18:32:31 <SridarK> #startmeeting Networking FWaaS
18:32:32 <openstack> Meeting started Wed Jun 17 18:32:31 2015 UTC and is due to finish in 60 minutes.  The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:32:34 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:32:36 <openstack> The meeting name has been set to 'networking_fwaas'
18:32:44 <sballe> o/
18:32:46 <badveli> hello all
18:32:52 <SridarK> hi all
18:32:59 <hoangcx> Hi all
18:33:11 <SridarK> #topic Bugs
18:33:13 <badveli> hello sridark
18:33:27 <SridarK> quick recap on bugs
18:33:42 <SridarK> #link https://bugs.launchpad.net/neutron/+bug/1455863
18:33:43 <openstack> Launchpad bug 1455863 in neutron "FWAAS- FW Rule editing puts FW to error state " [Undecided,In progress] - Assigned to vishwanath jayaraman (vishwanathj)
18:33:53 <SridarK> Thanks Vish for addressing all the comments
18:34:14 <SridarK> i think we are good to go on this just waiting on some core attention
18:34:15 <vishwanathj> no problem
18:34:26 <SridarK> vishwanathj: did u have anything to discuss or add
18:34:40 <vishwanathj> no...
18:34:59 <SridarK> vishwanathj: ok cool
18:35:12 <vishwanathj> would be good if amotoki reviewed the test cases
18:35:14 <SridarK> #link https://bugs.launchpad.net/horizon/+bug/1454974
18:35:15 <openstack> Launchpad bug 1454974 in OpenStack Dashboard (Horizon) "FWAAS- FW rules table is asymmetric." [Undecided,New] - Assigned to Kahou Lei (kahou82)
18:35:42 <SridarK> vishwanathj: i think u were not able to recreate this
18:35:42 <vishwanathj> i was not able to see the issue
18:35:47 <vishwanathj> yes
18:36:09 <SridarK> vishwanathj: thx - lets wait on the submitter to confirm - if this is not indeed an issue
18:36:18 <vishwanathj> ok
18:36:32 <SridarK> #link https://bugs.launchpad.net/neutron/+bug/1446074
18:36:41 <openstack> Launchpad bug 1446074 in neutron "FWaaS - Missing tenant_id validation between firewall and firewall_policy in creating/updating firewall" [Low,In progress] - Assigned to Cedric Brandily (cbrandily)
18:36:49 <SridarK> i think this is also ready for core attention
18:37:13 <SridarK> I don't think Cedric is around for any further discussion
18:37:34 <SridarK> #link https://bugs.launchpad.net/neutron/+bug/1465440
18:37:35 <openstack> Launchpad bug 1465440 in neutron "Firewall attribute "Shared" is set to None by default instead of 'False'" [High,Confirmed] - Assigned to vishwanath jayaraman (vishwanathj)
18:37:55 <SridarK> vishwanathj: thx for taking a look
18:38:29 <SridarK> vishwanathj: i added my comments on this - IMO the attribute not getting pushed to the db does look odd
18:38:54 <vishwanathj> would need Sumits input to the bug as well
18:38:59 <SridarK> vishwanathj: will need to dig more on the history - will also wait on Sumit for any more history on this
18:39:02 <SridarK> vishwanathj: yes
18:39:20 <SridarK> vishwanathj: perhaps we can wait on Sumit and then discuss to move forward
18:39:33 <SridarK> vishwanathj: anything else u wanted to discuss
18:39:34 <vishwanathj> i will push a patch and mark it as WIP
18:39:44 <SridarK> vishwanathj: sounds perfect
18:40:12 <SridarK> these were the bugs i had on my radar
18:40:22 <SridarK> any one else had other things that i missed
18:40:33 <yanping> Hi Sridar
18:40:40 <SridarK> yanping: Hi
18:40:49 <yanping> May I ask help for code review: https://review.openstack.org/#/c/190331/
18:41:09 <SridarK> yanping: surely will take a look and request others to look as well
18:41:21 <yanping> thanks a lot
18:41:24 <SridarK> yanping: i think u have made the change on the project
18:41:53 <yanping> yes, I changed bug for project neutron
18:42:04 <SridarK> yanping: perfect
18:42:27 <SridarK> yanping: once a few of us look u can ask for some core attention
18:42:53 <yanping> OK. Thanks.
