Difference between revisions of "Meetings/VPNaaS"
Paul Michali (talk | contribs) m (→Meetings) |
Paul Michali (talk | contribs) (→Agenda) |
||
Line 16: | Line 16: | ||
Updated Sep 21st, 2015 | Updated Sep 21st, 2015 | ||
− | * Endpoint groups | + | * Endpoint groups |
* Local multiple subnet | * Local multiple subnet | ||
* VPN Functional tests | * VPN Functional tests | ||
− | |||
== Announcements == | == Announcements == | ||
− | * | + | * Need Endpoint group server and CLI client review |
+ | * Devstack plugin for neutronclient now in check queue | ||
== Endpoint Groups == | == Endpoint Groups == | ||
− | Need more reviewers for neutron-vpnaas(#link https://review.openstack.org/#/c/212692/) and neutronclient (#link https://review.openstack.org/#/c/219455/). | + | Need more reviewers for neutron-vpnaas(#link https://review.openstack.org/#/c/212692/) and neutronclient (#link https://review.openstack.org/#/c/219455/). Please help as this is blocking multiple local subnet feature (and ending up rebasing frequently, as other commits upstream). |
== Multiple Local Subnets == | == Multiple Local Subnets == | ||
− | Have | + | Have tested basic operation, and am in middle of testing validation code. Next up is migration, delete checks (subnets, endpoint groups), and then client CLI. Need EPG upstreamed, so don't have to keep rebasing these changes. |
DevRef: https://review.openstack.org/#/c/191944 | DevRef: https://review.openstack.org/#/c/191944 | ||
== VPN Functional Tests for Neutron Commits == | == VPN Functional Tests for Neutron Commits == | ||
− | Have jobs to run VPN tests under check queue (#link https://review.openstack.org/#/c/223049), | + | Have jobs to run VPN tests under check queue (#link https://review.openstack.org/#/c/223049) using different name, so no conflict with existing functional jobs. Needs review so that we can upstream and test. |
== Devstack plugin for neutronclient == | == Devstack plugin for neutronclient == | ||
− | + | Successfully working under experimental queue and has been moved to check queue, non-voting (#link https://review.openstack.org/#/c/227232/). Once tested, will move to gate and vote. | |
== Bugs under Review == | == Bugs under Review == | ||
Line 53: | Line 53: | ||
* Grenade work to support Advanced Services, so that plugin can be activated. | * Grenade work to support Advanced Services, so that plugin can be activated. | ||
* Validation that peer IP for VPN connection is of same version as router's GW I/F. | * Validation that peer IP for VPN connection is of same version as router's GW I/F. | ||
+ | * Check when removing/changing GW I/F that is not used by VPNaaS. | ||
* User documentation for Networking Guide. (including limitations/restrictions) | * User documentation for Networking Guide. (including limitations/restrictions) | ||
* API documentation for endpoint groups and multiple local subnets. | * API documentation for endpoint groups and multiple local subnets. |
Revision as of 18:47, 28 September 2015
Contents
Meetings
- Weekly on-demand on Tuesdays at 1600 UTC
- IRC channel: #openstack-meeting-3
- Chair: pc_m (Paul Michali)
If you want to hold a meeting. Update this wiki page with agenda modifications, date of meeting desired, date of update, and then post a notice on the openstack-dev mailing list, at least 24 hours prior to the meeting start time. We have reserved this (new) channel on the IRC for the time/day of week.
Next meeting: Tuesday, September 29th, 2015.
Logs and Minutes
Meetings, with their notes and logs, will be found under http://eavesdrop.openstack.org/meetings/vpnaas/
Agenda
Updated Sep 21st, 2015
- Endpoint groups
- Local multiple subnet
- VPN Functional tests
Announcements
- Need Endpoint group server and CLI client review
- Devstack plugin for neutronclient now in check queue
Endpoint Groups
Need more reviewers for neutron-vpnaas(#link https://review.openstack.org/#/c/212692/) and neutronclient (#link https://review.openstack.org/#/c/219455/). Please help as this is blocking multiple local subnet feature (and ending up rebasing frequently, as other commits upstream).
Multiple Local Subnets
Have tested basic operation, and am in middle of testing validation code. Next up is migration, delete checks (subnets, endpoint groups), and then client CLI. Need EPG upstreamed, so don't have to keep rebasing these changes.
DevRef: https://review.openstack.org/#/c/191944
VPN Functional Tests for Neutron Commits
Have jobs to run VPN tests under check queue (#link https://review.openstack.org/#/c/223049) using different name, so no conflict with existing functional jobs. Needs review so that we can upstream and test.
Devstack plugin for neutronclient
Successfully working under experimental queue and has been moved to check queue, non-voting (#link https://review.openstack.org/#/c/227232/). Once tested, will move to gate and vote.
Bugs under Review
Current bugs: VPN bugs
Current reviews: VPNaaS reviews
Open Discussion
Bucket List
Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)...
- Could use python34 support added to neutron-vpnaas (partially completed). Several tests are being disabled.
- Grenade work to support Advanced Services, so that plugin can be activated.
- Validation that peer IP for VPN connection is of same version as router's GW I/F.
- Check when removing/changing GW I/F that is not used by VPNaaS.
- User documentation for Networking Guide. (including limitations/restrictions)
- API documentation for endpoint groups and multiple local subnets.
- Coverage, especially in database and device driver modules, is lacking.
- Need more functional tests for OpenSwan device driver (and StrongSwan driver). Identify what's needed (MTU check, connection delete, admin up/down?, non-default configs [API or unit?], IPv6).
- Refactor duplication out of device driver code (OpenSwan, StrongSwan, Cisco, Vyatta)
- The OpenSwan class should be separated from the ABC definition, and placed into a new module.
- Remove /n from execute method in utils.py so that duplicate code can be removed in VPN drivers.
- Documentation on how to use StrongSwan
- Developer Reference Documentation needed.
- Migrate to using neutronclient extension for VPN (and create job).
- Documentation on the differences between StrongSwan and OpenSwan (and any limitations/restrictions of each - e.g. mixing IPv4/v6)
- StrongSwan execute_with_mount() to allow configurable rootwrap config file.
- Support for BGP/MPLS VPN? DM VPN? OpenVPN (road-warrior)? Can/should they be integrated into VPNaaS?
- Certificate support for IPSec (Barbican - see what LBaaS did to use certificate). - RFE created.
- There is interest by some on other VPN types (e.g. something similar to AWS DirectConnect and Azure ExpressRoute).
- Should enhance/add unit test cases for:
- Checking various sync() cases: router w/o VPN running on it any more; router with VPN running, but no longer a service configured; process running VPN, but no longer VPN configured.
- Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down).
- Separate out validation tests into separate module.
BGP/MPLS and Edge VPN
Info:
- Edge-VPN http://git.openstack.org/cgit/stackforge/networking-edge-vpn/ with specs:
- Edge VPN service provisioning APIs: https://review.openstack.org/#/c/201378
- Neutron extension for edge VPN: https://review.openstack.org/#/c/201381
- BGP VPN https://github.com/stackforge/networking-bgpvpn with API proposal https://review.openstack.org/#/c/177740
Interested People
List of people w/IRC that are interested in participating (coding, reviewing, testing, and/or documenting):
- Paul Michali (pc_m)
- Sridhar Ramaswamy (sridha_ram)
- Al Miller (ajmiller)
- Victor Howard (vichoward)
Charter
Meeting Commands
/join #openstack-meeting-3
#startmeeting vpnaas
#topic Announcements
#undo
...
#endmeeting