#openstack-meeting-3 log

18:31:02 <SridarK_> #startmeeting Networking FWaaS
18:31:02 <openstack> Meeting started Wed Apr 13 18:31:02 2016 UTC and is due to finish in 60 minutes.  The chair is SridarK_. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:31:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:31:06 <openstack> The meeting name has been set to 'networking_fwaas'
18:31:21 <SridarK_> #chair xgerman
18:31:22 <openstack> Current chairs: SridarK_ xgerman
18:31:31 <xgerman> o/
18:31:40 <madhu_ak> hi
18:31:47 <njohnston> o/
18:32:38 <SridarK_> Firstly we should thank sc68cal: for all his help over the last cycle, regretfully with other tasks that he is juggling - he has decided to move away from FWaaS
18:33:05 <sc68cal> sorry :'(
18:33:06 <njohnston> hear hear
18:33:09 <xgerman> +1
18:33:15 <mickeys> +1
18:33:16 <madhu_ak> +1
18:33:17 <xgerman> sc68cal was great!!!
18:33:30 <SridarK_> sigh yes - he could not be persuaded or arm twisted to stay on
18:33:36 <xgerman> and I learned more about Philly which was interesting as well :-)
18:33:43 <SridarK_> :-)
18:34:14 <SridarK_> unfortunately all of us have to juggle multiple priorities with our employers as well
18:34:14 <xgerman> sc68cal door is always open if you want to come back :-)
18:34:19 <ajmiller> hi
18:34:21 <SridarK_> +1
18:35:10 <SridarK_> Welcome to njohnston: who will be joining in to contribute
18:35:27 * njohnston is happy to help
18:35:35 <SridarK_> thx njohnston:
18:35:47 <xgerman> +1
18:35:49 <SridarK_> i think we will have a few more folks join in
18:35:56 <xgerman> really excited to have you hear
18:36:13 <SridarK_> #topic FWaaSv2
18:36:31 <SridarK_> Thx Aish: for re proposing the spec
18:36:39 <SridarK_> and it is approved
18:36:46 <Aish> yeah, tht is so quick.
18:36:46 <xgerman> yeah!!
18:36:51 <SridarK_> #link https://review.openstack.org/#/c/303836/
18:37:14 <njohnston> excellent
18:37:26 <SridarK_> I think we were all in agreement that we are keeping things as is and just re propose it
18:37:36 <xgerman> +1
18:38:21 <SridarK_> Summary of some of the patches with a swag at ownership (subject to some flux):
18:38:33 <SridarK_> #link https://wiki.openstack.org/wiki/Neutron/FWaaS/NewtonPlan
18:38:45 * njohnston reads
18:39:05 <Aish> Mickey has made a comment previously, to rename Firewall Groups as Firewall Port Groups.. I think that makes sense.. Should we do that?
18:39:32 <njohnston> Does that make sense from a customer perspective?
18:40:05 <SridarK_> Aish: i too think that reads better
18:40:23 <mickeys_> If people think that clarifies the intent, then we should do it. I don't have strong feelings on this one.
18:40:27 <SridarK_> we can pick that up in the code patches as a comment
18:40:36 <SridarK_> and perhaps update the spec
18:40:41 <SridarK_> later
18:41:12 <Aish> +1
18:41:17 <xgerman> +1
18:42:50 <SridarK_> Once we settle in on any changes on patch ownership - i think we can resume activity
18:43:32 <SridarK_> xgerman: and i took a first stab on ownership but we can re examine that as needed
18:43:32 <xgerman> I am also hoping versioned objects have firmed up more
18:43:38 <SridarK_> +1
18:43:59 <xgerman> yep, we need to divvy up the work further
18:44:19 <SridarK_> yes
18:44:49 <SridarK_> so good anything else to discuss on v2 ?
