| *** yamamoto has quit IRC | 01:52 | |
| *** yamamoto has joined #openstack-fwaas | 01:57 | |
| *** yamamoto has quit IRC | 01:57 | |
| *** AlexeyAbashkin has joined #openstack-fwaas | 02:08 | |
| *** AlexeyAbashkin has quit IRC | 02:12 | |
| *** yamamoto has joined #openstack-fwaas | 02:25 | |
| *** yamamoto has quit IRC | 02:28 | |
| *** AlexeyAbashkin has joined #openstack-fwaas | 03:09 | |
| *** AlexeyAbashkin has quit IRC | 03:13 | |
| *** yamamoto has joined #openstack-fwaas | 03:29 | |
| *** yamamoto has quit IRC | 03:32 | |
| *** yamamoto has joined #openstack-fwaas | 03:32 | |
| *** yamamoto has quit IRC | 03:47 | |
| *** yamamoto has joined #openstack-fwaas | 03:50 | |
| *** yamamoto has quit IRC | 05:59 | |
| *** eN_Guruprasad_Rn has joined #openstack-fwaas | 06:01 | |
| *** yamamoto has joined #openstack-fwaas | 06:05 | |
| *** yamamoto has quit IRC | 06:09 | |
| *** threestrands has quit IRC | 06:10 | |
| *** yamamoto has joined #openstack-fwaas | 07:09 | |
| *** yamamoto has quit IRC | 07:18 | |
| *** yamamoto has joined #openstack-fwaas | 07:32 | |
| *** annp has joined #openstack-fwaas | 07:34 | |
| *** yamamoto has quit IRC | 07:43 | |
| *** AlexeyAbashkin has joined #openstack-fwaas | 08:06 | |
| *** yamamoto has joined #openstack-fwaas | 08:43 | |
| *** yamamoto has quit IRC | 08:51 | |
| *** doude has joined #openstack-fwaas | 08:54 | |
| *** yamamoto has joined #openstack-fwaas | 09:17 | |
| *** yamamoto has quit IRC | 09:25 | |
| *** yamamoto has joined #openstack-fwaas | 09:37 | |
| *** yamamoto has quit IRC | 09:43 | |
| *** annp has quit IRC | 10:23 | |
| *** yamamoto has joined #openstack-fwaas | 10:37 | |
| *** yamamoto_ has joined #openstack-fwaas | 11:45 | |
| *** yamamoto has quit IRC | 11:48 | |
| *** yamamoto_ has quit IRC | 12:02 | |
| *** eN_Guruprasad_Rn has quit IRC | 12:49 | |
| *** eN_Guruprasad_Rn has joined #openstack-fwaas | 12:57 | |
| *** yamamoto has joined #openstack-fwaas | 13:02 | |
| *** yamamoto has quit IRC | 13:09 | |
| *** annp has joined #openstack-fwaas | 13:37 | |
| *** chandanc has joined #openstack-fwaas | 14:00 | |
| xgerman_ | o/ | 14:01 |
|---|---|---|
| annp | hi xgerman | 14:01 |
| chandanc | Hello all | 14:01 |
| *** SridarK has joined #openstack-fwaas | 14:01 | |
| SridarK | Hi FWaaS folks | 14:02 |
| chandanc | Hello SridarK | 14:03 |
| SridarK | Hi chandanc | 14:03 |
| SridarK | not sure if we will have turnout today | 14:04 |
| chandanc | xgerman_: annp are here | 14:04 |
| xgerman_ | we are quite a few | 14:04 |
| *** reedip_ has joined #openstack-fwaas | 14:04 | |
| annp | hi chandanc :) | 14:04 |
| chandanc | Hello annp | 14:04 |
| SridarK | #startmeeting fwaas | 14:05 |
| openstack | Meeting started Thu Nov 23 14:05:02 2017 UTC and is due to finish in 60 minutes. The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot. | 14:05 |
| openstack | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 14:05 |
| *** openstack changes topic to " (Meeting topic: fwaas)" | 14:05 | |
| openstack | The meeting name has been set to 'fwaas' | 14:05 |
| SridarK | #chair xgerman_ | 14:05 |
| openstack | Current chairs: SridarK xgerman_ | 14:05 |
| SridarK | we did say we can have a very quick mtg eventhough it is local holiday in the US and Japan | 14:05 |
| *** yamamoto has joined #openstack-fwaas | 14:05 | |
| xgerman_ | yeah, let’s keep it brief | 14:05 |
