Difference between revisions of "Meetings/VPNaaS"
Paul Michali (talk | contribs) (→Meetings) |
Paul Michali (talk | contribs) (→Agenda) |
||
Line 14: | Line 14: | ||
= Agenda = | = Agenda = | ||
− | Updated Aug | + | Updated Aug 31st, 2015 |
* Endpoint groups | * Endpoint groups | ||
+ | * Local multiple subnet | ||
* VPN Functional tests | * VPN Functional tests | ||
+ | |||
== Announcements == | == Announcements == | ||
− | * Rename of VPN DevStack plugin for VPN upstreamed | + | * Rename of VPN DevStack plugin for VPN (#link https://review.openstack.org/#/c/212253) upstreamed |
− | * Splitting model and database (216248) | + | * Splitting model and database (#link https://review.openstack.org/#/c/216248) upstreamed |
− | * | + | * Endpoint-groups out for review |
− | * | + | * Coverage broken - pushed fix (#link https://review.openstack.org/#/c/217847) for review |
− | + | == Endpoint Groups == | |
− | + | Completed implementation out for review (#link https://review.openstack.org/#/c/212692/). Please help in reviews. Will do neutron-client support next. | |
− | + | ||
− | == | + | == Multiple Local Subnets == |
− | + | Will start this, once endpoint groups is upstreamed. Will handle backwards compatibility as part of implementation. Please help review https://review.openstack.org/#/c/191944(dev ref) | |
− | |||
− | |||
− | |||
== VPN Functional Tests for Neutron Commits == | == VPN Functional Tests for Neutron Commits == | ||
− | No action on this currently | + | No action on this currently. |
Line 50: | Line 49: | ||
Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)... | Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)... | ||
− | * Could use python34 support added to neutron-vpnaas. Several tests are being disabled. | + | * Could use python34 support added to neutron-vpnaas (partially completed). Several tests are being disabled. |
* Grenade work to support Advanced Services, so that plugin can be activated. | * Grenade work to support Advanced Services, so that plugin can be activated. | ||
* Validation that peer IP for VPN connection is of same version as router's GW I/F. | * Validation that peer IP for VPN connection is of same version as router's GW I/F. | ||
* User documentation for Networking Guide. (including limitations/restrictions) | * User documentation for Networking Guide. (including limitations/restrictions) | ||
+ | * API documentation for endpoint groups and multiple local subnets. | ||
* Coverage, especially in database and device driver modules, is lacking. | * Coverage, especially in database and device driver modules, is lacking. | ||
* Need more functional tests for OpenSwan device driver (and StrongSwan driver). Identify what's needed (MTU check, connection delete, admin up/down?, non-default configs [API or unit?], IPv6). | * Need more functional tests for OpenSwan device driver (and StrongSwan driver). Identify what's needed (MTU check, connection delete, admin up/down?, non-default configs [API or unit?], IPv6). |
Revision as of 11:56, 31 August 2015
Contents
Meetings
- Weekly on-demand on Tuesdays at 1600 UTC
- IRC channel: #openstack-meeting-3
- Chair: pc_m (Paul Michali)
If you want to hold a meeting. Update this wiki page with agenda modifications, date of meeting desired, date of update, and then post a notice on the openstack-dev mailing list, at least 24 hours prior to the meeting start time. We have reserved this (new) channel on the IRC for the time/day of week.
Next meeting: Tuesday, September 1st, 2015.
Logs and Minutes
Meetings, with their notes and logs, will be found under http://eavesdrop.openstack.org/meetings/vpnaas/
Agenda
Updated Aug 31st, 2015
- Endpoint groups
- Local multiple subnet
- VPN Functional tests
Announcements
- Rename of VPN DevStack plugin for VPN (#link https://review.openstack.org/#/c/212253) upstreamed
- Splitting model and database (#link https://review.openstack.org/#/c/216248) upstreamed
- Endpoint-groups out for review
- Coverage broken - pushed fix (#link https://review.openstack.org/#/c/217847) for review
Endpoint Groups
Completed implementation out for review (#link https://review.openstack.org/#/c/212692/). Please help in reviews. Will do neutron-client support next.
Multiple Local Subnets
Will start this, once endpoint groups is upstreamed. Will handle backwards compatibility as part of implementation. Please help review https://review.openstack.org/#/c/191944(dev ref)
VPN Functional Tests for Neutron Commits
No action on this currently.
Bugs under Review
Current bugs: VPN bugs
Current reviews: VPNaaS reviews
Open Discussion
Bucket List
Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)...
- Could use python34 support added to neutron-vpnaas (partially completed). Several tests are being disabled.
- Grenade work to support Advanced Services, so that plugin can be activated.
- Validation that peer IP for VPN connection is of same version as router's GW I/F.
- User documentation for Networking Guide. (including limitations/restrictions)
- API documentation for endpoint groups and multiple local subnets.
- Coverage, especially in database and device driver modules, is lacking.
- Need more functional tests for OpenSwan device driver (and StrongSwan driver). Identify what's needed (MTU check, connection delete, admin up/down?, non-default configs [API or unit?], IPv6).
- Refactor duplication out of device driver code (OpenSwan, StrongSwan, Cisco, Vyatta)
- The OpenSwan class should be separated from the ABC definition, and placed into a new module.
- Remove /n from execute method in utils.py so that duplicate code can be removed in VPN drivers.
- Documentation on how to use StrongSwan
- Developer Reference Documentation needed.
- Documentation on the differences between StrongSwan and OpenSwan (and any limitations/restrictions of each - e.g. mixing IPv4/v6)
- StrongSwan execute_with_mount() to allow configurable rootwrap config file.
- Support for BGP/MPLS VPN? DM VPN? OpenVPN (road-warrior)? Can/should they be integrated into VPNaaS?
- Certificate support for IPSec (Barbican - see what LBaaS did to use certificate). - RFE created.
- There is interest by some on other VPN types (e.g. something similar to AWS DirectConnect and Azure ExpressRoute).
- Should enhance/add unit test cases for:
- Checking various sync() cases: router w/o VPN running on it any more; router with VPN running, but no longer a service configured; process running VPN, but no longer VPN configured.
- Verification of contents of configuration files created for StrongSwan and OpenSwan.
- Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down).
BGP/MPLS and Edge VPN
Info:
- Edge-VPN http://git.openstack.org/cgit/stackforge/networking-edge-vpn/ with specs:
- Edge VPN service provisioning APIs: https://review.openstack.org/#/c/201378
- Neutron extension for edge VPN: https://review.openstack.org/#/c/201381
- BGP VPN https://github.com/stackforge/networking-bgpvpn with API proposal https://review.openstack.org/#/c/177740
Interested People
List of people w/IRC that are interested in participating (coding, reviewing, testing, and/or documenting):
- Paul Michali (pc_m)
- Sridhar Ramaswamy (sridha_ram)
- Al Miller (ajmiller)
- Victor Howard (vichoward)
Charter
Meeting Commands
/join #openstack-meeting-3
#startmeeting vpnaas
#topic Announcements
#undo
...
#endmeeting