14:00:37 <liuyulong> #startmeeting neutron_l3
14:00:37 <openstack> Meeting started Wed Mar 18 14:00:37 2020 UTC and is due to finish in 60 minutes.  The chair is liuyulong. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:38 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:41 <openstack> The meeting name has been set to 'neutron_l3'
14:00:43 <liuyulong> #topic Announcements
14:00:57 <ralonsoh> hi
14:01:03 <liuyulong> #link http://eavesdrop.openstack.org/meetings/networking/2020/networking.2020-03-16-21.00.log.html#l-10
14:01:07 <liuyulong> let's recall wha
14:01:15 <liuyulong> #undo
14:01:16 <openstack> Removing item from minutes: #link http://eavesdrop.openstack.org/meetings/networking/2020/networking.2020-03-16-21.00.log.html#l-10
14:01:20 <liuyulong> #link http://eavesdrop.openstack.org/meetings/networking/2020/networking.2020-03-16-21.00.log.html#l-10
14:01:38 <liuyulong> let's recall the team's Announcements.
14:01:39 <slaweq> hi
14:01:41 <liuyulong> hi
14:02:41 <liuyulong> Congrats to Lajos Katona.
14:03:03 <liuyulong> Welcome to the core team.
14:03:38 <slaweq> ++
14:04:09 <liuyulong> #link https://review.opendev.org/#/admin/groups/38,members
14:04:20 <liuyulong> we now have 11 members.
14:05:11 <liuyulong> Oh, and ovn cores, it should be 15.
14:05:27 <slaweq> and most of them are active, so I think our team is in good shape now
14:05:30 <slaweq> :)
14:05:49 <slaweq> I also have some another potential candidates in mind, but not for now (yet) :)
14:05:58 <haleyb> hi
14:07:02 <liuyulong> Yes, the team are active, and we also have 4 meetings per week.
14:07:57 <liuyulong> OK, next topic should be the virtual PTG.
14:08:44 <liuyulong> My concern is jet lag, it the virtual PTG will be held a full day, someone may not be available to attend some topics.
14:09:49 <liuyulong> I have applied for my travel support and no reply at present.
14:10:13 <slaweq> currently lets just focus on planning topics to discuss
14:10:30 <slaweq> and we will see how it will be :)
14:11:38 <liuyulong> I hope that people all over the world can safely defeat the virus.
14:12:46 <liuyulong> OK, let's move on.
14:12:51 <liuyulong> #topic Bugs
14:13:05 <liuyulong> #link http://lists.openstack.org/pipermail/openstack-discuss/2020-March/013352.html
14:15:28 <liuyulong> Just one related to L3 OVN:
14:15:32 <liuyulong> #link https://bugs.launchpad.net/neutron/+bug/1867122
14:15:34 <openstack> Launchpad bug 1867122 in neutron "Unnecessary network flapping while update floatingip without port or fixed ip changed" [Low,In progress] - Assigned to Taoyunxiang (taoyunxiang)
14:16:24 <liuyulong> It has a fix: https://review.opendev.org/#/c/712641/
14:16:33 <ralonsoh> (maybe we should add [OVN] in the title)
14:16:50 <liuyulong> It has a tag [OVN]
14:16:51 <slaweq> ralonsoh: we have "ovn" tag which IMO should be enough
14:17:04 <ralonsoh> perfect
14:19:20 <liuyulong> The patch is related to OVN north DB
14:22:08 <liuyulong> It's a bit out of our scope again, so let's continue the review in gerrit.
14:22:57 <liuyulong> No more L3 bugs from the bug deputy report. So let's have a quick scan of the LP bug list.
14:25:24 <liuyulong> Looks like it was a steady and quiet week, one L3 bug from me today.
14:25:38 <liuyulong> You guys have any updates?
14:25:55 <ralonsoh> no
14:25:59 <haleyb> none from me
14:26:00 <slaweq> nope
14:26:38 <liuyulong> OK, let's move on.
14:26:43 <liuyulong> #topic OVN_L3
14:27:26 <liuyulong> lucasagomes, maciejjozefczyk any updates for L3 of OVN?
