19:01:09 <mestery> #startmeeting networking_policy
19:01:10 <openstack> Meeting started Thu Mar  6 19:01:09 2014 UTC and is due to finish in 60 minutes.  The chair is mestery. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:01:11 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
19:01:13 <openstack> The meeting name has been set to 'networking_policy'
19:01:48 * mestery thinks meetbot appears slow today, perhaps an ominous sign.
19:02:03 <banix> :)
19:02:03 <mestery> #link https://wiki.openstack.org/wiki/Meetings/Neutron_Group_Policy Agenda
19:02:06 <SumitNaiksatam> hi all!
19:02:19 <mandeep> SumitNaiksatam: Hi sumit
19:02:22 <banix> SmitNaiksatam: hi
19:02:23 <s3wong> hello
19:02:30 <cgoncalves> hi everyone
19:02:34 <mestery> #topic Action Item Review
19:02:38 <banix> s3wong: Hi
19:02:38 <SumitNaiksatam> banix s3wong mandeep hi
19:02:45 <mestery> Greetings everyone!
19:02:52 <mestery> Lets walk through action items from last week's meeting now.
19:02:54 <mestery> First up:
19:02:55 <mestery> SumitNaiksatam and prasadv to update document to add contracts to Object Model
19:03:04 <mestery> Any updates on this one?
19:03:18 <SumitNaiksatam> yeah
19:03:24 <prasadv> sumit do you want to update
19:03:26 <SumitNaiksatam> prasadv: sure
19:03:37 <SumitNaiksatam> we haven't updated the main document yet
19:03:58 <SumitNaiksatam> prasadv hemanth mandeep and I got together and brainstormed
19:04:07 <SumitNaiksatam> we made progress
19:04:08 <mestery> Awesome!
19:04:20 <SumitNaiksatam> but still work to be done
19:04:23 <SumitNaiksatam> #link https://docs.google.com/a/noironetworks.com/presentation/d/1Nn1HjghAvk2RTPwvltSrnCUJkidWKWY2ckU7OYAVNpo/edit#slide=id.g1c910cf8b_038
19:04:35 <mestery> Cool, thanks SumitNaiksatam for the update!
19:04:35 <SumitNaiksatam> hence we did not add to the document
19:04:40 <mestery> OK
19:04:43 <SumitNaiksatam> happy to discuss here
19:05:08 <SumitNaiksatam> prasadv: you want to add?
19:05:28 <prasadv> you summed it pretty well
19:05:32 <s3wong> SumitNaiksatam: shouldn't action be a list?
19:05:44 <s3wong> that is, one classifier to n actions?
19:05:45 <banix> so is "policy" more like "policy rule" we had earlier
19:05:53 <SumitNaiksatam> s3wong: hmmm…yeah it was a list before
19:06:11 <SumitNaiksatam> s3wong: but what is an example of multiple actions?
19:06:19 <SumitNaiksatam> banix: yeah
19:06:22 <s3wong> also - policy should have more than one {classifier: list of actions}
19:06:30 <banix> with contract essentially being the "policy" in the terminology we have been using?
19:06:42 <SumitNaiksatam> banix: yes thats the idea
19:06:46 <SumitNaiksatam> s3wong: ^^^
19:07:25 <s3wong> SumitNaiksatam: there are several different action types. For example, it can be 'allow', then 'redirect' to a mirror, then set some 'qos' action
19:07:33 <s3wong> all off of one classifier match
19:07:48 <SumitNaiksatam> s3wong: can we think of that as a composite action?
19:08:05 <SumitNaiksatam> s3wong: with a list, you get into priority issues
19:08:16 <mestery> Agree on the priority issue front here.
