| *** longkb has joined #openstack-fwaas | 00:50 | |
| *** longkb has quit IRC | 00:51 | |
| *** longkb has joined #openstack-fwaas | 00:52 | |
| *** longkb has quit IRC | 01:37 | |
| *** longkb has joined #openstack-fwaas | 01:37 | |
| *** annp has joined #openstack-fwaas | 01:43 | |
| *** yamamoto has quit IRC | 02:47 | |
| *** yamamoto has joined #openstack-fwaas | 02:47 | |
| *** velizarx has joined #openstack-fwaas | 06:48 | |
| *** velizarx has quit IRC | 07:14 | |
| *** velizarx has joined #openstack-fwaas | 07:16 | |
| *** yamamoto has quit IRC | 09:22 | |
| *** yamamoto has joined #openstack-fwaas | 09:22 | |
| *** longkb has quit IRC | 10:01 | |
| *** yamamoto has quit IRC | 10:49 | |
| *** yamamoto has joined #openstack-fwaas | 10:49 | |
| *** yamamoto has quit IRC | 10:54 | |
| *** yamamoto has joined #openstack-fwaas | 11:38 | |
| *** annp has quit IRC | 12:09 | |
| *** velizarx has quit IRC | 13:42 | |
| *** SridarK has joined #openstack-fwaas | 13:59 | |
| SridarK | Hi FWaaS folks | 14:01 |
|---|---|---|
| *** njohnston has joined #openstack-fwaas | 14:03 | |
| SridarK | #startmeeting fwaas | 14:05 |
| openstack | Meeting started Thu Oct 4 14:05:19 2018 UTC and is due to finish in 60 minutes. The chair is SridarK. Information about MeetBot at http://wiki.debian.org/MeetBot. | 14:05 |
| openstack | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 14:05 |
| *** openstack changes topic to " (Meeting topic: fwaas)" | 14:05 | |
| openstack | The meeting name has been set to 'fwaas' | 14:05 |
| xgerman_ | o/ | 14:05 |
| *** SridarK_ has joined #openstack-fwaas | 14:06 | |
| xgerman_ | mmh, we prob. loast control | 14:06 |
| SridarK_ | xgerman_: back | 14:06 |
| SridarK_ | got bounced | 14:06 |
| xgerman_ | ok | 14:06 |
| SridarK_ | dont see much in terms of quorum | 14:07 |
| xgerman_ | yeah | 14:07 |
| SridarK_ | perhaps some local holiday | 14:07 |
| SridarK_ | may be we can wait for a few mins | 14:07 |
| xgerman_ | maybe - people told me Monday is a holiday in UT | 14:07 |
| SridarK_ | there was nothing major to go thru anyways | 14:08 |
| *** SridarK has quit IRC | 14:09 | |
| *** SridarK_ has quit IRC | 14:09 | |
| xgerman_ | yeah, makes sense. Wanted to let people know that I need to cut back my OpenStack involvements a bit… | 14:09 |
| *** SridarK has joined #openstack-fwaas | 14:10 | |
| xgerman_ | I need to see how that k8s stuff shakes out… | 14:10 |
| SridarK | oops bounced again | 14:10 |
| xgerman_ | ok | 14:10 |
| SridarK | xgerman_: +1 | 14:10 |
| njohnston | xgerman_: Good luck in k8s land, they are lucky to have you :-) | 14:10 |
| xgerman_ | well, you made it back — so there is hope | 14:10 |
| SridarK | xgerman_: so pls what happened - i think i missed something as i got bounced | 14:11 |
| *** velizarx has joined #openstack-fwaas | 14:11 | |
| *** annp has joined #openstack-fwaas | 14:11 | |
| xgerman_ | ah, RAX is emphasizing k8s a lot and wnats me to focus more on that and less on OpenStack | 14:11 |
| annp | Hi | 14:11 |
| annp | Sorry I'm late | 14:11 |
| SridarK | xgerman_: ah yes ok - u have been on that path for some time now anyways | 14:12 |
| SridarK | annp: hi | 14:12 |
| SridarK | no worries - not much quorum today | 14:12 |
| annp | Hi SridarK, thanks. :-) | 14:12 |
| xgerman_ | yep, and they are now more looking into k8s on AWS, Azure, GKE p less on OpenStack | 14:12 |
| SridarK | xgerman_: i think a bit of that is in the air everywhere | 14:13 |
