18:31:29 #startmeeting Networking FWaaS 18:31:30 Meeting started Wed Apr 29 18:31:29 2015 UTC and is due to finish in 60 minutes. The chair is SumitNaiksatam. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:31:31 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:31:34 The meeting name has been set to 'networking_fwaas' 18:32:22 #info the liberty release schedule was posted: #link https://wiki.openstack.org/wiki/Liberty_Release_Schedule 18:32:38 please take note 18:32:52 any other announcements? 18:33:43 #topic Bugs 18:34:06 yoshiro had posted a couple of bugs and patches 18:34:19 #link https://bugs.launchpad.net/neutron/+bug/1446074 18:34:19 Launchpad bug 1446074 in neutron "FWaaS - Missing tenant_id validation between firewall and firewall_policy in creating/updating firewall" [Undecided,In progress] - Assigned to Yushiro FURUKAWA (y-furukawa-2) 18:34:27 the above looks good to me 18:34:35 #link https://bugs.launchpad.net/neutron/+bug/1447435 18:34:35 Launchpad bug 1447435 in neutron "FWaaS - Missing port-range validation for firewall-rule" [Undecided,In progress] - Assigned to Yushiro FURUKAWA (y-furukawa-2) 18:34:56 i thouhgt we were already validating the above, so i need to check the patch more carefully 18:35:06 I had email exchange with Yishiro on bug repr steps a while back... 18:35:34 vishwana_: yeah, i believe you are referring to 1446074 18:35:48 Yes, Looks like he has updated instructions in the bug now, I need to go try it out 18:35:59 SumitNaiksatam: that was my understanding too - i think we discussed this in the context of insertion as well 18:36:29 any other bugs on the implementation side that we need to discuss? 18:36:51 SumitNaiksatam: nothing else critical that i noticed 18:37:06 oh this one #link https://bugs.launchpad.net/neutron/+bug/1448439 18:37:06 Launchpad bug 1448439 in neutron "fwaas iptables driver does not work with plugins without DVR support" [High,In progress] - Assigned to Akihiro Motoki (amotoki) 18:37:09 but i already reviewed it 18:37:09 I saw Akihiro push 18:37:12 ok 18:37:14 needs one more core 18:37:15 u got it :-) 18:37:29 SridarK: :-) 18:38:29 moving on to docs - this one is still pending #link https://bugs.launchpad.net/openstack-api-site/+bug/1425658 18:38:29 Launchpad bug 1425658 in openstack-api-site "FWaaS needs WADL doc to be available in the API reference" [High,In progress] - Assigned to Sumit Naiksatam (snaiksat) 18:38:39 SumitNaiksatam: i finally got this going 18:38:55 SridarK: okay great 18:39:03 SumitNaiksatam: i am making changes to address pc_m's comments 18:39:19 SumitNaiksatam: i think i finally understood the layout of this :-( 18:39:22 SridarK: ah okay, i was actually going to address that today 18:39:38 So i will address his 2nd comment for the params 18:39:54 then i will address his first comment for policy and rules 18:40:00 SridarK: you mean update this one: #link https://review.openstack.org/#/c/170733/8/api-ref/src/wadls/netconn-api/src/os-fwaasv2.0-ext.wadl 18:40:19 yes we need to add some more stuff into common.ent 18:40:29 and then update the above 18:40:31 SridarK, SumitNaiksatam, sorry have not had a chance to work on 1425658...I maybe able to contribute from Monday next week though 18:40:58 SridarK: yeah, that one is slightly less painful 18:41:06 vishwana_: sure, np 18:41:42 SumitNaiksatam: but sigh - i think there is some automation here - but don't know - unfortunately i was out last week and i was going to catch pc_m this week but he is out 18:41:50 but this is finally moving 18:41:59 SridarK: okay 18:42:02 will shoot to get a patch out today 18:42:16 SridarK: have you already on: #link https://review.openstack.org/#/c/170733/8/api-ref/src/wadls/netconn-api/src/os-fwaasv2.0-ext.wadl ? 