Tuesday, 2016-04-19

« Monday, 2016-04-18 Index Wednesday, 2016-04-20 »
*** haixia has quit IRC02:10
*** haixia has joined #openstack-dragonflow02:11
*** zenoway has joined #openstack-dragonflow02:15
*** zenoway has quit IRC02:19
*** gongysh has joined #openstack-dragonflow02:34
*** zenoway has joined #openstack-dragonflow02:51
*** zenoway has quit IRC02:56
*** irenab_ has joined #openstack-dragonflow03:53
*** irenab has quit IRC03:54
*** irenab_ is now known as irenab03:54
*** gongysh has quit IRC04:08
*** yamamoto has quit IRC04:31
*** irenab has quit IRC04:52
*** yamamoto has joined #openstack-dragonflow05:14
*** zenoway has joined #openstack-dragonflow05:19
*** zenoway has quit IRC05:24
*** irenab has joined #openstack-dragonflow05:31
gsagiethingee: doing it now, i must have missed the ability to edit the topic05:34
*** oanson has joined #openstack-dragonflow05:39
*** zenoway has joined #openstack-dragonflow05:55
*** zenoway has quit IRC06:00
openstackgerrithujie proposed openstack/dragonflow: add data sync mechanism for keep db consistency  https://review.openstack.org/30087707:09
*** zenoway has joined #openstack-dragonflow07:16
*** zenoway has quit IRC07:33
*** zenoway has joined #openstack-dragonflow07:33
*** gongysh has joined #openstack-dragonflow07:35
*** zenoway has quit IRC07:38
*** zenoway has joined #openstack-dragonflow07:49
*** yuanwei has quit IRC08:02
*** haixia has quit IRC08:04
*** haixia has joined #openstack-dragonflow08:04
*** haixia has quit IRC08:06
*** haixia has joined #openstack-dragonflow08:06
*** yuanwei has joined #openstack-dragonflow08:07
openstackgerrityuan wei proposed openstack/dragonflow: this patch intend to solve bug #1571523, "Changing VM to new SG is not working"  https://review.openstack.org/30762808:13
openstackbug 1571523 in DragonFlow "Changing VM to new SG is not working" [High,New] https://launchpad.net/bugs/1571523 - Assigned to yuan wei (wei-yuan)08:13
*** gongysh has quit IRC08:24
yuli_syuanwei, the patch looks good08:27
yuli_s;)08:27
gsagienick-ma: ping08:31
yuli_shm08:31
yuli_syuanwei, something is not clear for me in tbale=608:34
yuli_si have 2 VMS, 2 custom SGs, each VM has 2 SGs08:34
yuli_sin table 6:08:34
yuli_stable=6, n_packets=7, n_bytes=518, priority=4,conj_id=2,ip actions=ct(commit,table=9,zone=NXM_NX_CT_ZONE[])08:34
yuli_stable=6, n_packets=5, n_bytes=370, priority=5,conj_id=3,ip actions=ct(commit,table=9,zone=NXM_NX_CT_ZONE[])08:34
yuli_stable=6, n_packets=0, n_bytes=0, priority=4,ip actions=conjunction(2,2/2)08:34
*** saggi has joined #openstack-dragonflow08:34
yuli_stable=6, n_packets=0, n_bytes=0, priority=5,ip actions=conjunction(3,2/2)08:35
yuli_stable=6, n_packets=0, n_bytes=0, priority=4,ct_state=+new-est-rel-inv+trk,in_port=9 actions=conjunction(2,1/2)08:35
yuli_stable=6, n_packets=0, n_bytes=0, priority=4,ct_state=+new-est-rel-inv+trk,in_port=10 actions=conjunction(2,1/2)08:35
yuli_s\08:35
yuli_stable=6, n_packets=0, n_bytes=0, priority=5,ct_state=+new-est-rel-inv+trk,in_port=10 actions=conjunction(3,1/2)08:35
yuli_stable=6, n_packets=0, n_bytes=0, priority=5,ct_state=+new-est-rel-inv+trk,in_port=9 actions=conjunction(3,1/2)08:35
yuli_scan we use half rules here ?08:36
yuanweiyuli_s: just saw, thanks:)08:37
yuanweiabout the question you ask, I don't understand...what are "half rules" ? do you mean flows with actions of "conjunction(XXX,1/2)" or  "conjunction(XXX,2/2)" ?08:41
yuanweitable=6, n_packets=0, n_bytes=0, priority=4,ct_state=+new-est-rel-inv+trk,in_port=9 actions=conjunction(2,1/2)08:44
yuanweitable=6, n_packets=0, n_bytes=0, priority=5,ct_state=+new-est-rel-inv+trk,in_port=9 actions=conjunction(3,1/2)08:44