| xgerman_ | yeah, I think Redhat/Suse/Huawei are the last bullwark | 14:13 |
| SridarK | it seems that the SPs and the Edge Cloud folks are driving OpenStack more and more | 14:14 |
| SridarK | xgerman_: +1 | 14:14 |
| SridarK | annp: we are just chatting | 14:14 |
| SridarK | annp: anything specific u would like to discuss ? | 14:14 |
| annp | SridarK, I want to mention Firewall group with L3HA | 14:15 |
| xgerman_ | ok | 14:15 |
| SridarK | ok lets run thru the topics | 14:15 |
| SridarK | #chair xgerman_ | 14:15 |
| openstack | Current chairs: SridarK xgerman_ | 14:15 |
| SridarK | #topic Bugs : FWG and L3HA | 14:16 |
| *** openstack changes topic to "Bugs : FWG and L3HA (Meeting topic: fwaas)" | 14:16 | |
| SridarK | go ahead annp | 14:16 |
| annp | https://review.openstack.org/#/c/580552/ | 14:16 |
| SridarK | how is that looking | 14:16 |
| annp | Regards this bug: I've tested the patch, it's work fine. | 14:16 |
| SridarK | annp: ok | 14:17 |
| annp | I guess that yushiro was missing configure enable fwaas_v2 in network node | 14:17 |
| SridarK | and did u verify that conntrack entries are replicated by HA infra ? | 14:17 |
| annp | so there no firewall rule is applied on active router. | 14:17 |
| SridarK | that was my concern | 14:17 |
| *** hongbin has joined #openstack-fwaas | 14:17 | |
| annp | SridarK, From my understanding, we no need to migrate conntrack entries | 14:18 |
| SridarK | ah ok - this was something that was puzzling initially as to why it was not applied correctly | 14:18 |
| SridarK | annp: yes we dont have to but i thought they are migrated automatically ? | 14:18 |
| annp | SridarK, Have you check my comment in gerrit? | 14:18 |
| SridarK | sorry not yet | 14:18 |
| annp | Because the first packet in router HA is not SYN sent, so It will not marked as INVALID | 14:19 |
| annp | So it will be accepted by firewall rule in router HA | 14:19 |
| annp | This is my understanding. | 14:20 |
| SridarK | Hmm | 14:20 |
| SridarK | So: | 14:20 |
| SridarK | 1) We have an active connection - with the 3 way handshake happened on the ACTIVE | 14:21 |
| SridarK | 2) after some time the switchover happens | 14:21 |
| SridarK | 3) Now this flow is seen on the new ACTIVE (which has not seen the 3 way handshake) | 14:21 |
| SridarK | what is the behavior on this new ACTIVE ? | 14:22 |
| annp | you mean first packet in new session? | 14:22 |
| SridarK | yes | 14:22 |
| annp | it's will be accept or drop by firewall rule in router ACTIVE | 14:23 |
| SridarK | is it a new session ? | 14:23 |
| SridarK | Is an ICMP sent back to trigger a new session | 14:23 |
| annp | Yes. I think so. | 14:23 |
| SridarK | or is it the old session continued | 14:23 |
| SridarK | oh so it will be a new session ? | 14:24 |
| annp | I think it will be a new session | 14:24 |
| SridarK | ok - i thought conntrack entries are migrated by the HA code (just that we dont need to do it). yushiro spoke to some folks at the PTG - atleast this is how i understood him | 14:25 |
| SridarK | ok | 14:25 |
| annp | But, actually I'm not sure. Let's me check it and will confirm to you | 14:25 |
| SridarK | annp: ok - we can discuss with yushiro and close this i believe | 14:25 |
| SridarK | thx annp for debugging further | 14:25 |
| annp | SridarK, you're always welcome. :-) | 14:26 |
| SridarK | ok lets move on | 14:26 |
| SridarK | #topic Remote FWG | 14:26 |
| *** openstack changes topic to "Remote FWG (Meeting topic: fwaas)" | 14:26 | |