14:28:20 <liuyulong> Alright, they are not here.
14:28:21 <maciejjozefczyk> liuyulong I would like to ask for review this patch https://review.opendev.org/#/c/705660/
14:28:31 <ralonsoh> related to L3, the FIP QoS support is still under investigation
14:28:32 <maciejjozefczyk> Thats the patch we talked a bit earler, about rescheduling
14:29:07 <maciejjozefczyk> yes, for now I send e-mail to OVS ml2 if its possible to do QoS on FIP, for not any answer
14:29:53 <maciejjozefczyk> I *think* without any significant changes in Core OVN its not possible, but im not an expert at all in core ovn
14:30:33 <maciejjozefczyk> I'm gonna ping our core-ovn team in order to have any insights about it
14:32:06 <liuyulong> Yes, I remember that patch, it looks good to me.
14:32:14 <maciejjozefczyk> thats all what I have about OVN&L3
14:32:19 <maciejjozefczyk> thanks liuyulong ;)
14:32:35 <liuyulong> It can be tested in a all-in-one devstack deployment?
14:34:03 <ralonsoh> yes, it's possible
14:34:21 <ralonsoh> I don't remember now, but there are some local.conf examples for this
14:34:30 <ralonsoh> (I'll send you the links)
14:34:44 <liuyulong> I'd like to run that code locally, so I want to know if one node is enough to test it : )
14:34:44 <maciejjozefczyk> liuyulong, yes, but I think that needs multinode deployment, at least to have more than one chassis
14:34:56 <maciejjozefczyk> I worked on it having env with 3 chassis
14:35:11 <ralonsoh> maciejjozefczyk, did you use devstack?
14:35:25 <maciejjozefczyk> so 1 node all in one and 2 nodes with only nova-compute and ovn-controllers
14:35:29 <maciejjozefczyk> ralonsoh, yes, lemme find a likn
14:35:34 <ralonsoh> thanks!!
14:36:06 <maciejjozefczyk> ok, so first node: https://github.com/openstack/neutron/blob/master/devstack/ovn-local.conf.sample
14:36:14 <maciejjozefczyk> and computes: https://github.com/openstack/neutron/blob/master/devstack/ovn-compute-local.conf.sample
14:36:24 <maciejjozefczyk> that should work, at least worked a few days back :D
14:37:48 <liuyulong> Cool, this could be a good advice for reviewers when they want to run the code in a running deployment.
14:38:19 <maciejjozefczyk> liuyulong, ok, I added a comment there how to test it.
14:38:19 <liuyulong> I have a 5 node devstack deployment for neutron agents(none-OVN), one controller, 2 compute nodes and 2 network nodes. : )
14:40:56 <liuyulong> About the OVN FIP QoS, there is a new implementation  uploaded
14:40:56 <liuyulong> recently.
14:41:52 <ralonsoh> in Neutron?
14:42:08 <ralonsoh> well, not for FIP precisely but a refactor of the QoS extension in the OVN client
14:42:18 <liuyulong> #link https://review.opendev.org/#/c/712239/
14:42:23 <liuyulong> This one ^
14:42:32 <ralonsoh> ahhhhh ok
14:42:36 <ralonsoh> good to know this
14:42:53 <liuyulong> But seems the author just want to run the CI. : (
14:44:02 <maciejjozefczyk> With meter actions it changes a lot, I think that not trivial to support FIP on QoS when ovs meter is used.
14:44:36 <maciejjozefczyk> And for now we just switched QoS to use meters, because normal 'tc' didn't work while the traffic went throught geneve tunnels,
14:44:53 <maciejjozefczyk> I don't remember the specifics, but ovs meters is the way to go now.
14:45:07 <liuyulong> The code seems copied from this: https://review.opendev.org/#/c/539826/
14:46:09 <ralonsoh> so the base strategy is to setup the qos on the GW port
14:46:35 <ralonsoh> https://review.opendev.org/#/c/712239/1/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py@875
14:47:29 <maciejjozefczyk> ralonsoh, so thats bad right? it will limit N/S traffic for all ports connected to that router.
