarK> #link https://bugs.launchpad.net/neutron/+bug/1446074 18:36:41 <openstack> Launchpad bug 1446074 in neutron "FWaaS - Missing tenant_id validation between firewall and firewall_policy in creating/updating firewall" [Low,In progress] - Assigned to Cedric Brandily (cbrandily) 18:36:49 <SridarK> i think this is also ready for core attention 18:37:13 <SridarK> I don't think Cedric is around for any further discussion 18:37:34 <SridarK> #link https://bugs.launchpad.net/neutron/+bug/1465440 18:37:35 <openstack> Launchpad bug 1465440 in neutron "Firewall attribute "Shared" is set to None by default instead of 'False'" [High,Confirmed] - Assigned to vishwanath jayaraman (vishwanathj) 18:37:55 <SridarK> vishwanathj: thx for taking a look 18:38:29 <SridarK> vishwanathj: i added my comments on this - IMO the attribute not getting pushed to the db does look odd 18:38:54 <vishwanathj> would need Sumits input to the bug as well 18:38:59 <SridarK> vishwanathj: will need to dig more on the history - will also wait on Sumit for any more history on this 18:39:02 <SridarK> vishwanathj: yes 18:39:20 <SridarK> vishwanathj: perhaps we can wait on Sumit and then discuss to move forward 18:39:33 <SridarK> vishwanathj: anything else u wanted to discuss 18:39:34 <vishwanathj> i will push a patch and mark it as WIP 18:39:44 <SridarK> vishwanathj: sounds perfect 18:40:12 <SridarK> these were the bugs i had on my radar 18:40:22 <SridarK> any one else had other things that i missed 18:40:33 <yanping> Hi Sridar 18:40:40 <SridarK> yanping: Hi 18:40:49 <yanping> May I ask help for code review: https://review.openstack.org/#/c/190331/ 18:41:09 <SridarK> yanping: surely will take a look and request others to look as well 18:41:21 <yanping> thanks a lot 18:41:24 <SridarK> yanping: i think u have made the change on the project 18:41:53 <yanping> yes, I changed bug for project neutron 18:42:04 <SridarK> yanping: perfect 18:42:27 <SridarK> yanping: once a few of us look u can ask for some core attention 18:42:53 <yanping> OK. Thanks. 18:43:09 <SridarK> yanping: np 18:43:41 <SridarK> if there are no other bugs - we can do a quick run of the specs although many people are missing today 18:43:58 <annp> Hello 18:43:59 <SridarK> #topic Traffic direction Spec 18:44:28 <SridarK> #link https://review.openstack.org/#/c/171340/ 18:44:45 <SridarK> i don't see slawek around and i know Vikram is out on PTO 18:45:13 <SridarK> i think we just need to close with Cedric on where the new attribute is to be applied 18:45:54 <SridarK> if we can close on that and reach consensus - we are good 18:46:46 <SridarK> Did anyone have anything else to add 18:47:14 <vishwanathj> I have reviewed it and have no further comments 18:47:44 <SridarK> vishwanathj: thx, i think we just need closure on this one aspect 18:48:26 <SridarK> #topic Service Objects/Group 18:48:40 <SridarK> badveli: congrats on the approval 18:48:57 <badveli> thanks sridark 18:49:26 <SridarK> badveli: the floor is yours - would u like to discuss or bring up anything on the feature 18:50:06 <badveli> nothing much as of now, need to work on some scenario tests 18:51:12 <SridarK> badveli: ok ur implementation plan will support this as a common feature that can be reused by other features as well correct ? 