| SridarK | xgerman_: anything u would like to bring up | 14:26 |
| SridarK | ok perhaps xgerman_ walked away | 14:30 |
| xgerman_ | MO, STILL HERE | 14:30 |
| SridarK | ouch sorry | 14:30 |
| SridarK | :-) | 14:30 |
| SridarK | pls go ahead | 14:30 |
| xgerman_ | caps lock got stuck | 14:30 |
| xgerman_ | sorry | 14:30 |
| SridarK | :-) | 14:30 |
| SridarK | new Mac keyboard ? | 14:30 |
| SridarK | :-) | 14:31 |
| xgerman_ | no, I have one of those tiny external mac BT keyboards | 14:31 |
| xgerman_ | missing keys half the time | 14:31 |
| xgerman_ | anyhow, didn’t do much. I am hoping to get a minute here and there but if someone has cycles | 14:32 |
| SridarK | ok | 14:32 |
| SridarK | xgerman_: understand | 14:32 |
| SridarK | ok | 14:33 |
| SridarK | #topic Open Discussion | 14:33 |
| *** openstack changes topic to "Open Discussion (Meeting topic: fwaas)" | 14:33 | |
| xgerman_ | TC got elected… | 14:33 |
| SridarK | +1 | 14:33 |
| annp | +1 | 14:34 |
| xgerman_ | also never heard criticism of deleting FWaaS V1 - so if someone could prepare a patch | 14:34 |
| njohnston | in the neutron ci meeting we are talking about the transition to zuul v3 jobs and python3-first patches. One thing that has not really been talked about is that according to governance, we should be testing on the latest LTS release available as fo the start of the cycle | 14:35 |
| SridarK | yes so it seems - someone will ask most likely after it is removed | 14:36 |
| xgerman_ | ;-) | 14:36 |
| annp | :-) | 14:36 |
| njohnston | which in this case is now ubuntu-bionic, so that transition will start to get rolling and will take some CI sensitivity because the transition may not be smooth | 14:36 |
| SridarK | njohnston: thx for the heads up | 14:36 |
| xgerman_ | yep, johnso(m) was having trouble with bionic and multinode | 14:36 |
| njohnston | it's definitely not something you can take for granted | 14:37 |
| xgerman_ | no, but I am hoping this will clean up our tests — still thinking we don’t pull in the latest neutron somehow | 14:37 |
| SridarK | ok | 14:39 |
| SridarK | ok if nothing else we can end and hopefully next week will have more quorum | 14:40 |
| xgerman_ | +! | 14:40 |
| SridarK | Ok all thx for joining and have a great week. | 14:40 |
| SridarK | #endmeeting | 14:40 |
| *** openstack changes topic to "Queens (Meeting topic: fwaas)" | 14:40 | |
| openstack | Meeting ended Thu Oct 4 14:40:43 2018 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 14:40 |
| openstack | Minutes: http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-10-04-14.05.html | 14:40 |
| openstack | Minutes (text): http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-10-04-14.05.txt | 14:40 |
| openstack | Log: http://eavesdrop.openstack.org/meetings/fwaas/2018/fwaas.2018-10-04-14.05.log.html | 14:40 |
| annp | Thank you, see you | 14:41 |
| *** Swami has joined #openstack-fwaas | 15:00 | |
| *** annp has quit IRC | 15:16 | |
| *** velizarx has quit IRC | 15:20 | |
| *** longkb has joined #openstack-fwaas | 15:24 | |
| *** longkb has quit IRC | 15:26 | |
| *** SridarK has quit IRC | 17:26 | |
| *** Swami has quit IRC | 17:36 | |
| *** yamamoto has quit IRC | 17:51 | |
| *** yamamoto has joined #openstack-fwaas | 17:52 | |
| *** yamamoto has quit IRC | 17:57 | |
| *** Swami has joined #openstack-fwaas | 18:04 | |
| *** yamamoto has joined #openstack-fwaas | 18:30 | |
| *** hongbin has quit IRC | 22:57 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!