Thursday, 2018-05-31

« Wednesday, 2018-05-30 Index Friday, 2018-06-01 »
*** longkb has joined #openstack-fwaas00:26
*** yamamoto has joined #openstack-fwaas01:14
*** annp has joined #openstack-fwaas02:13
*** hoangcx has quit IRC03:04
*** longkb1 has quit IRC03:04
*** hoangcx has joined #openstack-fwaas03:05
openstackgerritwangqi proposed openstack/neutron-fwaas master: [sytle] use http code constant instead of int  https://review.openstack.org/57136703:05
*** longkb1 has joined #openstack-fwaas03:06
*** annp has quit IRC03:25
*** annp has joined #openstack-fwaas03:31
*** AlexeyAbashkin has joined #openstack-fwaas05:04
*** AlexeyAbashkin has quit IRC05:23
*** AlexeyAbashkin has joined #openstack-fwaas05:28
*** AlexeyAbashkin has quit IRC05:35
*** AlexeyAbashkin has joined #openstack-fwaas07:30
*** velizarx has joined #openstack-fwaas08:11
*** longkb has quit IRC10:54
*** annp has quit IRC10:57
*** yamamoto has quit IRC11:41
*** velizarx has quit IRC12:08
*** velizarx has joined #openstack-fwaas12:11
*** yamamoto has joined #openstack-fwaas12:41
*** yamamoto has quit IRC12:46
*** yamamoto has joined #openstack-fwaas12:56
*** wkite has joined #openstack-fwaas13:46
*** wkite has quit IRC13:47
*** wkite has joined #openstack-fwaas13:49
*** yushiro has joined #openstack-fwaas13:51
*** hongbin has joined #openstack-fwaas13:56
*** longkb has joined #openstack-fwaas13:56
yushiro1 minute13:59
yushiro#startmeeting fwaas14:00
openstackMeeting started Thu May 31 14:00:20 2018 UTC and is due to finish in 60 minutes.  The chair is yushiro. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
*** openstack changes topic to " (Meeting topic: fwaas)"14:00
openstackThe meeting name has been set to 'fwaas'14:00
yushiroHi14:00
wkitehi14:00
longkbo/14:01
yushiro#chair yushiro xgerman_14:01
openstackCurrent chairs: xgerman_ yushiro14:01
xgerman_o/14:01
yushiroI can't see Sridar today..14:01
njohnstono/14:01
yushiroOK, let's start fwaas meeting.14:02
yushiro#topic announcements14:02
*** openstack changes topic to "announcements (Meeting topic: fwaas)"14:02
yushiroOpenStack summit Vancouver has finished.  How was the summit? :)14:03
*** SridarK has joined #openstack-fwaas14:03
yushiroHi SridarK :)  Welcome.14:03
SridarKHi All Sorry to be late14:03
yushiro#chair SridarK14:03
openstackCurrent chairs: SridarK xgerman_ yushiro14:03
xgerman_summit was great14:03
SridarKxgerman_: +114:03
yushiroSridarK, Currently, we're talking about OpenStack summit in announcement topic.14:04
SridarKthx yushiro14:04
SridarKyes lower attendance than prev Vancouver summit14:04
SridarKbut i heard from folks that deployments are up and more with integrated (VM + Containers + Bare metal)14:05
xgerman_#link https://redmonk.com/sogrady/2018/05/25/openstack-at-a-crossroads/14:05
njohnstonexcellent14:05
yushiro+114:06
xgerman_yeah, lot’s of quality people - no longer the ones who are just t=here for parties and T-Shirts…14:06
SridarKwe had a decent amt of folks in the FWaaS L7 session - not a sellout by any means14:06
SridarKbut got some good feedback14:06
njohnstongood!14:06
yushirowow, great.14:06
* njohnston has some time slated this afternoon to locate and watch the video14:07
SridarKMain take away - we need more investigation on the potential reference implementation14:07
xgerman_yep, one thing to watch: The foundation has been asked to bring in new projects so we likely will see more new faces (like kata containers)14:07
xgerman_lot’s of sessions focused on how we (as a community) can influence that + and how we can get synergies (dwaas on kata would be grand)14:08
