| *** vthapar has joined #openstack-net-bgpvpn | 03:46 | |
| *** vthapar has quit IRC | 03:57 | |
| *** vthapar has joined #openstack-net-bgpvpn | 04:32 | |
| *** vthapar has quit IRC | 06:53 | |
| *** matrohon has joined #openstack-net-bgpvpn | 07:09 | |
| *** tmorin has joined #openstack-net-bgpvpn | 07:20 | |
| *** vthapar has joined #openstack-net-bgpvpn | 07:50 | |
| *** enikher has joined #openstack-net-bgpvpn | 07:53 | |
| *** enikher has left #openstack-net-bgpvpn | 07:54 | |
| openstackgerrit | Thomas Monguillon proposed openstack/networking-bgpvpn: Fix RD regex to match RFC 4364, chapter 4.2 https://review.openstack.org/331159 | 08:09 |
|---|---|---|
| *** matrohon has quit IRC | 08:12 | |
| openstackgerrit | Thomas Monguillon proposed openstack/networking-bgpvpn: Fix RD regex to match RFC 4364, chapter 4.2 https://review.openstack.org/331159 | 08:19 |
| *** enikher1 has joined #openstack-net-bgpvpn | 08:33 | |
| *** matrohon has joined #openstack-net-bgpvpn | 09:15 | |
| *** openstackgerrit has quit IRC | 09:18 | |
| *** openstackgerrit has joined #openstack-net-bgpvpn | 09:18 | |
| *** enikher1 has quit IRC | 09:48 | |
| *** enikher has joined #openstack-net-bgpvpn | 10:00 | |
| *** enikher has quit IRC | 10:06 | |
| *** vthapar has quit IRC | 10:10 | |
| *** vthapar has joined #openstack-net-bgpvpn | 10:11 | |
| *** vthapar has quit IRC | 10:15 | |
| *** vthapar has joined #openstack-net-bgpvpn | 10:16 | |
| openstackgerrit | Thomas Monguillon proposed openstack/networking-bgpvpn: Update API usage with Python and a sample code https://review.openstack.org/319231 | 10:18 |
| *** enikher has joined #openstack-net-bgpvpn | 10:44 | |
| *** vthapar has quit IRC | 10:53 | |
| *** enikher has quit IRC | 11:02 | |
| *** enikher has joined #openstack-net-bgpvpn | 11:02 | |
| *** enikher has quit IRC | 11:04 | |
| *** enikher has joined #openstack-net-bgpvpn | 11:16 | |
| *** enikher1 has joined #openstack-net-bgpvpn | 11:24 | |
| *** enikher has quit IRC | 11:27 | |
| *** enikher1 has left #openstack-net-bgpvpn | 11:27 | |
| openstackgerrit | Thomas Monguillon proposed openstack/networking-bgpvpn: Update API usage with Python and a sample code https://review.openstack.org/319231 | 11:58 |
| openstackgerrit | Thomas Monguillon proposed openstack/networking-bgpvpn: Update API usage with Python and a sample code https://review.openstack.org/319231 | 12:07 |
| *** enikher has joined #openstack-net-bgpvpn | 12:45 | |
| *** enikher has quit IRC | 13:17 | |
| *** enikher has joined #openstack-net-bgpvpn | 13:20 | |
| *** enikher has left #openstack-net-bgpvpn | 13:21 | |
| *** enikher1 has joined #openstack-net-bgpvpn | 13:40 | |
| *** enikher1 has left #openstack-net-bgpvpn | 13:41 | |
| openstackgerrit | Merged openstack/networking-bgpvpn: Update OpenContrail driver documentation https://review.openstack.org/330019 | 13:45 |
| *** openstackgerrit has quit IRC | 13:48 | |
| *** openstackgerrit has joined #openstack-net-bgpvpn | 13:48 | |
| openstackgerrit | Thomas Monguillon proposed openstack/networking-bgpvpn: Fix RD regex to match RFC 4364, chapter 4.2 https://review.openstack.org/331159 | 13:56 |
| openstackgerrit | Thomas Monguillon proposed openstack/networking-bgpvpn: Fix RD regex to match RFC 4364, chapter 4.2 https://review.openstack.org/331159 | 14:02 |
| tmorin | meeting now on #openstack-meeting-alt | 15:04 |
| openstackgerrit | Merged openstack/networking-bgpvpn: Fix RD regex to match RFC 4364, chapter 4.2 https://review.openstack.org/331159 | 15:04 |
| openstackgerrit | Cedric Savignan proposed openstack/networking-bgpvpn: Horizon plugin to let the admin handle BGPVPN https://review.openstack.org/322134 | 15:31 |
| *** mickeys has joined #openstack-net-bgpvpn | 16:02 | |
| tmorin | we're here now | 16:03 |
| tmorin | so yes, EVPN prefixes brings /some/ l2 notions | 16:03 |
| tmorin | and indeed the notion of a fixed VNI in the case of multiple associations is not trivially resolved | 16:03 |
| mickeys | tmorin: I need to look at the EVPN prefix IETF draft again to see what it says about VNI | 16:04 |
| tmorin | this is pretty much where we were at the start of the discussion :) | 16:04 |
| tmorin | draft-ietf-bess-evpn-overlay as well | 16:04 |
| mickeys | tmorin: Somehow, we want to support the case where a router has associations to two different l3 EVPN bgpvpns with two different VNIs | 16:05 |
| tmorin | yes, what I currently miss is a better understanding of why exactly you need to specify the VNI | 16:05 |
| tmorin | if we end up concluding that the need really is different from the need that lead us to the current spec, we'll need to accomodate the spec and maybe a new attribute | 16:06 |
| tmorin | but perhaps we'll end up on a different conclusion (?) | 16:06 |
| mickeys | In the EVPN data plane, each VNI is a different L2 network. On the upstream physical router, that L2 network is connected to a VRF. | 16:07 |
| tmorin | I have the feeling that our understanding is incomplete in some ways | 16:07 |
| tmorin | what you state on the EVPN VXLAN dataplane only applies for globally assigned VNIs | 16:08 |
| mickeys | We were only planning to use globally assigned VNIs. | 16:08 |
| tmorin | yes, but the BGPVPN API has been planned to allow both globally assigned VNIs and locally assigned VNIs for EVPN | 16:09 |
