05:02:42 <yamahata> #startmeeting servicevm-device-manager
05:02:43 <openstack> Meeting started Tue Jun 17 05:02:42 2014 UTC and is due to finish in 60 minutes.  The chair is yamahata. Information about MeetBot at http://wiki.debian.org/MeetBot.
05:02:44 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
05:02:45 <Christian_M> hi
05:02:46 <openstack> The meeting name has been set to 'servicevm_device_manager'
05:03:04 <yamahata> wait minutes for others
05:03:58 <yamahata> s3wong will skip this meeting because he's at mid cycle meeting
05:04:23 <yamahata> and it's midnight there.
05:04:27 <Christian_M> Will others skip it too ?
05:05:02 <yamahata> I'm not sure. Maybe today's meeting would be short.
05:06:15 <yamahata> Okay let's get started
05:06:22 <yamahata> #topic Announcement
05:06:36 <yamahata> irc channel #tacker is available.
05:07:11 <yamahata> Last week I announced, but it was secret mode somehow. Now it's visible for all.
05:07:47 <yamahata> request for stackforge repo is still under review. 1 +1 now.
05:08:03 <yamahata> It has taken longer than I expected. Hopefully soon
05:08:18 <Christian_M> Who can add +1, -1 ? Everyone of just 'core' members ?
05:08:19 <yamahata> #topic Action Items from the last week
05:08:37 <yamahata> #undo
05:08:38 <openstack> Removing item from minutes: <ircmeeting.items.Topic object at 0x1f44790>
05:08:50 <balajip> yamahata:are we going to change IRC channel to #tacker from next meeting?
05:08:50 <yamahata> Anita Kuno gave +1
05:09:15 <yamahata> balajip: no. IRC meeting will be held at #openstack-meeting for meeting log
05:09:45 <yamahata> I think Anita Kuno is one of cores
05:09:45 <balajip> ok
05:10:17 <yamahata> #topic Action Items from the last week
05:10:59 <yamahata> s3won conntacted rossella_s. she isn't actively working on l2-gateway stuff. But please keep her in cycles.
05:11:29 <yamahata> I've contacted Eric Moe for VLAN-aware-VM, but didn't get reply.
05:12:06 <yamahata> So I've create spec for l2-gateway based on the existing BP.
05:12:32 <yamahata> #link https://review.openstack.org/#/c/100278/ l2-gateway spec
05:12:58 <yamahata> I created a wiki page for neutron port attributes
05:13:12 <yamahata> #link https://wiki.openstack.org/wiki/ServiceVM/neutron-port-attributes
05:13:48 <yamahata> #topic project-incubation
05:14:05 <yamahata> not much progress since the last week
05:14:39 <yamahata> After repository creation, API/data model will be discussed with gerrit
05:15:02 <yamahata> #topic nfv followup
05:15:15 <yamahata> I think no much since last week.
05:15:30 <yamahata> Does anyone have anything?
05:16:07 <yisun> Are we going to consolidate l2-gateway with the vlan bp proposed by Ian?
05:16:20 <balajip> yamahata:Usecase section has to be updated for the given link
05:16:22 <yamahata> #topic blueprint follow up
05:16:47 <yamahata> yisun: yes. I think we should.
05:17:07 <yisun> yamahata: got it, thanks
05:17:31 <yamahata> balajip: which link?
05:17:49 <balajip> yamahata:https://wiki.openstack.org/wiki/ServiceVM/neutron-port-attributes
05:18:11 <yamahata> balajip: it's a wiki. Can you please fix it?
05:18:57 <yamahata> #action balajip fix the link
05:19:10 <balajip> yamahata:ok
05:19:33 <yamahata> For vlan trunk port, we have three proposal and we should consolidate and unite.
05:20:25 <yamahata> So far Ian hasn't replied yet.
05:20:49 <yamahata> I expect l2-gateway proposal needs discussion to be refined.
05:21:39 <yamahata> I also created a spec for unfirewall port as OVS ML2 portsecurity extension
05:21:52 <yamahata> #link https://review.openstack.org/#/c/99873/ ML2 OVS portsecurity extension
05:22:03 <yisun> yamahata: I thought Ian also created a similar bp, didn’t he?
05:22:52 <yamahata> yisun: yes. His BP is something similar to VLAN trunk port. but it doesn't include any concrete data model/API.
05:22:58 <yisun> But it seems that yours is moving much faster
05:23:27 <yamahata> #link https://review.openstack.org/#/c/97714/ VLAN trunking networks for NFV
05:23:30 <yisun> yamahata: I thought that he also proposing unfirewall, but I’m sure if he has created a bp or not
05:24:00 <yamahata> #link https://review.openstack.org/#/c/97715/ NFV unaddressed interfaces
05:24:27 <yamahata> His unfirewall proposal is unaddressed port == unfirewall port
05:24:49 <yamahata> I left review message to point the link of ML2 OVS portsecurity
05:25:08 <yisun> yamahata: got it
05:25:46 <yamahata> For routervm, unfirewalled port with address is needed.
05:26:32 <yisun> yamahata: btw- I did not see you propose any API in your portsecurity extension
05:26:55 <yisun> how a ml2 ovs knows when to disable the portsecurity?
05:27:14 <yamahata> #link https://review.openstack.org/#/c/99873/
05:27:40 <yisun> yamahat: yes, I read it. but I did not see any new APIs
05:28:12 <yisun> you only mentioned that ML2 plugin will support securitygroup extension
05:28:12 <yamahata> yisun: port will have a new attribute to disable security
05:28:55 <yamahata> yisun: neutron/extensions/portsecurity.py defines API. I should have mentioned it in the spec.
