16:00:47 <Sukhdev> #startmeeting networking_ml2
16:00:48 <openstack> Meeting started Wed Mar  9 16:00:47 2016 UTC and is due to finish in 60 minutes.  The chair is Sukhdev. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:49 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:52 <openstack> The meeting name has been set to 'networking_ml2'
16:00:57 <Sukhdev> yamamoto : hi
16:01:18 <Sukhdev> #topic: Agenda
16:01:25 <Sukhdev> #link: https://wiki.openstack.org/wiki/Meetings/ML2#Meeting_March_9.2C_2016
16:01:35 <Sukhdev> #topic: Announcements
16:01:42 <Sukhdev> rkukura is off today
16:01:55 <Sukhdev> who is here to attend the meeting?
16:02:33 <Sukhdev> I was hoping yalie will attend today - had some questions for him
16:02:54 <Sukhdev> yamamoto: it seems like it is just you and me today
16:03:14 <yamamoto> yea
16:03:48 <Sukhdev> Do you have anything specific to discuss
16:04:00 <yamamoto> nothing
16:04:11 <Sukhdev> since it is just two of us - we can go with customized agenda :-)
16:04:20 <Sukhdev> yamamoto : I have a question for you -
16:04:46 <Sukhdev> have you implemented or are familiar with Security Groups in ML2?
16:05:28 <Sukhdev> #topic: Open Agenda
16:05:38 <yamamoto> my coworker implemented SG for ml2/midonet.
16:06:05 <yamamoto> so i'm kinda familiar with it.
16:06:26 <Sukhdev> I see - so, let me ask you couple of questions related to it
16:06:51 <yamamoto> sure
16:08:03 <Sukhdev> when one creates security groups (defines security rules, etc) and then launches an instance, sec groups is passed as a parameter to port create request in ML2
16:08:53 <Sukhdev> ML2 driver can then act on those and implement the back-end
16:09:42 <Sukhdev> however, when the instance(s) are already running and a security group is modified
16:10:29 <Sukhdev> In order to modify the security policy on the instance, ML2 driver has to register for the callbacks
16:10:56 <yamamoto> yes
16:12:24 <Sukhdev> so, in the callback, when a notification comes for the sec group change, ML2 has to figure out which ports are impacted or the impacted ports are in the notification?
16:13:50 <yamamoto> a driver need to figure out affected ports by itself.
16:14:44 <Sukhdev> that is what I thought, but, wanted to check -
16:14:59 <yamamoto> in case of midonet, the driver just pass-through and the backend maintains the association.
16:15:53 <Sukhdev> can you point me to where in midonet are callbacks processed?
16:16:11 <yamamoto> driver? or backend?
16:16:14 <Sukhdev> Also are the sec groups stored somewhere in the ML2 tables in DB
16:16:31 <Sukhdev> driver
16:16:44 <Sukhdev> may be backend as well - if available
16:17:00 <yamamoto> https://github.com/openstack/networking-midonet/blob/master/midonet/neutron/ml2/sg_callback.py
16:18:18 <yamamoto> backend: https://github.com/midonet/midonet/blob/master/midonet-cluster/src/main/scala/org/midonet/cluster/services/c3po/translators/SecurityGroupRuleTranslator.scala
16:18:57 <Sukhdev> got it - thanks
16:18:58 <yamamoto> and this https://github.com/midonet/midonet/blob/master/midonet-cluster/src/main/scala/org/midonet/cluster/services/c3po/translators/SecurityGroupTranslator.scala
16:19:42 <Sukhdev> in your driver, do you support more than one security group on a given port?
16:20:20 <Sukhdev> or all the security rules related to a port are folded into a single group?
16:22:57 <yamamoto> what do you mean by folded?
16:23:47 <Sukhdev> meaning all the sec rules are put into one group
16:25:16 <yamamoto> it supports multiple groups
16:25:37 <Sukhdev> got it - that is what I guessed from looking at the driver code
16:25:57 <Sukhdev> that answers my question
16:26:20 <Sukhdev> Anybody else has joined the meeting?
16:26:43 <yamamoto> given remote-group-id functionality, i'm not sure how folding into a single group work.
16:27:13 <Sukhdev> yamamoto : it probably will not
16:27:41 <yamamoto> are you going to implement SG for some driver?
16:27:53 <Sukhdev> yes
16:28:10 <yamamoto> which driver?  just curious
16:28:18 <Sukhdev> Arista ML2
16:28:39 <Sukhdev> hence, wanted to see what is out there and pointers :-)
16:29:11 <yamahata> btw, regarding to sg, can you please help to review https://review.openstack.org/#/c/281693/ ?
16:29:35 <yamamoto> SG is complex to implement.  good luck.
16:30:05 <yamamoto> hi yamahata
16:30:11 <yamahata> hi yamamoto
16:30:36 * yamahata joined this meeting late
16:30:54 <Sukhdev> yamahata : welcome
16:31:05 <yamamoto> Sukhdev: i guess you can ask a question for yalie to yamahata
16:31:22 <Sukhdev> we were discussing security groups and ML2
16:31:28 <yamahata> Yeah, I'm closely working with Yalei.
16:32:23 <Sukhdev> yamahata : I had questions for yalie regarding SG, but, I think yamamoto sort of answered those for me
16:32:36 <yamahata> oh yamamoto knows everything...
16:32:41 <yamamoto> heh
16:32:53 <Sukhdev> yup
16:33:21 <Sukhdev> yamahata : I may ping you later in the week or next week - if I have more questions
16:33:31 <yamahata> sure.
16:33:38 <Sukhdev> yamahata : in the mean time, I will review your patch and provide comments
16:33:44 <yamahata> Due to timezone issue, it's difficult for yalei to join this meeting.
16:33:54 <yamahata> Sukhdev: thanks.
16:34:07 <Sukhdev> which time zone are you guys in?
16:34:31 <yamahata> yamahata in PST, yalei in china
16:35:32 <yamamoto> i'm in japan (UTC+9)
16:35:55 <Sukhdev> Oh I see
16:36:06 <Sukhdev> I am in PST
16:36:45 <Sukhdev> yamahata : do you have any agenda Item that you want to discuss?
16:36:55 <yamahata> only patch review.
16:37:31 <yamahata> it's done.
16:37:58 <Sukhdev> OK cool
16:38:05 <Sukhdev> I guess in that case we are done
16:38:18 <Sukhdev> Thanks for attending the meeting
16:38:40 <yamamoto> thank you
16:38:46 <yamahata> thanks
16:39:13 <Sukhdev> bye
16:39:17 <Sukhdev> #endmeeting