18:42:57 SumitNaiksatam: updates there first will take care of Firewall resource 18:43:10 then do policy and rules 18:43:35 pc_m had a comment on the param being used - i believe i have fixed that now 18:43:54 SridarK: okay, if you have already started working on that, then i wont work on that 18:43:55 &svcListResponse 18:44:15 the more tricky one though is adding something similar to: #link https://review.openstack.org/#/c/167609/8/api-ref/src/wadls/netconn-api/src/common.ent 18:44:26 SumitNaiksatam: yes - i will do this - apologies should have gotten this down earlier 18:44:33 is that the one you are referring to? 18:44:38 SumitNaiksatam: yes 18:44:54 we need to describe all the attributes in the message 18:44:54 so to step back - we have to do two updates: 18:45:07 SumitNaiksatam: yes 18:45:09 (1) we need to add operations to #link https://review.openstack.org/#/c/170733/8/api-ref/src/wadls/netconn-api/src/os-fwaasv2.0-ext.wadl 18:45:17 SumitNaiksatam: yes 18:45:33 (2) we need to add content similar to #link https://review.openstack.org/#/c/167609/8/api-ref/src/wadls/netconn-api/src/common.ent (in the context of FWaaS0 18:45:43 SumitNaiksatam: exactly 18:45:50 for the attributes/parameters 18:45:52 SridarK: so you have currently touched both? 18:46:08 I am working thru (2) first 18:46:19 then in can refer to that in (1) 18:46:36 and also add methods for policies and rules in (1) 18:46:48 SridarK: ah okay, i was thinking that i would have been able to do (1) independent of (2), perhaps not 18:47:04 SridarK: lets sync up offline on this 18:47:07 SumitNaiksatam: that may be possible - we can discuss more offline 18:47:11 yes :-) 18:47:16 :-) 18:48:03 i think that covers the bugs 18:48:06 In general for bugs, we should review to see if bug authors have provided adequate issue repro steps to make the review go through smoother and faster 18:48:22 vishwana_: +1 18:48:36 #topic Liberty Features 18:49:14 as a logistical note - we need to update #link https://wiki.openstack.org/wiki/Meetings/FWaaS#Liberty_Charter 18:49:39 i made some preliminary updates in the blueprints section 18:49:51 as a team we need to further populate it 18:50:08 SumitNaiksatam: nice 18:50:11 also kindly update the vendor blueprints section 18:50:48 just fixed the broken link for fwaas rules 18:50:54 directions 18:51:00 is slawek here? 18:51:28 i think we owe him a vote on this, it seemed fine the last we discussed it in this meeting 18:51:58 SumitNaiksatam: yes - i am basically good on this - i had responded to him on email he had sent me 18:52:05 SridarK: great 18:52:10 will review and vote on that BP this week 18:52:29 badveli1: if you have an updated patch for your “service objects” spec, please update the wiki page #link https://wiki.openstack.org/wiki/Meetings/FWaaS#Blueprint_Tracking 18:52:39 sumit i am trying to figure out on the link 18:52:47 badveli1: thanks 18:53:01 that mentions how to move over the same spec to liberty 18:53:04 SridarK: are you planning to repurpose the earlier zones spec, and repost it? 18:53:14 SumitNaiksatam: yes i will do that 18:53:22 badveli1: i already sent you the email about how to repurpose 18:53:31 repurpose -> move 18:53:52 thanks sumit, yes i am referring to it, 18:53:53 badveli1: i forwarded the email to you about a couple of weeks back i think 18:54:20 badveli1: ah ok, thought you were saying you were still trying to find the email 18:54:36 no thanks sumit for the link 18:54:53 vishwana_: i believe last meeting you mentioned you wanted to post a spec on refactoring for the notifications? 18:55:02 it was not very straight forward/ trying to understand more on this 18:55:30 SumitNaiksatam, you mean the FirewallService object right? 18:55:42 vishwana_: yeah 18:55:59 ok, thanks for the reminder, will try to get a draft out sometime next week 18:57:17 vishwana_: thanks, if i recall pcm was also interested in collaborating on this 18:57:37 will reach out to him next week, since he is out this week 18:57:42 vishwana_: thanks 18:57:53 what other features are we planning? 18:58:28 SumitNaiksatam: yushiro mentioned there were somethings he was considering - will ping him too 18:58:32 Is enhancing FWaaS API to L4-7 the scope of Liberty? 