SridarKxgerman_: +1 yes Kata Containers had a lot attention - i was not able to attend all the sessions but hope to catch the video14:08
xgerman_yep, the seconf top-level “area” is CI wit the zuul project14:08
SridarKIn our L7 session, possible use case to integrate with SFC to send DPI flows thru an appliance14:09
xgerman_+114:09
yushiroAha.14:09
SridarKxgerman_: would it be fair to say CI , Kata Containers and Edge Cloud were the focus areas14:09
xgerman_well, there was also multicloud and k8s14:10
SridarKxgerman_: yes indeed14:10
xgerman_also shoutout to diversity: for the keynote we had almost 50-50 female-male14:12
njohnstonnice14:12
yushiro:)14:13
SridarKthere were a few sessions on diversity as well14:13
xgerman_yeah, OT but diversity and ethics will be big in the coming years for IT14:14
SridarKWe also had a quick sync with mlavalle and Hongbin on the Huawei API proposal and found things to be a quite aligned, a few specs will be proposed for the few additional things needed14:14
xgerman_+114:14
njohnston+114:14
yushiroOK14:14
yushiroanything else to announce?14:16
SridarKnothing more from me14:16
yushiroSridarK, thanks.14:16
xgerman_we got a nice shout-out in the neutron project uopdate14:17
xgerman_worth watching the video14:17
SridarKoh yes14:17
yushiroxgerman_, definitely YES :)14:17
njohnstonvery nice!14:17
yushiroOK, let's move on.14:18
yushiro#topic Rocky14:18
*** openstack changes topic to "Rocky (Meeting topic: fwaas)"14:18
yushiro[WIP] Adds remote firewall group: https://review.openstack.org/52120714:19
xgerman_ok, the plugin is done14:19
yushiroxgerman_, cool !!14:20
xgerman_#link https://review.openstack.org/#/c/521207/14:20
xgerman_started on the client14:20
njohnstonvery nice xgerman_!14:20
SridarKoh nice14:20
xgerman_#link https://review.openstack.org/#/c/571331/14:20
xgerman_and I probably need critical reviews for the cojecture flows:14:21
xgerman_https://review.openstack.org/#/c/564888/14:21
xgerman_right now trying to adapt what is done in SG14:21
SridarKok makes sense14:22
xgerman_yeah, and we also need to have that for L3 but I haven’t started on that14:22
yushiroxgerman_, OK, I can review them.  I'll ask some help to annp as well.14:22
xgerman_so if somebody has cycles…14:22
xgerman_yushiro: thanks14:22
yushiroOK, next.14:23
yushiroLogging for FWaaS(SPEC): https://review.openstack.org/#/c/509725/14:24
yushiroThis SPEC has been merged today.  Thank you so much for reviewing!14:24
SridarKNice14:24
longkbnice :)14:24
njohnstonExcellent!  Looking forward to this implementation.14:24
SridarKyushiro: is the plan to start some implementation in Rocky14:24
yushiroSridarK, Yes.  We're going to support L3 logging in Rocky first.14:25
SridarKsounds good14:25
yushiroSo, hoangcx has been pushed some patches and ready for review.14:26
SridarKah ok will start looking14:26
yushiroOK, thanks.14:27
yushiro#topic specs14:27
*** openstack changes topic to "specs (Meeting topic: fwaas)"14:27
yushiro(wkite) fwaas 2.0 address groups support  https://review.openstack.org/55713714:27
yushirowkite, Hi.  It's your turn :)14:28
wkiteok14:28
wkitethere are two reviews added today,thx for review14:29
SridarK+114:29
yushirogooooood :)14:29
wkiteone problem is the url of address group14:29
*** longkb has quit IRC14:29
SridarKwkite: yes use it as on the other resources14:31
SridarKIIRC 'fw' was for v1 - i will need to double check14:31
wkitethe old url is /fw14:32
