Thursday, 2018-05-03

« Wednesday, 2018-05-02 Index Friday, 2018-05-04 »
*** hoangcx has quit IRC00:01
*** hoangcx_ is now known as hoangcx00:03
*** yamamoto has joined #openstack-fwaas00:36
*** yamamoto has quit IRC00:41
*** hoangcx has quit IRC00:42
*** hoangcx has joined #openstack-fwaas00:43
*** threestrands has joined #openstack-fwaas01:05
*** longkb has joined #openstack-fwaas01:15
*** longkb2 has joined #openstack-fwaas01:21
*** longkb has quit IRC01:22
*** longkb has joined #openstack-fwaas01:27
*** longkb2 has quit IRC01:28
*** yamamoto has joined #openstack-fwaas01:38
*** yamamoto has quit IRC01:44
*** yamamoto has joined #openstack-fwaas01:50
*** annp has joined #openstack-fwaas02:12
*** longkb2 has joined #openstack-fwaas02:16
*** longkb has quit IRC02:18
*** longkb2 has quit IRC03:48
*** longkb has joined #openstack-fwaas03:55
*** longkb has quit IRC05:48
*** longkb has joined #openstack-fwaas05:59
bzhao__Hi guys, could u please describe the relationship between the fw v2 and neutron SG?06:55
bzhao__I'm not sure whether we support both sg and fw apply on a single port for a long time?06:55
openstackgerritOpenStack Proposal Bot proposed openstack/neutron-fwaas-dashboard master: Imported Translations from Zanata  https://review.openstack.org/56565306:58
*** threestrands has quit IRC06:58
openstackgerritAkihiro Motoki proposed openstack/neutron-fwaas-dashboard master: FWaaS v2 dashbaord: clean up unnecessary get_dict() methods  https://review.openstack.org/56597807:03
*** yamamoto has quit IRC10:21
*** hoangcx has quit IRC10:21
*** longkb has quit IRC10:37
*** yamamoto has joined #openstack-fwaas10:37
*** annp has quit IRC10:40
*** yamamoto has quit IRC11:48
*** yamamoto has joined #openstack-fwaas11:55
*** yamamoto_ has joined #openstack-fwaas11:56
*** yamamoto_ has quit IRC11:57
*** yamamoto_ has joined #openstack-fwaas11:59
*** yamamoto has quit IRC12:00
*** yamamoto_ has quit IRC12:02
*** yamamoto has joined #openstack-fwaas12:13
*** yamamoto has quit IRC12:20
*** yamamoto has joined #openstack-fwaas12:21
*** yamamoto has quit IRC12:26
*** njohnston has quit IRC12:29
*** njohnston has joined #openstack-fwaas12:31
*** hoangcx has joined #openstack-fwaas12:47
*** hoangcx has quit IRC13:01
*** hoangcx has joined #openstack-fwaas13:02
*** yamamoto has joined #openstack-fwaas13:11
*** yamamoto has quit IRC13:17
*** yamamoto has joined #openstack-fwaas13:17
*** yamamoto has quit IRC13:22
*** wkite has joined #openstack-fwaas13:56
*** wkite has quit IRC13:57
*** wkite has joined #openstack-fwaas13:57
*** SridarK has joined #openstack-fwaas13:58
SridarKHi FWaaS folks14:00
wkitehi14:00
SridarK#startmeeting fwaas14:00
openstackMeeting started Thu May  3 14:00:40 2018 UTC and is due to finish in 60 minutes.  The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
*** openstack changes topic to " (Meeting topic: fwaas)"14:00
openstackThe meeting name has been set to 'fwaas'14:00
SridarK#chair xgerman_14:00
openstackCurrent chairs: SridarK xgerman_14:00
*** reedip_ has joined #openstack-fwaas14:00
SridarKyushiro is out this week on time off14:01
reedip_o/14:01
doudehi14:02
SridarK#topic announcements14:02
*** openstack changes topic to "announcements (Meeting topic: fwaas)"14:02
*** ndefigueiredo has joined #openstack-fwaas14:02
*** annp has joined #openstack-fwaas14:03
xgerman_o/14:03
annphi14:03
xgerman_So the new TC got lected14:03
SridarKPTG announcement - it will be in Denver in Sep - if folks want to plan for it14:04
xgerman_#link https://governance.openstack.org/election/results/rocky/tc.html14:04
xgerman_yesh, train 2.014:04
SridarKxgerman_: :-)14:05
SridarKalthough i saw email that it will be better this time14:05
SridarKany other announcements from folks ?14:05
SridarKxgerman_:14:05
reedip_I might miss it :(14:05
SridarKreedip_: I am not sure either it is a bit early to decide14:06
SridarKok lets move on14:07
SridarK#topic Rocky Pluggable backend driver14:07