18:45:07 <SridarK_> wrt to logistics etc
18:45:11 <njohnston> As the work is divvied up, let me know what I can work on
18:45:31 <xgerman> we were thinking to have some informal meetings at the summit
18:45:36 <SridarK_> njohnston: surely
18:45:50 <SridarK_> yes may be the summit is a good place to do that
18:46:08 <xgerman> and we like to play to everyone’s strengths/interests
18:48:05 <SridarK_> +1
18:48:43 <njohnston> +1
18:49:06 <SridarK_> ok good so the plan is as we get better information on the avail of folks we can rework some of this
18:49:36 <SridarK_> and we can evolve this over the week and worst case at the summit
18:50:31 <xgerman> +1
18:50:57 <SridarK_> #topic reviews
18:51:19 <SridarK_> Observer hierarchy
18:51:32 <SridarK_> #link https://review.openstack.org/#/c/278863/
18:52:03 <SridarK_> thanks to Bharath for addressing the comments - i think we need some more tweaks and we should get this done
18:53:16 <SridarK_> Conntrack related changes:
18:53:28 <SridarK_> #link https://review.openstack.org/#/c/300960/
18:53:58 <mickeys_> As with security groups, it is hitting conntrack somewhat broadly
18:54:14 <SridarK_> I started going thru this -
18:54:20 <SridarK_> mickeys_: yes
18:54:25 <mickeys_> If you have a rule for a particular IP address with an L4 port, you will clear out conntrack entries for that L4 port for all addresses
18:54:44 <SridarK_> I would defn req u take a look thru this
18:54:46 <mickeys_> I don't remember the details for what security groups, but it was pretty broad as well
18:55:02 <mickeys_> I have not looked at what OVN does at all yet, but I know it was a very active area a few weeks ago
18:55:28 * russellb checks for context
18:55:49 <russellb> oh, applying security group changes to existing connections?
18:55:52 <mickeys_> Clearing out conntrack entries upon rule changesj
18:55:54 <mickeys_> Yes
18:55:57 <SridarK_> russellb: yes
18:56:01 <mickeys_> But this time for FWaaS
18:56:03 <russellb> got it, the strategy we are using for OVN is quite different
18:56:08 <russellb> it's done purely via flows
18:56:14 <russellb> so no hacking the conntrack table
18:57:32 <russellb> ``https://github.com/russellb/ovs/commit/56ccd8bc5eeadc0a2309f35da6f72f465677d2d2
18:57:36 <russellb> goes into some detail
18:57:44 <mickeys_> Thanks for the pointer
18:57:45 <russellb> that's my latest revision, it's not merged yet
18:58:15 <SridarK_> russellb: thx
18:58:35 <SridarK_> mickeys_: u can comment on the review
18:58:59 <mickeys_> I can look at security groups with iptables and OVN and contrast the approach
18:59:19 <mickeys_> Then I will comment
18:59:26 <SridarK_> i know u have had to deal with a lot of challenges in this area so thx for keeping this sane
18:59:30 <SridarK_> mickeys_: thx
18:59:40 <xgerman> +1
19:00:08 <SridarK_> any other patches that need discussion ?
19:02:14 <SridarK_> ok
19:02:25 <SridarK_> #topic Open Discussion
19:02:52 <xgerman> we should mention our design session: https://www.openstack.org/summit/austin-2016/summit-schedule/events/9109?goback=1
19:03:10 <SridarK_> xgerman: oh yes thx - i completely forgot
19:03:16 <xgerman> sridark_ is chair but we share that spot with the other *aaS
19:03:37 <mickeys_> Given that it is all services together, I don't think we can do much more than get our resource commitments firmed up and reassure people that we have a way forward
19:03:38 <SridarK_> we can bring up things for discussion
19:04:00 <xgerman> mickeys_ +1 since it says “demise"
19:04:09 <SridarK_> mickeys_: yes that is needed
19:04:24 <mickeys_> Yes, that one is aimed at us. Oh no! We can fix it!
19:04:37 <xgerman> well, it could as well be VPNaaS which is dead
19:04:58 <mickeys_> IBM has a few people on VPNaaS. We will be adding support for OVN.
19:05:00 <xgerman> LBaaS is being nudged to leave the stadium - so they might want to do the same with us
19:05:07 <russellb> mickeys_: yay
19:05:20 <xgerman> mickeys_ get them to show up at that session :-)
19:05:52 <mickeys_> At least one, the one who has been working on OpenStack for a while (but not VPNaaS) will be there
19:06:29 <njohnston> xgerman: Do you believe a push for a spinout is imminent?
19:06:40 <SridarK_> I think once we have our contributor commitments in place - we can make N more productive
19:07:01 <xgerman> njohnston I am reading tea leafs…
19:07:08 <SridarK_> :-)
19:08:30 <SridarK_> If there is nothing else to discuss we can end
19:08:48 <xgerman> sounds good!!
19:09:06 <SridarK_> ok folks have a good one and thx for joining
19:09:28 <SridarK_> #endmeeting