#opendaylight-meeting: OpenDaylight TSC Mtg - 05-15-2014
Meeting started by phrobb at 16:59:16 UTC
(full logs).
Meeting summary
-
- dmm (dmm,
16:59:31)
- TSC Members please #info in (phrobb, 16:59:35)
- regXboi is on the way (regXboi,
17:00:44)
- Kent Watsen (kwatsen,
17:01:19)
- Ed Warnicke (edwarnicke,
17:02:47)
- regXboi has made it (regXboi,
17:03:12)
- Madhu Venugopal (Madhu_Idle,
17:03:17)
- Madhu Venugopal (for Chris Wright) (Madhu_Idle,
17:03:32)
- Agenda Bashing (phrobb, 17:03:45)
- welcome regXboi to TSC! (tbachman,
17:04:05)
- agenda bashing to a minimum in favor of
creation reviews (regXboi,
17:04:29)
- Chris Price (ChrsPriceAB,
17:04:56)
- Creation Reviews AAA Service (phrobb, 17:04:57)
- https://wiki.opendaylight.org/view/Project_Proposals:AAA_Service
(regXboi,
17:05:08)
- regXboi makes a scribe request to have the
slides linked to the project proposal page (regXboi,
17:09:43)
- question about authorization being for the
bundle itself (regXboi,
17:11:47)
- question and does this include certificates,
etc. (regXboi,
17:12:04)
- answer yes, bundles would be signed and use
osgi security to make this work (regXboi,
17:12:22)
- concerns mentioned on having an Auth system
without audit capabilties (phrobb,
17:14:26)
- Ryan Moats (IBM) suggests he would like to see
"Auditing" added to the AAA proposal (RobDolin,
17:19:49)
- Chris Price (Ericsson) asks if committers are
interested in doing auditing (RobDolin,
17:20:37)
- discussion continues on the need for auditing
vs the TSC mandating the addition of functions to a project brought
forward (phrobb,
17:22:33)
- concerned raised that retro-fitting auditing is
difficult so if it isn't part of the this proposal, fixing it's
absence later will be hard (phrobb,
17:24:05)
- question for TSC "are we comfortable having
authentication/authorization without auditing? (phrobb,
17:24:41)
- compromise suggested to have Auditing hooks at
a minimum (phrobb,
17:25:12)
- regXboi volunteers to find resource to add at
least auditing hooks… did i get that right regXboi ? (phrobb,
17:26:03)
- question asks on RBAC Auth - will there be
roles, answer is "yes" (phrobb,
17:31:52)
- question: will this be mandatory for other
projects to use (regXboi,
17:32:18)
- answer: that is out of scope for creation
review (regXboi,
17:32:34)
- VOTE: Voted on "Shall
AAA Service project be accepted into ODL as an incubation project?"
Results are, +1: 7 (phrobb,
17:33:16)
- AGREED: AAA service
is moved to Incubation (phrobb,
17:33:42)
- L2 Switch Creation Review (phrobb, 17:33:50)
- question - Reactive with Packet-In, but is
there any pro-active behavior in this L2 switch? (phrobb,
17:40:40)
- no value-added service for pro-active planned.
It is possible, but not inplan (phrobb,
17:41:19)
- lenrow (lenrow,
17:42:24)
- the project can add proactive as an addition to
flow-writer service… this will be added as an official
feature (phrobb,
17:42:30)
- quiet applause for the inclusion of lenrow as
the newest TSC member (phrobb,
17:43:25)
- question how will L2 switch interact with other
sevices such as simple forwarder? (phrobb,
17:45:23)
- A: L2 switch and other services will need to
be configurable to avoid conflicts (phrobb,
17:46:15)
- Q: what is the view of the project regarding
dealing with tunnels and packets where L2 can talk about both an
inside and outside header? (phrobb,
17:48:07)
- additionally, can we recurse through this to
get interesting vswitch behavior where pealing off encapsulation to
do multi-level decoding (phrobb,
17:49:33)
- not to mandate scope, just wanting to
understand how that would work (phrobb,
17:49:56)
- for Multi-tenancy there are as yet unscoped
features that will be interesting in this project (phrobb,
17:51:20)
- more investigation will be needed for
multi-tenancy and the full system-wide implications (phrobb,
17:52:48)
- As a general project proposal comment, scoping
the project is separate from feature-sets planned for a given
simultaneous release (phrobb,
17:53:49)
- VOTE: Voted on "Shall
L2 Switch project be accepted into ODL as an incubation project?"
