Jump to: navigation, search

Difference between revisions of "Meetings/VPNaaS"

(Meetings)
(Agenda)
Line 19: Line 19:
 
* Grenade Plugin
 
* Grenade Plugin
 
* VPN Functional tests for Neutron commits
 
* VPN Functional tests for Neutron commits
* Migration changes
 
 
* Local tunnel IP
 
* Local tunnel IP
* VPN with HA router
 
 
* Multiple local subnet enhancement
 
* Multiple local subnet enhancement
* BGP/MPLS VPN and Edge VPN discussion
 
  
  
 
== Announcements ==
 
== Announcements ==
  
* DevStack Plugin is upstreamed, removing VPN setup from DevStack
+
* Chain of commits for removing VPN from DevStack, and getting Grenade plugin working - needs review
* Grenade tests for VPN are experimental right now
 
  
 
== Grenade Plugin ==
 
== Grenade Plugin ==
Working on plugin, have code out for review (https://review.openstack.org/#/c/203159/). Having an issue with getting the plugin to actually trigger.
+
Code out for review (https://review.openstack.org/#/c/203159/). Working on issue with neutron-vpnaas not updating correctly.
  
 
== VPN Functional Tests for Neutron Commits ==
 
== VPN Functional Tests for Neutron Commits ==
Testing with dummy Neutron commit, but VPN functional test is NOT using the Neutron patchset, and instead is using latest from Neutron. Investigating.
+
Testing is stalled. VPN functional test is NOT using the neutron patch set correctly.
  
== Migration Changes ==
 
Neutron is changing migration into two branches, one that does the "safe" migration, and one that does the "unsafe" migration (after new version is restarted). Ihar is working on changing both Neutron and VPn repos.
 
  
 
== Local Tunnel IP ==
 
== Local Tunnel IP ==
Code out for review (https://review.openstack.org/#/c/199670/). Waiting for Grenade plugin (to be able to test migration part of this change - though I've checked it manually), and changes to migration as mentioned above (of which a minor change is needed to this patch-set), but overall it works (please review!). No client mod is needed.
+
Code out for review (https://review.openstack.org/#/c/199670/). Updated for new migration changes. Waiting for Grenade plugin to upstream.
 
 
== VPN with HA Router ==
 
Anything new here (https://review.openstack.org/200636)?
 
  
 
== Multiple Local Subnets on VPN connection ==
 
== Multiple Local Subnets on VPN connection ==
Line 50: Line 41:
 
Ref: https://bugs.launchpad.net/neutron/+bug/1459423
 
Ref: https://bugs.launchpad.net/neutron/+bug/1459423
  
Still need review of developer reference doc (https://review.openstack.org/#/c/191944), especially from BGP/Edge VPN folks to see if some of this can be reused.
+
Still need review of developer reference doc (https://review.openstack.org/#/c/191944), especially from BGP/Edge VPN folks to see if some of this can be reused. Would like to start on option C for endpoints, but need feedback on dev ref.
 
 
== BGP/MPLS and Edge VPN ==
 
 
 
Need feedback from the BGP team, on the endpoints API proposal to see if it can adapt for use in the future for BGPVPN.
 
 
 
Please contribute use cases to https://etherpad.openstack.org/p/vpn-flavors, so that we can better understand the VPN variants that are being discussed.
 
 
 
Anything to discuss here? Next steps?
 
 
 
Info:
 
 
 
* Edge-VPN http://git.openstack.org/cgit/stackforge/networking-edge-vpn/ with specs:
 
** Edge VPN service provisioning APIs: https://review.openstack.org/#/c/201378
 
** Neutron extension for edge VPN: https://review.openstack.org/#/c/201381
 
* BGP VPN https://github.com/stackforge/networking-bgpvpn with API proposal https://review.openstack.org/#/c/177740
 
  
 
== Bugs under Review ==
 
== Bugs under Review ==
Line 81: Line 57:
  
 
Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)...
 
Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)...
 +
* Could use python34 support added to neutron-vpnaas. Several tests are being disabled.
 
* Validation that peer IP for VPN connection is of same version as router's GW I/F.
 
* Validation that peer IP for VPN connection is of same version as router's GW I/F.
 
