Difference between revisions of "Meetings/VPNaaS"
< Meetings
Paul Michali (talk | contribs) m (→Meetings) |
Paul Michali (talk | contribs) (→Agenda) |
||
| Line 14: | Line 14: | ||
= Agenda = | = Agenda = | ||
| − | Updated | + | Updated Sep 21st, 2015 |
* Endpoint groups Review | * Endpoint groups Review | ||
* Local multiple subnet | * Local multiple subnet | ||
* VPN Functional tests | * VPN Functional tests | ||
| + | * Devstack plugin for neutronclient | ||
== Announcements == | == Announcements == | ||
| − | * | + | * Multiple Local Subnet RFE pulled from Liberty |
| − | |||
== Endpoint Groups == | == Endpoint Groups == | ||
| − | + | Need more reviewers for neutron-vpnaas(#link https://review.openstack.org/#/c/212692/) and neutronclient (#link https://review.openstack.org/#/c/219455/). | |
== Multiple Local Subnets == | == Multiple Local Subnets == | ||
| − | + | Have most of bare minimum code done, and will do some testing, before continuing with rest of work (validation, show command, refactoring, client). | |
DevRef: https://review.openstack.org/#/c/191944 | DevRef: https://review.openstack.org/#/c/191944 | ||
== VPN Functional Tests for Neutron Commits == | == VPN Functional Tests for Neutron Commits == | ||
| − | + | Have jobs to run VPN tests under check queue (#link https://review.openstack.org/#/c/223049), however, cannot test as-is. Need to discuss with infra on how to test this. | |
| + | |||
| + | == Devstack plugin for neutronclient == | ||
| + | Experimental jobs run, but the one for VPN (advanced services) is failing, without much log information as to the failure. May be some parallelism issue. Need to investigate. (#link https://review.openstack.org/#/c/214587/) | ||
== Bugs under Review == | == Bugs under Review == | ||
| Line 59: | Line 62: | ||
* Documentation on how to use StrongSwan | * Documentation on how to use StrongSwan | ||
* Developer Reference Documentation needed. | * Developer Reference Documentation needed. | ||
| + | * Migrate to using neutronclient extension for VPN (and create job). | ||
* Documentation on the differences between StrongSwan and OpenSwan (and any limitations/restrictions of each - e.g. mixing IPv4/v6) | * Documentation on the differences between StrongSwan and OpenSwan (and any limitations/restrictions of each - e.g. mixing IPv4/v6) | ||
* StrongSwan execute_with_mount() to allow configurable rootwrap config file. | * StrongSwan execute_with_mount() to allow configurable rootwrap config file. | ||
| Line 66: | Line 70: | ||
* Should enhance/add unit test cases for: | * Should enhance/add unit test cases for: | ||
** Checking various sync() cases: router w/o VPN running on it any more; router with VPN running, but no longer a service configured; process running VPN, but no longer VPN configured. | ** Checking various sync() cases: router w/o VPN running on it any more; router with VPN running, but no longer a service configured; process running VPN, but no longer VPN configured. | ||
| − | |||
** Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down). | ** Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down). | ||
| + | ** Separate out validation tests into separate module. | ||
| + | |||
Revision as of 20:30, 21 September 2015
Contents
Meetings
- Weekly on-demand on Tuesdays at 1600 UTC
- IRC channel: #openstack-meeting-3
- Chair: pc_m (Paul Michali)
If you want to hold a meeting. Update this wiki page with agenda modifications, date of meeting desired, date of update, and then post a notice on the openstack-dev mailing list, at least 24 hours prior to the meeting start time. We have reserved this (new) channel on the IRC for the time/day of week.
Next meeting: Tuesday, September 22th, 2015.
Logs and Minutes
Meetings, with their notes and logs, will be found under http://eavesdrop.openstack.org/meetings/vpnaas/
Agenda
Updated Sep 21st, 2015
- Endpoint groups Review
- Local multiple subnet
- VPN Functional tests
- Devstack plugin for neutronclient
Announcements
- Multiple Local Subnet RFE pulled from Liberty
Endpoint Groups
Need more reviewers for neutron-vpnaas(#link https://review.openstack.org/#/c/212692/) and neutronclient (#link https://review.openstack.org/#/c/219455/).
Multiple Local Subnets
Have most of bare minimum code done, and will do some testing, before continuing with rest of work (validation, show command, refactoring, client).
DevRef: https://review.openstack.org/#/c/191944
VPN Functional Tests for Neutron Commits
Have jobs to run VPN tests under check queue (#link https://review.openstack.org/#/c/223049), however, cannot test as-is. Need to discuss with infra on how to test this.
Devstack plugin for neutronclient
Experimental jobs run, but the one for VPN (advanced services) is failing, without much log information as to the failure. May be some parallelism issue. Need to investigate. (#link https://review.openstack.org/#/c/214587/)
Bugs under Review
Current bugs: VPN bugs
Current reviews: VPNaaS reviews
Open Discussion
Bucket List
Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)...
- Could use python34 support added to neutron-vpnaas (partially completed). Several tests are being disabled.
- Grenade work to support Advanced Services, so that plugin can be activated.
- Validation that peer IP for VPN connection is of same version as router's GW I/F.
- User documentation for Networking Guide. (including limitations/restrictions)
- API documentation for endpoint groups and multiple local subnets.
- Coverage, especially in database and device driver modules, is lacking.
- Need more functional tests for OpenSwan device driver (and StrongSwan driver). Identify what's needed (MTU check, connection delete, admin up/down?, non-default configs [API or unit?], IPv6).
- Refactor duplication out of device driver code (OpenSwan, StrongSwan, Cisco, Vyatta)
- The OpenSwan class should be separated from the ABC definition, and placed into a new module.
- Remove /n from execute method in utils.py so that duplicate code can be removed in VPN drivers.
- Documentation on how to use StrongSwan
- Developer Reference Documentation needed.
- Migrate to using neutronclient extension for VPN (and create job).
- Documentation on the differences between StrongSwan and OpenSwan (and any limitations/restrictions of each - e.g. mixing IPv4/v6)
- StrongSwan execute_with_mount() to allow configurable rootwrap config file.
- Support for BGP/MPLS VPN? DM VPN? OpenVPN (road-warrior)? Can/should they be integrated into VPNaaS?
- Certificate support for IPSec (Barbican - see what LBaaS did to use certificate). - RFE created.
- There is interest by some on other VPN types (e.g. something similar to AWS DirectConnect and Azure ExpressRoute).
- Should enhance/add unit test cases for:
- Checking various sync() cases: router w/o VPN running on it any more; router with VPN running, but no longer a service configured; process running VPN, but no longer VPN configured.
- Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down).
- Separate out validation tests into separate module.
BGP/MPLS and Edge VPN
Info:
- Edge-VPN http://git.openstack.org/cgit/stackforge/networking-edge-vpn/ with specs:
- Edge VPN service provisioning APIs: https://review.openstack.org/#/c/201378
- Neutron extension for edge VPN: https://review.openstack.org/#/c/201381
- BGP VPN https://github.com/stackforge/networking-bgpvpn with API proposal https://review.openstack.org/#/c/177740
Interested People
List of people w/IRC that are interested in participating (coding, reviewing, testing, and/or documenting):
- Paul Michali (pc_m)
- Sridhar Ramaswamy (sridha_ram)
- Al Miller (ajmiller)
- Victor Howard (vichoward)
Charter
Meeting Commands
/join #openstack-meeting-3
#startmeeting vpnaas
#topic Announcements
#undo
...
#endmeeting
