#opendaylight-group-policy log

17:01:35 <tbachman> #startmeeting gbp_arch
17:01:35 <odl_meetbot> Meeting started Fri Jul 11 17:01:35 2014 UTC.  The chair is tbachman. Information about MeetBot at http://ci.openstack.org/meetbot.html.
17:01:35 <odl_meetbot> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:01:35 <odl_meetbot> The meeting name has been set to 'gbp_arch'
17:01:48 * tbachman waits for folks to join
17:04:42 <dlenrow> Somebody snoring on the hangout?
17:05:23 <dlenrow> Chewbacca noises?
17:05:40 <tbachman> dlenrow: being pinged in hangout
17:05:44 <tbachman> you’re on mute
17:06:16 <dlenrow> off mute. Still nothing but animal noises coming my way. You can't hear me?
17:06:19 <tbachman> dlenrow: we can hear you
17:06:23 <tbachman> but you don’t seem able to hear us
17:06:41 <tbachman> we are at 10 on the hangout
17:06:44 <dlenrow> Literally it sounds like a recording of a sleeping grizzly or something. Will reconnect
17:06:54 <dlenrow> Switch to Webex?
17:08:29 <mickey_spiegel> Can someone dial me in at 408 956 3575. If so, I will drop off the computer and then I can talk
17:08:37 <tbachman> mickey_spiegel: will do
17:08:55 <dlenrow> Can you also call me 617 3764891?
17:09:10 <tbachman> will do
17:10:15 <hemanthravi> logging off..
17:10:41 <hemanthravi> on hangout, should have another spot now
17:10:48 <tbachman> hemanthravi: thx
17:11:04 <tbachman> dlenrow: I don’t think I got the right phone #
17:11:32 <tbachman> dlenrow: can you double-check the phone #
17:11:33 <tbachman> ?
17:11:35 <dlenrow> 617 329 1861
17:11:37 <tbachman> ah
17:11:38 <dlenrow> Sorry
17:11:39 <tbachman> :)
17:13:36 <tbachman> #info dlenrow thinks of virtual functions as EPGs, which can have contracts with other EPGs
17:14:40 <tbachman> #info an example contract can be send IP traffic to the internet, and service chain EPG would provide a contract to handle the chain to send to the internet
17:14:58 <tbachman> #info dlenrow asks whether EPGs can support sEPGs
17:15:10 <tbachman> #info recursion in the model is modeled as a linked list
17:15:16 <tbachman> #info due to a yang limitation
17:15:39 <tbachman> #info dlenrow thinks of chains as an ordered list of EPGs
17:16:08 <tbachman> #info dvorkinista says that the goal here is to provide intent,
17:16:22 <tbachman> #info and he thinks that enforcing the EPG in the hypervisor might not be the right thing to do.
17:16:36 <tbachman> #info b/c you might not be able to satisfy the constraints in the hypervisor
17:17:06 <tbachman> #info it would be nicer if we can think of a service chain as an ordered graph to which traffic is subjected
17:17:13 <tbachman> #info like filters or transformers
17:17:30 <tbachman> #info dvorkinista says these are functions you subject traffic to
17:17:53 <tbachman> #info (i.e. apply subject or set of subjects to the conversation)
17:19:14 <tbachman> #info dlenrow says that the job of assigning which EP in an EPG to send the traffic through is a job of the renderer
17:19:44 <tbachman> #info dvorkinista says this is essentially correct, but w/o a network address involved
17:20:16 <tbachman> #info paulq says that as long as you have a locator, that’s enough, regardless of locator
17:20:25 <tbachman> #info dvorkinista says that locator is an implementation detail.
17:20:56 <tbachman> #info as an example, a firewall followed by a load balancer, he doesn’t care what device, IP address, etc.