18:51:26 <badveli> yes sridark 18:51:47 <badveli> it will be reusable 18:52:05 <SridarK> badveli: cool - may be we can have more discussion in the next mtg if u are ready and comfortable 18:52:23 <badveli> fine with me 18:52:33 <SridarK> badveli: ok great thx 18:52:43 <badveli> thanks 18:52:48 <SridarK> #topic Logging Spec 18:52:56 <hoangcx> Hi Sridark 18:52:59 <SridarK> #link https://review.openstack.org/#/c/132133/ 18:53:11 <hoangcx> This is Hoang. I am on behaft of Yushiro 18:53:13 <SridarK> hoangcx: are u covering for yushiro 18:53:25 <SridarK> hoangcx: the floor is yours pls go ahead 18:53:34 <hoangcx> Yeah. Yushiro wants to say "Hi" to Sridrak and all 18:53:56 <hoangcx> May i ask to help with current WIP: https://review.openstack.org/#/c/188340/ 18:54:44 <SridarK> hoangcx: surely 18:54:57 <SridarK> hoangcx: we should also close on the spec and get that approved 18:55:11 <SridarK> i know there are some outstanding review comments 18:55:16 <hoangcx> Beside this implementation, new logging API is currently implementing on Neutron 18:56:06 <SridarK> ok, will take a look and also reach out to yushiro to address the comments 18:56:08 <hoangcx> in which we may centralize logging 18:56:09 <SridarK> on the spec 18:56:28 <SridarK> hoangcx: yes that is good and some of the comments are also in relation to this 18:56:30 <hoangcx> Sridark: Yes. 18:56:51 <SridarK> hoangcx: i will take a look at the patch and also request others to look 18:57:07 <hoangcx> About Hitcount function: Now we are under consideration 18:57:11 <SridarK> hoangcx: and we discuss on gerrit as well 18:57:14 <hoangcx> Sridark: Thanks so much 18:57:40 <hoangcx> Sridark: Yes. I see. 18:57:55 <SridarK> hoangcx: no worries - the hit count is something that yushiro and i also discussed at the summit and there was an earlier proposal to integrate with ceilometer 18:58:26 <SridarK> we can also get that moving with Pradeep Kilambi who was looking at ceilometer 18:58:41 <SridarK> hoangcx: sounds good thanks 18:59:00 <SridarK> hoangcx: anything else u would like to add ? 18:59:13 <SridarK> or discuss 18:59:14 <hoangcx> Sridark: enough for me now. 18:59:21 <SridarK> hoangcx: ok thx 18:59:35 <hoangcx> And waiting to get feedback about current implementation and new logging API discussion 18:59:47 <SridarK> hoangcx: yes perfect 19:00:00 <SridarK> #topic SG - FWaaS alignment 19:00:12 <SridarK> #link https://etherpad.openstack.org/p/fwaas_use_cases 19:00:21 <SridarK> xgerman: the floor is yours 19:00:31 <xgerman> thanks 19:01:14 <xgerman> We are still collecting use cases and I also feel the FWaaS is a puzzle in a bigger network security picture with IDS 19:01:26 <xgerman> avtually - end users we talked with mentioned IDS a lot 19:01:43 <xgerman> and DPI 19:02:14 <SridarK> xgerman: yes IDS - is it part of FW or a separate piece can be an interesting discussion 19:02:24 <xgerman> exactly 19:02:37 <mickeys> I hope that DPI can be added to service object/group at some point 19:02:46 <SridarK> xgerman: i guess there can be different views but this is certainly an important piece to pull in 19:02:48 <johnsom> DPI is not IDS though 19:03:05 <xgerman> yep, but I think we need both 19:03:10 <SridarK> mickeys: +1 or as a part of some the classifier discussions 19:03:20 <SridarK> * some of 19:04:00 <SridarK> johnsom: agree - it can be used to drive some the IDS actions 19:04:38 <SridarK> xgerman: also Sameer has added some inputs and i will reach out to him for more discussions as well 19:04:55 <SridarK> if u are not in discussion with him already 19:05:23 <xgerman> no, I have been in some bubble but our plan is to do some broader outreach in the next two weeks 19:05:34 <johnsom> My example I like to use is blocking HTTP Methods other than GET for example. That is a FW DPI action. 