19:08:35 <mandeep> s3wong: Yes, were trying to use a white list model that did not need priority
19:09:07 <mandeep> s3wong: But this is still work in progress, and this is good input
19:09:08 <s3wong> SumitNaiksatam: actions are quite orthogonal though - also, some type does not make sense to have multiple, for example 'security'
19:09:33 <s3wong> but OTOH, 'qos' action type can have multiple actions
19:09:34 <SumitNaiksatam> s3wong: yeah, we thought if we can could collapse multiple actions into one
19:09:45 <SumitNaiksatam> s3wong: yeah
19:09:59 <SumitNaiksatam> but yeah, like mandeep said, not set in stone
19:10:01 <cgoncalves> SumitNaiksatam: the endpoing group mapping to a neutron network is just the default value, right? because it is defined in the BP doc that it can be either a network or port
19:10:13 <mandeep> cgoncalves: Yes
19:10:22 <prasadv> we still need to work further on action(s)
19:10:23 <SumitNaiksatam> cgoncalves: yes for the former, no for the latter
19:10:28 <s3wong> SumitNaiksatam: how is actions represented then?
19:10:46 <SumitNaiksatam> s3wong: we will need to have an extensible set of defined actions
19:11:13 <SumitNaiksatam> cgoncalves: port is an endpoint
19:11:26 <SumitNaiksatam> cgoncalves: peg is a collection of end points
19:11:38 <SumitNaiksatam> *epg
19:11:40 <mandeep> cgoncalves: A neutron network identifies a group of endpoints with "default neutron policy", but a group could exist with a different membership
19:12:22 <s3wong> SumitNaiksatam: I do agree we shouldn't have priority on the set of actions
19:12:23 <cgoncalves> SumitNaiksatam, mandeep: ok, thanks for clarifying :)
19:12:31 <banix> and an peg can contain endpoints and one single network?
19:12:31 <s3wong> and that was never the intention anyway
19:12:44 * mestery thinks peg may be sticking now ... :)
19:12:52 <banix> :)
19:12:56 <mandeep> ;-)
19:13:08 <s3wong> what is peg? :-)
19:13:14 <banix> policy endpoint group
19:13:28 <SumitNaiksatam> spell correct tries to invent new terms and i like to take credit :-)
19:13:36 <SumitNaiksatam> peg -> epg
19:13:43 <SumitNaiksatam> sorry
19:13:59 <cgoncalves> IIRC we have been using different terminology in different places (e.g., 'connectivity group' in the BP, 'endpoint group' in BD and/or DB (not sure right now))
19:14:13 <mandeep> cgoncalves: Good pint
19:14:23 <SumitNaiksatam> cgoncalves: we will normalize
19:14:26 <mandeep> cgoncalves: We need to fix this in the doc update
19:14:31 <SumitNaiksatam> cgoncalves: thanks for catching that
19:14:32 <s3wong> just use peg :-)
19:14:34 <mandeep> SumitNaiksatam: agreed
19:14:36 <banix> SO I think as we proceed a bit but not too far we should take the discussion to the google doc as we did earlier
19:14:54 <mandeep> banix: +1
19:14:54 <SumitNaiksatam> cgoncalves: make comments on the doc if you see inconsistencies ;-)
19:14:58 <cgoncalves> and for the neutron CLI I've used as is in the BP, i.e. 'connectivity group'
19:15:05 <s3wong> banix: I agreed. We should be commenting on the doc a lot
19:15:05 <prasadv> banix:+1
19:15:21 <SumitNaiksatam> banix: yes sure
19:15:21 <s3wong> that was the working model before
19:15:30 <cgoncalves> SumitNaiksatam: we must first defined which one to use. either connectivity group or endpoint group
19:15:47 <cgoncalves> s/defined/define
19:15:57 <s3wong> I think we had been using endpoint group for a long time
19:16:02 <SumitNaiksatam> so should i replace the current diagram with the one i posted in the link above?
19:16:06 <banix> Let us stay with the terms we agreed on earlier unless there is a need to change
19:16:29 <s3wong> though we used "connectivity group" in both the API doc and the actual API implementation :-)
19:16:53 <mestery> At various points, we've used both terms.
19:17:05 <mestery> What should we settle on then?