yushiroWhat is the problem?   Currently,  v2.0/fw/address_groups.   I think it should be v2.0/fwaas/address_groups.  See https://developer.openstack.org/api-ref/network/v2/#fwaas-v2-0-current-fwaas-firewall-groups-firewall-policies-firewall-rules14:32
njohnston+1214:32
SridarKwkite: did u also have an implemtation as PoC14:32
yushiroSridarK, Yes, that's correct.14:32
wkiteyes14:32
yushiroHongbin has commented the same topic.14:34
wkitemy github https://github.com/wkite/neutron_fwaas 14:34
yushiroIn addition, I'm not sure it will occur 403 by running GET.  Let me check on devstack.14:35
yushirowkite, After checking, I'll feedback to your SPEC.14:37
wkitethx14:37
yushiroOK,14:39
yushiroIs there any SPEC ?14:39
yushiroOK, let's move on.14:40
SridarKwkite: thx14:40
yushiro#topic Horizon support14:40
*** openstack changes topic to "Horizon support (Meeting topic: fwaas)"14:40
*** longkb has joined #openstack-fwaas14:40
yushiroSarath is not here today..14:41
SridarKWill need to reach out to SarathMekala14:41
yushiroYa14:41
SridarKhopefully next mtg - we can get some plan in place14:41
yushiroamotoki has pushed some patches : https://review.openstack.org/#/q/status:open+project:openstack/neutron-fwaas-dashboard14:41
SridarKI think we had a few items to close on L2 support as well14:42
yushirook14:43
yushiro#topic bugs14:44
*** openstack changes topic to "bugs (Meeting topic: fwaas)"14:44
yushiroLaunchpad(filtered by tag 'fwaas'): http://urx2.nu/C7UI14:44
SridarKOh yes we have not done our triage yet14:45
yushirohttps://bugs.launchpad.net/neutron/+bug/170148714:47
openstackLaunchpad bug 1701487 in neutron "Deletion of ERROR state firewall goes stuck into PENDING_DELETE state" [Medium,New] - Assigned to Reedip (reedip-banerjee)14:47
yushiroOops, sorry, it was v1.14:48
SridarKAh yes - this was seen before but i recall us fixing something like this14:48
yushiroyes.  How about bug checking in next week?14:49
SridarKyushiro: ok lets do that14:49
yushiroSridarK, thx!14:49
yushiro#topic Open Discussion14:50
*** openstack changes topic to "Open Discussion (Meeting topic: fwaas)"14:50
yushiroI wanted to join Vancouver!!  I missed fwaas folks :)   However, I was very glad to hear that annp could discuss with SridarK and xgerman_ at Vancouver.14:52
SridarKyushiro: we met first at Vancouver14:52
xgerman_yes, we got. a lot done14:52
yushiroSridarK, Oh, really!?  How wonderful.14:53
SridarKyes indeed it was a good discussion with annp14:53
SridarKyushiro: we certainly missed seeing u14:54
SridarKI heard some folks saying that maybe they may combine the PTG and summit like before due to travel costs14:54
yushiroSridarK, me too!  I really want to take a photo with all FWaaS members :)14:54
SridarK:-)14:55
* njohnston is looking forward to hopefully being at the next PTG14:55
SridarKyushiro: photoshop ;-)14:55
yushiro+114:55
yushironjohnston, I can join PTG!  Hopefully we can meet at Denver !14:55
njohnstonI would love to see you again, yushiro!  All of you as well!14:56
SridarKit seems now with OpenStack summit, PTG, Kubecon and other conferences budgets are getting tight14:56
SridarKnjohnston: +114:56
yushiro+10014:56
yushiroSridarK, Indeed.14:56
yushiroFolks, we should increase our 'lucky' point.  If this point is high, we can get travel support :p14:58
SridarKThe summit after Berlin will also be at Denver - in case any of u did not see the annoucement14:58
xgerman_+114:59
SridarKok folks have a great week15:00
njohnston\o15:00
yushiroaha, it's time.15:00
yushiro#endmeeting15:00
*** openstack changes topic to "Queens (Meeting topic: fwaas)"15:00
openstackMeeting ended Thu May 31 15:00:21 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:00
