#openstack-meeting log

21:00:09 <mlavalle> #startmeeting networking
21:00:11 <openstack> Meeting started Mon Aug  5 21:00:09 2019 UTC and is due to finish in 60 minutes.  The chair is mlavalle. Information about MeetBot at http://wiki.debian.org/MeetBot.
21:00:12 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
21:00:14 <openstack> The meeting name has been set to 'networking'
21:00:19 <slaweq> hi
21:01:29 <haleyb> hi
21:01:47 <mlavalle> slow Monday?
21:01:49 <tidwellr> hi
21:02:35 <mlavalle> ok, let's get going
21:03:02 <mlavalle> #topic Announcements
21:03:37 <mlavalle> The next milestone is Train-3 on the week of September 9th
21:03:48 <mlavalle> so that's a liuttle bit more than a month
21:03:52 <mlavalle> from today
21:04:28 <mlavalle> Yesterday I nominated ralonsoh to join the Neutron core team: http://lists.openstack.org/pipermail/openstack-discuss/2019-August/008225.html
21:04:47 <mlavalle> Most of you have provided positive feedback
21:05:12 <mlavalle> the nomination will be open all this week
21:06:14 <mlavalle> This week is the last one to enter your name in the Shanghai PTG planning etherpad, if you are planning to attend: https://etherpad.openstack.org/p/Shanghai-Neutron-Planning
21:06:50 <mlavalle> by the end of the week I will use the number of people registered to estimate how many people will attend out PTG
21:07:05 <mlavalle> any other announcements?
21:07:09 <slaweq> not too many so far on the list :/
21:08:36 <mlavalle> ok, let's move on
21:09:09 <mlavalle> #topic Blueprints
21:09:29 <mlavalle> These are the blueprints that we are tracking for T-3 https://etherpad.openstack.org/p/Shanghai-Neutron-Planning
21:09:34 <mlavalle> #undo
21:09:35 <openstack> Removing item from minutes: #topic Blueprints
21:09:46 <mlavalle> #topic Blueprints
21:10:19 <mlavalle> These are the blueprints we are tracking for T-3: https://launchpad.net/neutron/+milestone/train-3
21:10:40 <mlavalle> any updates?
21:11:48 <slaweq> this one https://blueprints.launchpad.net/neutron/+spec/subnets-different-pools-same-net looks for me like done, but maybe tidwellr has something more related to it which isn't linked there
21:11:59 <tidwellr> that one is done
21:12:24 <slaweq> thx tidwellr for confirmation :)
21:12:35 <mlavalle> ok, updated in Launchpad
21:12:48 <mlavalle> thanks tidwellr for this implementation
21:13:41 <tidwellr> np
21:14:08 <mlavalle> ok, let's move on
21:14:29 <mlavalle> #topic Community Goals
21:14:57 <mlavalle> any updates on community goals?
21:16:30 <mlavalle> ok, let's move on then
21:16:34 <slaweq> nothing new from me
21:16:59 <mlavalle> #topic Bugs
21:17:23 <mlavalle> Our deputy this week was haleyb
21:17:29 <mlavalle> and here's his report http://lists.openstack.org/pipermail/openstack-discuss/2019-August/008258.html
21:18:07 <haleyb> there were a few in the DVR/L3 space which we can handle in that meeting
21:18:25 <mlavalle> ok
21:18:42 <haleyb> there were a couple others that needed owners, let me link
21:18:50 <haleyb> https://bugs.launchpad.net/neutron/+bug/1838431
21:18:51 <openstack> Launchpad bug 1838431 in neutron "[scale issue] ovs-agent port processing time increases linearly and eventually timeouts" [Medium,Confirmed]
21:19:54 <haleyb> liu had filed it, perhaps he can pick up
21:20:11 <mlavalle> if he doesn't< i will take it
21:20:22 <haleyb> ack
21:20:28 <mlavalle> kind of matches what we are doing in the performance sub-team
21:20:37 <mlavalle> I already left him a question in the bug
21:20:47 <slaweq> I just wrote a comment there too
21:21:08 <haleyb> https://bugs.launchpad.net/neutron/+bug/1838431 was the second one
21:21:08 <openstack> Launchpad bug 1838431 in neutron "[scale issue] ovs-agent port processing time increases linearly and eventually timeouts" [Medium,Confirmed]
21:21:14 <slaweq> it looks for me like "well known" problem with remote_security_group_id in SG