19:17:17 <mandeep> let us not get hung up on names ... let us take that discussion to the doc
19:17:28 <SumitNaiksatam> end point group seems more natural to me
19:17:36 <mestery> Good call mandeep, didn't mean to resolve here either. :)
19:17:36 <banix> I think even though our work is independent of ODL effort along the same direction,
19:17:36 <SumitNaiksatam> since its a collection of end points
19:17:37 <prasadv> +1 for end point group
19:17:40 <SumitNaiksatam> mandeep: sorry
19:18:02 <SumitNaiksatam> mandeep: i agree, not get hung up on names :-)
19:18:09 <banix> we can use similar terms to avoid confusing everybody later on; just a suggestion
19:18:28 <mandeep> banix: I agree, we should stay consistent with ODL model where applicable
19:18:38 <s3wong> banix: agreed - in ODL we settled on the project being call GBP (group-based policy)
19:18:38 <mestery> +1 to staying consistent with ODL model
19:18:42 * cgoncalves thinks we will settle for 'endpoint group', but moves on the subject :-)
19:18:50 <s3wong> and the official term for the group is endpoint group
19:19:08 <s3wong> so if we are going with the ODL terminology, we should go with endpoint group
19:19:12 <banix> or e.g. (as in egg)
19:19:30 <banix> sorry, lets move on
19:19:44 <SumitNaiksatam> +1 for consistency
19:20:31 <s3wong> so for the model, all of us will make our comments on doc?
19:20:35 <s3wong> is that the next step?
19:20:51 <mandeep> s3wong: Yes, that was my understanding
19:20:53 <mestery> Makes sense to me s3wong.
19:21:04 <SumitNaiksatam> s3wong: which doc?
19:21:06 <banix> those working on the first draft, need a bit time to add more?
19:21:23 <banix> to the doc i meant
19:21:34 <s3wong> SumitNaiksatam: the google preso doc you sent above
19:21:54 <mandeep> s3wong: OK
19:21:56 <s3wong> "Neutron Group Policy Model"
19:22:05 <SumitNaiksatam> s3wong: ok
19:22:07 <mestery> This one: https://docs.google.com/a/noironetworks.com/presentation/d/1Nn1HjghAvk2RTPwvltSrnCUJkidWKWY2ckU7OYAVNpo/edit#slide=id.g1c910cf8b_00
19:22:09 <mestery> Right?
19:22:30 <SumitNaiksatam> mestery: yeah that was the one i pasted earlier
19:22:33 <SumitNaiksatam> ok got it
19:22:38 <s3wong> mestery: correct, the one that starts with "Work In Progress!!!"
19:22:48 <prasadv> banix: we do need more time to add more, right sumit?
19:22:52 <mestery> #action Group Policy members to comment on the document here for next week https://docs.google.com/a/noironetworks.com/presentation/d/1Nn1HjghAvk2RTPwvltSrnCUJkidWKWY2ckU7OYAVNpo/edit#slide=id.g1c910cf8b_00
19:23:03 <SumitNaiksatam> prasadv: yeah
19:23:17 <mandeep> prasadv: Yes
19:23:19 <mestery> OK, lets hit the second Action Item for review
19:23:26 <mestery> From last week: mandeep to setup neutronclient shared repo
19:23:31 <mandeep> done
19:23:38 <mestery> Awesome! Thanks mandeep!
19:23:41 <mandeep> Updates the meeting minutes with the repo
19:23:44 <cgoncalves> mandeep: thanks!
19:23:48 <mestery> Perfect, thanks!
19:23:52 <mestery> #topic Plugin status update
19:23:58 <mestery> SumitNaiksatam?
19:24:05 <cgoncalves> I've pushed code to branch cgoncalves/group-policy
19:24:14 <SumitNaiksatam> mestery: yeah
19:24:17 <mestery> cgoncalves: Sweet!
19:24:34 <SumitNaiksatam> i pushed code as well :-)
19:25:00 <mestery> Sweet!
19:25:05 <banix> cgoncalves: thanks; can you say bait about what it does
19:25:05 <SumitNaiksatam> not to get too excited - an initial post on the plugin
19:25:20 <banix> SumitNaiksatam: cool!