| chandanc | sure | 14:06 |
| annp | +1 | 14:06 |
| SridarK | chandanc: thx for the patches | 14:06 |
| xgerman_ | +1 | 14:06 |
| chandanc | SridarK: xgerman_ thanks | 14:06 |
| chandanc | i think you guys can join the reviewrs | 14:06 |
| annp | chandanc: thanks for discussion on the patch. :) | 14:06 |
| chandanc | i can add you | 14:06 |
| chandanc | ya annp | 14:06 |
| SridarK | chandanc: +1 | 14:06 |
| xgerman_ | +1 | 14:06 |
| SridarK | will look thru it | 14:06 |
| xgerman_ | same here | 14:07 |
| chandanc | me and annp are having some discussion on the design | 14:07 |
| SridarK | ok | 14:07 |
| chandanc | So i have one update | 14:07 |
| chandanc | on the driver front | 14:07 |
| SridarK | pls go ahead | 14:07 |
| chandanc | i found it difficult to test the different combination of driver with full openstack setup | 14:08 |
| chandanc | so here is a simulator for the same | 14:08 |
| chandanc | https://bitbucket.org/xchandan/fwaas-test-sim/src | 14:08 |
| chandanc | you should be able to test it quite easily with the script | 14:08 |
| xgerman_ | can we include that in our zuul test suite? | 14:08 |
| chandanc | :) sure | 14:09 |
| chandanc | but i need your feed backs first | 14:09 |
| xgerman_ | ok | 14:09 |
| chandanc | i am using it to verify if i am on the right path | 14:09 |
| chandanc | here is a small demo | 14:09 |
| chandanc | https://youtu.be/cuU4duzpCDg | 14:09 |
| annp | chandanc: nice! | 14:10 |
| chandanc | annp: yes it is saving me some time | 14:10 |
| xgerman_ | yeah, we should add it to our github | 14:10 |
| SridarK | chandanc: interesting so u run ur driver in the simulator | 14:10 |
| *** yamamoto has quit IRC | 14:10 | |
| chandanc | yes, it can run SG/FWAAS/BOTH/NONE drivers | 14:11 |
| chandanc | we can play with all combination and verify if things are correct | 14:11 |
| SridarK | chandanc: nice - i will tak a look | 14:11 |
| chandanc | sure | 14:11 |
| SridarK | anything else u want to bring up for discussion | 14:12 |
| annp | chandanc, great idea. I like it. | 14:12 |
| SridarK | chandanc: annp: ^^ on the driver, coexistence | 14:12 |
| chandanc | I checked the coexistence it works as per expectation | 14:13 |
| reedip_ | o/ | 14:13 |
| SridarK | reedip_: hi | 14:13 |
| chandanc | but ofcource you can easily veify | 14:13 |
| SridarK | chandanc: ok | 14:13 |
| annp | regarding to co-existence: I think I and chandanc are almost same page now. | 14:14 |
| SridarK | annp: ok good | 14:14 |
| chandanc | ya mostly, annp. | 14:14 |
| SridarK | although i really wonder if it will be an actual use case except during transition | 14:14 |
| *** eN_Guruprasad_Rn has quit IRC | 14:14 | |
| chandanc | SridarK: +1 | 14:14 |
| SridarK | i see people using either fwaas or SG for L2 | 14:15 |
| SridarK | but it is important that we ensure that it works if for any reason someone wants both | 14:15 |
| xgerman_ | I can see people until we have strata give SG to users and use FW for admin | 14:15 |
| SridarK | xgerman_: yes good point for admin level enforcement | 14:16 |
| SridarK | On my side, i will finish the review and test for the L2 Agent PS and have that completed shortly | 14:17 |
| SridarK | if nothing else to discuss we can wrap up quickly | 14:18 |
| annp | SridarK: I have once | 14:18 |
| SridarK | sure go ahead annp | 14:18 |
| annp | chandanc, Regarding to port_security_enableb attr Do you want to support port no security on fwg right? | 14:19 |