yuanweithose flows represent one VM is associating two SGs (one is bound with conj_id 2, another is bound with conj_id 3 )08:47
yuanweitable=6, n_packets=0, n_bytes=0, priority=4,ct_state=+new-est-rel-inv+trk,in_port=10 actions=conjunction(2,1/2)08:47
yuanweitable=6, n_packets=0, n_bytes=0, priority=5,ct_state=+new-est-rel-inv+trk,in_port=10 actions=conjunction(3,1/2)08:47
yuanweiso do those flows, but another VM08:47
yuanweiand flows with action of "conjunction(XXX, 2/2)" represent security group rules in the SG which are bound with conj_id XXX08:50
yuli_syes,08:51
yuli_si do not understand why we need 208:51
yuanweibecause each VM is associating with 2 SGs, and we have 2 VMs, then we get 4 associating relations in total08:54
yuli_shm,08:58
yuli_slet me consult with Omer08:58
yuanweiok, seems I don't get the point you are asking:)08:59
nick-magsagie: pong09:02
*** oanson has quit IRC09:10
yuli_syuanwei, he went to eat09:11
yuli_slet me explain myself09:11
yuli_swhen packet from vm reaches table 6 it will be marked with conj_is =3 because priority is higher09:12
yuli_sand so, conj_id=2 tests are redandant09:13
gsagieyuli_s: thats not correct, if one priority is not matched it will try the other09:14
gsagieyuli_s: we have a conjunction id per security group09:14
yuanweigsagie: great, thanks09:15
gsagieyuli_s: the reason why we use different priorities is because conjunction id is in the action and not as part of the match, so we wouldnt be able to insert flows otherwise (they would be the same flow)09:15
gsagieyuanwei: hope i explained it correctly :)09:16
yuanweigasgie: correctly and clearly :)09:17
yuanweiyuli_s: Hi yuli, about this bug https://bugs.launchpad.net/dragonflow/+bug/1571661, could please check VM1 if has two interfaces which have those two addresses: 10.0.0.3 192.168.100.3?09:53
openstackLaunchpad bug 1571661 in DragonFlow "Bug in VM with 2 local net - security group patch" [High,New] - Assigned to yuan wei (wei-yuan)09:53
*** haixia_liu has joined #openstack-dragonflow10:02
*** Mic22 has quit IRC10:29
*** Mic22 has joined #openstack-dragonflow10:29
*** Mic22 has quit IRC10:38
*** Mic22 has joined #openstack-dragonflow10:38
yuli_syuanwei, nop11:10
yuli_svm has one interface of  10.0.0.311:11
*** gongysh has joined #openstack-dragonflow11:11
yuli_syuanwei, regarding the rule optimization in table 6, lets do it later. it is not urgent !11:16
yuli_simho DNAT is more important, afterwards 2 local private ips in one VM11:17
yuli_shm, i think i found another "undocumented feature" in table=611:19
yuli_si created egress rule - TCP ALL11:20
yuli_sthe following rules were created11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=1 actions=conjunction(2,2/2)11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=0x2/0xfffe actions=conjunction(2,2/2)11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=0x4/0xfffc actions=conjunction(2,2/2)11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=0x8/0xfff8 actions=conjunction(2,2/2)11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=0x10/0xfff0 actions=conjunction(2,2/2)11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=0x20/0xffe0 actions=conjunction(2,2/2)11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=0x40/0xffc0 actions=conjunction(2,2/2)11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=0x80/0xff80 actions=conjunction(2,2/2)11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=0x100/0xff00 actions=conjunction(2,2/2)11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=0x200/0xfe00 actions=conjunction(2,2/2)11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=0x400/0xfc00 actions=conjunction(2,2/2)11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=0x800/0xf800 actions=conjunction(2,2/2)11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=0x1000/0xf000 actions=conjunction(2,2/2)11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=0x2000/0xe000 actions=conjunction(2,2/2)11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=0x4000/0xc000 actions=conjunction(2,2/2)11:21