*** openstack changes topic to "Rocky Pluggable backend driver (Meeting topic: fwaas)"14:07
SridarKdoude: pls go ahead14:07
doudeI fixed the issue raised in reviews14:09
doudeand pushed a new patch set #20 last week14:09
doudeI also send a answer to NSX developper today14:09
SridarKannp: thx for the tests14:10
xgerman_+114:10
annpdoude, SridarK, I tried to tested with latest patch, It worked fine in my environment.14:10
SridarKannp: great14:10
annpSridarK, Have you tested with latest patch?14:10
doudethanks for your feedback annp14:10
SridarKdoude: sounds good - i think we can confirm with the NSX folks14:11
annpdoube, you're welcome14:11
SridarKthen we should be good14:11
annpSridarK, +114:11
SridarKannp: no i have not yet - will do so tomorrow14:11
annp+114:11
doudeyes SridarK I also invite her to reach me on IRC to discuss it if needed14:11
SridarKdoude: perfect14:12
SridarKand annp u have verfied on a multinode setup ?14:12
annpSridarK, I haven't verfied on multiple node environment yet.14:13
annpSridarK, I'm planing do this in tomorrow.14:13
SridarKannp: ok, i recalled yushiro mentioning that14:13
SridarKannp: oh ok good14:13
SridarKdoude: anything else u would like to discuss ?14:13
annpI will comment on gerrit when i finish testing14:13
doudeno I'm good14:14
annpdoube, +1 :)14:15
SridarK#topic Rocky Remote FWG14:15
*** openstack changes topic to "Rocky Remote FWG (Meeting topic: fwaas)"14:15
SridarKxgerman_: pls go ahead14:15
xgerman_ok, I am battling sql alchemy — somehow my model doesn’t align with the  update scripts14:15
xgerman_I also started with the ovs conjecture stuff14:16
SridarKxgerman_: i saw the other patch14:16
xgerman_yes, the conjecture is super interesting… and I also will need to do the router port stuff14:17
xgerman_if anyone wants to help I am happy to split accordingly14:17
annpxgerman_, I can help you :)14:18
reedip_share the sql alchemy patch please :)14:18
xgerman_#link https://review.openstack.org/#/c/521207/14:18
SridarKxgerman_: as a usecase would the Router port be just as important as the L2 port as well ?14:18
xgerman_the remote fwg resolve to the ip addresses on the ports. So you would drop/deny/accept traffic if those ips are in src/dst14:19
xgerman_that looked like a router port application14:19
SridarKyes agree14:20
*** yamamoto has joined #openstack-fwaas14:20
xgerman_though if you have L2 that might be redundant14:20
annpxgerman_, +114:22
SridarKsounds good, i have to understand the mapping on the driver side14:23
*** ndefigueiredo has quit IRC14:24
SridarKxgerman_: anything else u would like to discuss14:24
xgerman_no, that’s all14:24
SridarKok lets move on14:24
SridarK#topic Rocky FWaaS Logging Spec14:24
*** openstack changes topic to "Rocky FWaaS Logging Spec (Meeting topic: fwaas)"14:24
SridarKannp: pls go ahead14:24
annpThere is one question from amotoki14:25
annpI'm not sure whether we need a L3 logging extension same fwaas v2 or not.14:26
amotokiin my understanding, ovs flows for logging are installed by l2-agent, but iptables rule in l3 netns will be installed by l3-agent.14:26
amotokithis is the reason of my question14:27
annpamotoki, So we need a l3 logging extension, right?14:27
amotokiannp: I am not sure on the point honestly14:28
amotokiat least it sounds odd to me that l2-agent extension manages l3 iptable rules.14:28
xgerman_yeah, l2 will only see packets l3 passed14:28
amotokiI believe iptables in router netns should be managed by l3-agent14:29
xgerman_+114:29
annpamotoki, yes. So it's better to follow fwaas v2 worked14:29
amotokiannp: what do mean by "follow fwaas v2 worked" ?14:29
annpamotoki, I mean we will have l3 logging extension14:30
amotokiokay14:30
annpamotoki, Do we need to mention this point on spec?14:31
amotokiannp: I believe so.14:31
annpamotoki, Agree!14:31
amotokithis is related to what agent extension we need to implement it.14:31
annpamotoki, I will update spec. Thanks14:32