18:58:52 yamahata: hi, thanks for joining 18:58:59 SumitNaiksatam: hi. 18:59:10 yamahata: i dont see why it should not be 18:59:39 yamahata: if there is interest at your end in pushing forward with the spec and implementation, that would be great 18:59:48 Sure. 19:00:03 SumitNaiksatam: iptables does it support this kind of functionality 19:00:04 does anyone else in the team have thoughts on this 19:00:10 yamahata: there is considerable interest on this for sure - i think finding an open source implementation etc were some challenges 19:00:11 with spec, we can argue common denominator or vendor specific api 19:00:17 yamahata: i am happy to help on this too 19:00:20 badveli1: SridarK: good points 19:00:38 L4-7 was a part of our original manifesto 19:00:45 badveli1: i think Yi mentioned interest on this as well 19:00:50 SridarK: Yeah. and blob api was rejected as evil. 19:00:59 :-) 19:01:09 but, like badveli1 and SridarK mentioned, one of the reasons it hasnt progressed is to find the right open source backend to support this 19:01:30 yamahata: good that u brought this up - this will be a good discussion to have 19:02:08 yamahata: have you indentified what would be the reference implementation for these features? 19:02:29 SumitNaiksatam: Unfortunately no. 19:02:55 yamahata: okay 19:03:39 FWaaS service insertion is important topic. On the other hand, several parties are interested in service function chaining. 19:03:45 Do we want to cope with them? 19:03:58 yamahata: +1 19:04:07 yamahata: as for insertion, we already have some form of that 19:04:22 in the context of providing the router context 19:06:17 please also keep in mind the design summit etherpad for neutron: #link https://etherpad.openstack.org/p/liberty-neutron-summit-topics 19:06:59 #topic Vendor drivers 19:07:17 any concerns on this front that we need to discuss? 19:07:40 #topic Functional Tests 19:07:55 badveli1: you mentioned you were looking at this, any update to share with the team? 19:08:31 yes sumit, as i had mentioned we use the exec on the name space 19:08:52 to generate traffic and check if the functionality works 19:09:20 badveli1: okay 19:10:06 so are you planning to implement a test with that knowledge? 19:10:31 yes sumit, as you had mentioned we will have this in liberty correct? 19:11:14 badveli1: yes, liberty is already open (has been for sometime now), so please feel free to post a patch if you have one (it could be WIP to begin with) 19:11:48 fine sumit 19:11:53 badveli1: thanks 19:12:07 thanks sumit 19:12:10 we are missing pcm today for the discussion on this :-) 19:12:31 SridarK: any updates on the integration tests (for testing the insertion)? 19:12:59 SumitNaiksatam: Nikolay will be doing more - when he is back from PTO 19:13:32 SridarK: ah ok 19:13:39 #topic Open Discussion 19:14:04 SumitNaiksatam: so we will plan for a meetup of FWaaS folks at Vancouver ? 19:14:12 if there is enough interest we can create a separate etherpad for FWaaS topics to discuss in the summit 19:14:20 SridarK: ah right on cue :-) 19:14:30 :-) 19:14:41 SridarK: we should definitely 19:15:18 badveli1: are u going to be there ? 19:15:21 or Yi ? 19:15:22 SridarK, do you mean a social meetup? 19:15:32 no we are not going to be there 19:15:43 but wish you all the best 19:15:47 badveli1: oh thats a big bummer! 19:15:48 vishwana_: no - white board, 19:15:54 ok, sure 19:16:02 badveli1: oh thats bad 19:16:04 let me know if you need any help 19:16:08 badveli1: so not even Yi or Gary planning to be there? 19:16:15 no sumit 19:16:20 badveli1: ah ok 19:16:37 let me know if you need any help before summit 19:17:07 badveli1: sure 19:17:17 anything else we need to discuss today? 19:17:29 SumitNaiksatam: nothing else from me 19:17:35 SridarK: okay 19:17:46 thanks all for joining! 19:17:48 bye 19:17:51 bye 19:17:54 bye all 19:17:54 bye all 19:17:55 #endmeeting