SridarKbye all15:00
openstackMinutes:        http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-05-31-14.00.html15:00
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-05-31-14.00.txt15:00
yushiroBye bye15:00
openstackLog:            http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-05-31-14.00.log.html15:00
*** wkite has quit IRC15:02
*** yushiro has quit IRC15:08
*** Swami_ has joined #openstack-fwaas15:15
*** AlexeyAbashkin has quit IRC15:37
hongbinSridarK: xgerman_ hi Sridar German, want to have a quick follow-up with our discussion in the summit15:40
hongbinin the case that there are multiple firewall policies associate with the same neutron port, is there any way to determine the order of the firewall policies that are applied?15:42
xgerman_mmh, we have order on rules but not policies15:43
hongbini see15:43
xgerman_or fwgs15:43
hongbinpart of our proposal is to introduce a field to specify the priority15:44
hongbinfor example, each firewall policies could have a number between 1 and 10015:44
hongbinthen, this number determine the applied order15:45
hongbinis it a reasonable approach, or there is a better approach to address that?15:45
xgerman_well, a fwg can only have one ingress and one egress policy15:46
xgerman_so in case you have multiple fwg on a port we would just run through each and if any of them denies deny the reaffic15:47
hongbini see15:47
hongbinso right now, we assume that the order of applied rules doesn't matter15:47
xgerman_we have an order of the rules inside the policy15:48
hongbinyes, i get this part15:48
xgerman_but we dopn’t have an order how we apply the rules from multiple fwg15:48
hongbinyes, this is the problem we wan to address15:49
hongbinhowever, if the assumption is that permutation order of fwg to produce the same result, then this model is reasonable15:50
hongbins/any permutation order/15:50
xgerman_yeah, that’s our assumption15:50
hongbini see15:50
xgerman_so if I wanted the granular control of ordered rules I could always just apply one FWG er port15:52
xgerman_but we don’t have much experience in the filed if that’s practical — or if we need to do soemthign different15:53
hongbini see15:54
hongbini will try to ask why they care the order of the fwg15:54
hongbini guess there are some use cases behind15:54
hongbinfor me, the model of one fwg per port sounds a bit limited15:55
xgerman_yes,  as I said I am not sure if that’s practical and if enough people care about the order among FWG…15:56
hongbinsure, i will communicate about that15:57
hongbinxgerman_: thanks for your feedback15:57
*** longkb has quit IRC16:06
*** amotoki has quit IRC16:35
*** amotoki has joined #openstack-fwaas16:38
*** SumitNaiksatam has joined #openstack-fwaas16:56
*** SridarK has quit IRC17:17
*** AlexeyAbashkin has joined #openstack-fwaas17:32
*** AlexeyAbashkin has quit IRC17:45
*** AlexeyAbashkin has joined #openstack-fwaas17:45
*** AlexeyAbashkin has quit IRC17:45
*** AlexeyAbashkin has joined #openstack-fwaas17:46
*** Alexey_Abashkin has joined #openstack-fwaas18:04
*** AlexeyAbashkin has quit IRC18:07
*** Alexey_Abashkin is now known as AlexeyAbashkin18:07
*** AlexeyAbashkin has quit IRC18:13
*** AlexeyAbashkin has joined #openstack-fwaas20:33
*** AlexeyAbashkin has quit IRC20:50
*** Swami_ has quit IRC21:57
*** hongbin has quit IRC22:41
*** SumitNaiksatam has quit IRC23:26
« Wednesday, 2018-05-30 Index Friday, 2018-06-01 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!