#opendaylight-group-policy: gbp_usecase

Meeting started by tbachman at 20:03:58 UTC (full logs).

Meeting summary

  1. service insertion (tbachman, 20:04:06)
    1. picking up conversation from last meeting (tbachman, 20:06:46)
    2. dlenrow had come up with a way of using EPGs to represent virtual functions (tbachman, 20:07:06)
    3. dvorkinista draws example on white board (tbachman, 20:08:45)
    4. starting with contract and a subject, with a bunch of actions, one of which is redirect (tbachman, 20:09:00)
    5. the chain has a set of logical functions that connect to each other (tbachman, 20:09:26)
    6. on each side of the chain there are two terminals, an In, and an Out (tbachman, 20:09:44)
    7. whoever consumes the contract implicitly gets connected to the terminals (tbachman, 20:10:09)
    8. The logical function is just like an object (tbachman, 20:10:21)
    9. it can be enforced like an EPG, but it doesn’t have to (tbachman, 20:10:29)
    10. If you look at various L4-7 enforcement in the Hypervisor where there is no redirection, you can do this in the dataplane (tbachman, 20:10:50)
    11. This way you can do firewalling and load balancing in a very straightforward way (tbachman, 20:11:07)
    12. This allows us to be very architectually independent (tbachman, 20:11:28)
    13. dlenrow asks if a redirect is a clause? (tbachman, 20:11:52)
    14. dvorkinista says this is an action (tbachman, 20:11:58)
    15. uchau asks how we represent the chain (tbachman, 20:12:06)
    16. dvorkinista says lets not talk about that yet, but it may be a model tweak (tbachman, 20:12:24)
    17. dlenrow says that we are the network policy service to the extent that anything visible to the network needs to be managed by the control plane, which is in our domain (tbachman, 20:13:03)
    18. dlenrow says that these functions are provided in the hypervisor, which makes them transparent (tbachman, 20:13:21)
    19. dvorkinista says that you still need to describe these functions, and the goal is to describe the functions without caring where they’re are implemented or how they’re implemented. (tbachman, 20:15:42)
    20. dlenrow feels that the policy layer needs to specify that a particular EPG needs to go through a particular service chain, so there could potentially be 100’s of this service function across the network (tbachman, 20:16:28)
    21. but you don’t care about any of that - the policy is to just make it go through the service chain (tbachman, 20:16:43)
    22. dlenrow says that its up to the SDN controller to decide where to send it to. (tbachman, 20:17:23)
    23. dvorkinista agrees (tbachman, 20:17:32)
    24. dvorkinista doesn’t want to think in terms of addresses, b/c it only works for L3 services (tbachman, 20:18:02)
    25. dvorkinista says we should assume that it can be physical funciton, virtual function, or implemented in a hypervisor within a virtual switch (tbachman, 20:18:24)
    26. the idea is express the reqiurement in a way that doesn’t dictate an implementation detail. (tbachman, 20:18:53)
    27. readams1 notes that at one point we asked if we should do a special model of the service chain using L2 services, but model L3 services using the EP concept. (tbachman, 20:19:30)
    28. dvorkinista says what happens if you implement a load balancer in the hypervisor (tbachman, 20:19:52)
    29. dvorkinista is worried about overloading concepts (tbachman, 20:20:01)
    30. readams1 says you could say there are L2 services that are transparent, and L3 services that are definied as a service chain, and infrastructure can dictate some of this. (tbachman, 20:20:35)
    31. readams1 says that for L2 services, they are “bump-in-the-wire” services (tbachman, 20:21:14)
    32. In L3 services, the EP itself will have as its next hop as the destination of the service (tbachman, 20:21:46)
    33. dlenrow says that you don’t change default gateways — a redirect is an exception to the rules, nto a reconfiguration of the rules (tbachman, 20:22:07)
    34. dvorkinista says that with SLB, gateways, FW’s w/NAT, from the standpoint of the consumer, you’re talking to that specific function (tbachman, 20:22:46)
    35. dvorkinista draws a group1 and a group2, along with a load balancer (tbachman, 20:23:05)
    36. the load balancer has a VIP (tbachman, 20:23:13)
    37. group1 treats the load balancer as the IP address that it talks to (tbachman, 20:23:27)
    38. it’s kind of like an EP sitting in its dedicated group (tbachman, 20:23:38)
    39. dlenrow says that if you’re a tenant, you’d be completely unaware of the elements in the service chain (tbachman, 20:24:01)
    40. something further up the heirarchy is the one that handles adding the function transparently (tbachman, 20:24:26)
    41. dvorkinista says that typically those services are transparent (tbachman, 20:24:35)