18:43:09 <SridarK> yanping: np
18:43:41 <SridarK> if there are no other bugs - we can do a quick run of the specs although many people are missing today
18:43:58 <annp> Hello
18:43:59 <SridarK> #topic Traffic direction Spec
18:44:28 <SridarK> #link https://review.openstack.org/#/c/171340/
18:44:45 <SridarK> i don't see slawek around and i know Vikram is out on PTO
18:45:13 <SridarK> i think we just need to close with Cedric on where the new attribute is to be applied
18:45:54 <SridarK> if we can close on that and reach consensus - we are good
18:46:46 <SridarK> Did anyone have anything else to add
18:47:14 <vishwanathj> I have reviewed it and have no further comments
18:47:44 <SridarK> vishwanathj: thx, i think we just need closure on this one aspect
18:48:26 <SridarK> #topic Service Objects/Group
18:48:40 <SridarK> badveli: congrats on the approval
18:48:57 <badveli> thanks sridark
18:49:26 <SridarK> badveli: the floor is yours - would u like to discuss or bring up anything on the feature
18:50:06 <badveli> nothing much as of now, need to work on some scenario tests
18:51:12 <SridarK> badveli: ok ur implementation plan will support this as a common feature that can be reused by other features as well correct ?
18:51:26 <badveli> yes sridark
18:51:47 <badveli> it will be reusable
18:52:05 <SridarK> badveli: cool - may be we can have more discussion in the next mtg if u are ready and comfortable
18:52:23 <badveli> fine with me
18:52:33 <SridarK> badveli: ok great thx
18:52:43 <badveli> thanks
18:52:48 <SridarK> #topic Logging Spec
18:52:56 <hoangcx> Hi Sridark
18:52:59 <SridarK> #link https://review.openstack.org/#/c/132133/
18:53:11 <hoangcx> This is Hoang. I am on behaft of Yushiro
18:53:13 <SridarK> hoangcx: are u covering for yushiro
18:53:25 <SridarK> hoangcx: the floor is yours pls go ahead
18:53:34 <hoangcx> Yeah. Yushiro wants to say "Hi" to Sridrak and all
18:53:56 <hoangcx> May i ask to help with current WIP: https://review.openstack.org/#/c/188340/
18:54:44 <SridarK> hoangcx: surely
18:54:57 <SridarK> hoangcx: we should also close on the spec and get that approved
18:55:11 <SridarK> i know there are some outstanding review comments
18:55:16 <hoangcx> Beside this implementation, new logging API is currently implementing on Neutron
18:56:06 <SridarK> ok, will take a look and also reach out to yushiro to address the comments
18:56:08 <hoangcx> in which we may centralize logging
18:56:09 <SridarK> on the spec
18:56:28 <SridarK> hoangcx: yes that is good and some of the comments are also in relation to this
18:56:30 <hoangcx> Sridark: Yes.
18:56:51 <SridarK> hoangcx: i will take a look at the patch and also request others to look
18:57:07 <hoangcx> About Hitcount function: Now we are under consideration
18:57:11 <SridarK> hoangcx: and we discuss on gerrit as well
18:57:14 <hoangcx> Sridark: Thanks so much
18:57:40 <hoangcx> Sridark: Yes. I see.
18:57:55 <SridarK> hoangcx: no worries - the hit count is something that yushiro and i also discussed at the summit and there was an earlier proposal to integrate with ceilometer
18:58:26 <SridarK> we can also get that moving with Pradeep Kilambi who was looking at ceilometer
18:58:41 <SridarK> hoangcx: sounds good thanks
18:59:00 <SridarK> hoangcx: anything else u would like to add ?
18:59:13 <SridarK> or discuss
18:59:14 <hoangcx> Sridark: enough for me now.
18:59:21 <SridarK> hoangcx: ok thx
18:59:35 <hoangcx> And waiting to get feedback about current implementation and new logging API discussion
18:59:47 <SridarK> hoangcx: yes perfect
19:00:00 <SridarK> #topic SG - FWaaS alignment
19:00:12 <SridarK> #link https://etherpad.openstack.org/p/fwaas_use_cases
19:00:21 <SridarK> xgerman: the floor is yours
19:00:31 <xgerman> thanks
19:01:14 <xgerman> We are still collecting use cases and I also feel the FWaaS is a puzzle in a bigger network security picture with IDS
19:01:26 <xgerman> avtually - end users we talked with mentioned IDS a lot
19:01:43 <xgerman> and DPI
19:02:14 <SridarK> xgerman: yes IDS - is it part of FW or a separate piece can be an interesting discussion
19:02:24 <xgerman> exactly
19:02:37 <mickeys> I hope that DPI can be added to service object/group at some point
19:02:46 <SridarK> xgerman: i guess there can be different views but this is certainly an important piece to pull in
19:02:48 <johnsom> DPI is not IDS though
19:03:05 <xgerman> yep, but I think we need both
19:03:10 <SridarK> mickeys: +1 or as a part of some the classifier discussions
19:03:20 <SridarK> * some of
19:04:00 <SridarK> johnsom: agree - it can be used to drive some the IDS actions
19:04:38 <SridarK> xgerman: also Sameer has added some inputs and i will reach out to him for more discussions as well
19:04:55 <SridarK> if u are not in discussion with him already
19:05:23 <xgerman> no, I have been in some bubble but our plan is to do some broader outreach in the next two weeks
19:05:34 <johnsom> My example I like to use is blocking HTTP Methods other than GET for example.  That is a FW DPI action.