19:25:28 <SumitNaiksatam> banix: thanks
19:25:33 <banix> too late, we are already excited :)
19:25:38 <mestery> hahahahah
19:25:46 * mestery thinks the group policy team is easily excitable.
19:25:53 <SumitNaiksatam> "-)
19:25:54 <banix> :)
19:25:55 <SumitNaiksatam> :-)
19:26:07 <SumitNaiksatam> so this was after a bit of experimentation
19:26:09 <cgoncalves> banix: it's just a first draft of commands and API calls. will have to be refactored to keep up with the latest models changes
19:26:21 <SumitNaiksatam> there is some insight gained
19:26:30 <banix> i see; will look; thanks.
19:26:35 <SumitNaiksatam> we agreed that we would be doing a single plugin
19:26:48 <SumitNaiksatam> which would be configured as a "core" plugin
19:26:58 <mestery> Yes
19:27:05 <s3wong> OK
19:27:07 <SumitNaiksatam> the "core" configuration part of it is a bit tricky
19:27:24 <SumitNaiksatam> since we still want to use the L3, L3, services plugin
19:27:50 <SumitNaiksatam> so what i am doing in the patch is, you still configure all other plugins as before
19:28:05 <SumitNaiksatam> so ML2 still gets configured as "core_plugin"
19:28:22 <SumitNaiksatam> then we introduce an additional piece of configuration for the policy plugin
19:28:28 <SumitNaiksatam> call it an interceptor
19:28:55 <SumitNaiksatam> so now, the neutron plugin loading mechanism loads all the plugins as before (including core)
19:29:05 <SumitNaiksatam> then we introduce a hook for this interceptor
19:29:08 <mestery> SumitNaiksatam: Reminds me of what Broace/Vyatta was proposing in Hong Kong :)
19:29:20 <SumitNaiksatam> ok
19:29:28 <SumitNaiksatam> i hope i don't step on their terminilogy
19:29:33 <SumitNaiksatam> it might mean different things
19:29:35 <mestery> Nope, not at all.
19:29:37 <mestery> Yeah, true.
19:29:42 <s3wong> mestery: yeah, the Geoff Arnold dynamic resource mgmt thingy
19:29:42 <SumitNaiksatam> if the interceptor is configured
19:29:48 <mestery> s3wong: Exactly!
19:30:16 <SumitNaiksatam> then, the loaded references to the core and other plugins are replaced with the interceptor/policy-plugin
19:30:27 <SumitNaiksatam> and those references will be passed to the policy plugin
19:30:56 <SumitNaiksatam> now the policy plugin is in the path of all the calls (which is what we want)
19:31:06 <mestery> That sounds pretty nice SumitNaiksatam!
19:31:23 <SumitNaiksatam> what this does is, it allows us to stay consistent with wherever "core_plugin" is used
19:31:24 <s3wong> SumitNaiksatam: would that break the non-policy Neutron calls?
19:31:28 <SumitNaiksatam> say for example devstack
19:31:48 <SumitNaiksatam> we just become and additional/optional configuration
19:32:05 <SumitNaiksatam> so i hope i have managed to confuse everyone by now! :-)
19:32:09 <banix> Cool; Looking forward to seeing the code.
19:32:16 <mestery> :)
19:32:28 <SumitNaiksatam> i have run into an issue with the way the extensions are loaded
19:32:34 <mandeep> SumitNaiksatam: Cool.
19:32:36 <SumitNaiksatam> so the current patch is breaking at that
19:32:37 <banix> we are an excitable easily confused bunch :)
19:32:39 <SumitNaiksatam> but working on it
19:32:45 <SumitNaiksatam> banix: hahaha
19:32:50 <banix> great thanks.
19:33:13 <SumitNaiksatam> open to questions comments on this
19:33:15 <rkukura> SumitNaiksatam: sounds great to me!
19:33:15 <cgoncalves> SumitNaiksatam: I think that's the way to go, even later on. replacing ML2 with yet another core plugin is troublesome for sysadmins. we would also have to come up with a migration tool if ML2 that's deprecated; or am I understanding the ML2-replacement wrong?
