#openstack-meeting-alt log

00:01:28 <SridarK> #startmeeting Networking FWaaS
00:01:29 <openstack> Meeting started Thu Apr 21 00:01:28 2016 UTC and is due to finish in 60 minutes.  The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot.
00:01:30 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
00:01:32 <openstack> The meeting name has been set to 'networking_fwaas'
00:01:39 <SridarK> #chair xgerman
00:01:40 <openstack> Current chairs: SridarK xgerman
00:02:13 <SridarK> We can keep it quick today
00:02:30 <SridarK> #topic FWaaS v2
00:03:12 <SridarK> Some updates - i heard back from 2 folks from Juniper (Sarath, Chandan) who will help with contributions this cycle
00:03:22 <mickeys> That is good news
00:03:48 <SridarK> They have already done a Vendor plugin so have some familiarity
00:04:08 <SridarK> and are willing to help out as they get more familiar with the ref implementation
00:04:10 <xgerman> mickeys +!
00:04:18 <SridarK> yes that will help for sure
00:04:35 <SridarK> I think Chandan will be at Austin so we can meet up and sync
00:05:05 <SridarK> mickeys: did u have any luck with adding some one from IBM ?
00:05:50 <mickeys> Not so far. I am not 100% done checking around, but it looks like other than 50% of my time, which is not confirmed yet either, at best it is one person in their free time.
00:06:06 <SridarK> mickeys: ok
00:06:09 <mickeys> I will confirm how much I can put in during the Austin meeting, before Wednesday
00:06:25 <SridarK> mickeys: sure understand
00:06:29 <xgerman> k
00:07:00 <SridarK> it will be good if we have a firm set of contributors over next week
00:07:51 <SridarK> hoangcx: pls let us know if u have some bandwidth as well
00:08:25 <hoangcx> SridarK: yes. i will at Austin and will discuss about that
00:08:32 <SridarK> hoangcx: ok thx
00:08:44 <xgerman> awesome
00:08:55 <hoangcx> please give me a little bit of time to internal sync
00:09:05 <SridarK> hoangcx: sure
00:09:21 <SridarK> xgerman: anything else to discuss on this
00:09:38 <xgerman> nothing from our end
00:09:52 <SridarK> #topic reviews
00:10:59 <SridarK> #link https://review.openstack.org/#/c/300960/
00:11:11 <SridarK> mickeys: thanks for getting on this
00:11:36 <mickeys> The addition of ip_version is clearly a good thing
00:11:39 <hoangcx> yeah. my co-worker has already updated as xgerman and mickeys comments
00:11:50 <SridarK> xgerman: has looked at it and i am also looking at it - and i am good with this
00:12:14 <xgerman> yeah, my comments were pretty minor :-)
00:12:17 <mickeys> The question is whether we think it is worth stepping through the conntrack list to find the IP addresses in conntrack entries and add that to the filter. It is an interesting, and the implementation seems clean. It is a judgement call whether we think it is worth it.
00:12:19 <SridarK> i just want to be sure on the tests as well
00:12:36 <tuhv> Sridark: Thank you
00:12:54 <SridarK> tuhv: thanks for the patch
00:13:06 <mickeys> tuhv: Thanks for turning it around quickly
00:13:11 <tuhv> I will write the unittest with address
00:13:12 <SridarK> +1
00:13:19 <SridarK> tuhv: ok great
00:14:40 <SridarK> tuhv: if u would like to discuss something here pls go ahead - or we can pick it up on gerrit as well
00:14:57 <tuhv> Thank you verry much
00:15:18 <SridarK> tuhv: mickeys: has been spending a lot of time on iptables so it is valuable to get his inputs on it
00:15:25 <tuhv> I would like to ask about my idea
00:15:29 <SridarK> so i think we are good on this
00:16:13 <hoangcx> SridarK: i am thinking about that too. let me syns something and inform to you in Austin :)
00:16:21 <mickeys> It will take some time to step through conntrack entries. It does narrow the filter quite a bit. The judgement call is whether we think it is worth stepping through conntrack entries, or whether it might become a scale problem if the conntrack table gets too large. It is not immediately obvious to me which way to go.
00:16:58 <tuhv> But I think it is better when we reduce Linux commands call
00:17:37 <mickeys> If we want to filter IP addresses, your idea seems to be a good way to do it
00:17:50 <mickeys> The question is whether we should take your latest code or just drop the idea of filtering on IP address
00:18:20 <tuhv> mickeys: Thanks,
00:18:28 <tuhv> I think we should take the lastest
00:18:54 <tuhv> Base on my idea, we can reduce Linux commands
00:19:09 <mickeys> Agreed
00:19:36 <tuhv> And the extract data on entries table is no problem running
00:19:54 <mickeys> The question is how big that table can get, and whether it will take too long to do the processing
00:20:14 <hoangcx> mickeys: In the initial (before your comment), the patch drop the idea if filtering on ip address. because it doesn't effect to anything.
00:20:18 <tuhv> Even the entries table is so large, I reduce by other filters like port, ipversion
00:20:43 <mickeys> tuhv: The filter part is all good
00:21:15 <tuhv> mikeys: when the big table, I have filtered with other filters
00:21:20 <SridarK> tuhv: do u have a sense on the performance if u have a large table ?
00:21:40 <mickeys> The options are either the latest patch, or revert to the previous patch plus the ip_version addition from the latest patch, dropping the IP address filters
00:22:10 <hoangcx> mickeys: in my opinion, we should keep previous patch with no ip address filtering.
00:22:26 <SridarK> i think that seems a reasonable first step
00:22:38 <mickeys> That might be safer. Sorry for sending you down a path that is too dangerous.
00:23:12 <hoangcx> mickeys: no worry :-) appreciate that
00:23:20 <tuhv> mickeys: Thank you, No worry
00:23:38 <SridarK> good i think we have a path fwd
00:23:45 <SridarK> thx
00:24:16 <SridarK> #topic Open Discussion
00:24:36 <SridarK> Perhaps we can set a time to meet up at Austin
00:24:52 <hoangcx> +1
00:26:18 <SridarK> #link https://www.openstack.org/summit/austin-2016/summit-schedule/events/9109
00:26:57 <SridarK> i think we can indicate that we have a path fwd on v2
00:27:07 <SridarK> this would be our main focus to deliver this for N
00:27:13 <mickeys> +1
00:27:55 <xgerman> +1
00:28:06 <SridarK> xgerman: or i will start an email to figure out time/place to meet
00:28:21 <xgerman> sounds good
00:28:35 <xgerman> also keep in mind the Common Classifier People want to meet as well
00:28:41 <SridarK> xgerman: +1
00:28:55 <mickeys> Monday is relatively free. Not yet sure what Tuesday looks like.
00:29:10 <SridarK> I think Mon works for me too
00:29:28 <SridarK> we figure out specifics on email
00:29:34 <xgerman> I arrive Sunday… but Monday would work
00:30:11 <mickeys> Maybe we need to give that underused openstack-fwaas IRC channel a spin when we are in Austin?
00:30:24 <hoangcx> Monday is ok for me except slot from 1h00-2h00 pm
00:30:40 <SridarK> ok
00:30:53 <xgerman> mickeys lol - yeah
00:31:13 <SridarK> ok good,  anything else any one ? Or we can close out
00:32:46 <SridarK> ok have a good one and safe travels to Austin
00:32:53 <SridarK> #endmeeting