17:01:35 <tbachman> #startmeeting gbp_arch 17:01:35 <odl_meetbot> Meeting started Fri Jul 11 17:01:35 2014 UTC. The chair is tbachman. Information about MeetBot at http://ci.openstack.org/meetbot.html. 17:01:35 <odl_meetbot> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:01:35 <odl_meetbot> The meeting name has been set to 'gbp_arch' 17:01:48 * tbachman waits for folks to join 17:04:42 <dlenrow> Somebody snoring on the hangout? 17:05:23 <dlenrow> Chewbacca noises? 17:05:40 <tbachman> dlenrow: being pinged in hangout 17:05:44 <tbachman> you’re on mute 17:06:16 <dlenrow> off mute. Still nothing but animal noises coming my way. You can't hear me? 17:06:19 <tbachman> dlenrow: we can hear you 17:06:23 <tbachman> but you don’t seem able to hear us 17:06:41 <tbachman> we are at 10 on the hangout 17:06:44 <dlenrow> Literally it sounds like a recording of a sleeping grizzly or something. Will reconnect 17:06:54 <dlenrow> Switch to Webex? 17:08:29 <mickey_spiegel> Can someone dial me in at 408 956 3575. If so, I will drop off the computer and then I can talk 17:08:37 <tbachman> mickey_spiegel: will do 17:08:55 <dlenrow> Can you also call me 617 3764891? 17:09:10 <tbachman> will do 17:10:15 <hemanthravi> logging off.. 17:10:41 <hemanthravi> on hangout, should have another spot now 17:10:48 <tbachman> hemanthravi: thx 17:11:04 <tbachman> dlenrow: I don’t think I got the right phone # 17:11:32 <tbachman> dlenrow: can you double-check the phone # 17:11:33 <tbachman> ? 17:11:35 <dlenrow> 617 329 1861 17:11:37 <tbachman> ah 17:11:38 <dlenrow> Sorry 17:11:39 <tbachman> :) 17:13:36 <tbachman> #info dlenrow thinks of virtual functions as EPGs, which can have contracts with other EPGs 17:14:40 <tbachman> #info an example contract can be send IP traffic to the internet, and service chain EPG would provide a contract to handle the chain to send to the internet 17:14:58 <tbachman> #info dlenrow asks whether EPGs can support sEPGs 17:15:10 <tbachman> #info recursion in the model is modeled as a linked list 17:15:16 <tbachman> #info due to a yang limitation 17:15:39 <tbachman> #info dlenrow thinks of chains as an ordered list of EPGs 17:16:08 <tbachman> #info dvorkinista says that the goal here is to provide intent, 17:16:22 <tbachman> #info and he thinks that enforcing the EPG in the hypervisor might not be the right thing to do. 17:16:36 <tbachman> #info b/c you might not be able to satisfy the constraints in the hypervisor 17:17:06 <tbachman> #info it would be nicer if we can think of a service chain as an ordered graph to which traffic is subjected 17:17:13 <tbachman> #info like filters or transformers 17:17:30 <tbachman> #info dvorkinista says these are functions you subject traffic to 17:17:53 <tbachman> #info (i.e. apply subject or set of subjects to the conversation) 17:19:14 <tbachman> #info dlenrow says that the job of assigning which EP in an EPG to send the traffic through is a job of the renderer 17:19:44 <tbachman> #info dvorkinista says this is essentially correct, but w/o a network address involved 17:20:16 <tbachman> #info paulq says that as long as you have a locator, that’s enough, regardless of locator 17:20:25 <tbachman> #info dvorkinista says that locator is an implementation detail. 17:20:56 <tbachman> #info as an example, a firewall followed by a load balancer, he doesn’t care what device, IP address, etc. 17:21:08 <tbachman> #info b/c the goal is to capture the intent in a portable way 17:23:48 <tbachman> I think there’s a lag 17:24:26 <tbachman> #info dlenrow says that there’s still a policy that says that you want to go through something (e.g. firewall) 17:24:39 <tbachman> #info dvorkinista says it’s not a EP abstraction 17:24:57 <tbachman> #info where the abstraction is a service graph of logical functions, which can map 1:1 to a box, or N:N 17:25:31 <tbachman> #info dlenrow asks if we agree that from the network’s perspective, a function is something that we have