amotokiapart from that, I see no other blocking issue in the spec.14:32
annpamotoki, +114:32
SridarKannp: i think u are clear on the driver aspect but perhaps u just need to clear up on the agent ext14:32
annpSridarK, yeah. It should be clearly.14:33
annpSridarK, that's all for fwaas logging spec14:34
amotokiI just concerned l3 stuff is managed by l2 agent ext when I read the spec. I believe we are in the same page.14:34
annpamotoki, yes, we're same page now :) Thanks.14:34
SridarK+114:34
SridarKok sounds good -14:34
amotoki:)14:35
annp:)14:35
annpSridarK, please move on14:35
SridarK#topic Rocky Address Group Spec14:35
*** openstack changes topic to "Rocky Address Group Spec (Meeting topic: fwaas)"14:35
SridarKwkite: pls go ahead14:35
SridarK#link https://review.openstack.org/55713714:35
SridarKrequest folks to take a look as well14:36
*** ndefigueiredo has joined #openstack-fwaas14:36
SridarKwkite: would u like to discuss something here14:37
SridarKwkite: thx for addressing the comments from before14:37
SridarKok if nothing lets move on14:38
SridarK#topic Stateless Firewall14:38
*** openstack changes topic to "Stateless Firewall (Meeting topic: fwaas)"14:38
SridarKndefigueiredo: hi14:38
SridarKndefigueiredo: would u like to update on any recent activity14:39
ndefigueiredoHi all, unfortunately I have not been able to work on the stateless firewall. I have been engaged with setting up our third party CI.14:40
SridarKndefigueiredo: ok keep us updated on when things pick up and we can discuss14:40
SridarK#topic Open Discussion14:41
*** openstack changes topic to "Open Discussion (Meeting topic: fwaas)"14:41
ndefigueiredoyes, will do, once the CI is up and running I will be able to move on to actual Neutron development.14:41
amotokiback to the past topic. just a maintenance question: I see a blueprint but do we have a RFE on the address group?14:42
SridarKWe have an action to triage bugs - we will get it done and then discuss14:42
reedip_We need to discuss the bugs14:42
reedip_which are open/in progress14:42
SridarKwkite: ^^^ i think u were going to file an RFE14:42
SridarKfor Address Groups14:42
SridarKreedip_: lets do some triage offline and bring it up in next mtg14:43
annpxgerman, SridarK, Can you do me a favor?14:43
xgerman_sure14:43
SridarKannp: sure14:43
amotokiwkite: SridarK: it would be appreciated if you add a link to an RFE to the spec of address group. I just could not identify it.14:44
annpxgerman, SridarK, yeah. Can you become moderator for topic https://etherpad.openstack.org/p/fwaas-v2-L7-filtering at vancouver's forum?14:44
SridarKannp: sure14:44
SridarKannp: is there some procedure to be followed or u can just add us ?14:45
annpxgerman, SridarK, I'm afraid my english not enough to discussion :(14:45
SridarKamotoki: agreed, not sure if wkite stepped away14:45
SridarKannp: i think ur English is good but we can help14:46
amotokiSridarK: no problem. if needed, let's file it.14:46
*** yamamoto has quit IRC14:46
annpSridarK, I guess I just add u and xgerman_ but let me find out14:46
amotokiannp: no worries on english.14:46
xgerman_annp: we will be there if added or not14:47
SridarKannp: ok sounds good14:47
SridarKxgerman_: +114:47
amotokiregarding the forum topic, we can add questions in advance if we have.14:47
annpamotoki, thank you. actually, I'm not confident about english skill and technical also :)14:48
reedip_sorry guys, but got to go... would be back next week ... thanks :) @SridarK: will do some more triaging offline14:48
amotokiI wonder how the reference implement of L7 firewall would be.14:48
SridarKreedip_: sounds good14:48
annpamotoki, how about bpf?14:48
xgerman_+1 bpf14:49
SridarKannp: we should also meet up earlier in Vancouver and have a discussion on some thoughts, usecase, potential implementation approaches14:49
xgerman_yes, being prepared is always good14:49
amotokiannp: it is a good candidate. I am not sure at now what level of filtering bpf supports.14:49
