21:03:50 <sc68cal> #startmeeting neutron_ipv6 21:03:51 <openstack> Meeting started Thu Dec 5 21:03:50 2013 UTC and is due to finish in 60 minutes. The chair is sc68cal. Information about MeetBot at http://wiki.debian.org/MeetBot. 21:03:52 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 21:03:54 <openstack> The meeting name has been set to 'neutron_ipv6' 21:04:36 <sc68cal> Hello everyone, I hope all are doing well 21:04:56 <shshang> Hey, Sean 21:05:08 * sc68cal pulls up agenda 21:05:08 <Randy__> hi sean 21:05:15 <aveiga> hello 21:05:24 <sc68cal> #topic review previous meeting items 21:06:10 <sc68cal> So our meeting 2 weeks ago, the first thing we talked about was how to move forward with the DHCP agent for V6 21:06:51 <sc68cal> we discussed that in depth on the brainstorm on tuesday night, and the consensus was that we're going to attempt to get all the work that everyone has done around this combined 21:07:21 <sc68cal> Randy__ and shshang posted their review, which contains the work they did to make dhcpv6 work with dnsmasq 21:07:57 <sc68cal> #link https://review.openstack.org/#/c/58186/ Review for IPv6 - Randy & shshang 21:08:14 <sc68cal> shshang: Do I have attribution right? 21:08:27 <shshang> Yup, that is correct, Sean! 21:08:32 <sc68cal> Great 21:08:50 <sc68cal> so let's go ahead and use that to transition into a recap about what we talked about tuesday 21:08:57 <sc68cal> #topic recap tuesday brainstorm 21:09:08 <sc68cal> shshang: want to summarize our discussion? 21:09:41 <shshang> Sure. So we had a brainstorming session on Tuesday 21:09:59 <shshang> We had teams from multiple placeholders, such as Comcast, IBM, HP, Cisco, and Nephos6 21:10:25 <shshang> Sean clarified several question regarding the blueprint he proposed to the community 21:10:40 <shshang> Regarding the blueprint, we focused on the short-term and mid-term goals 21:11:03 <sc68cal> #link https://blueprints.launchpad.net/neutron/+spec/ipv6-provider-nets-slaac Comcast short-term goal for IPv6 21:11:33 <shshang> In summary, for short-term goals, with the new patch in Neutron to modify the firewall rules, the system should be able to achieve the short-term goal 21:12:02 <shshang> In other words, VM should be able to learn RA from upstream router, and come up with dual-stack address 21:12:24 <shshang> W.r.t. the mid-term goal, a lot of work have been done already jointly between Comcast, IBM and HP team 21:12:38 <aveiga> something to note here is that patch applies to the hybrid VIF driver 21:13:16 <haleyb> i (hp) won't take credit for any work, just reviews :) 21:13:45 <jjmb> so what is next here on this front "Comcast short-term goal for IPv6", how do we advance this so we can deploy preliminary support IPv6? 21:13:47 <shshang> There are several bug fixes already submitted . In addition, Randy and I did POC before, and we believe that we can merge the work we did to add support of the architecture with Neutron Router and L3 agent 21:14:15 <shshang> @aveiga, thanks for the note. Yup, that is correct 21:14:55 <sc68cal> that sounds like a good time to transition to bugs 21:15:01 <sc68cal> #topic bugs 21:15:16 <shshang> We will leverage the work Sean and IBM team already did, i.e. the framework to add dnsmasq mode from CLI to the code, and make sure dnsmasq has flexibility to achieve Sean's mid-term gold 21:15:19 <shshang> goal 21:15:50 <shshang> In addition, Sean encouraged us to create a new blueprint 21:15:59 <sc68cal> #undo 21:16:00 <openstack> Removing item from minutes: <ircmeeting.items.Topic object at 0x2b8ed10> 21:16:08 <shshang> make it as addition to the existing blueprint he submitted. 21:16:34 <shshang> Randy created a blueprint for that purpose 21:17:10 <sc68cal> perfect 21:17:13 <shshang> We will create at least one more blueprint as supplement to Sean's, in order to support router and l3 agent 21:17:22 <Randy__> #link https://blueprints.launchpad.net/neutron/+spec/dnsmasq-bind-into-qrouter-namespace 21:17:30 <aveiga> thanks Randy__ 21:17:32 <shshang> Thanks, @Randy 21:17:43 <Randy__> np 21:18:06 <shshang> So eventually, as part of the Comcast mid-term goal, we should be able to allow user to define which mode dnsmasq will run at, and spin up dual-stack VM accordingly 21:18:17 <shshang> We didn't have time to discuss long-term goal yet. 21:18:47 <shshang> Anything I missed, Sean or Randy? 