Difference between revisions of "Meetings/VPNaaS"
Paul Michali (talk | contribs) (→Agenda) |
Paul Michali (talk | contribs) (→Agenda) |
||
| Line 15: | Line 15: | ||
= Agenda = | = Agenda = | ||
| − | Updated | + | Updated July 7th, 2015 |
| − | * | + | * Local tunnel IP |
* Multiple local subnet enhancement | * Multiple local subnet enhancement | ||
* BGP/MPLS VPN and Edge VPN discussion | * BGP/MPLS VPN and Edge VPN discussion | ||
| Line 27: | Line 27: | ||
| − | == | + | == Local Tunnel IP == |
| − | + | Working on implementing https://bugs.launchpad.net/neutron/+bug/1464387. Need to do migration and REST API output, and separate commit for Neutron client. Suggest we do validation check for IPsec connection, ensuring peer's IP version matches IP version of router's fixed IPs. | |
| Line 35: | Line 35: | ||
Ref: https://bugs.launchpad.net/neutron/+bug/1459423 | Ref: https://bugs.launchpad.net/neutron/+bug/1459423 | ||
| − | + | Review of developer reference doc (https://review.openstack.org/#/c/191944). Please check out latest comments and responses, so that we can converge on one of the three options and get a consensus on the concept and maybe on the naming? | |
| − | |||
| + | == BGP/MPLS and Edge VPN == | ||
| − | + | Need feedback from the BGP team, on the endpoints API proposal to see if it can adapt for use in the future for BGPVPN. | |
Please contribute use cases to https://etherpad.openstack.org/p/vpn-flavors, so that we can better understand the VPN variants that are being discussed. | Please contribute use cases to https://etherpad.openstack.org/p/vpn-flavors, so that we can better understand the VPN variants that are being discussed. | ||
| − | + | Anything to discuss here? Next steps? | |
| + | |||
| + | Info: | ||
| − | |||
* Edge-VPN http://git.openstack.org/cgit/stackforge/networking-edge-vpn/ with spec https://review.openstack.org/#/c/152377/ | * Edge-VPN http://git.openstack.org/cgit/stackforge/networking-edge-vpn/ with spec https://review.openstack.org/#/c/152377/ | ||
* BGP VPN https://github.com/stackforge/networking-bgpvpn with API proposa https://review.openstack.org/#/c/177740 | * BGP VPN https://github.com/stackforge/networking-bgpvpn with API proposa https://review.openstack.org/#/c/177740 | ||
| Line 65: | Line 66: | ||
Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)... | Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)... | ||
| + | * VPNaaS with HA routers? | ||
* User documentation for Networking Guide. (including limitations/restrictions) | * User documentation for Networking Guide. (including limitations/restrictions) | ||
* Coverage, especially in database and device driver modules, is lacking. | * Coverage, especially in database and device driver modules, is lacking. | ||
| Line 78: | Line 80: | ||
* Certificate support for IPSec (Barbican - see what LBaaS did to use certificate). - RFE created. | * Certificate support for IPSec (Barbican - see what LBaaS did to use certificate). - RFE created. | ||
* Devstack support for VPNaaS (see LBaaS including devstack setup in their repo). | * Devstack support for VPNaaS (see LBaaS including devstack setup in their repo). | ||
| − | |||
* There is interest by some on other VPN types (e.g. something similar to AWS DirectConnect and Azure ExpressRoute). | * There is interest by some on other VPN types (e.g. something similar to AWS DirectConnect and Azure ExpressRoute). | ||
* Should enhance/add unit test cases for: | * Should enhance/add unit test cases for: | ||
Revision as of 13:22, 7 July 2015
Contents
Meetings
- Weekly on-demand on Tuesdays at 1600 UTC
- IRC channel: #openstack-meeting-3
- Chair: pc_m (Paul Michali)
If you want to hold a meeting. Update this wiki page with agenda modifications, date of meeting desired, date of update, and then post a notice on the openstack-dev mailing list, at least 24 hours prior to the meeting start time. We have reserved this (new) channel on the IRC for the time/day of week.
