19:00:14 <mestery> #startmeeting networking_policy
19:00:15 <openstack> Meeting started Thu Apr 3 19:00:14 2014 UTC and is due to finish in 60 minutes. The chair is mestery. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:16 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
19:00:18 <openstack> The meeting name has been set to 'networking_policy'
19:00:28 <hemanthravi> hi
19:00:32 <rkukura> hi
19:00:33 <Swami> hi
19:00:37 <mestery> Hi folks!
19:01:12 <mestery> #link https://wiki.openstack.org/wiki/Meetings/Neutron_Group_Policy#April_3.2C_2014 Agenda
19:01:16 <SumitNaiksatam> hi aa�ll!
19:01:38 <mestery> banix s3wong: Here?
19:01:55 <rms_13> Hellos
19:01:58 <mestery> #topic Action Item Review
19:02:02 <mestery> rms_13: Hi!
19:02:15 <mestery> So, I had an item to move this meeting time. Do folks still want that? And if so, in which direction?
19:02:25 <mestery> I would prefer earlier by 1 hour, since hte ODL GBP meeting immediatly follows this one.
19:02:39 <banix> hi guys
19:02:48 <banix> sorry for being late
19:03:03 <hemanthravi> +1 for 1hr earlier
19:03:13 <mestery> banix: No worries!
19:03:19 <banix> ok with moving 1 hor earlier
19:03:21 <mestery> SumitNaiksatam: 1 hour earlier is ok with you as well?
19:03:22 <rms_13> +1
19:03:30 <Swami> +1
19:03:31 <SumitNaiksatam> mestery: yeah works for us
19:03:36 <rkukura> +1 for earlier
19:03:40 <mestery> OK, cool. I'll do that and send out email.
19:03:43 <mestery> #topic PoC
19:03:48 <mestery> And now, the meet of the meeting, so to speak. :)
19:04:11 <mestery> SumitNaiksatam: Do you want to give an update? You pushed some code for this over the past coupel of days I believe (great work BTW!)
19:04:22 <SumitNaiksatam> mestery: sure
19:04:42 <SumitNaiksatam> so continuing where we left off from the last IRC meeting
19:04:59 <SumitNaiksatam> we had some exchanges on emails regarding the current state of the model
19:05:08 <SumitNaiksatam> and some of us met in person as well
19:05:17 <SumitNaiksatam> plenty of whiteboarding
19:05:32 <SumitNaiksatam> seems like people are fine with the current state of the model, at least to make progress now
19:05:46 <SumitNaiksatam> *for now
19:06:01 <SumitNaiksatam> given that understanding, we wanted to make sure the people can work in parallel
19:06:17 <SumitNaiksatam> which need coding up the model
19:06:44 <SumitNaiksatam> i have tried to do that and pushed the code to my branch for now: https://github.com/noironetworks/neutron-group-policy/tree/sumit/pm
19:06:57 <mandeep> +1
19:07:01 <SumitNaiksatam> this represents the API and resources as is currently doumented
19:07:12 <SumitNaiksatam> for those needing the NB interface
19:07:31 <SumitNaiksatam> it also drives a “policy driver” framework for those needing SB interface
19:07:48 <mestery> Nice work SumitNaiksatam!
19:07:50 <SumitNaiksatam> i am still fixing some bugs to actually see it working in devstack
19:07:51 <banix> SumitNaiksatam: thanks, will look later today
19:08:24 <s3wong> SumitNaiksatam: will clone the repo to take a look. Thanks!
19:08:26 <SumitNaiksatam> but once those are fixed, and there are no major objects, we will merge this in the integration branch
19:08:37 <SumitNaiksatam> mestery banix s3wong: thanks
19:09:02 <SumitNaiksatam> the current branch is #link https://github.com/noironetworks/neutron-group-policy/tree/sumit/pm
19:09:30 <SumitNaiksatam> but we will try to move to the integration branch: #link https://github.com/noironetworks/neutron-group-policy/tree/int
19:09:43 <SumitNaiksatam> mandeep: offered to send the information about pull requests
19:09:57 <mandeep> Yes, I will do that today
19:10:05 <SumitNaiksatam> mandeep: thanks
19:10:16 <mestery> Thanks mandeep!