| chandanc | yes annp i would like to have that supported on FWG | 14:20 |
| SridarK | i think we will need to follow that like SG | 14:20 |
| chandanc | i agree | 14:20 |
| annp | chandanc, ok. I can update it. | 14:21 |
| chandanc | This is very much required for cases like NFV /VNF | 14:21 |
| annp | Regarding to rule ordering: I'd like to generate priority for each rule base position of fwg rule | 14:22 |
| xgerman_ | yes, we will need that as well | 14:22 |
| SridarK | +1 | 14:22 |
| annp | do you think so chandanc? | 14:23 |
| chandanc | +1 i think SG is also trying to do some thing similar | 14:23 |
| xgerman_ | SG doesn’t need an order since they don’t deny | 14:23 |
| annp | in SG case: they don't care about rule order | 14:24 |
| xgerman_ | +1 | 14:24 |
| annp | xgerman_ yeah | 14:24 |
| SridarK | yes but FWaaS this is mandated as we have done | 14:24 |
| SridarK | earlier too | 14:24 |
| chandanc | hmm, oh ok. The current implementation in FWAAS driver is to process the rule in order in policy | 14:25 |
| chandanc | but the position is the correct way to go | 14:25 |
| annp | chandanc: +1 thank. That's all from me | 14:26 |
| chandanc | i dont know if the agent, sends a ordered list of rule to the driver by position | 14:26 |
| chandanc | sure annp | 14:26 |
| SridarK | we do track the position implicitly | 14:27 |
| chandanc | i think so, but need confirmation from yushiro | 14:27 |
| annp | chandanc, SridarK, from my understanding, each rule has 'position' attr, right? | 14:27 |
| chandanc | is there a range for the position ? | 14:28 |
| SridarK | +1 yes we do track it | 14:28 |
| chandanc | or is it a free flow number ? | 14:28 |
| SridarK | inserts are done before _or_ after a rule | 14:28 |
| SridarK | i forget exactly the specifics in the db | 14:29 |
| SridarK | but we can assume it is done - i will double check that | 14:29 |
| chandanc | ok sure | 14:29 |
| SridarK | anything else to discuss if not we can call it a wrap | 14:30 |
| annp | +1 I will confirm with yushiro tomorrow. | 14:30 |
| chandanc | sure annp | 14:31 |
| xgerman_ | ok, I have one question - I was dabbling with #link https://review.openstack.org/#/c/521207/ | 14:31 |
| chandanc | I dont have any more on my side | 14:31 |
| SridarK | xgerman_: +1 great u got that going | 14:31 |
| xgerman_ | and extending the API — I am not sure we released V2 so I can extend without writing an explicit extension | 14:31 |
| xgerman_ | see comment https://review.openstack.org/#/c/521196/4/neutron_lib/api/definitions/firewall_v2.py | 14:32 |
| *** eN_Guruprasad_Rn has joined #openstack-fwaas | 14:32 | |
| xgerman_ | I don’t recall locking our API | 14:33 |
| SridarK | xgerman_: i am not sure how that works - given that we have been in neutron lib for a few releases now - i would think that would imply being released | 14:34 |
| SridarK | is there something else to indicate that we are freezing or locking our API | 14:34 |
| SridarK | since we have the same API for L3 as well | 14:35 |
| xgerman_ | a stable tag on it | 14:35 |
| SridarK | hmm ok | 14:35 |
| SridarK | so worst case we need an extension addedf | 14:35 |
| SridarK | *added | 14:35 |
| xgerman_ | yes, I just want to make sure we have our story straight | 14:36 |
| SridarK | yes correct agreed | 14:36 |
| chandanc | xgerman_: does this mean extension to neutron ? | 14:38 |
