05:35:11 <yamamoto> #startmeeting taas
05:35:12 <openstack> Meeting started Wed Jun 21 05:35:11 2017 UTC and is due to finish in 60 minutes.  The chair is yamamoto. Information about MeetBot at http://wiki.debian.org/MeetBot.
05:35:13 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
05:35:15 <openstack> The meeting name has been set to 'taas'
05:35:37 <yamamoto> #topic Agenda
05:35:42 <yamamoto> #link https://wiki.openstack.org/wiki/Meetings/taas
05:35:52 <yamamoto> #topic Open Discussion
05:36:26 <yamamoto> let me copy-and-paste an update from reedip
05:36:36 <anil_rao> Hi
05:36:48 <yamamoto> I am working on the Neutronclient part of TaaS so that I can again push for the governance inclusion patch
05:36:58 <kaz> hi ani_rao
05:37:01 <yamamoto> Will push the Neuitronclient patch today for review
05:37:09 <yamamoto> end of copy-and-paste
05:37:15 <yamamoto> anil_rao: hi. long time no see
05:37:35 <anil_rao> Sorry for being absent for a long time. Was not well and then got busy with other stuff in the office.
05:38:03 <yamamoto> you got well?
05:38:22 <anil_rao> Well, feeing better.
05:38:42 <kaz> anil_rao: welcome back!
05:38:56 <anil_rao> kaz: Thanks.
05:40:31 <anil_rao> yamamoto: I'll review your patch when you submit it.
05:41:13 <yamamoto> anil_rao: it was a copy-and-paste of reedip's message. so his patch.
05:41:25 <anil_rao> OK :-)
05:41:51 <anil_rao> I will be submitting some patches from next week containing error handling logic in the TaaS agent/driver
05:44:39 <yamamoto> great
05:45:01 <anil_rao> I have noticed one problem with the TaaS logic that I would like to discuss
05:45:27 <yamamoto> the agent side of it likely overlaps with l2 agent extension stuff, right?
05:46:11 <anil_rao> That would be right.
05:47:06 <anil_rao> Here is a description of the issue:
05:47:44 <anil_rao> Since we add flows in br-int to capture ingress and egress traffic if there are two VMs (ports) communicating with each other
05:48:03 <anil_rao> on the same host, then we only catch it using the flow that matches first.
05:48:39 <anil_rao> However, if the two VMs (ports) were on different hosts, we catch both the packet(s) leaving a port andentering the other port.
05:49:02 <anil_rao> Or, in other words we capture the duplicates if the ports are on separate hosts but not on the same host.
05:49:38 <anil_rao> I somehow don't like this differering behavior.
05:49:51 <anil_rao> However, I can't think of any way to resolve it using our existing logic.
05:50:25 <anil_rao> Thoughts?
05:52:11 <yamamoto> i guess the behaviour with the same host case should be somehow fixed.
05:52:37 <anil_rao> Agree.
05:53:14 <anil_rao> I think the (new) OVS flow mgmt project for various extenstions should make it easy to solve.
05:53:28 <yamamoto> i agree
05:53:59 <anil_rao> Any idea what is going on with that project. When trying to catch up I found that that project was almost abandoned.
05:55:11 <yamamoto> it's taken over by someone else
05:55:17 <yamamoto> see last comments on https://review.openstack.org/#/c/320439/
05:55:23 <anil_rao> Oh
05:56:41 <anil_rao> Looks like it is moving forward after all. :-)
05:56:54 <yamamoto> yes
05:57:47 <anil_rao> I'll keep a close eye on it. We should redo our flows based on this design.
05:58:59 <yamamoto> #action keep a close eye on https://review.openstack.org/#/c/320439/
06:02:04 <yamamoto> reminder: Call for Presentations for OpenStack Summit Sydney: Submission deadline: 14th July 2017
06:02:23 <yamamoto> reminder: Denver, CO, USA (Sep., 11-15, 2017)
06:02:37 <yamamoto> Project Teams Gathering
06:02:45 <yamamoto> any other topics?
06:02:53 <anil_rao> Thanks for the reminders
06:03:19 <anil_rao> I send out some ideas for a possible next presentation on TaaS.
06:04:16 <yamamoto> great
06:04:39 <kaz> +1
06:06:18 <anil_rao> One other thing that I think we need to spend time discussing are the limits on tap-services and tap-flows.
06:09:02 <yamamoto> you mean quota?
06:09:46 <anil_rao> Quota -- yes, but the numbers need to be large enough otherwise TaaS won't be very useful for a tenant.
06:10:34 <anil_rao> However, if we have a large number of tap-services we will burn a lot of VLAN ids.
06:11:12 <yamamoto> i think reedip was working on quota while ago
06:11:27 <yamamoto> #link https://review.openstack.org/#/c/373929/
06:12:12 <anil_rao> Quotas will place the cap we seek. However, I don't think the VLAN id space we have for TaaS is sufficient on a real OS cloud.
06:13:01 <yamamoto> when you say a real OS cloud, how big it is?
06:13:13 <anil_rao> Here is an example.
06:14:42 <anil_rao> Assume a tenant has a few hundred VMs and they are all passing a decent amount of traffic. If we want to monitor all of them, we will need a large number of tap-services.
06:15:13 <anil_rao> This is because we cannot have too many tap-flows associated with a tap-service, otherwise the monitoring VM (on the destination port) won't be able to handle the mirrored traffic.
06:15:52 <anil_rao> If now there are lots of such tenants we suddenly have an explosion of tap-services and consequently VLAN ids get used up very fast.
06:17:55 <kaz> i see.
06:19:01 <anil_rao> Pre-capture filtering can help increase the tap-flow : tap-service ratio. Without it, this ratio will be quite small.
06:23:15 <anil_rao> When we did the original TaaS implementation we borrowed Neutron's style of using VLAN Ids to separate tenant networks for keeping the mirrored
06:23:35 <anil_rao> traffic of a tap-service isolated from other tap-services and production traffic.
06:24:09 <anil_rao> However, I am now realizing that we may need a lot more tap-services than virtual networks.
06:25:11 <anil_rao> Let's think about this issue some more and discuss again at a later time.
06:25:49 <kaz> sure
06:26:53 <anil_rao> I don't have any more topics for today.
06:27:20 <kaz> i checked the L2 agen extension patch witten by Reedip.
06:27:33 <kaz> I think I can take over it.
06:27:49 <anil_rao> Great
06:28:15 <kaz> I would like tol submit this patch.
06:28:44 <anil_rao> That would be nice. I can review it when you do.
06:29:06 <kaz> thanks.
06:30:10 <anil_rao> We have run out of time.
06:30:19 <kaz> yes
06:30:48 <anil_rao> Talk to you all next time. Bye.
06:30:56 <kaz> bye, thanks
06:31:37 <anil_rao> #endmeeting
14:00:36 <tobberydberg> Good afternoon everyone!
14:00:48 <adriant> Evening (morning) :)
14:00:50 <tobberydberg> Time for PublicCloud WG meeting!
14:00:53 <tobberydberg> hehehe
14:01:08 <tobberydberg> aren't we all in my timezone?? ;-)
14:01:43 <openstack> tobberydberg: Error: Can't start another meeting, one is in progress.  Use #endmeeting first.
14:02:04 <zhipeng> taas is not ended ?
14:02:11 <tobberydberg> hmmm
14:02:15 <tobberydberg> #endmeeting