19:33:21 <SumitNaiksatam> rkukura: thanks
19:34:00 <cgoncalves> s/that's/gets
19:34:03 <SumitNaiksatam> cgoncalves: so in this scheme, i don't think they will have to change their references to the core_plugin (ML2 that is)
19:34:06 <s3wong> SumitNaiksatam: so this is an infra to get interceptor loaded - my guess is this interceptor is meant to be generic, not only for policy (other projects that need to intercept calls can use it in the future too)?
19:34:18 <SumitNaiksatam> cgoncalves: there will be additional config (which might required migration)
19:34:25 <mandeep> s3wong: Correct, say for debugging
19:34:27 <cgoncalves> SumitNaiksatam: exactly, in this scheme such wouldn't be required
19:34:32 <SumitNaiksatam> s3wong: exactly
19:34:51 <SumitNaiksatam> but we have to be careful with setting the expectations on migration :-)
19:35:02 <cgoncalves> SumitNaiksatam: just wanted with my previous comment that this way of introducing group policy as an interceptor is better in the long run I think
19:35:06 <SumitNaiksatam> i mean from a legacy to a group policy based system
19:35:12 <mandeep> SumitNaiksatam: They have to work ...
19:35:16 <SumitNaiksatam> cgoncalves: true true
19:35:50 <s3wong> very good
19:36:14 * cgoncalves is excited to have a working, even if minimal, group policy + redirect setup flowing
19:36:26 <mestery> SumitNaiksatam: This is very encouraging work! Awesome!
19:36:39 <SumitNaiksatam> mestery: sure
19:36:59 <SumitNaiksatam> cgoncalves: a fair bit to go before that
19:37:08 <mestery> Any other questions/discussions on the plugin?
19:37:09 <prasadv> sumitnaiksatam: very good work!!
19:37:19 <SumitNaiksatam> prasadv: thanks
19:37:19 <mandeep> prasadv: +1
19:37:20 <cgoncalves> SumitNaiksatam: I know, I know :)
19:37:25 <s3wong> I can only imagine how much testing is needed before this patch can make it upstream :-)
19:37:41 <mestery> s3wong: :P
19:37:48 <SumitNaiksatam> s3wong: ha good one
19:37:55 <banix> Great Sumit. thanks.
19:37:57 <cgoncalves> s3wong: you're no fun! hehe
19:37:59 <SumitNaiksatam> so thats what i mean by setting the expectations
19:38:19 <SumitNaiksatam> i think there is a huge overhead even for a tiny change
19:38:25 <mestery> Yeah, good call.
19:38:34 <SumitNaiksatam> so we have to sandbox accordingly
19:38:51 <SumitNaiksatam> i think most of us have experienced that in icehouse :-)
19:38:57 <SumitNaiksatam> not funny actually
19:39:25 * s3wong sighs
19:39:34 <mestery> True
19:39:44 <banix> Do we want to bring this approach to the larger community; not now but may be later on when we make more progress?
19:39:58 <SumitNaiksatam> banix: oh absolutely
19:40:09 <banix> May be part of what we discuss at the sumit
19:40:11 <s3wong> banix: yeah, that was my question above actually :-)
19:40:12 <SumitNaiksatam> banix: lets get it work to a reasonable extent
19:40:19 <banix> yes makes sense
19:40:29 <SumitNaiksatam> banix: with some UTs
19:40:41 <SumitNaiksatam> banix: but i agree better to socialize sooner than later
19:41:03 <banix> Yes, will have much more time to work on this after the ongoing deadlines are passed
19:41:12 <s3wong> SumitNaiksatam: correct, probably want to give a heads up on the ML once this works to a certain extent
19:41:17 <SumitNaiksatam> banix: sure
19:41:25 <SumitNaiksatam> s3wong: yes sure
19:41:49 <SumitNaiksatam> i think the best thing will be to post on gerrit at the earliest
19:42:11 <mestery> +1 to that SumitNaiksatam
19:42:55 <banix> sounds good
19:43:45 <mestery> OK, lets move on then.