Results are, 0: 1, +1: 6 (phrobb,
17:58:03)
- AGREED: L2 Switch is
moved to incubation within ODL (phrobb,
17:58:20)
- Creation Review Service Function Chaining Project (phrobb, 17:58:41)
- Thank you to everyone on behalf of the L2
Switch Project team! (raghu67,
17:59:03)
- https://wiki.opendaylight.org/view/Project_Proposals:Service_function_chaining
(regXboi,
17:59:38)
- Q how does this relate to NSH? (phrobb,
18:09:54)
- A: NSH shims between the transport headers and
the original payload (phrobb,
18:10:15)
- Q what is openflow doing here? (phrobb,
18:11:26)
- Q: How does the instantiation of services
occur?…A: this project assumes that the service is instantiated
outside of the scope of this project (phrobb,
18:13:27)
- Q what service chaining types will be possible
in this first version? (phrobb,
18:15:02)
- VOTE: Voted on "Shall
Service Function Chaining project be accepted into ODL as an
incubation project?" Results are, +1: 7 (phrobb,
18:19:05)
- AGREED: Service
Function Chaining is moved to Incubation (phrobb,
18:19:23)
- Secure Network Bootstrapping Infrastructure Creation Review (phrobb, 18:20:02)
- https://wiki.opendaylight.org/view/Project_Proposals:Secure_Network_Bootstrapping_Infrastructure
(regXboi,
18:20:06)
- regXboi thanks snbi team for linking slides to
proposal page (regXboi,
18:21:11)
- Q: the tunnel infra is created hop by hop. Is
the encryption hop by hop? A: Yes, encryption is hop by hop
(phrobb,
18:30:28)
- Q: Do you assume the virtual forwarding
elements will also be part of this? (phrobb,
18:34:14)
- Q: Does this framework only work for physical
forwarding elements or will this also work for virtual forward
elements… particularly when there can be many, many virtual
forwarding elements? Particularly with certificates that are
replicated on virtual devices? (phrobb,
18:36:00)
- be sure to take a look at
draft-kwatsen-netconf-zero-touch too ;) (kwatsen,
18:36:07)
- A: that is a very good question. There will
need to be a method to handle virtual FEs in this case (phrobb,
18:37:34)
- middle attacks in hop by hop encryption where
virtual FEs are present is a concern (phrobb,
18:38:31)
- https://lists.opendaylight.org/pipermail/project-proposals/2014-April/000137.html
- project proposal submitted Apr 29 (edwarnicke,
18:38:51)
- Nothing will be done new in how communication
happens using certificates and encryption. (phrobb,
18:41:31)
- https://wiki.opendaylight.org/view/Project_Proposals:Main#Instructions_For_Submitting_New_Proposals
- emailing project-proposals is (currently) the point of reference
for a proposal actually being submitted :) (edwarnicke,
18:41:33)
- concern/suggestion is that it is better to do
end to end encryption from each FE instead of hop-by-hop
encrypt/decrypt. (phrobb,
18:42:14)
- there is a trade-off in End to end encryption
and encryption methods supported and performance vs hop by hop
encryption on this management channel (phrobb,
18:44:27)
- A it is noted that end to end encryption can
still be done outside of this mgmt channel (phrobb,
18:44:55)
- Q: does the user get to choose the strength of
the encryption? (phrobb,
18:45:37)
- A: It is possible for the user to be able to
choose (phrobb,
18:46:00)
- concern is to deal with export restrictions etc
for different uses/locations (phrobb,
18:46:33)
- the scope of encryption strength may not fall
in Helium/Lithium but it will be possible (phrobb,
18:47:15)
- can a non snbi enabled FE be part of the
network? (regXboi,
18:48:28)
- Q: elements may not support this feature. If
it doesn't, what will happen?… will the FEs be excluded from the
topology? (phrobb,
18:48:38)
- Madhu asked about what happens if some
intermediate node does not have this capability (edwarnicke,
18:48:45)
- A: intermediate FEs may end up being separate
islands in the mgmt channel, but that should not prohibit
connectivity - it will just need to be manually added (phrobb,
18:50:49)
- Madhu vote +0 (regXboi,
18:53:38)
- (Madhu lost battery, so voice vote
above) (regXboi,
18:54:18)
- (dmm lost connectivity, so voice vote)
(regXboi,
18:54:32)
- dmm +1 (regXboi,
18:54:34)
- VOTE: Voted on "Shall
Secure Network Bootstrapping Infrastructure (SNBI) project be
accepted into ODL as an incubation project?" Results are, +1:
5 (phrobb,
18:54:47)
- adjustment to +1 6, 0 1 (regXboi,
18:55:10)
- AGREED: SNBI moved to
Incubation (phrobb,
18:55:19)
- NDM Renaming request (phrobb, 18:55:54)
- NDM project assumed that ONF would name the
standard NDM (regXboi,
18:56:31)
- ONF has changed the specification name to
TTP (regXboi,
18:56:52)
- so project would like to change its name to TTP
to align with ONF better (regXboi,
18:57:11)
- The project was called NDM because ONF was
planning to make the effort called NDM. The ONF has changed the
name to the TTP (Table Type Patterns) (phrobb,
18:57:35)
- so project would also like to change repo name
to ttp (regXboi,
18:57:36)
- Q: are we also looking to change the project
name to TTP (no objection, just want to make sure we have clarity on
the question)  (phrobb,
18:58:50)
- A: Repo and Project name is requested to be
changed to TTP from NDM (phrobb,
18:59:23)
- AGREED: The NDM
project and repo name will be changed to TTP (phrobb,
18:59:46)
- call dropped... but I do not object
(edwarnicke,
18:59:49)
Meeting ended at 19:01:04 UTC
(full logs).
Action items
- (none)
People present (lines said)
- phrobb (70)
- regXboi (42)
- odl_meetbot (23)
- edwarnicke (20)
- Madhu (12)
- ChrsPriceAB (10)
- lenrow (8)
- RobDolin (8)
- kwatsen (7)
- dmm (5)
- Madhu_Idle (2)
- tbachman (1)
- raghu67 (1)
- mlemay (1)
- regxboi (0)
Generated by MeetBot 0.1.4.