22:06:28 <dendrobates> #startmeeting 22:06:29 <openstack> Meeting started Tue May 17 22:06:28 2011 UTC. The chair is dendrobates. Information about MeetBot at http://wiki.debian.org/MeetBot. 22:06:30 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic. 22:06:38 <dendrobates> #topic quantum 22:06:41 <danwent> thx 22:06:55 <danwent> Ok, Salvatore is doing a great job driving the API work 22:07:05 <danwent> comments on the api on etherpad: http://etherpad.openstack.org/PbTpgXnnZZ 22:07:15 <danwent> Salvatore, do you have anything to add? 22:07:33 <salv-orlando> Just updated the etherpad. Apologies for vestigial stuff left in the API spec. 22:07:37 <salv-orlando> I'm updating it right now. 22:08:02 <salv-orlando> We might spend some time discussing Alex's proposals and comment. 22:08:05 <salv-orlando> Is Alex on the call? 22:08:08 <danwent> no 22:08:11 <danwent> he's flying right now 22:08:30 <danwent> maybe just take those to the etherpad for discussion? 22:08:49 <danwent> What were the main points? was "status" of a logical port one issue? 22:08:59 <salv-orlando> 1) port status 22:09:07 <salv-orlando> 2) interface URLs 22:09:13 <salv-orlando> which needed more explanation 22:09:27 <danwent> ah yes, and port "capabilities" 22:09:29 <salv-orlando> 3) Port capabilities 22:09:32 <salv-orlando> right 22:09:54 <danwent> Ok. Given that I think we need more input from Alex on these, let's try to have that discussion on the etherpad. 22:10:03 <salv-orlando> Agreed. 22:10:13 <danwent> salv-orlando, is there anything holding you up from making progress in the mean time? 22:10:37 <salv-orlando> No, I'm currently starting work on API implementation 22:10:42 <danwent> awesome. 22:10:54 <somikbehera> salv-orlando: cant wait! 22:11:09 <danwent> Next up, Somik has been working on adapting Troy's "starter-code" for quantum. https://blueprints.launchpad.net/network-service/+spec/quantum-project-framework 22:11:11 <salv-orlando> I think there is agreement API will just be a pass-through for our first milestone, i.e.: No quantum db. 22:11:16 <salv-orlando> Sorry Dan... 22:11:27 <danwent> I think savlatore is looking at that branch as well, right? 22:11:42 <danwent> np 22:11:54 <salv-orlando> Yes, but I'm only a "follower" at the moment 22:12:03 <danwent> Key area's we're looking for people to step are are: 22:12:08 <danwent> 1) API extensions framework 22:12:18 <danwent> 2) API auth + keystone integration. 22:12:41 <danwent> Ryu + Troy are taking a lead on the nova side of changes for the network code. 22:13:01 <dendrobates> I would like to help with that as well 22:13:13 <danwent> dendrobates: the nova side changes? 22:13:19 <dendrobates> danwent: yes 22:13:23 <danwent> great. 22:13:34 <troytoman> dendrobates: that would be great 22:13:44 <danwent> I think we need to work on cleaning up the existing blueprints in the nova project and getting more detailed blueprints focused on dev tasks. 22:13:48 <dendrobates> troytoman: is there a branch? 22:14:19 <romain_lenglet> https://code.launchpad.net/~midokura/nova/network-service 22:14:21 <danwent> I think there is some confusion on the nova end, given the different blueprints still in nova from before the summit. 22:14:23 <troytoman> dendrobates: just the midokura branch. I think ryu is adapting it to work with multi-nic 22:14:35 <dendrobates> thanks 22:14:39 <ryu25> I've been discussing the safest way to start the Nova changes with the core devs, and will create a branch for that 22:15:06 <troytoman> we're trying to get multi-nic in, then the network-service branch and we can look at extending from that base 22:15:29 <danwent> sounds good. 22:15:34 <dendrobates> is multi-nic proposed for merge? 22:16:02 <dendrobates> nm, I'll look 22:16:04 <troytoman> we're close 22:16:19 <troytoman> but I don't think it's merge-propped yet 22:16:20 <danwent> that is all I had for quantum. Please let me know if you're interested in API extension + API auth work. I'd really like to get someone putting some thought into that side of things. 