21:22:04 <haleyb> i could not reproduce one of the issues in ^^, and have asked what release it is.  there might be a missing notification, or some missing information when a port delete happens and a floating ip is associated
21:22:25 <slaweq> haleyb: You pasted same link twice
21:22:33 <haleyb> sigh
21:22:42 <haleyb> https://bugs.launchpad.net/neutron/+bug/1838403
21:22:43 <openstack> Launchpad bug 1838403 in neutron "Asymmetric floating IP notifications" [Medium,New]
21:22:49 <haleyb> that's better
21:23:17 <slaweq> thx :)
21:24:32 <haleyb> i can pick-up based on his response, have not confirmed the notification message on master
21:24:44 <mlavalle> thanks haleyb
21:25:14 <haleyb> and one more that slaweq filed
21:25:16 <haleyb> https://bugs.launchpad.net/neutron/+bug/1838760
21:25:17 <openstack> Launchpad bug 1838760 in neutron "Security groups don't work for trunk ports with iptables_hybrid fw driver" [High,Confirmed]
21:25:49 <tidwellr> hmm
21:26:06 <tidwellr> is it not documented that configuration doesn't work?
21:26:19 <slaweq> tidwellr: I don't think so
21:26:48 <tidwellr> I helped early on with some of that implementation, and we were definitely aware that the iptables_hybrid driver would not work
21:27:33 <mlavalle> a gap in the docs then?
21:27:35 <slaweq> tidwellr: and there is even test https://github.com/openstack/neutron-tempest-plugin/blob/master/neutron_tempest_plugin/scenario/test_trunk.py#L275 which is checking if such connectivity is in fact blocked
21:28:46 <slaweq> tidwellr: mlavalle so maybe I just didn't look for such info in docs because I assumed that if something is in tests, it should works
21:28:56 <tidwellr> I think this may be a long-standing gap in docs, we initially only supported the OVS firewall driver
21:29:20 <haleyb> is it this sentence? "Security rules via iptables
21:29:20 <haleyb> rules is obviously not supported, and never will be."
21:29:48 <haleyb> contributor/internals/openvswitch_agent.rst
21:29:57 <slaweq> haleyb: ha, so it's just matter of test bug than :)
21:30:08 <haleyb> that seems more the spec/implementation though
21:30:30 <tidwellr> how many users are going to read that? :)
21:31:01 <mlavalle> so the bug is really a doc gap
21:31:08 <haleyb> someone would have to confirm that wasn't just a case of my finding a good sentence with 'iptables' in it :)
21:31:08 <slaweq> mlavalle: and test bug
21:31:56 <tidwellr> haleyb: no, your right. That is in line with what I recall working on the initial implementation of trunk ports
21:32:02 <mlavalle> but the test should be there for the ovs fw driver, right?
21:32:42 <slaweq> mlavalle: this is tempest test and it can be run on deployment with any driver configured
21:33:04 <slaweq> so we should probably skip at least this part if there is not supported fw driver used on L2 agents
21:33:06 <tidwellr> mlavalle: trunk tests that check connectivity should be run with the OVS firewall driver
21:33:31 <mlavalle> I think we are all saying the same thing
21:33:50 <haleyb> admin/config-trunking.rst maybe needs the update then, it doesn't mention iptables, and is vague with "If the native OVS
21:33:50 <haleyb> firewall driver is to be used, we recommend that the MAC address of the parent
21:33:50 <haleyb> port be re-used on all subports."
21:34:57 <tidwellr> it would be nice if it were a little more "in your face" that this is an unsupported configuration.....
21:35:04 <slaweq> in this document there is even "Limitations" section https://docs.openstack.org/neutron/latest/admin/config-trunking.html#limitations-and-issues
21:35:12 <slaweq> so IMO it should be mentioned there
21:35:16 <tidwellr> ie fail the port binding or something
21:36:51 <slaweq> tidwellr: so are You saying that there should be an binding error when trying to bind trunk subport with configured SG when agent is using iptables_hybrid fw driver?
