========================================= #opendaylight-group-policy: ODL-GBP-MODEL ========================================= Meeting started by dconde at 17:04:53 UTC. The full logs are available at http://meetings.opendaylight.org/opendaylight-group-policy/2014/odl_gbp_model/opendaylight-group-policy-odl_gbp_model.2014-05-23-17.04.log.html . Meeting summary --------------- * it’s Friday (tbachman, 17:07:22) * Friday morning typing experiment. (dvorkinista, 17:07:43) * review model (dconde, 17:08:11) * questions on model? by readams (dconde, 17:08:24) * one thing that may be useful is to look at the latest file (dconde, 17:08:39) * jan wants deleta (dconde, 17:08:58) * adding context (dconde, 17:09:02) * rename role into requirements (dconde, 17:09:08) * moving stuff around to the back (dconde, 17:09:13) * change to structure of document (dconde, 17:09:17) * no semantic change (dconde, 17:09:22) * change not pushed into repo is the removing of namespace inheritance mapper in the parameters. (dconde, 17:09:46) * the way inheritance working is that it does not add much. name can be in te matcher itself (dconde, 17:10:15) * no useful way of using it. (dconde, 17:10:27) * matcher quality vs. matcher xyz on the same name space was not too useful. It's best to define a different matcher with different semantics. (dconde, 17:11:07) * you can still over-ride it. (dconde, 17:11:19) * when you inherit a matcher. there are matcher labels with the addition of NS parameters (NS=name space) (dconde, 17:11:42) * a lebel in the child EPG inheri fro parent EPG (dconde, 17:11:57) * if the label with the same name in the child, it replaces it. (dconde, 17:12:12) * if it is defined in the child, it over-rides the parent matcher. (dconde, 17:12:45) * can you exclude a label? Yes. (dconde, 17:12:57) * if you define a label in child of anything, it will override the parent UNLESS you set hte inheritance to exclude, then the label will not be there. (dconde, 17:13:49) * that is called the inclusion rule. (dconde, 17:13:58) * dvorkinista says it's like the polymoprhism. (dconde, 17:14:39) * we can add overrides later. We should not import all semantics of programming languages into this this, just because you can. (dconde, 17:15:44) * uchau is talking about complex typse. (dconde, 17:16:21) * yang tools do not support that? can jan confirm that? (dconde, 17:16:37) * it's just not implemented in ODL? asks uchau (dconde, 17:16:46) * can we just put chd inside parent in complex types. (dconde, 17:17:07) * dvokinista says that is discourged in obj oriented systems. (dconde, 17:17:27) * the model is reasonable, says readams. (dconde, 17:17:33) * janmedved was there when it was defined. (dconde, 17:17:44) * this is the best we can do. we can explore extension to YANG. it does complicate things. (dconde, 17:18:10) * tree structure and the simple way to create it is lending itself to a simple implementation. we are exploring extension to YANG. (dconde, 17:18:36) * there aer advantages in lookup behavior in doing it that way. (dconde, 17:19:24) * uchau it is simpler from tree traversal point of view. it would be nice, dvokinista agrees it would be nice. (dconde, 17:20:00) * we can return link to parent in REST API, for example. (dconde, 17:20:30) * said readams. (dconde, 17:20:34) * when you have a ref to someting in a subtree, we can include an actual URI. (dconde, 17:20:50) * regxboi gets clarified. (dconde, 17:21:00) * regxboi says RESTconf does not do that today. it's a pointer, not a URI (dconde, 17:21:27) * we can do an extension , says readams (dconde, 17:21:45) * traffic (dconde, 17:22:12) * traffic within an EPG (dconde, 17:22:19) * 1) always allowed. (dconde, 17:22:27) * 2) traffic not allowed, and we need to enable it via a CONTRACT (dconde, 17:22:39) * dvorkinista says allow is like how VLANs work. (dconde, 17:23:02) * not allowed is like VDI. (dconde, 17:23:12) * or do a contract, that satisfied HP requirements. (dconde, 17:23:24) * challenge - how to define the policy in multi-cast and broadcast. Between EPG we can do unicast (dconde, 17:23:57) * if we ignore multicast, we can have a peering contract. (dconde, 17:24:10) * define a set of sibjects within EPG (dconde, 17:24:44) * or define a peer. (dconde, 17:24:49) * we need a way to apply a contract by stating it's a peer -- no direction. (dconde, 17:25:34) * we can say something like EPG -- all elements are allowed, or we can say all classifiers are interpreted as bidi as a peer. (dconde, 17:26:06) * since we do not want to define a new type of classifier with no direction. (dconde, 17:26:18) * we can prefabricate things, and put tha tinto the group itself. (dconde, 17:26:55) * but that complicates things, says dvorkinista (dconde, 17:27:06) * we need a differet model (dconde, 17:27:15) * we need a new MODE. (dconde, 17:27:24) * regxboi says - his gut reaction is lot of complexity for small incr. gain. (dconde, 17:28:16) * readams -- outside a Datacenter, we need it. (dconde, 17:28:29) * regxboi cries fowl (dconde, 17:28:34) * dvorkinista says