to send packets throuugh 17:25:38 <tbachman> #info dvorkinista says not necesarrily 17:25:49 <tbachman> #info if it’s done in a hypervisor, you don’t redirect anything 17:25:56 <tbachman> #info b/c it’s all confined to the virtual switch 17:26:10 <tbachman> #info dlenrow says that the virtual function still has an IP address 17:26:42 <tbachman> #info dvorkinista says this can be enforced right in the hypervisor, like nicria/NSX zone-based security 17:27:05 <tbachman> #info dlenrow says that in an SDN domain, this is all enforced by a controller 17:29:09 <alagalah> https://cisco.webex.com/mw0401l/mywebex/default.do?siteurl=cisco&service=1&main_url=%2Fmc0901l%2Fmeetingcenter%2Fdefault.do%3Fsiteurl%3Dcisco%26main_url%3D%252Fmc0901l%252Fmeetingcenter%252Fmeetingend%252Flandingpage.do%253Fsiteurl%253Dcisco%2526ishost%253Dtrue%2526NM%253Dkrb%2526AD%253Dkrb%2540cisco.com%2526STD%253D1&rnd=-2133996819 17:29:14 <tbachman> #action dvorkinista will write up a sketch of the model he’s thinking, which can be discussed on monday or some other meeting 17:30:14 <paulq> that's the wrong URL 17:30:18 <paulq> you need the one for the meeting 17:30:20 <paulq> that's the landing page I think 17:30:25 <paulq> or just paste meeting ID here 17:30:35 <s3wong> OK, I will have to switch to Mac to switch to WebEx (currently on Linux) 17:30:47 <dconde> I get a "Thanks for using WebEx" message 17:31:01 <dconde> but not taken into the WebEx itself. 17:32:54 <s3wong> tbachman: end meeting? 17:33:21 <dlenrow> Not sure service chaining can/should support virtual functions that are built in hypervisors outside the view of the network (incuding local vswitch). Every other case maps nicely to EPGs 17:33:44 <dlenrow> Look forward to discussing MIkes proposed SFC in GBP model monday 17:33:56 <mickey_spiegel> I need a function applied. Could be load balancing, firewall, IPS/IDS. A solution that precludes that being implemented in a hypervisor is not an acceptable solution. 17:35:29 <dlenrow> In every hypervisor implementation I,m aware of that VF is a virtual machine accessed by a VIP which can be in an EPG. If folks are so optimized they're inlining VFs without even the hypervisor vswitch knowing about it that is by definition outside the network policy domain 17:35:32 <mickey_spiegel> I also don't like using EPGs for this, because it confuses the app admin's intent. The app admin cares about what happens between the tenant workloads that he defines. Using the same construct for tenant workloads and these "virtual functions" confuses this separation, looks much more like traditional networking where you had to manually stitch appliances into the path, for example through VLAN stitching. That is what we want to 17:35:32 <mickey_spiegel> get away from. Adding a construct to clean that up seems good to me. 17:37:16 <tbachman> am back 17:37:17 <tbachman> tethering 17:37:19 <tbachman> the WebEx link — didn’t work for me 17:37:25 <dlenrow> This is the nature of GBP hierarchical model. Operator admin defines some VFs and EPGs. tenant user is aware of EPGs like internet and engineering. Operator guy is aware of EPGs that are VFs. One simple uniform concept for all reqardless of sophistication 17:37:47 <dlenrow> webex link bad for me too 17:37:57 <tbachman> #info dlenrow says This is the nature of GBP hierarchical model. Operator admin defines some VFs and EPGs. tenant user is aware of EPGs like internet and engineering. Operator guy is aware of EPGs that are VFs. One simple uniform concept for all reqardless of sophistication 17:38:16 <tbachman> are we off the hangout? 17:38:45 <dlenrow> I bailed. Maybe take this conversation to mail lists and wait on Mike proposal Monday at Requirements meeting? 17:39:51 * tbachman wonders if we should just do an endmeeting 17:39:54 <tbachman> anyone? 17:40:06 <tbachman> internetz disaster 17:40:34 <tbachman> going once 17:40:50 <tbachman> going twice 17:41:02 <tbachman> #endmeeting