Next meeting: Tuesday, June 30th, 2015 (No meeting on June 23rd).
Logs and Minutes
Meetings, with their notes and logs, will be found under http://eavesdrop.openstack.org/meetings/vpnaas/
Agenda
Updated July 7th, 2015
- Local tunnel IP
- Multiple local subnet enhancement
- BGP/MPLS VPN and Edge VPN discussion
Announcements
- Anything?
Local Tunnel IP
Working on implementing https://bugs.launchpad.net/neutron/+bug/1464387. Need to do migration and REST API output, and separate commit for Neutron client. Suggest we do validation check for IPsec connection, ensuring peer's IP version matches IP version of router's fixed IPs.
Multiple Local Subnets on VPN connection
Ref: https://bugs.launchpad.net/neutron/+bug/1459423
Review of developer reference doc (https://review.openstack.org/#/c/191944). Please check out latest comments and responses, so that we can converge on one of the three options and get a consensus on the concept and maybe on the naming?
BGP/MPLS and Edge VPN
Need feedback from the BGP team, on the endpoints API proposal to see if it can adapt for use in the future for BGPVPN.
Please contribute use cases to https://etherpad.openstack.org/p/vpn-flavors, so that we can better understand the VPN variants that are being discussed.
Anything to discuss here? Next steps?
Info:
- Edge-VPN http://git.openstack.org/cgit/stackforge/networking-edge-vpn/ with spec https://review.openstack.org/#/c/152377/
- BGP VPN https://github.com/stackforge/networking-bgpvpn with API proposa https://review.openstack.org/#/c/177740
Bugs under Review
Current bugs: VPN bugs
Current reviews: VPNaaS reviews
Need resolution of gate issues for: https://review.openstack.org/#/c/159746
Open Discussion
Bucket List
Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)...
- VPNaaS with HA routers?
- User documentation for Networking Guide. (including limitations/restrictions)
- Coverage, especially in database and device driver modules, is lacking.
- Need functional tests for OpenSwan device driver (and StrongSwan driver). Identify what's needed (MTU check, connection delete, admin up/down?, non-default configs [API or unit?], IPv6).
- Refactor duplication out of device driver code (OpenSwan, StrongSwan, Cisco, Vyatta)
- The OpenSwan class should be separated from the ABC definition, and placed into a new module.
- Remove /n from execute method in utils.py so that duplicate code can be removed in VPN drivers.
- Documentation on how to use StrongSwan
- Developer Reference Documentation needed.
- Documentation on the differences between StrongSwan and OpenSwan (and any limitations/restrictions of each - e.g. mixing IPv4/v6)
- StrongSwan execute_with_mount() to allow configurable rootwrap config file.
- Support for BGP/MPLS VPN? DM VPN? OpenVPN (road-warrior)? Can/should they be integrated into VPNaaS?
- Certificate support for IPSec (Barbican - see what LBaaS did to use certificate). - RFE created.
- Devstack support for VPNaaS (see LBaaS including devstack setup in their repo).
- There is interest by some on other VPN types (e.g. something similar to AWS DirectConnect and Azure ExpressRoute).
- Should enhance/add unit test cases for:
- Checking various sync() cases: router w/o VPN running on it any more; router with VPN running, but no longer a service configured; process running VPN, but no longer VPN configured.
- Verification of contents of configuration files created for StrongSwan and OpenSwan.
- Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down).
Interested People
List of people w/IRC that are interested in participating (coding, reviewing, testing, and/or documenting):
- Paul Michali (pc_m)
- Sridhar Ramaswamy (sridha_ram)
- Al Miller (ajmiller)
Charter
Meeting Commands
/join #openstack-meeting-3
#startmeeting vpnaas
#topic Announcements
#undo
...
#endmeeting