14:47:37 <ralonsoh> exactly
14:47:54 <ralonsoh> this is not like TC, where you can specify the src IP or MAC
14:48:08 <slaweq> if it's qos for fip then it has to be only N/S traffic, right?
14:48:09 <ralonsoh> to filter the class shaping
14:48:17 <slaweq> ahh, ok
14:48:26 <ralonsoh> yes, but you should be able to apply a QoS per FIP
14:48:34 <maciejjozefczyk> but, anyways, thats also needed. I mean from what I remember there is possibility to create QoS on gateway port, right?
14:48:39 <ralonsoh> here you can only define one QoS OVN rule per direction and port
14:48:44 <maciejjozefczyk> but ralonsoh changes could also support it out of the box
14:48:47 <slaweq> so there is no way to say "limit only traffic with src/dest == a.b.c.d", correct?
14:48:55 <ralonsoh> nope
14:48:59 <slaweq> ok, thx
14:49:04 <slaweq> got it now
14:49:14 <maciejjozefczyk> slaweq, no, we can specify only OVN 'inport', which means OVN Logical_Switch_Port
14:49:45 <maciejjozefczyk> OVN FIP is only a entry about DNAT/SNAT action
14:50:49 <liuyulong> https://review.opendev.org/#/c/712239/1/neutron/common/ovn/qos.py may be here has a clue about it.
14:50:59 <liuyulong> get_floating_ip_qos_rules
14:51:09 <maciejjozefczyk> #link https://mail.openvswitch.org/pipermail/ovs-discuss/2020-March/049801.html
14:51:23 <maciejjozefczyk> I send an email about it to ovs-discuss ml.
14:51:58 <ralonsoh> liuyulong, yes, but this is like applying a QoS to a specific port
14:52:04 <ralonsoh> this is not FIP QOS
14:52:10 <maciejjozefczyk> liuyulong, hmm, maybe construction like: "'%s == "%s" && ip4.%s == %s && is_chassis_resident("%s")" will solve it, I don't know
14:52:27 <maciejjozefczyk> Line 26 from proposition
14:52:48 <ralonsoh> uhhhh
14:52:52 <ralonsoh> is this possible???
14:53:02 <liuyulong> maciejjozefczyk, yes, that match has an IP address.
14:53:05 <ralonsoh> I didn't see that in the NB or SB info
14:53:13 <maciejjozefczyk> maybe the match action is more sophisticated, I mean maybe its able to match more than only inport
14:53:27 <maciejjozefczyk> yes, it is worth exploring
14:53:45 <liuyulong> Cool
14:53:54 <maciejjozefczyk> with ralonsoh refactor that would be pretty easy to add
14:54:07 <ralonsoh> for sure
14:54:12 <ralonsoh> I need to investigate this ASAP
14:54:13 <liuyulong> About the QoS, I have an addition, it's the Gateway IP.
14:54:58 <liuyulong> QoS on gateway port may limit all traffic like floating IP and SNAT (VMs to outside world without fip).
14:55:18 <liuyulong> Gateway IP should be SNAT only.
14:56:36 <maciejjozefczyk> liuyulong, yes
14:57:25 <liuyulong> OK, last topic.
14:57:31 <liuyulong> #topic On demand agenda
14:57:49 <liuyulong> #link https://bugs.launchpad.net/neutron/+bug/1867119
14:57:50 <openstack> Launchpad bug 1867119 in neutron "[security] Add allowed-address-pair 0.0.0.0/0 to one port will open all others' protocol under same security group" [Critical,In progress] - Assigned to LIU Yulong (dragon889)
14:57:58 <liuyulong> I just updated the patch, reviews are welcomed.
14:58:08 <liuyulong> #link https://review.opendev.org/#/c/712632/
14:58:26 <liuyulong> It's not related L3 IMO. : )
14:59:02 <maciejjozefczyk> added to my list
14:59:14 <slaweq> liuyulong: I will test it
15:00:10 <liuyulong> Thanks : )
15:00:23 <liuyulong> OK, so let's end here.
15:00:27 <liuyulong> #endmeeting