21:18:58 <aveiga> to be specific about the mid-term goal, there are 3 major ways to provision a network in ipv6 21:19:05 <aveiga> SLAAC, stateful, and stateless 21:19:23 <aveiga> it would be useful to extend neutron's network attributes to include provisioning mode 21:19:32 <aveiga> and basically set the v4 subnets to stateful 21:19:41 <sc68cal> aveiga: I believe the subnet_mode bp covers that 21:19:44 <aveiga> but allow the v6 networks t oselect one of these modes 21:19:55 <sc68cal> since it allows you to do static, ra-names, ra-stateless, etc 21:19:55 <aveiga> exactly, mind linking it? 21:20:03 <Randy__> that is our intent 21:20:15 <sc68cal> #link https://blueprints.launchpad.net/neutron/+spec/dnsmasq-mode-keyword dnsmasq v6 mode configuration 21:20:24 <Randy__> we will use the modes introduced with keywords blueprint 21:20:28 <Randy__> that is a dependency 21:20:29 <shshang> The framework Sean and IBM team defines, including a list of constants for all of these modes 21:20:40 <sc68cal> jjmb: I think the last peice for our short term is just getting the hairpin fix into nova 21:21:10 <shshang> we will use the definition of those constants for our next code submission. 21:21:43 <sc68cal> #link https://review.openstack.org/#/c/52983/ defines the modes available to use with dnsmasq 21:21:46 <shshang> We will also drop the source code, which are duplicated with Comcast and IBM teams' contribution. 21:22:21 <shshang> I believe that should be the summary of our Tuesday night's meeting 21:23:01 <Randy__> we will create another blueprint to address the external gateway of the L3 agent 21:23:05 <sc68cal> excellent - thanks for organizing that meeting, I think it was very helpful for the IBM people who are not able to make these meetings 21:23:31 <sc68cal> due to timezone differences 21:23:46 <shshang> Np, Sean! 21:23:51 <sc68cal> Randy__: excellent 21:24:42 <sc68cal> aveiga: You discovered a bug in dnsmasq with dualstack - I think shshang and Randy__ ran into the same issue 21:24:46 <sc68cal> #topic bugs 21:24:55 <sc68cal> want to give you guys time to discuss 21:24:58 <aveiga> sure 21:25:21 <aveiga> #link https://bugs.launchpad.net/neutron/+bug/1257446 neutron dual-stack bug 21:26:03 <aveiga> I ran into an issue that seems like a show stopper. If you create a regular IPv4 provider network, it operates as expected. As soon as you add an IPv6 subnet to that network, dnsmasq stops issuing leases 21:26:22 <aveiga> it turns out that neutron is trying to send both networks to dnsmasq as tags 21:26:34 <sc68cal> shshang: this is happens in the part of the code where you place 1.1.1.1 in as a workaround, if I recall correctly, from Tuesday's meeting 21:26:43 <aveiga> this is invalid syntax for dnsmasq, and causes it to stop issuing responses 21:26:53 <sc68cal> in your review 21:27:21 <aveiga> so in order to get dual-stack working, it might be necessary to fix a fw flaws in the v4 workflow as well 21:27:26 <aveiga> few* 21:27:40 <shshang> yes, you are right....I remember Havana release packaged 2.5.x release, which had a lot of issues of IPv6. 21:27:58 <shshang> I later on "upgraded" it to 2.6.5 release 21:28:28 <aveiga> yes, in the bug I mention that the installed dnsmasq (per the repo) is 2.59 21:29:15 <shshang> Do you plan to fix it from OpenStack side? 21:29:25 <aveiga> that's what I wanted to bring up 21:29:37 <aveiga> there are multiple ways to fix it, but which is correct? 