=================================
#opendaylight-ovsdb: ovsdb_weekly
=================================


Meeting started by tbachman at 19:04:43 UTC.  The full logs are
available at
http://meetings.opendaylight.org/opendaylight-ovsdb/2015/ovsdb_weekly/opendaylight-ovsdb-ovsdb_weekly.2015-07-07-19.04.log.html
.



Meeting summary
---------------

* agenda  (tbachman, 19:04:52)
  * LINK:
    https://meetings.opendaylight.org/opendaylight-ovsdb/2015/osvsdb_weekly_call/opendaylight-ovsdb-osvsdb_weekly_call.2015-03-24-19.06.html
    Last recorded meeting minutes  (tbachman, 19:04:59)

* status  (tbachman, 19:06:07)
  * shague added some manual test verification tasks  (tbachman,
    19:08:29)
  * ACTION: adetalhouet to move some tasks to doing in Trello
    (tbachman, 19:09:00)
  * adetalhouet  (adetalhouet, 19:09:18)
  * shague said that VTEP con-call this morning invovled trying to
    decide the new APIs, and how it will map into neutron  (tbachman,
    19:09:21)
  * vishnoianil is done with coding for ARP for external gateway —
    looking to hook it into main for external network, then will test
    (tbachman, 19:10:11)
  * adetalhouet discovered an NPE in net-virt code in master branch, for
    distributed ARP (enable/disable)  (tbachman, 19:12:34)
  * flaviof says this NPE is not in stable/lithium  (tbachman, 19:12:53)
  * shague asks if this is related to bug 3545  (tbachman, 19:13:26)
  * flaviof says the subject is the same, but the NPE is not  (tbachman,
    19:13:34)
  * LINK: https://gist.github.com/adetalhouet/204976edfef309c06edf
    (adetalhouet, 19:15:08)
  * LINK: https://gist.github.com/adetalhouet/204976edfef309c06edf
    capture of NPE condition  (tbachman, 19:15:31)
  * vishnoianil points out that the properties file is in the
    controller, and not OVSDB — it probably doesn’t have this new
    property, which is causing the problem  (tbachman, 19:18:13)
  * flaviof says that it should be coded in a way that if the config
    isn’t there, it should handle it (it checks if the property is null)
    (tbachman, 19:18:49)
  * afredette says he’s going to put a proposal together for SNAT
    support for sometime next week  (tbachman, 19:20:39)
  * vishnoianil says that clustering is the next thing on his plate
    after the ARP resolver  (tbachman, 19:21:47)
  * vishnoianil is going to work with flaviof on a tentative plan for
    clustering support  (tbachman, 19:22:01)
  * vishnoianil is looking to create a device-to-instance lock so that
    devices can be distributed across instances  (tbachman, 19:22:49)
  * shague asks if persistence and high availability is part of
    clustiner  (tbachman, 19:23:59)
  * vishnoianil says clustering enables persistence, high availability,
    and scalability  (tbachman, 19:24:24)
  * LINK:
    https://lists.opendaylight.org/pipermail/ovsdb-dev/2015-July/001654.html
    email from shague to list on support for wildcard queries of MD-SAL
    (tbachman, 19:27:18)
  * shague says that ttkacik responded saying they’re working on adding
    wildcard query support to the MD-SAL  (tbachman, 19:27:37)

* Security Groups presentation  (tbachman, 19:27:51)
  * aswinsuryan says they were trying to look at parity with openstack
    for security groups  (tbachman, 19:28:31)
  * they broke it into fixed security rules and security group CRUD
    (tbachman, 19:28:44)
  * Fixed Security Rules are added despite whether a security group is
    selected or not, and adds a predefined set of rules which aren’t
    customizeable  (tbachman, 19:29:15)
  * Security Group CRUD is customizeable  (tbachman, 19:29:27)
  * For Fixed Security Groups, it allows ingress DHCP traffic and
    same-net traffic, but drops all other ingress  (tbachman, 19:29:52)
  * For egress, it drops any source IP/MAC pair other than that fo the
    connected VM; drops any DHCP server traffic from the VM; but allows
    all other traffice  (tbachman, 19:30:21)
  * Conntrack Rules drop packets that appear related to an existing
    connection but do not have an entry in conntrack; allows packets
    associated with a known session  (tbachman, 19:30:55)
  * shague asks if the conntrack referenced in the slides is different
    from OVS conntrack  (tbachman, 19:32:58)
  * aswinsuryan  says this is from iptables  (tbachman, 19:33:04)
  * shague says that conntrack is a new feature that the OVS team is
    looking to add in a future release  (tbachman, 19:33:20)
  * aswinsuryan says the currently the DHCP rules are added, the rest
    need to be added  (tbachman, 19:34:00)
  * modules to work on: neutron (needs to be ported to MD-SAL);
    net-virt: add a listener for MD-SAL notifications; add logic to
    process CRUD operations in PortSecurityHandler; Uncomment the code
    in OF13Provider to handle SecurityGroup handling on an interface
    update; in Egress/IngressAclService add logic to support multiple
    protocols  (tbachman, 19:35:23)
  * shague asks if the security group work will require more nicira
    extensions  (tbachman, 19:36:27)
  * tbachman says that GBP has implemented support for SG, but isn’t
    sure how comprehensive it is  (tbachman, 19:38:55)
  * vishnoianil asks  if security groups allow support at the connection
    level as well  (tbachman, 19:40:07)
  * flaviof says they have rules like allow HTTP or don’t allow SSH
    (tbachman, 19:40:29)
  * flaviof says the initial implementation by networkstatic checks for
    initial SYN packet  (tbachman, 19:40:49)
  * vishnoianil asks aswinsuryan if they have an OVS setup where they
    can test L7 flows  (tbachman, 19:41:55)
  * aswinsuryan says they’re trying to map ip-tables constructs into
    flow-mods  (tbachman, 19:44:55)
  * LuisGomez says to filter using destination and source port works
    with openflow, but what can be done for state (e.g. TCP)?
    (tbachman, 19:48:15)
  * LuisGomez says this is needed for things like stateful firewalls
    (tbachman, 19:49:34)
  * vishnoianil asks if openstack tries to resolve conflicts between
    security group rules (e.g. allow and deny both configured)
    (tbachman, 19:51:03)
  * aswinsuryan says he hasn’t checked that  (tbachman, 19:51:27)
  * flaviof says normally we defer to openstack to do the right thing
    (tbachman, 19:52:31)
  * tbachman asks if the fix for Security Groups in stable/kilo will be
    backported  (tbachman, 19:54:16)
  * flaviof says that armando was going to look at it, but hasn’t heard
    back from him yet  (tbachman, 19:54:28)
  * flaviof says we can either neuter the callbacks, or have a commit in
    stable/kilo to fix this  (tbachman, 19:54:56)



Meeting ended at 19:56:33 UTC.



Action items, by person
-----------------------

* adetalhouet
  * adetalhouet to move some tasks to doing in Trello



People present (lines said)
---------------------------

* tbachman (67)
* adetalhouet (4)
* odl_meetbot (4)
* odp-gerritbot (3)
* mohnish (1)
* shague (0)
* flaviof (0)



Generated by `MeetBot`_ 0.1.4