* User documentation for Networking Guide. (including limitations/restrictions)
 
* User documentation for Networking Guide. (including limitations/restrictions)
Line 99: Line 76:
 
** Verification of contents of configuration files created for StrongSwan and OpenSwan.
 
** Verification of contents of configuration files created for StrongSwan and OpenSwan.
 
** Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down).
 
** Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down).
 +
 +
 +
== BGP/MPLS and Edge VPN ==
 +
 +
Info:
 +
 +
* Edge-VPN http://git.openstack.org/cgit/stackforge/networking-edge-vpn/ with specs:
 +
** Edge VPN service provisioning APIs: https://review.openstack.org/#/c/201378
 +
** Neutron extension for edge VPN: https://review.openstack.org/#/c/201381
 +
* BGP VPN https://github.com/stackforge/networking-bgpvpn with API proposal https://review.openstack.org/#/c/177740
  
  

Revision as of 21:34, 3 August 2015

Meetings

  • Weekly on-demand on Tuesdays at 1600 UTC
  • IRC channel: #openstack-meeting-3
  • Chair: pc_m (Paul Michali)


If you want to hold a meeting. Update this wiki page with agenda modifications, date of meeting desired, date of update, and then post a notice on the openstack-dev mailing list, at least 24 hours prior to the meeting start time. We have reserved this (new) channel on the IRC for the time/day of week.

Next meeting: Tuesday, August 4th, 2015.

Logs and Minutes

Meetings, with their notes and logs, will be found under http://eavesdrop.openstack.org/meetings/vpnaas/

Agenda

Updated July 21st, 2015

  • Grenade Plugin
  • VPN Functional tests for Neutron commits
  • Local tunnel IP
  • Multiple local subnet enhancement


Announcements

  • Chain of commits for removing VPN from DevStack, and getting Grenade plugin working - needs review

Grenade Plugin

Code out for review (https://review.openstack.org/#/c/203159/). Working on issue with neutron-vpnaas not updating correctly.

VPN Functional Tests for Neutron Commits

Testing is stalled. VPN functional test is NOT using the neutron patch set correctly.


Local Tunnel IP

Code out for review (https://review.openstack.org/#/c/199670/). Updated for new migration changes. Waiting for Grenade plugin to upstream.

Multiple Local Subnets on VPN connection

Ref: https://bugs.launchpad.net/neutron/+bug/1459423

Still need review of developer reference doc (https://review.openstack.org/#/c/191944), especially from BGP/Edge VPN folks to see if some of this can be reused. Would like to start on option C for endpoints, but need feedback on dev ref.

Bugs under Review

Current bugs: VPN bugs

Current reviews: VPNaaS reviews

Need resolution of gate issues for: https://review.openstack.org/#/c/159746


Open Discussion

Bucket List

Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)...

  • Could use python34 support added to neutron-vpnaas. Several tests are being disabled.
  • Validation that peer IP for VPN connection is of same version as router's GW I/F.
  • User documentation for Networking Guide. (including limitations/restrictions)
  • Coverage, especially in database and device driver modules, is lacking.
  • Need more functional tests for OpenSwan device driver (and StrongSwan driver). Identify what's needed (MTU check, connection delete, admin up/down?, non-default configs [API or unit?], IPv6).
  • Refactor duplication out of device driver code (OpenSwan, StrongSwan, Cisco, Vyatta)
  • The OpenSwan class should be separated from the ABC definition, and placed into a new module.
  • Remove /n from execute method in utils.py so that duplicate code can be removed in VPN drivers.
  • Documentation on how to use StrongSwan
  • Developer Reference Documentation needed.
  • Documentation on the differences between StrongSwan and OpenSwan (and any limitations/restrictions of each - e.g. mixing IPv4/v6)
  • StrongSwan execute_with_mount() to allow configurable rootwrap config file.
  • Support for BGP/MPLS VPN? DM VPN? OpenVPN (road-warrior)? Can/should they be integrated into VPNaaS?
  • Certificate support for IPSec (Barbican - see what LBaaS did to use certificate). - RFE created.
  • There is interest by some on other VPN types (e.g. something similar to AWS DirectConnect and Azure ExpressRoute).
  • Should enhance/add unit test cases for:
    • Checking various sync() cases: router w/o VPN running on it any more; router with VPN running, but no longer a service configured; process running VPN, but no longer VPN configured.
    • Verification of contents of configuration files created for StrongSwan and OpenSwan.
    • Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down).


BGP/MPLS and Edge VPN

Info:


Interested People

List of people w/IRC that are interested in participating (coding, reviewing, testing, and/or documenting):

  • Paul Michali (pc_m)
  • Sridhar Ramaswamy (sridha_ram)
  • Al Miller (ajmiller)


Charter

VPNaaS Team Charter


Meeting Commands

/join #openstack-meeting-3
#startmeeting vpnaas
#topic Announcements
#undo

...

#endmeeting




Retrieved from "https://wiki.openstack.org/w/index.php?title=Meetings/VPNaaS&oldid=87277"