    42. mickey_spiegel says that there are 3 cases (tbachman, 20:25:28)
    43. transparent where destIP/destMAC are the destination (tbachman, 20:25:51)
    44. a case where destIP is destination but destMAC isn’t (tbachman, 20:26:00)
    45. and case where destIP is the service (tbachman, 20:26:07)
    46. dvorkinista says there are a lot of devices out there that make this challenging, but we can separate them into these 3 categories (tbachman, 20:26:35)
    47. mickey_spiegel says that we also need to be careful with load balancers, the source address may be the original L3 address, but in other cases, it may be a much different address (tbachman, 20:27:45)
    48. dvorkinista says lets separate two use cases (tbachman, 20:28:10)
    49. one use case is where user knows which function he wants to subject his traffic two (tbachman, 20:28:26)
    50. and the other where a service provider wants to do this transparently (tbachman, 20:28:38)
    51. mickey_spiegel would like it to be the infrastructure policies to control this (tbachman, 20:28:59)
    52. https://plus.google.com/hangouts/_/calendar/ZHZvcmtpbkBub2lyb25ldHdvcmtzLmNvbQ.uolfotg4sa666uvf4iefogm44k (readams, 20:33:26)
    53. dlenrow says there are two different things (tbachman, 20:34:56)
    54. case where theree’s a server load balancer that a tenant is aware of (tbachman, 20:35:11)
    55. dlenrow claims that none of that has nothing to do with service chaining (tbachman, 20:35:25)
    56. dlenrow and that the service chain is invisible to the tenant (tbachman, 20:35:36)
    57. dvorkinista says what if he wants to have his own firewall (tbachman, 20:35:47)
    58. and explicitly wants to define a chain that works a particular way (tbachman, 20:35:59)
    59. dlenrow looks at service chaining as a provider service (tbachman, 20:36:14)
    60. dvorkinista says that there are two cases (tbachman, 20:36:20)
    61. dlenrow says both cases have merit, but only one of them is NFV (i.e. which service providers care about) (tbachman, 20:36:42)
    62. dlenrow feels that service chaining is something very specific (tbachman, 20:36:54)
    63. dvorkinista says we can call the other case service insertion instead of service function chaining (tbachman, 20:38:44)
    64. The service provider case can remain service function chaining/NFV (tbachman, 20:39:27)
    65. readams provides an example of an AWS load balancer, where the user can allocate and manage the load balancer (tbachman, 20:41:11)
    66. alagalah says that one is explicit and the other is implicit (tbachman, 20:41:30)
    67. dlenrow says we should solve these two use cases separately (tbachman, 20:41:50)
    68. dvorkinista thinks we can still describe them in the exact same way (similar syntax and semantics) (tbachman, 20:42:12)
    69. and therefore can rely on a very similar model to achieve both of them (tbachman, 20:42:25)
    70. mickey_spiegel want says that the datacenter explicit use case is a very important one (tbachman, 20:44:14)
    71. dvorkinista says lets think about this and reconvene in Friday’s arch meeting (tbachman, 20:46:38)
    72. dlenrow would like to push on (tbachman, 20:47:11)
    73. dvorkinista unfortunately has another call in 15 minutes (tbachman, 20:47:20)
    74. dlenrow would like to see a specific proposal that we can execute against (tbachman, 20:47:46)
    75. dvorkinista asks the format of such a proposal (tbachman, 20:47:55)
    76. dlenrow asks if this is complete (tbachman, 20:48:24)
    77. dvorkinista feels it isn’t, but that it’s one we can add to (tbachman, 20:48:34)
    78. readams says that we need someone to come up with a strawman proposal to talk aruond (tbachman, 20:48:50)
    79. ACTION: dvorkinista will draw up a strawman proposal (tbachman, 20:49:20)
    80. ACTION: dlenrow will come up with a small handful of service chain examples to walk through based on the strawman to see how well it works (tbachman, 20:49:55)
    81. ACTION: alagalah to set up webexs for the meetings (tbachman, 20:51:58)


Meeting ended at 20:52:02 UTC (full logs).

Action items

  1. dvorkinista will draw up a strawman proposal
  2. dlenrow will come up with a small handful of service chain examples to walk through based on the strawman to see how well it works
  3. alagalah to set up webexs for the meetings


Action items, by person

  1. dvorkinista
    1. dvorkinista will draw up a strawman proposal
  2. UNASSIGNED
    1. dlenrow will come up with a small handful of service chain examples to walk through based on the strawman to see how well it works
    2. alagalah to set up webexs for the meetings


People present (lines said)

  1. tbachman (93)
  2. odl_meetbot (3)
  3. sanjayagrawal (2)
  4. readams (1)
  5. dvorkinista (1)


Generated by MeetBot 0.1.4.