we have requirements for different use cases from yesterday. (dconde, 17:29:12) * less moving parts is better? (dconde, 17:29:57) * regxboi says -- to degenerate conclusion, we need to to talk about contracts on EP? (dconde, 17:30:15) * people say no, it's a group attribute. (dconde, 17:30:23) * you either turn all OFF or ON, or provide a contract. (dconde, 17:30:45) * we can have a bunch of app servers, and allow no HTTP or SSH, and only allow control protocols. (dconde, 17:31:10) * we need a model on the EPG for allow or deny. (dconde, 17:31:40) * dvorkista this enables unified communications - sessions between different callers (End Pts) (dconde, 17:32:18) * boundaries are a TENANT. (dconde, 17:32:49) * cross tenant mutations -- have particular mechanisms for that. (dconde, 17:33:07) * uchau needs clarification. (dconde, 17:33:27) * EP are producer/consumer. we are introducing a ShORTcut since it's highly inconvenient. (dconde, 17:33:54) * we want to emulate VLAN behavior. (dconde, 17:34:00) * ans also the VDI behavior when no endpoint can talk to each other. (dconde, 17:34:15) * traffic belongs are defined as something within a group. (dconde, 17:34:34) * that makes it easier to understand. (dconde, 17:34:50) * we are folding contract concept within an EPG? (dconde, 17:34:58) * you will need to select contract by name (dconde, 17:35:13) * so we cannot enable anyone else to name and consume traffic. (dconde, 17:35:30) * are we stepping into restrictions? (dconde, 17:36:06) * it's not an issue of who gets to consume or not. (dconde, 17:36:22) * semantics for peer A can talk to Peer B (dconde, 17:36:32) * where does that get folded? in a contract. (dconde, 17:36:47) * uchau says do we have a special selector (dconde, 17:36:59) * we will have a special peer thing. for unified comm. we want to specify it once. (dconde, 17:37:17) * a select pts to a contract and then within a contract . how do we do the peer-to-peer association (dconde, 17:38:03) * a group specified a session. (dconde, 17:38:08) * if there are two EP, then there are 2 EP in a group. (dconde, 17:38:23) * we define a contract for the ENTIRE group. (dconde, 17:39:28) * we are not talking about End point to End point contracts. (dconde, 17:39:38) * uchau needs clarification (dconde, 17:40:03) * subgorup of two users? Not really. (dconde, 17:40:21) * lets say. session represents a group (dconde, 17:40:47) * a set of ports that members of the group will be talking to. (dconde, 17:40:56) * they will use the contracts that ….specify (dconde, 17:41:24) * we are switching to the whiteboard. (dconde, 17:41:35) * INTRA group comm via a PORT is a simple use-case (dconde, 17:42:40) * now a diff example (dconde, 17:43:08) * a DB cluster (dconde, 17:43:18) * a contract called SQL is applied (dconde, 17:43:29) * we want to restrict - to clustering protocol only. (dconde, 17:43:46) * we say there is a peer within group pointing to clustering protocol contract. (dconde, 17:44:04) * it is similar to contracts. it is scoped to group only (dconde, 17:44:24) * what about direction? (dconde, 17:44:56) * if a contracts has requirements/capability matchers. how do we eval them? (dconde, 17:45:55) * any reason for a peer target selector? no (dconde, 17:50:15) * AGREED: name selectors are sufficient. (dconde, 17:51:20) * how do we have tie breaker rules? (dconde, 17:51:37) * if there are two, then we apply them in order. (dconde, 17:52:07) * multiple contracts in scope is OK. (dconde, 17:52:17) * under rule application, go read that. let readams if that's wrong. (dconde, 17:53:24) * AGREED: we need to go read it and then talk next week (dconde, 17:53:39) * subject have order. (dconde, 17:54:06) * we have ordering rules for how they are applied (dconde, 17:54:19) * no mixing of rules in ACLs. that will not work. (dconde, 17:54:31) * read rule applicaton secton and subjects under inheritance. (dconde, 17:54:43) * regxboi says we are running out of time. he cannot make it to that one. (dconde, 17:55:17) * regxboi delegates to mspiegel. (dconde, 17:55:28) * HELP: (dconde, 17:56:05) * uchau wants policu def in JSON fmt. (dconde, 17:56:38) * please read Wiki and bring it up under RESTCONF now. (dconde, 17:56:55) * ask readams postings under mailing list. (dconde, 17:57:22) * if you go into swagger api docs, if you look at what it says, then only a small subset will work. so jan will look (dconde, 17:59:29) * put and post have different impl, and we think semantics are slightly different. (dconde, 17:59:47) * not high priorities. (dconde, 17:59:57) * go look in YANG model for the fields in a JSON obj under relevant type (dconde, 18:00:38) * use FireFox not Chrome (dconde, 18:01:07) * ACTION: readams will send link to mailing list on the use of REST API. -- it's better than curl from cmd line. (dconde, 18:02:35) Meeting ended at 18:03:13 UTC. People present (lines said) --------------------------- * dconde (138) * odl_meetbot (7) * tbachman (4) * alagalah_ (4) * dvorkinista (1) * s3wong (1) * regxboi (0) * alagalah (0) Generated by `MeetBot`_ 0.1.4