19:10:24 <SumitNaiksatam> with that information local branches can be merged with the integration branch
19:10:52 <SumitNaiksatam> hopefully at least the functional blocks and the interfaces will be clear from the current code
19:11:57 <SumitNaiksatam> thats the update on the branch
19:12:06 <SumitNaiksatam> or the code for the PoC so far
19:12:34 <SumitNaiksatam> in parallel there were discussions on the PoC steps as well
19:12:49 <SumitNaiksatam> #link https://docs.google.com/document/d/14UyvBkptmrxB9FsWEP8PEGv9kLqTQbsmlRxnqeF9Be8/edit#heading=h.hyj8vcqqd6ib
19:12:56 <SumitNaiksatam> mandeep: over to you
19:13:27 <mandeep> I had updated the PoC doc for what we intend to deliver as the first use case.
19:13:49 <SumitNaiksatam> mandeep: there are some things in there which are not yet represented in the model
19:13:58 <SumitNaiksatam> mandeep: so we still need to flesh those out
19:14:11 <SumitNaiksatam> just saying it loud for the benefit of everyone
19:14:39 <mandeep> Yes, I plan to update the PoC doc/model as required. For now we need to define how address assignment is done
19:15:08 <mandeep> Like identifying the bridging and routing policies without needing to know the infrastructure
19:15:17 <mandeep> details (like an admin would need to know)
19:15:27 <mandeep> #link https://docs.google.com/a/noironetworks.com/document/d/14UyvBkptmrxB9FsWEP8PEGv9kLqTQbsmlRxnqeF9Be8/edit#heading=h.vdxnduuz8joi
19:15:51 <mestery> All good points mandeep, thanks!
19:16:06 <mandeep> The document also identifies the work items that need to be done for the PoC, and we are working on making that parallel
19:16:57 <mandeep> Also, please comment on the doc for missing issues/updates. (Banix I answered the current comments on it)
19:17:15 <banix> mandeep: ok, thaks
19:17:35 <SumitNaiksatam> rkukura has started work in parallel on the policy engine/enforcement
19:17:57 <SumitNaiksatam> engine -> driver
19:18:06 <rkukura> yes, on the legacy policy driver
19:18:12 <s3wong> SumitNaiksatam: I should get started as well once I look into your code so far
19:18:20 <SumitNaiksatam> s3wong: great
19:18:33 <SumitNaiksatam> s3wong: you will coordinate with rkukura right?
19:18:46 <s3wong> SumitNaiksatam: I think so
19:18:51 <hemanthravi> SumitNaiksatam: I'll get started on the CLI
19:18:54 <s3wong> rkukura: right? :-)
19:19:00 <mandeep> hemanthravi: Cool
19:19:11 <rkukura> s3wong: I hope so
19:19:28 <SumitNaiksatam> hemanthravi: thanks
19:19:54 <banix> Will be talking to SumitNaiksatam on the model side and see how can help ut
19:20:02 * SumitNaiksatam thinking else on PoC
19:20:08 <SumitNaiksatam> banix: thanks, yes
19:20:25 * SumitNaiksatam besides lots more on the code
19:21:05 <SumitNaiksatam> mestery: i guess that sums up the update on the PoC
19:21:12 <banix> have acouple of comments on the model side but will wait until done with PoC discussion
19:21:19 <SumitNaiksatam> mestery: we can discuss specific points
19:21:20 <mestery> SumitNaiksatam: All good stuff, thanks for the updates everyone!
19:21:24 <SumitNaiksatam> banix: sure
19:21:28 <mestery> SumitNaiksatam: Yes, agreed.
19:21:59 <banix> I spent a coupe of hours looking at what models are out there wt application centric policies mainly to see
19:22:05 <banix> if we ned any changes
19:22:30 <banix> in particular if you ecall I was thinking if we need to have an endpoint in multiple groups
19:22:43 <banix> loking further into this, that does not seem necessary
19:22:49 <SumitNaiksatam> banix: ok, cool
19:22:52 <banix> at least from the us cases I have seen
19:23:02 <SumitNaiksatam> banix: nice, can you share the use cases
19:23:04 <SumitNaiksatam> ?
19:23:11 <SumitNaiksatam> if its easy
19:23:21 <s3wong> banix: cool. One less item to worry about for now
19:23:37 <mestery> nice work banix!