21:30:00 <sc68cal> aveiga: since we are working closely with the maintainer of dnsmasq- perhaps we can discuss with him/her? 21:30:04 <aveiga> we could bump the minimum required version of dnsmasq, or the (imho) proper way would be to fix the command to not have both networks tagged 21:30:27 <aveiga> sc68cal: I'd rather work with what's already deployed 21:30:38 <aveiga> I'm not sure issuing both networks is correct 21:31:04 <jjmb> sean we (comcast) are happy to direct some of our resources to address issues that will advance openstack ipv6 support 21:31:20 <jjmb> we should remain open to upping the version of dnsmasq that is required 21:31:30 <jjmb> some fixes and features may be required 21:31:45 <aveiga> jjmb: The issue lies in that we are treating ipv4 and ipv6 on the same network as separate networks 21:31:45 <sc68cal> jjmb: agreed. I think like aveiga said this is neutron just constructing a bad cmd string 21:31:50 <shshang> @aveiga, I agree with you...I am afraid of if dnsmasq doesn't support it, then there is no way we can make it happen....unless the author changes it 21:32:10 <shshang> clearly it is supported in the newer release 21:32:33 <shshang> another bad thing on 2.5.x release is, it may not support --enable-ra 21:32:33 <aveiga> perhaps this is something we should put to the mailing list 21:32:43 <aveiga> to see what kind of operator pain it would cause to bump the version 21:33:06 <shshang> I remember at the time when I add --enable-ra, it complained. That was the main reason I switched to 2.6.x 21:33:06 <jjmb> we need to keep a running list of dnsmasq related bugs and rfe's so we can ensure they are addressed and accounted for... 21:33:22 <shshang> @jjmb, yup 21:33:50 <aveiga> jjmb: I think I'll go retag the bug dnsmasq in launchpad 21:33:59 <aveiga> we should consider doing that for future issues 21:34:35 <sc68cal> Anyone else have any other bugs to discuss? 21:35:00 <sc68cal> othewise we'll hit tempest, then do open discussion 21:35:52 <sc68cal> #topic tempest 21:36:18 <shshang> I see IBM team initiated several threads on tempest, right? 21:36:25 <sc68cal> shshang: exactly 21:36:41 <sc68cal> #link https://review.openstack.org/#/c/58721/ static ipv6 injection scenario 21:37:16 <sc68cal> I don't know if anyone has anything related to tempest, but I felt it would be good to bring it up anyway 21:37:26 <shshang> What they are doing is helpful for us too. 21:37:57 <aveiga> actually, I'm interested in setting up a separate meeting (one-ff) to review neutron tempest cases 21:38:10 <aveiga> we should look at them and write v6 cases for existing v4 ones 21:38:13 <shshang> Sooner than later, we need to leverage their tool to sanitize our code. 21:38:30 <sc68cal> haleyb: does tempest run on infrastructure that hp provides? i forget 21:38:37 <aveiga> eventually, security groups, fwaas, etc will need to be tested with v6 as well 21:39:24 <shshang> forgive my ignorance, who has the ownership of testing and test case development? 21:39:30 <haleyb> sc68cal: probably, i'd have to ask someone, it's nothing i do 21:40:07 <aveiga> tangentially related, I'm going to start leveraging the Third Party Testing tools to run code against our lab here at Comcast too 21:40:29 <aveiga> I can only cover certain scenarios, but every bit helps until Tempest is running against v6 code 21:40:45 <sc68cal> aveiga: I think that'd be great 21:41:25 <sc68cal> #action aveiga sc68cal jjmb investigate third party test integration for doing ipv6 tempest testing 21:41:28 <shshang> So clearly there is a need...I am eager to see what we can do in order to make IBM team's tool available 21:42:17 <aveiga> are they willing to assist? Forgive my ignorance, but I'm not familiar with the situation 21:42:55 <shshang> In the context of what we are trying to do here, I believe they are going to help 21:44:06 <aveiga> one of the action items I had from the first meeting was to gather a list of the things we're looking for in code review that are "IPv4-only-isms" 21:44:16 <aveiga> jjmb was kind enough to start the ehterpad for it 21:44:23 <aveiga> #link https://etherpad.openstack.org/p/ipv6-coding-considerations ipv4-isms 21:44:40 <aveiga> the list isn't complete by any means, but is a starting point 21:45:06 <sc68cal> #topic open discussion 21:45:15 <shshang> Sorry, Sean, what's the decision of tempest? 