#opendaylight-ovsdb: ovsdb_weekly

Meeting started by tbachman at 19:04:43 UTC (full logs).

Meeting summary

  1. agenda (tbachman, 19:04:52)
    1. https://meetings.opendaylight.org/opendaylight-ovsdb/2015/osvsdb_weekly_call/opendaylight-ovsdb-osvsdb_weekly_call.2015-03-24-19.06.html Last recorded meeting minutes (tbachman, 19:04:59)

  2. status (tbachman, 19:06:07)
    1. shague added some manual test verification tasks (tbachman, 19:08:29)
    2. ACTION: adetalhouet to move some tasks to doing in Trello (tbachman, 19:09:00)
    3. adetalhouet (adetalhouet, 19:09:18)
    4. shague said that VTEP con-call this morning invovled trying to decide the new APIs, and how it will map into neutron (tbachman, 19:09:21)
    5. vishnoianil is done with coding for ARP for external gateway — looking to hook it into main for external network, then will test (tbachman, 19:10:11)
    6. adetalhouet discovered an NPE in net-virt code in master branch, for distributed ARP (enable/disable) (tbachman, 19:12:34)
    7. flaviof says this NPE is not in stable/lithium (tbachman, 19:12:53)
    8. shague asks if this is related to bug 3545 (tbachman, 19:13:26)
    9. flaviof says the subject is the same, but the NPE is not (tbachman, 19:13:34)
    10. https://gist.github.com/adetalhouet/204976edfef309c06edf (adetalhouet, 19:15:08)
    11. https://gist.github.com/adetalhouet/204976edfef309c06edf capture of NPE condition (tbachman, 19:15:31)
    12. vishnoianil points out that the properties file is in the controller, and not OVSDB — it probably doesn’t have this new property, which is causing the problem (tbachman, 19:18:13)
    13. flaviof says that it should be coded in a way that if the config isn’t there, it should handle it (it checks if the property is null) (tbachman, 19:18:49)
    14. afredette says he’s going to put a proposal together for SNAT support for sometime next week (tbachman, 19:20:39)
    15. vishnoianil says that clustering is the next thing on his plate after the ARP resolver (tbachman, 19:21:47)
    16. vishnoianil is going to work with flaviof on a tentative plan for clustering support (tbachman, 19:22:01)
    17. vishnoianil is looking to create a device-to-instance lock so that devices can be distributed across instances (tbachman, 19:22:49)
    18. shague asks if persistence and high availability is part of clustiner (tbachman, 19:23:59)
    19. vishnoianil says clustering enables persistence, high availability, and scalability (tbachman, 19:24:24)
    20. https://lists.opendaylight.org/pipermail/ovsdb-dev/2015-July/001654.html email from shague to list on support for wildcard queries of MD-SAL (tbachman, 19:27:18)
    21. shague says that ttkacik responded saying they’re working on adding wildcard query support to the MD-SAL (tbachman, 19:27:37)

  3. Security Groups presentation (tbachman, 19:27:51)
    1. aswinsuryan says they were trying to look at parity with openstack for security groups (tbachman, 19:28:31)
    2. they broke it into fixed security rules and security group CRUD (tbachman, 19:28:44)
    3. Fixed Security Rules are added despite whether a security group is selected or not, and adds a predefined set of rules which aren’t customizeable (tbachman, 19:29:15)
    4. Security Group CRUD is customizeable (tbachman, 19:29:27)
    5. For Fixed Security Groups, it allows ingress DHCP traffic and same-net traffic, but drops all other ingress (tbachman, 19:29:52)
    6. For egress, it drops any source IP/MAC pair other than that fo the connected VM; drops any DHCP server traffic from the VM; but allows all other traffice (tbachman, 19:30:21)
    7. Conntrack Rules drop packets that appear related to an existing connection but do not have an entry in conntrack; allows packets associated with a known session (tbachman, 19:30:55)
    8. shague asks if the conntrack referenced in the slides is different from OVS conntrack (tbachman, 19:32:58)
    9. aswinsuryan says this is from iptables (tbachman, 19:33:04)
    10. shague says that conntrack is a new feature that the OVS team is looking to add in a future release (tbachman, 19:33:20)
    11. aswinsuryan says the currently the DHCP rules are added, the rest need to be added (tbachman, 19:34:00)
    12. modules to work on: neutron (needs to be ported to MD-SAL); net-virt: add a listener for MD-SAL notifications; add logic to process CRUD operations in PortSecurityHandler; Uncomment the code in OF13Provider to handle SecurityGroup handling on an interface update; in Egress/IngressAclService add logic to support multiple protocols (tbachman, 19:35:23)
    13. shague asks if the security group work will require more nicira extensions (tbachman, 19:36:27)
    14. tbachman says that GBP has implemented support for SG, but isn’t sure how comprehensive it is (tbachman, 19:38:55)
    15. vishnoianil asks if security groups allow support at the connection level as well (tbachman, 19:40:07)
    16. flaviof says they have rules like allow HTTP or don’t allow SSH (tbachman, 19:40:29)
    17. flaviof says the initial implementation by networkstatic checks for initial SYN packet (tbachman, 19:40:49)
    18. vishnoianil asks aswinsuryan if they have an OVS setup where they can test L7 flows (tbachman, 19:41:55)
    19. aswinsuryan says they’re trying to map ip-tables constructs into flow-mods (tbachman, 19:44:55)
    20. LuisGomez says to filter using destination and source port works with openflow, but what can be done for state (e.g. TCP)? (tbachman, 19:48:15)
    21. LuisGomez says this is needed for things like stateful firewalls (tbachman, 19:49:34)
    22. vishnoianil asks if openstack tries to resolve conflicts between security group rules (e.g. allow and deny both configured) (tbachman, 19:51:03)
    23. aswinsuryan says he hasn’t checked that (tbachman, 19:51:27)
    24. flaviof says normally we defer to openstack to do the right thing (tbachman, 19:52:31)
    25. tbachman asks if the fix for Security Groups in stable/kilo will be backported (tbachman, 19:54:16)
    26. flaviof says that armando was going to look at it, but hasn’t heard back from him yet (tbachman, 19:54:28)
    27. flaviof says we can either neuter the callbacks, or have a commit in stable/kilo to fix this (tbachman, 19:54:56)


Meeting ended at 19:56:33 UTC (full logs).

Action items

  1. adetalhouet to move some tasks to doing in Trello


Action items, by person

  1. adetalhouet
    1. adetalhouet to move some tasks to doing in Trello


People present (lines said)

  1. tbachman (67)
  2. adetalhouet (4)
  3. odl_meetbot (4)
  4. odp-gerritbot (3)
  5. mohnish (1)
  6. shague (0)
  7. flaviof (0)


Generated by MeetBot 0.1.4.