21:37:45 <tidwellr> slaweq: something along those lines, just thinking out loud about ways to really make it obvious this isn't supported
21:38:10 <slaweq> tidwellr: ok, understood
21:38:18 <slaweq> so IMO plan for this one would be:
21:38:43 <slaweq> 1. update docs to write this info in more visible place(s) also,
21:39:06 <slaweq> 2. fix tempest test to not run this part (or this test) on unsupported configuration,
21:39:29 <slaweq> 3. Try to do some more "in Your face" change as tidwellr proposed
21:39:34 <slaweq> do You agree?
21:39:38 <mlavalle> yes
21:39:41 <tidwellr> +1
21:40:02 <slaweq> thx, I will update bug with this plan and will take care of it
21:40:11 <mlavalle> cool
21:40:47 <mlavalle> The bugs deputy this week is amotoki
21:40:47 <slaweq> and I will also reduce importance of this bug as it's not high anymore IMO
21:41:06 <mlavalle> and next week it will be tidwellr's turn
21:41:25 <mlavalle> anything else on bugs?
21:41:31 <haleyb> not from me
21:41:43 <mlavalle> moving on
21:41:55 <mlavalle> #topic neutron-lib
21:42:07 <mlavalle> I think boden is off this week
21:42:24 <mlavalle> he is moving his family to Idaho, IIRC
21:43:03 <mlavalle> anything to say about neutron-lib?
21:43:38 <slaweq> there is one topic proposed by bcafarel
21:43:43 <mlavalle> I know
21:43:56 <slaweq> it's related to neutron-lib so I'm just saying :)
21:44:05 <mlavalle> let's move to open agenda
21:44:13 <mlavalle> #topic On-demand agenda
21:45:18 <mlavalle> so bcafarel asked whether we should do neutron-lib backports?
21:46:06 <mlavalle> I haven't seen a strong need to do it, but in specifc cases, like the one mentioned in the topic, I don't see why not
21:46:20 <mlavalle> what do others think?
21:46:23 <slaweq> I'm now looking at neutron-lib tags
21:46:33 <slaweq> and it looks that we did something like that in the past
21:46:45 <slaweq> we have 1.9.0 1.9.1 and 1.9.2
21:47:01 <slaweq> it is in Pike deliverables directory in releases repo
21:47:18 <slaweq> so IMO it shouldn't be any problem to do that
21:47:37 <mlavalle> yeah, that's what I think
21:48:02 <mlavalle> maybe we don't need to do it regularly, but when it is needed, let's do it
21:48:09 <slaweq> +!
21:48:11 <slaweq> +1
21:48:22 <tidwellr> +1
21:48:50 <slaweq> but we should be very careful with what we are backporting
21:49:35 <mlavalle> we should always be careful backporting...
21:49:46 <slaweq> I don't know even what CI jobs will be run for stable branches in neutron-lib
21:51:18 <slaweq> ok, it looks that we have at least tempest-full run on such patches: https://review.opendev.org/#/c/672165/ :)
21:51:27 <slaweq> and tempest-full-py3
21:51:32 <slaweq> so it's not bad :)
21:52:23 <mlavalle> still, let's keep it limited
21:52:36 <slaweq> I agree
21:53:08 <mlavalle> ok
21:53:16 <mlavalle> anything else to discuss today?
21:54:04 <slaweq> just one short heads-up
21:54:12 <slaweq> patch https://review.opendev.org/#/c/666409/ was merged today
21:54:34 <slaweq> so we removed "gateway_external_network_id" config option from neutron
21:55:09 <slaweq> I hope it will not break anything as haleyb expects :P but if You will find anything which may be related, just be aware of this patch :)
21:55:37 <mlavalle> good heads up
21:55:42 <mlavalle> thanks!
21:56:12 <mlavalle> anything else?
21:56:47 <slaweq> not from me
21:56:51 <mlavalle> ok, have a great week!
21:56:56 <mlavalle> thanks for attending
21:57:08 <mlavalle> #endmeeting