| mickeys | While it is theoretically possible to use dynamically assigned VNIs in the same manner as MPLS labels, this has some artifacts, such as forward and reverse VNIs possibly being different | 16:09 |
| tmorin | yes, but this is not a problem on all platforms, but only on some hardware platforms | 16:10 |
| mickeys | If you want to associate any features with a router interface, for example floating IPs, that would break those features | 16:10 |
| tmorin | it's not obvious to me what would break, can you explain ? | 16:11 |
| mickeys | If you use conntrack and assign a different zone to each router interface, but the forward and reverse traffic are not correlated to the same interface | 16:11 |
| tmorin | for instance, I don't see how floating IPs would depend on forward/reverse VNI being the same | 16:11 |
| tmorin | I to admit a bit of ignorance here: can't the zone be defined only when the traffic enters the router netns ? | 16:13 |
| mickeys | Same issue for router ACLs / FWaaS (assuming FWaaS v2 makes it out the door some day) | 16:13 |
| tmorin | would you have a useful pointer about how conntrack is used today and how the zone is defined for a given incoming packet ? | 16:14 |
| mickeys | The router netns still has multiple interfaces which can have different zones (though I have not tried this in a netns yet) | 16:14 |
| mickeys | I don't think FWaaS used zones. On the L2 side, security groups do use a zone per interface. | 16:15 |
| tmorin | yes, but it's not obvious to me why it has to be correlated with whatever is used to implement L2 | 16:15 |
| tmorin | it seems that the zone would be determined base on the vxlan interface on which traffic is sent/received ; the fact that for this vxlan interface you can use outgoing VNIs distinct from the incoming vni, does not look like an issue | 16:17 |
| tmorin | at least, nothing obvious to me at this point | 16:17 |
| mickeys | I don't think I agree with your use of the term "vxlan interface" | 16:18 |
| mickeys | Either the zone is per interface, or per router. | 16:18 |
| mickeys | There is no notion of one router interface to all VNIs. | 16:18 |
| tmorin | I specifically mean an interface created with e.g. "ip link add .. type vxlan" | 16:18 |
| mickeys | A router can have more than one "ip link add .. type vxlan" | 16:19 |
| tmorin | yes, but a specific packet will go through only one of these | 16:19 |
| mickeys | I expect that multiple ip links, each with a single VNI, is much more common than one ip link to a network with multiple segments with different VNIs | 16:20 |
| mickeys | In case of association of a router with a l3 EVPN BGPVPN, I would expect the mapping would be to separate ip links. Mapping to one ip link with multiple segments does not make sense to me. | 16:20 |
| tmorin | you can have multiple "ip link .. type vxlan vni n" interfaces connected on one router, and still have any of these use, for outgoing traffic other VNIs different from any n | 16:21 |
| mickeys | And then the question is whether the conntrack zone is router wide, or per ip link | 16:21 |
| tmorin | you could map to one ip link, have one incoming vni for this link, and as many outgoing VNIs as needed based on routes advertised by remote BGP peers | 16:22 |
| tmorin | (I'm not saying you have to, or even that you should) | 16:22 |
| mickeys | Both on the Neutron router side and the upstream physical router, I am not comfortable with different VNIs for forward and reverse directions. It seems like it is changing the behavior and semantics of VXLAN. Perhaps it can be made to work, but that seems like a research project. | 16:24 |
| tmorin | draft-ietf-bess-evpn-overlay is not a research project :) | 16:24 |
| tmorin | but I know it's not how people typically see vxlan | 16:25 |
| tmorin | the ability to use different VNIs for outgoing traffic has been there for a long time in the linux stack for instance | 16:25 |
| tmorin | (bridge fdb add ... vni ...) | 16:25 |
| tmorin | and is supported as well by OVS, of course | 16:26 |
| tmorin | we have to pursue the discussion, but unfortunately I'll have to suspend it for today | 16:26 |
| mickeys | I don't remember draft-ietf-bess-evpn-overlay well enough, have to go look at it gain | 16:26 |
| mickeys | ok | 16:26 |
| tmorin | I'll try to think about all that | 16:27 |
| tmorin | feel free to ping me here tomorrow/later this week | 16:27 |
| mickeys | ok. will do. | 16:27 |
| mickeys | Thanks for the discussion | 16:27 |
| tmorin | thanks to you | 16:27 |
| tmorin | we'll converge I'm sure ! :) | 16:27 |
| tmorin | have a good day... | 16:27 |
| mickeys | good night | 16:28 |
| tmorin | thanks. bye! | 16:28 |
| *** tmorin has quit IRC | 16:31 | |
| *** enikher has joined #openstack-net-bgpvpn | 17:29 | |
| *** enikher has left #openstack-net-bgpvpn | 17:29 | |
| *** enikher1 has joined #openstack-net-bgpvpn | 17:31 | |
| *** enikher1 has left #openstack-net-bgpvpn | 17:31 | |
| *** doude has quit IRC | 19:28 | |
| *** doude has joined #openstack-net-bgpvpn | 19:35 | |
| *** enikher has joined #openstack-net-bgpvpn | 22:30 | |
| *** enikher has left #openstack-net-bgpvpn | 22:30 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!