| SridarK | we probab need some clarification from some folks in neutron on the next step for it | 14:38 |
| xgerman_ | yeah, I know how extension work + there is always talk about microversioning | 14:38 |
| xgerman_ | https://developer.openstack.org/api-ref/network/v2/ is confuding since only LBaaS V2 is STABLE | 14:39 |
| annp | xgerman_: +1 | 14:39 |
| SridarK | the holy grail of microversioning :-) | 14:39 |
| xgerman_ | ok, that was all from me | 14:41 |
| SridarK | ok then lets pick it up next week | 14:42 |
| chandanc | sure | 14:42 |
| annp | I can help if we need a neutron extension. Because i have some experence on that with logging extension. :) | 14:42 |
| SridarK | +1 same here but xgerman_ u proab went thru it for lbaas too | 14:43 |
| xgerman_ | yes, no worries — I just find it annoying | 14:43 |
| SridarK | once u know how to do it - it is easy | 14:43 |
| SridarK | but the first time is a bit of black magic :-) | 14:44 |
| SridarK | Ok folks thanks for joining and have a great week | 14:44 |
| SridarK | #endmeeting | 14:44 |
| *** openstack changes topic to "#openstack-fwaas" | 14:44 | |
| openstack | Meeting ended Thu Nov 23 14:44:40 2017 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 14:44 |
| chandanc | thanks bye | 14:44 |
| openstack | Minutes: http://eavesdrop.openstack.org/meetings/fwaas/2017/fwaas.2017-11-23-14.05.html | 14:44 |
| openstack | Minutes (text): http://eavesdrop.openstack.org/meetings/fwaas/2017/fwaas.2017-11-23-14.05.txt | 14:44 |
| openstack | Log: http://eavesdrop.openstack.org/meetings/fwaas/2017/fwaas.2017-11-23-14.05.log.html | 14:44 |
| xgerman_ | o/ | 14:44 |
| annp | thank you, see you. Happy thanksgiving | 14:45 |
| *** chandanc has quit IRC | 14:46 | |
| *** annp has quit IRC | 14:47 | |
| *** eN_Guruprasad_Rn has quit IRC | 14:48 | |
| *** eN_Guruprasad_Rn has joined #openstack-fwaas | 14:48 | |
| *** eN_Guruprasad_Rn has quit IRC | 15:01 | |
| *** yamamoto has joined #openstack-fwaas | 15:06 | |
| *** yamamoto has quit IRC | 15:12 | |
| *** SridarK has quit IRC | 15:57 | |
| *** yamamoto has joined #openstack-fwaas | 16:08 | |
| *** yamamoto has quit IRC | 16:13 | |
| *** vks1 has joined #openstack-fwaas | 16:13 | |
| *** reedip_ has quit IRC | 16:21 | |
| *** reedip_ has joined #openstack-fwaas | 16:47 | |
| *** AlexeyAbashkin has quit IRC | 16:51 | |
| *** yamamoto has joined #openstack-fwaas | 16:52 | |
| *** reedip_ has quit IRC | 16:59 | |
| *** yamamoto_ has joined #openstack-fwaas | 17:09 | |
| *** yamamoto has quit IRC | 17:13 | |
| *** vks1 has quit IRC | 17:29 | |
| *** yamamoto_ has quit IRC | 18:17 | |
| *** yamamoto has joined #openstack-fwaas | 19:17 | |
| *** yamamoto has quit IRC | 19:25 | |
| *** yamamoto has joined #openstack-fwaas | 20:49 | |
| *** yamamoto has quit IRC | 20:49 | |
| *** yamamoto has joined #openstack-fwaas | 20:59 | |
| *** yamamoto has quit IRC | 20:59 | |
| *** yamamoto has joined #openstack-fwaas | 22:00 | |
| *** yamamoto has quit IRC | 22:07 | |
| -openstackstatus- NOTICE: Zuul has been restarted due to an unexpected issue. We're able to re-enqueue changes from check and gate pipelines, please check http://zuulv3.openstack.org/ for more information. | 22:54 | |
| *** yamamoto has joined #openstack-fwaas | 23:03 | |
| *** yamamoto has quit IRC | 23:08 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!