19:43:48 <mestery> #topic Model
19:43:54 <mestery> I guess we talked bout this a lot already.
19:43:58 <mestery> Anything else to discuss here now?
19:44:08 <s3wong> 16 more minutes!!!
19:44:20 <mestery> :)
19:44:29 <mestery> I mean, object model discussions.
19:44:39 <mestery> We did this earlier I think. Anything else to ponder further?
19:44:51 <banix> We had started discussing connection to services framework
19:45:03 <SumitNaiksatam> banix: yeah
19:45:04 <s3wong> banix: that will happen on a separate meeting, no?
19:45:09 <mestery> banix: This is true, yes. We had decided to move that out right SumitNaiksatam?
19:45:13 <mestery> Yes
19:45:15 <mestery> separate meeting I think
19:45:29 <s3wong> Wednesdays @1900 UTC
19:45:30 <SumitNaiksatam> mestery: yeah, we thought we had enough fires to fight for icehouse 3
19:45:32 <mandeep> banix: Yes
19:45:43 <s3wong> and daylight saving time will come for us US people
19:45:43 <banix> yes i agree
19:45:44 <mestery> :)
19:45:49 <SumitNaiksatam> so next wednesday works for everyone?
19:45:56 <banix> wanted to say something else:
19:46:01 * mestery will be on vacation, but please proceed without me. :)
19:46:08 <prasadv> i am ok
19:46:09 <s3wong> SumitNaiksatam: sure, works for me
19:46:20 <SumitNaiksatam> ok
19:46:27 <banix> ok will talk later.
19:46:46 <mestery> #topic Open Discussion
19:46:51 <mestery> Anything else this week then?
19:47:12 <SumitNaiksatam> banix: you were saying something
19:47:32 <s3wong> yeah, waiting for banix to finish his something else :-)
19:47:33 <banix> no i just wanted to say we could have a basic framework that does not require services
19:47:53 <banix> as such and we can have that as a separate complementary but not necessary thing. that's all.
19:47:55 <s3wong> banix: for PoC, sure, we should keep it simple
19:47:55 <mandeep> banix: Yes, that could a first phase
19:47:57 <SumitNaiksatam> banix: yes, we can incrementally evolve
19:48:14 <banix> exactly; that was it from my side.
19:48:29 <SumitNaiksatam> only thing is that we have certain requirements down the line, we need to start planning now
19:48:39 <SumitNaiksatam> it takes a really long time to get anything in
19:48:48 <SumitNaiksatam> especially resource/api changes
19:49:03 <s3wong> yeah, the group-policy meeting can hopefully focus more on actually coding and PoC
19:49:11 <banix> I agree.
19:49:18 <s3wong> and the service meeting will focus on doing service with group-policy
19:49:19 <mestery> +1
19:49:38 <SumitNaiksatam> yeah, we don't have much time left for the PoC
19:50:06 <mandeep> Looks like we have violent agreement ;-)
19:50:09 <SumitNaiksatam> good thing is we don't rely on neutron reviewers to accept the PoC :-)
19:50:12 <s3wong> consensus!!!
19:50:52 <banix> Great job starting the ball rolling
19:51:06 <mestery> Yes, nice work SumitNaiksatam!
19:51:18 <SumitNaiksatam> mestery: thanks, good team work
19:51:28 <mestery> +1
19:51:37 <mestery> OK, if there's nothing else, lets call this meeting 9 minutes early! :)
19:51:45 <SumitNaiksatam> excitable team is a great thing!
19:51:51 <banix> :)
19:51:53 <mestery> :)
19:51:57 <SumitNaiksatam> mestery: sure thanks!
19:51:59 <s3wong> All good
19:51:59 <cgoncalves> let's pat ourselves on the back for early meeting ending and tremendous aggreement overall :)
19:52:01 <banix> excited about leaving early!
19:52:01 <mestery> Thanks for everyone's help and excitement!
19:52:06 <mestery> ;)
19:52:07 <SumitNaiksatam> cgoncalves: +1
19:52:09 <mestery> #endmeeting