19:06:13 <SridarK> xgerman: sounds good
19:06:50 <SridarK> johnsom: yes and there can be whole host of more application based actions
19:07:32 <sballe> Sridark: Do yu know Sameer's last name?
19:07:50 <xgerman> yeah, I have also seen people doing “on demand” scanning by using SDN rules - and.or put some basic IDS functionality on white box routers
19:07:51 <SridarK> yamahata also had an initial thought for looking at L4 - L7 use cases and along with many of us who were also interested
19:08:01 <SridarK> sballe: Sameer Satyam
19:08:08 <SridarK> from Rackspace
19:08:13 <sballe> ok thx
19:08:16 <xgerman> ok, thx
19:08:17 <SridarK> np
19:09:38 <SridarK> xgerman: i agree this is going to take some time and effort to get all this in
19:10:59 <SridarK> xgerman: , others anything else we want to discuss on this topic ?
19:11:30 <xgerman> Once we have use cases we can prioritize and thing will be better
19:11:40 <SridarK> we can all use the ether pad link above to put use cases and thoughts/comments
19:11:48 <xgerman> +1
19:11:50 <SridarK> xgerman: agreed
19:12:20 <xgerman> that’s all frm me for now
19:12:26 <SridarK> those of us who also wear vendor hats can also reach out to our customers to provide inputs
19:12:32 <SridarK> xgerman: thx
19:12:41 <xgerman> SridarK that would be great!
19:13:08 <SridarK> #topic Open Discussion
19:13:25 <SridarK> other thoughts or things folks would like to bring up pls go ahead
19:14:15 <pc_m> anyone going to the neutron mid-cycle next week?
19:14:32 <SridarK> pc_m: are u going to be there ?
19:14:37 <pc_m> SridarK: yes
19:15:00 <SridarK> pc_m: cool - i am out of office so definitely not going -
19:15:18 <vishwanathj> pc_m, How does one got to the mid-cyle? is it by invitation only?
19:15:26 <pc_m> SridarK: That sounds like a whole lot more fun :)
19:15:27 <xgerman> everybody can go
19:15:31 <SridarK> vishwanathj: no u just sign up
19:15:35 <pc_m> vishwanathj: Anyone can go.
19:15:35 <vishwanathj> ok
19:15:39 <SridarK> pc_m: :-)
19:15:40 <xgerman> yeah, there is an etherpad
19:15:48 <pc_m> #link https://etherpad.openstack.org/p/neutron-liberty-mid-cycle
19:16:07 <vishwanathj> did not know about this...thanks for sharing
19:16:10 <pc_m> It's next Wed-Fri
19:16:44 <SridarK> pc_m: is the focus on the micro versioning ?
19:16:45 <pc_m> great learning experience, with many cores and experienced Neutron folks there.
19:17:13 <pc_m> SridarK: No, actually it's not on the list. The therpad has the agenda.
19:17:20 <pc_m> etherpad
19:17:39 <pc_m> Though they may still work on it some
19:17:44 <SridarK> pc_m: ok never mind stupid q - i should know how to click on a ling :-)
19:17:52 <SridarK> *link
19:17:53 <pc_m> :)
19:18:18 <SridarK> ok cook if nothing else we can try to get back 12 mins to go save the world :-)
19:18:38 <SridarK> The next meeting will be on Jul 1
19:18:43 <pc_m> cool. Thanks SridarK
19:18:58 <SridarK> alright folks have a good one
19:19:01 <SridarK> bye
19:19:08 <sballe> bye
19:19:09 <hoangcx> Thanks for today's discussion and see you in next meeting
19:19:11 <xgerman> bye
19:19:15 <hoangcx> Bye
19:19:19 <badveli> xgerman in your investigation was there a case for east west traffic inspection
19:19:22 <yanping> bye
19:19:27 <SridarK> #endmeeting