yuli_s cookie=0x18, duration=9.081s, table=6, n_packets=0, n_bytes=0, priority=4,tcp,tp_dst=0x8000/0x8000 actions=conjunction(2,2/2)11:21
yuli_si think one rule is enough:11:22
yuli_s table=6, n_packets=0, n_bytes=0, priority=4,tcp actions=conjunction(2,2/2)11:22
yuli_s{"direction": "egress", "protocol": "tcp", "description": "", "port_range_max": 65535, "id": "40f02887-784b-4075-9d97-ebc7d16f0e58", "remote_group_id": null, "remote_ip_prefix": "0.0.0.0/0", "security_group_id": "768e9dca-9233-4be5-8734-ff1fd9e8217c", "tenant_id": "2531875466be46acb0bfd5db41590084", "port_range_min": 1, "ethertype": "IPv4"}], "name": "768e9dca-9233-4be5-8734-ff1fd9e8217c"}11:25
*** gongysh has quit IRC11:28
*** yamamoto has quit IRC11:30
todinwhat does the conjunction action mean?11:42
*** hujie has quit IRC11:48
*** hujie has joined #openstack-dragonflow11:49
*** yamamoto has joined #openstack-dragonflow12:09
*** oanson has joined #openstack-dragonflow12:19
yuli_sit is a kind of complicated rule12:20
yuli_sit can consist of 2 or more group of rules12:21
yuli_sfor example in group A can be "tcp port = 80 or tcp port = 22"12:21
yuli_sgroup be can be "srcip = x or src_ip = y"12:22
yuli_sops12:22
yuli_sgroup B = "srcip = x or src_ip = y"12:22
yuli_sso, if you have a at least one true value for A and one true value for B, cojunction is true, and conj_id has some value12:23
*** yamamoto has quit IRC12:24
*** yamamoto has joined #openstack-dragonflow12:34
*** yamamoto has quit IRC12:39
*** yamamoto has joined #openstack-dragonflow12:44
*** yamamoto has quit IRC12:45
*** yamamoto has joined #openstack-dragonflow12:54
*** yamamoto has quit IRC13:03
*** irenab has quit IRC13:05
*** yamamoto has joined #openstack-dragonflow13:05
*** yamamoto has quit IRC13:14
*** yamamoto has joined #openstack-dragonflow13:16
*** gongysh has joined #openstack-dragonflow13:37
*** yamamoto has quit IRC13:41
*** yamamoto has joined #openstack-dragonflow13:43
*** oanson has quit IRC14:18
*** DuanKebo_ has joined #openstack-dragonflow14:21
*** irenab has joined #openstack-dragonflow15:05
*** zenoway has quit IRC15:06
*** zenoway has joined #openstack-dragonflow15:06
*** irenab has quit IRC15:07
*** irenab has joined #openstack-dragonflow15:07
*** zenoway has quit IRC15:11
*** DuanKebo_ has quit IRC15:12
*** DuanKebo_ has joined #openstack-dragonflow15:15
*** oanson has joined #openstack-dragonflow15:30
*** gongysh has quit IRC15:48
*** gongysh has joined #openstack-dragonflow15:50
*** yamamoto has quit IRC16:19
*** gongysh has quit IRC16:38
*** oanson has quit IRC16:53
*** oanson has joined #openstack-dragonflow17:00
*** yamamoto has joined #openstack-dragonflow17:20
*** yamamoto has quit IRC17:28
*** oanson has quit IRC17:31
*** oanson has joined #openstack-dragonflow17:46
*** oanson has quit IRC18:17
*** zenoway has joined #openstack-dragonflow18:59
*** zenoway has quit IRC23:06
*** zenoway has joined #openstack-dragonflow23:07
*** zenoway has quit IRC23:11
*** DuanKebo_ has quit IRC23:33
« Monday, 2016-04-18 Index Wednesday, 2016-04-20 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!