05:29:02 <yisun> yamahata: ok
05:29:18 <yamahata> yisun: network and port will have a new attribute, port_security_enabled, default true.
05:29:39 <yamahata> The value will be sent to ovs agent. the port will be set up based on the value
05:30:14 <yisun> yamahata: got it, let me check with Gary Duan to see if this is all we want. We hacked neutron to turn off the securitygroup
05:30:54 <yamahata> yisun: Cool. If Gary Duan have alreay a patch, can we share it?
05:31:10 <yamamoto> it’s shame portsecurity has no docs here http://docs.openstack.org/api/openstack-network/2.0/content/API_extensions.html
05:31:31 <yisun> yamahata: what we have is a “real” hack, but let me find Gary and check with him tomorrow
05:31:39 <yamahata> yamamoto: Then we should also document it.
05:31:45 <yamahata> yisun: got it.
05:32:03 <yamahata> yamamoto: then, the spec needs to be updated to mention documentation?
05:33:20 <yamahata> anything else?
05:33:53 <yamahata> #action yisun fin Gary and check with him tomorrow for reusable patch for ML2 OVS port security
05:33:54 <Christian_M> not from me
05:34:06 <yisun> I’m good
05:34:07 <yamamoto> yamahata: i guess filing a bug is more appropriate action
05:34:34 <yamahata> yamamoto: got it.
05:34:46 <yamahata> #action yamahata file a bug for documentation of portsecurity
05:35:05 <yamamoto> i haven’t checked if there’s existing bug
05:35:41 <yamahata> yamamoto: I see.
05:36:18 <yamahata> Okay next target of blueprint is unaddressed port, I think.
05:36:29 <yamahata> Do we have any use case?
05:36:59 <yamahata> So far I haven't see concrete use case of it at https://wiki.openstack.org/wiki/ServiceVM/neutron-port-attributes
05:37:32 <yamahata> anyone volunteer for spec?
05:37:44 <yisun> ok, here is one use case:
05:38:26 <yisun> my VM is a firewall VM to provide firewall service, I can greate interface when service instance is created
05:39:12 <yisun> But when the fw service instance is deleted from the tenant, I may not delete the VM vNic since it could be reused for other FW service instance
05:39:48 <yisun> Before the vNic is bind to any new FW service instance, it does not really have an ip address
05:39:54 <yisun> But it could have a MAC
05:40:00 <yamahata> yisun: during unused time, the port is unaddressed.
05:40:22 <yisun> yamahata: correct, it does not have an address
05:40:28 <yamahata> yisun: I see. So only IP address is unaddressed, but MAC doesn't need to be unaddressed.
05:40:46 <yamahata> Then only ip address
05:40:50 <yisun> yamahata: yes
05:41:26 <yamahata> yisun: can you please add it to the wiki page?
05:41:27 <yamamoto> why you want to keep vnic?  to keep mac address unchanged?
05:42:24 <yisun> yamamoto: just to same the effort to unplug/plug interface
05:42:31 <yisun> s/same/save/
05:43:27 <yamamoto> save admin’s efforts?
05:44:16 <yisun> yamamoto: yes
05:45:12 <yamamoto> i see
05:45:15 <yisun> another use case is so called v-wire mode
05:45:34 <yisun> when a firewall is running in the v-wire mode, it does not have ip/mac
05:45:35 <yamamoto> my impression is the use case is a little weak, though
05:46:33 <yisun> yamamoto: v-wire or port unplug?
05:47:01 <yamahata> yisun: Is v-wire something like bump-in-the-wire?
05:47:12 <yamahata> I don't know what v-wire means
05:47:52 <yamamoto> i meant “save admin’s effort” one
05:48:14 <yisun> yamahata: some time I got confused by bump-in-the-wire, in different context it is used for different meaning
05:48:57 <yisun> yamamoto: ok
05:50:31 <yisun> yamahata:http://blog.davidvassallo.me/2012/05/30/lessons-learned-palo-alto-in-vwire-mode/
05:50:44 <yamahata> yisun: thanks for the link
05:50:59 <yamahata> yisun: I meant figure 3 in https://docs.google.com/document/d/1fmCWpCxAN4g5txmCJVmBDt02GYew2kvyRsh0Wl3YF2U/edit?pli=1
05:51:17 <yamahata> yisun: I'll look into the link
05:51:46 <yisun> yamahata: I just did a good and copy the most relavent link I found
05:51:54 <yisun> s/good/google/
05:52:26 <yamahata> yisun: do you have more use cases?
05:52:34 <yisun> how about a TAP port?
05:52:41 <yisun> not sure if it counts
05:53:12 <yisun> yamahata: yes the vwire is similar to the figure 3
05:53:21 <yamahata> #action yisun add use cases of unaddressed port to the wiki page
05:53:44 <yamahata> After collecting use case, we can break them down to the actual spec
05:54:37 <yamahata> anything to discuss on specs/blueprints?
05:55:15 <yamahata> #topic open discussion
05:55:42 <yamahata> anything to discuss?
05:56:36 <yamahata> Seems none.
05:56:44 <yamahata> see you next week
05:56:52 <Christian_M> ok thanks
05:56:56 <yamahata> thanks
05:57:15 <yamamoto> thank you
05:57:25 <yamahata> #endmeeting