19:06:13 <SridarK> xgerman: sounds good 19:06:50 <SridarK> johnsom: yes and there can be whole host of more application based actions 19:07:32 <sballe> Sridark: Do yu know Sameer's last name? 19:07:50 <xgerman> yeah, I have also seen people doing “on demand” scanning by using SDN rules - and.or put some basic IDS functionality on white box routers 19:07:51 <SridarK> yamahata also had an initial thought for looking at L4 - L7 use cases and along with many of us who were also interested 19:08:01 <SridarK> sballe: Sameer Satyam 19:08:08 <SridarK> from Rackspace 19:08:13 <sballe> ok thx 19:08:16 <xgerman> ok, thx 19:08:17 <SridarK> np 19:09:38 <SridarK> xgerman: i agree this is going to take some time and effort to get all this in 19:10:59 <SridarK> xgerman: , others anything else we want to discuss on this topic ? 19:11:30 <xgerman> Once we have use cases we can prioritize and thing will be better 19:11:40 <SridarK> we can all use the ether pad link above to put use cases and thoughts/comments 19:11:48 <xgerman> +1 19:11:50 <SridarK> xgerman: agreed 19:12:20 <xgerman> that’s all frm me for now 19:12:26 <SridarK> those of us who also wear vendor hats can also reach out to our customers to provide inputs 19:12:32 <SridarK> xgerman: thx 19:12:41 <xgerman> SridarK that would be great! 19:13:08 <SridarK> #topic Open Discussion 19:13:25 <SridarK> other thoughts or things folks would like to bring up pls go ahead 19:14:15 <pc_m> anyone going to the neutron mid-cycle next week? 19:14:32 <SridarK> pc_m: are u going to be there ? 19:14:37 <pc_m> SridarK: yes 19:15:00 <SridarK> pc_m: cool - i am out of office so definitely not going - 19:15:18 <vishwanathj> pc_m, How does one got to the mid-cyle? is it by invitation only? 19:15:26 <pc_m> SridarK: That sounds like a whole lot more fun :) 19:15:27 <xgerman> everybody can go 19:15:31 <SridarK> vishwanathj: no u just sign up 19:15:35 <pc_m> vishwanathj: Anyone can go. 19:15:35 <vishwanathj> ok 19:15:39 <SridarK> pc_m: :-) 19:15:40 <xgerman> yeah, there is an etherpad 19:15:48 <pc_m> #link https://etherpad.openstack.org/p/neutron-liberty-mid-cycle 19:16:07 <vishwanathj> did not know about this...thanks for sharing 19:16:10 <pc_m> It's next Wed-Fri 19:16:44 <SridarK> pc_m: is the focus on the micro versioning ? 19:16:45 <pc_m> great learning experience, with many cores and experienced Neutron folks there. 19:17:13 <pc_m> SridarK: No, actually it's not on the list. The therpad has the agenda. 19:17:20 <pc_m> etherpad 19:17:39 <pc_m> Though they may still work on it some 19:17:44 <SridarK> pc_m: ok never mind stupid q - i should know how to click on a ling :-) 19:17:52 <SridarK> *link 19:17:53 <pc_m> :) 19:18:18 <SridarK> ok cook if nothing else we can try to get back 12 mins to go save the world :-) 19:18:38 <SridarK> The next meeting will be on Jul 1 19:18:43 <pc_m> cool. Thanks SridarK 19:18:58 <SridarK> alright folks have a good one 19:19:01 <SridarK> bye 19:19:08 <sballe> bye 19:19:09 <hoangcx> Thanks for today's discussion and see you in next meeting 19:19:11 <xgerman> bye 19:19:15 <hoangcx> Bye 19:19:19 <badveli> xgerman in your investigation was there a case for east west traffic inspection 19:19:22 <yanping> bye 19:19:27 <SridarK> #endmeeting