annpSridarK, sure. When will you reach out vancouver?14:49
SridarKannp: I get there on Sun afternoon14:50
xgerman_I et there Sunday night and Monday are all the LBaaS talks14:50
annpSridarK, I will get ther on Sun evening.14:50
SridarKOk we should set some time and location so we can meet14:51
amotokiI think we can add more breakdown sub-topics to the etherpad :)14:51
annpamotoki, let's me find out your question.14:51
*** reedip_ has quit IRC14:51
amotokiwhen is the session scheduled?14:51
SridarKamotoki: yes we shd do that14:52
annpamotoki, Thursday morning14:52
amotokinice, we have enough time at YVR :)14:52
SridarKamotoki: would u also be available for some initial discussions ?14:52
amotokiSridarK: I hope so. I can be there with 99% though I haven't got the final approval.14:53
SridarKamotoki: oh ok - we will keep u in the loop14:53
amotokithanks14:53
annpSridarK, amotoki, xgerman, How about Tuesday morning?14:55
SridarKannp: yes that works14:55
SridarKwe can continue discussion in etherpad (may be a separate one we can use for coordination)14:56
amotoki+114:56
annpSridarK, +114:56
SridarKannp: sounds good and we can discuss on the channel as well - if u want to a fix a time - pls send us an email14:58
SridarKok i think we are almost at time14:58
annpSridarK, Sure.14:59
SridarKthanks all for joining14:59
SridarK#endmeeting14:59
*** openstack changes topic to "Queens (Meeting topic: fwaas)"14:59
amotokiannp: I added some rough topics at the top of the etherpad.14:59
openstackMeeting ended Thu May  3 14:59:18 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:59
openstackMinutes:        http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-05-03-14.00.html14:59
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-05-03-14.00.txt14:59
openstackLog:            http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-05-03-14.00.log.html14:59
annpamotoki, amazing, I just saw that. Thanks.14:59
*** AlexeyAbashkin has joined #openstack-fwaas15:00
amotokiannp: I believe that kind of categories would inspire more discussions15:00
annpamotoki, SridarK, xgerman_, Thanks for your great help. shall we discuss on etherpad?15:00
xgerman_+115:01
amotoki+115:01
SridarKannp: no worries at all - we can continue refining on the etherpad15:01
annp+1 :)15:01
SridarKwe can also discuss in the coming weeks before we get to vancouver15:02
*** hoangcx has quit IRC15:02
*** AlexeyAbashkin has quit IRC15:03
annpSridarK, +115:03
xgerman_+115:04
*** wkite has quit IRC15:08
annpamotoki, you're superman :) Thanks for updating in the etherpad.15:10
amotokiannp: super random topics :)15:10
annpamotoki, Actually, I learned a lot from you with logging api and now l7 filtering :)15:12
amotokiannp: three? year ago, my company abandoned fwaas support due to immaturity of fwaas v1 and varieties of vendor FW features... they are from my experiences.15:12
amotokidifferentiations of fw features are benefits of firewall vendors and it usually conflicts with common API. that's usual.15:13
annpamotoki, yeah :)15:16
annpamotoki, SridarK, xgerman: I have to go out now. See you15:18
annpamotoki, Good night!15:19
annpxgerman_, SridarK, Have a great day ahead. :)15:19
*** wkite has joined #openstack-fwaas15:19
xgerman_o/15:20
SridarKbye15:20
*** annp has quit IRC15:20
*** wkite has quit IRC15:22
amotokio/15:28
*** ndefigueiredo has quit IRC15:32
*** yamamoto has joined #openstack-fwaas15:44
*** yamamoto has quit IRC15:55
*** lnicolas has joined #openstack-fwaas16:17
*** SridarK has quit IRC17:28
*** SumitNaiksatam has joined #openstack-fwaas18:08
*** SumitNaiksatam has quit IRC18:18
*** openstackgerrit has quit IRC19:05
*** yamamoto has joined #openstack-fwaas21:53
*** yamamoto has quit IRC21:57
*** threestrands has joined #openstack-fwaas22:59
*** yamamoto has joined #openstack-fwaas23:59
« Wednesday, 2018-05-02 Index Friday, 2018-05-04 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!