22:16:54 <dendrobates> #topic donabe 22:17:20 <dendrobates> We are trying to get our legal ducks in a row at Cisco to start pushing code 22:18:13 <dendrobates> As you can imagine we have to make sure that no one gets in trouble. but we are spinning up a couple of dev teams and expect to push soon 22:18:29 <danwent> very cool 22:18:51 <dendrobates> in the mean time we might have some of the devs help vish with unit tests and the like 22:19:06 <dendrobates> #topic other stuff 22:19:17 <troytoman> updates on melange 22:19:28 <Tv> please skim: https://github.com/tv42/melange-discovery/blob/master/melange-discovery.rst 22:19:39 <troytoman> we've started work on the base service: 22:19:41 <troytoman> lp:~rajarammallya/network-service/melange_framework 22:19:42 <Tv> i'd like to talk to people about the IPAM protocol, what data is transported etc 22:20:23 <troytoman> I hope to be able to share a draft API later this week. we have the start of it but there are some things to clean up 22:21:00 <troytoman> As tv alludes to, I think we need some work on overall flow though. 22:21:34 <Tv> and i'd like to talk to somebody on the nova firewall side, what do they think about about MITM prevention etc 22:21:48 <troytoman> how do we associate a quantum network with an IP block? Does Nova establish both and create the link? or do it through quantum? 22:21:48 <dendrobates> Tv: I recommend soren 22:21:56 <Tv> as in, if there's egress filtering the vm only uses the addresses its allowed to use, then the dhcp component needs to inform it, etc 22:21:59 <carlp> troytoman: Did you plan on having Melange log all the uses of an IP over time to it's database. With the recent announcements of EC2 being used for bad things, it may be useful. 22:22:36 <troytoman> carlp: we have not started logging yet. but, we can add that as a requirement. 22:23:01 <danwent> tv: what MITM attack are you referring to specifically? 22:23:20 <danwent> rogue DHCP? 22:23:30 <danwent> or more general? 22:23:30 <troytoman> should we set up an etherpad to jointly work through the flows between Nova/Quantum/Melange? 22:23:42 <danwent> yeah, probably easier than trying to use IRC :) 22:23:42 <carlp> troytoman: awesome. I have some ideas that may help with that, but I'll wait until we have some code before throwing them at you :) 22:23:52 <Tv> danwent: rogue DHCP, ARP proxy, spoofed source, ... 22:23:54 <dendrobates> troytoman: I think so. IRC is hard for this 22:24:08 <danwent> let's move this to etherpad 22:24:57 <dendrobates> is that all for melange? 22:25:03 <troytoman> i think so 22:25:04 <romain_lenglet> Tv: I think this is a Quantum problem, not a nova problem 22:25:05 <Tv> danwent: the part that ties in with the DHCP most is the dynamic part; your vm should not be able to send packets as 10.0.0.3 outside of the time you hold a valid lease for that IP address 22:25:38 <Tv> romain_lenglet: i think parts of it are irrevokably tied to current IPAM state 22:25:38 <danwent> I see, you are talking about general spoofing filters. 22:26:09 <Tv> yeah basically two things: 1. general MITM prevention 2. enforcing address allocation 22:26:13 <danwent> a provider may or may not want to enforce such filters on a given interface. 22:26:24 <Tv> 1. is nova or quantum, 2. is also nova or quantum but requires IPAM knowledge 22:26:29 <romain_lenglet> Tv: both problems are Quantum problems 22:26:35 <romain_lenglet> not nova 22:26:42 <Tv> the github url i pasted earlier talks about having the dhcp server notify local firewall how to update rules for #2 22:26:48 <romain_lenglet> agreed that it's tied to IPAM integration 22:26:58 <Tv> romain_lenglet: i'm saying nova only because this thing is being pushed to happen faster than quantum, afaik ;) 22:27:16 <dendrobates> We need to make sure that everyone that submits code to any of these projects has signed the openstack CLA 22:27:23 <danwent> let's make sure the flows we discuss includes an example of a spoofing filter. 22:27:26 <dendrobates> if we want to become official projects 22:28:16 <dendrobates> I am working with the infrastructure people to setup a testing environment and we will soon be checking CLA compliance at merge 22:28:38 <danwent> great 22:29:01 <dendrobates> do we want to do this time and day every week? 22:29:12 <troytoman> works for me 22:29:17 <dendrobates> I'll update the wiki, if there are no objections 22:29:24 <salv-orlando> works for me as well 22:29:26 <somikbehera> +1 22:29:39 <danwent> still good for me 22:29:43 <dendrobates> cool. I have a hard stop now. 22:30:06 <danwent> nothing more from me. 22:30:19 <salv-orlando> Ok, let's just circulate the etherpad link for joint melange-quantum-donabe discussion 22:30:20 <danwent> someone please send out an etherpad for the IPAM discussion 22:30:25 <danwent> :) 22:30:28 <dendrobates> feel free to carry on, but I'll stop the recording now 22:30:33 <dendrobates> #endmeeting