21:45:47 <sc68cal> shshang: I think we just keep an eye on what the IBM people are adding to tempest 21:46:40 <aveiga> shshang: I agree with sc68cal, and we should go over it when it's published 21:46:47 <sc68cal> and maybe our team inside comcast can investigate running tempest so we can formailize some of our testing that we've been doing 21:46:48 <aveiga> from there we can look for gaps and try to patch them up 21:47:13 <aveiga> sc68cal: can you give me that as an action item? 21:47:17 <aveiga> I'll put it in my backlog 21:47:37 <sc68cal> I think I got it already 21:47:46 <aveiga> no, the tempest integration part 21:47:50 <aveiga> we're good on theird party 21:47:51 <shshang> Agree, I feel like we should give their tool a try 21:47:57 <sc68cal> ah gotcha 21:48:11 <aveiga> shshang: is there a link to this tool, or are they still in the process? 21:49:04 <shshang> I am not 100% sure of the readiness, but based on my current reading, it adds some enhancement to the existing template 21:49:42 <aveiga> ok, would you mind providing a link (or encouraging them to) to the mailing list when it's available? I'm interested in doing an evaluation 21:50:30 <shshang> The same here. I will nudge them to provide more details. Hopefully it will become community level testing solution for IPv6 21:52:25 <sc68cal> Sounds good - we've got 8 mins left if anyone else has anything 21:54:13 <shshang> Nothing from my side...btw, Randy is going to create more blueprints and link to yours. We will share the link to the mailer when it is done. 21:54:56 <shshang> A quick question, for mid-term, are we going to consider running dnsmasq as dhcp6 server? 21:55:09 <aveiga> shshang: I think that's a good idea 21:55:36 <aveiga> it's already being used today in openwrt and similar projects, and it even handles prefix delegation, which I think needs to be on the long-term list 21:56:12 <aveiga> i.e. we should be able to pull a delegated prefix for use in software load-balancers or service VMs 21:56:45 <shshang> If I understand you correctly, the same dnsmasq will announce RA, and act as DHCPv6 server at the same time, in case of stateless DHCPv6 mode, right? 21:56:57 <sc68cal> aveiga: doesn't the current code attempt to do dhcp6 today? 21:57:09 <aveiga> so that's the question, there's a discussion to be had there 21:57:13 <sc68cal> obviously it breaks, but it tries to do that with the flags its passed 21:57:19 <aveiga> some modes you want RAs issued there 21:57:23 <aveiga> but in some modes you don't 21:57:41 <aveiga> for instance, my deployment with l3 provider networks, you want the RA coming from the upstream gateway 21:57:47 <ijw> aveiga: um, surely you want RAs from the router, not the DHCP server (says he jumping in late) 21:57:49 <aveiga> er, l2 provider 21:58:06 <aveiga> ijw: you want it from dhcp server IF it's the l3 gateway 21:58:15 <aveiga> otherwise you don't 21:58:20 <ijw> OK, told you I'd jumped in late ;) 21:58:24 <aveiga> np 21:58:27 <shshang> I see. That is a very good use case, aveiga 21:58:47 <aveiga> there are several bugs in many implementations wehre multiple RAs fail to work proerly 21:58:55 <aveiga> or where RA priorities are not respected 21:59:06 <aveiga> we have to work around them, unfortunately, as they are widespread 21:59:36 <shshang> aveiga, if you don't mind, can Randy and I take a look at this issue? 21:59:43 <aveiga> sure! 21:59:50 <aveiga> let's take it to the mailing list, since we're out of time 21:59:50 <shshang> i.e. run dnsmasq as DHCPv6 for various mode. 21:59:57 <shshang> absolutely 22:00:01 <aveiga> thanks 22:00:10 <shshang> Don't mention it! Any time! 22:00:22 <shshang> Will keep everybody posted 22:01:06 <sc68cal> OK everyone - let's keep things going on the ML 22:01:22 <shshang> Thanks, everyone 22:01:29 <sc68cal> lots of great stuff going on, very excited to see things coming together 22:01:51 <sc68cal> everyone have a great weekend! 22:01:51 <jjmb> same, thanks sean 22:02:04 <sc68cal> #endmeeting