00:01:54 <sc68cal> #startmeeting networking_fwaas
00:01:54 <openstack> Meeting started Thu Apr  7 00:01:54 2016 UTC and is due to finish in 60 minutes.  The chair is sc68cal. Information about MeetBot at http://wiki.debian.org/MeetBot.
00:01:55 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
00:01:56 <SridarK> not sure if xgerman: will join -  he is on PTO
00:01:58 <openstack> The meeting name has been set to 'networking_fwaas'
00:02:42 <sc68cal> So, the main thing is the mailing list thread that Armando sent about the status of our bp
00:02:50 <SridarK> +1
00:03:06 <SridarK> we should take a step and have a plan in place
00:03:44 <SridarK> some thoughts: 1) re propose the spec as is
00:03:50 <SridarK> for N
00:04:14 <SridarK> 2) Get out an L3 port implementation
00:04:16 <sc68cal> #chair SridarK
00:04:17 <openstack> Current chairs: SridarK sc68cal
00:04:57 <SridarK> 3) mickeys - i think u already started looking at some iptables - FWaaS - SG coexistence issues
00:05:04 <SridarK> we can flush those out
00:05:19 <SridarK> 4) we can get in the VM port stuff as phase 2
00:05:37 <SridarK> perhaps we can discuss this and have a plan around this
00:05:47 <SridarK> or other options
00:05:48 <mickeys> I don't think that an L3 port implementation gets us somewhere quicker. The big change from the existing FWaaS functionality is the ability to attach multiple firewall groups to the same port. I think once you do that work, L3 is not less work.
00:06:18 <SridarK> mickeys: well - i think we want to make sure that we dont break anything on the SG interaction
00:06:18 <mickeys> Moreover L3 is busted for both DVR and OVN, with the exception of the router's external gateway poert
00:06:51 <SridarK> it is more abt making sure that we are careful on that
00:07:36 <SridarK> But at least we would have taken some baby steps to having something in place
00:07:54 <mickeys> While I would like to get some prototyping done before the Austin summit around SG coexistence, I am skeptical that I will find the time before then. Still checking around internally to see if I can get someone to help me for the next couple of weeks.
00:08:09 <SridarK> ok sounds good
00:08:24 <SridarK> if there are some folks who can help that will be good
00:08:39 <SridarK> i am also reaching out to others who may want to pick up some pieces
00:09:44 <mickeys> It seems to me like the bigger issue is not the plan, but the commitments from enough resources to carry out the plan
00:09:56 <SridarK> mickeys: yes the plan with commitment
00:10:38 <SridarK> i think no one can be full time and we have things that come up on internal stuff and conflicting priorities
00:10:39 <mickeys> The mailing list thread was asking for responses by the end of the week, which is a little tight on my side
00:10:53 <SridarK> ok
00:11:13 <SridarK> understand
00:12:05 <SridarK> sc68cal: on the spec, do we just get Aish to re propose this ?
00:12:22 <sc68cal> yeah I guess just a git mv op and then push it up to gerrit
00:13:15 <SridarK> ok
00:13:16 <sc68cal> I'll probably be removing myself from the core team shortly - but I can maybe +2 it as a last action
00:13:37 <SridarK> sc68cal: i wish u would reconsider and find some bandwidth
00:13:55 <SridarK> sc68cal: i know u have been sucked into other things
00:14:10 <sc68cal> I do too, but I'd rather be honest and say that I can't do it then keep promising and not deliver
00:14:38 <SridarK> understand
00:14:57 <SridarK> lets have a sync along with xgerman when he is back
00:15:41 <sc68cal> k
00:16:24 <SridarK> anything else on v2 ?
00:16:58 <SridarK> mickeys: would appreciate if u can find out if some one else can help on ur end
00:17:33 <mickeys> SridarK: Trying to check internally, but the manager that I really need is out this week. I need to see if I can find her during the next couple of days.
00:18:07 <SridarK> mickeys: ok good - we can sync up offline as well
00:18:35 <SridarK> #topic reviews
00:19:10 <SridarK> on the observer hierarchy really trying to see if we can move this fwd
00:19:24 <SridarK> #link https://review.openstack.org/#/c/278863/
00:19:44 <SridarK> i think the changes need more work - i have outlined a possible approach
00:19:56 <SridarK> will need to ping the submitter again
00:23:17 <SridarK> #link https://review.openstack.org/#/c/300960/
00:23:34 <SridarK> mickeys: maybe u could take a look at this when u can
00:24:38 <mickeys> OK. It does not seem simple at first glance.
00:25:24 <SridarK> yes touching conntrack can be tricky
00:25:42 <SridarK> i thought u are the best person to take a look at this
00:27:02 <SridarK> i did not have anything else on reviews
00:27:27 <SridarK> #topic vendor decomp
00:27:58 <SridarK> i heard back from vArmour and they will remove their driver by N-2
00:28:05 <SridarK> still waiting on vyatta
00:28:19 <SridarK> on cisco - we will remove it as well by N-2
00:28:39 <SridarK> on McAfee - will need to follow up on this
00:29:17 <SridarK> that is basicall the vendors that are in tree now
00:29:35 <SridarK> #topic Open Discussion
00:29:45 <SridarK> I did not have much else to discuss
00:30:14 <SridarK> Any one else have something to bring up ?
00:31:47 <SridarK> sc68cal: shall we close out ?
00:31:55 <sc68cal> yeah sounds good
00:32:52 <SridarK> Bye all
00:32:54 <SridarK> #endmeeting