17:21:08 <tbachman> #info b/c the goal is to capture the intent in a portable way
17:23:48 <tbachman> I think there’s a lag
17:24:26 <tbachman> #info dlenrow says that there’s still a policy that says that you want to go through something (e.g. firewall)
17:24:39 <tbachman> #info dvorkinista says it’s not a EP abstraction
17:24:57 <tbachman> #info where the abstraction is a service graph of logical functions, which can map 1:1 to a box, or N:N
17:25:31 <tbachman> #info dlenrow asks if we agree that from the network’s perspective, a function is something that we have to send packets throuugh
17:25:38 <tbachman> #info dvorkinista says not necesarrily
17:25:49 <tbachman> #info if it’s done in a hypervisor, you don’t redirect anything
17:25:56 <tbachman> #info b/c it’s all confined to the virtual switch
17:26:10 <tbachman> #info dlenrow says that the virtual function still has an IP address
17:26:42 <tbachman> #info dvorkinista says this can be enforced right in the hypervisor, like nicria/NSX zone-based security
17:27:05 <tbachman> #info dlenrow says that in an SDN domain, this is all enforced by a controller
17:29:09 <alagalah> https://cisco.webex.com/mw0401l/mywebex/default.do?siteurl=cisco&service=1&main_url=%2Fmc0901l%2Fmeetingcenter%2Fdefault.do%3Fsiteurl%3Dcisco%26main_url%3D%252Fmc0901l%252Fmeetingcenter%252Fmeetingend%252Flandingpage.do%253Fsiteurl%253Dcisco%2526ishost%253Dtrue%2526NM%253Dkrb%2526AD%253Dkrb%2540cisco.com%2526STD%253D1&rnd=-2133996819
17:29:14 <tbachman> #action dvorkinista will write up a sketch of the model he’s thinking, which can be discussed on monday or some other meeting
17:30:14 <paulq> that's the wrong URL
17:30:18 <paulq> you need the one for the meeting
17:30:20 <paulq> that's the landing page I think
17:30:25 <paulq> or just paste meeting ID here
17:30:35 <s3wong> OK, I will have to switch to Mac to switch to WebEx (currently on Linux)
17:30:47 <dconde> I get a "Thanks for using WebEx" message
17:31:01 <dconde> but not taken into the WebEx itself.
17:32:54 <s3wong> tbachman: end meeting?
17:33:21 <dlenrow> Not sure service chaining can/should support virtual functions that are built in hypervisors outside the view of the network (incuding local vswitch). Every other case maps nicely to EPGs
17:33:44 <dlenrow> Look forward to discussing MIkes proposed SFC in GBP model monday
17:33:56 <mickey_spiegel> I need a function applied. Could be load balancing, firewall, IPS/IDS. A solution that precludes that being implemented in a hypervisor is not an acceptable solution.
17:35:29 <dlenrow> In every hypervisor implementation I,m aware of that VF is a virtual machine accessed by a VIP which can be in an EPG. If folks are so optimized they're inlining VFs without even the hypervisor vswitch knowing about it that is by definition outside the network policy domain
17:35:32 <mickey_spiegel> I also don't like using EPGs for this, because it confuses the app admin's intent. The app admin cares about what happens between the tenant workloads that he defines. Using the same construct for tenant workloads and these "virtual functions" confuses this separation, looks much more like traditional networking where you had to manually stitch appliances into the path, for example through VLAN stitching. That is what we want to
17:35:32 <mickey_spiegel> get away from. Adding a construct to clean that up seems good to me.
17:37:16 <tbachman> am back
17:37:17 <tbachman> tethering
17:37:19 <tbachman> the WebEx link — didn’t work for me
17:37:25 <dlenrow> This is the nature of GBP hierarchical model. Operator admin defines some VFs and EPGs. tenant user is aware of EPGs like internet and engineering. Operator guy is aware of EPGs that are VFs. One simple uniform concept for all reqardless of sophistication
17:37:47 <dlenrow> webex link bad for me too
17:37:57 <tbachman> #info dlenrow says This is the nature of GBP hierarchical model. Operator admin defines some VFs and EPGs. tenant user is aware of EPGs like internet and engineering. Operator guy is aware of EPGs that are VFs. One simple uniform concept for all reqardless of sophistication
17:38:16 <tbachman> are we off the hangout?
17:38:45 <dlenrow> I bailed. Maybe take this conversation to mail lists and wait on Mike proposal Monday at Requirements meeting?
17:39:51 * tbachman wonders if we should just do an endmeeting
17:39:54 <tbachman> anyone?
17:40:06 <tbachman> internetz disaster
17:40:34 <tbachman> going once
17:40:50 <tbachman> going twice
17:41:02 <tbachman> #endmeeting