19:23:41 <banix> There have been soem effort within OpenSack wrt defining policies; I also had a look at Netflix OSS just to see how they do these things
19:23:55 <SumitNaiksatam> banix: nice
19:24:31 <banix> Yes can send out the links; didn't want to distract as thee higher layer folks deal with a different level of abstraction
19:24:50 <s3wong> banix: does Netflix have some kind of group-based policy framework also (running on AWS, I suppose?)?
19:25:22 <banix> yeah they talk about scaling groups as the smallest entity
19:25:48 <banix> which isessentially a group of VMs with a loadbalancer and autoscaling inclued
19:25:54 <s3wong> banix: cool! please send out the links to the team. Would love to see them.
19:26:00 <SumitNaiksatam> banix: sorry for my ignorance, does netflix use openstack or plan to use it?
19:26:03 <banix> they bild hierarchy of groups but never overlap
19:26:07 <SumitNaiksatam> banix: if so we should talk to them i guess
19:26:19 <SumitNaiksatam> banix: i mean in the group policy context
19:26:21 <banix> no SumitNaiksatam
19:26:22 <s3wong> SumitNaiksatam: I am guessing they run stuff on top of AWS
19:26:29 <SumitNaiksatam> banix: ah ok
19:26:44 <SumitNaiksatam> s3wong: true, i was thinking if they were playing with openstack as well
19:26:59 <SumitNaiksatam> would have been good “app architect” level validation for us
19:27:08 <banix> Just wated to see how their abstractions aredefined and if we can eventally bring them in :)
19:27:21 <banix> just a one0-sided study from my side
19:27:29 <s3wong> banix: good thinking :-)
19:27:44 <mandeep> banix: Thanks, that is good research.
19:27:59 <nbouthors> I have a question on the model, what is the purpose of the contract-scope ?
19:28:07 <banix> Will kep you updated with some links i an email if that is ok
19:28:21 <mandeep> banix: Can you update the group policy doc with references?
19:28:33 <banix> mandeep: sure
19:28:46 <SumitNaiksatam> banix: thanks
19:28:57 <SumitNaiksatam> nbouthors: sure, can explain
19:29:09 <SumitNaiksatam> mestery: good time to have this discussion?
19:29:23 <mandeep> nbouthors: Allows a service provider or consumer to restrict the users of that service
19:29:27 <mestery> SumitNaiksatam: Yes, this is a good thing to discuss now!
19:29:38 <SumitNaiksatam> mandeep: thanks, done :-)
19:29:49 <mestery> mandeep: thanks :)
19:30:26 <SumitNaiksatam> nbouthors: think of it as more granular consumption or provision of the contract
19:30:43 <nbouthors> mandeep: I see, why does it carry some same attri as contract then.
19:30:53 <SumitNaiksatam> nbouthors: note that the policy_rules in the contract will have additional tags/labels
19:31:12 <mandeep> nbouthors: We are trying to use labels to scope application of policies
19:31:24 <SumitNaiksatam> nbouthors: contract_scope scopes/matches on those labels
19:31:34 <mandeep> nbouthors: In the context of a contract, they scope the specific classifiers that apply to a policy
19:32:09 <mandeep> nbouthors: In the context of a contarct relationship, they limit the visibility of that service to users
19:32:42 <nbouthors> It is clear now. Thx.
19:33:06 <SumitNaiksatam> nbouthors: the default scope would be the entire contract
19:33:20 <mandeep> nbouthors: I hope when the PoC doc is updated, some of this is clearer
19:36:05 <s3wong> any other topic to discuss?
19:37:10 <mestery> Nothing here. Should we finish early today?
19:37:29 <banix> mestery: not a bad idea :)
19:37:30 <s3wong> amazing, been a while since we can finish early!
19:37:38 <mestery> Awesome!
19:37:43 <banix> lets look at the code and review and contribute
19:37:44 <mestery> Ok, thanks folks! Good work and lets keep the momentum going!
19:37:48 <mestery> +1 to banix!
19:37:54 <mestery> See you all next week!
19:37:54 <s3wong> thanks!
19:37:55 <banix> thanks
19:37:55 <mestery> #endmeeting