Difference between revisions of "Meetings/VPNaaS"
Paul Michali (talk | contribs) (→Meetings) |
Paul Michali (talk | contribs) (→Agenda) |
||
Line 15: | Line 15: | ||
= Agenda = | = Agenda = | ||
− | Updated | + | Updated June 8th, 2015 |
− | * BGP/MPLS VPN and Edge VPN | + | * Questions on multiple local subnet enhancement |
+ | * BGP/MPLS VPN and Edge VPN discussion | ||
* Discuss DMVPN spec for Liberty (https://review.openstack.org/#/c/181563/) | * Discuss DMVPN spec for Liberty (https://review.openstack.org/#/c/181563/) | ||
− | + | ||
== Announcements == | == Announcements == | ||
− | + | ||
− | * | + | * Anything? |
− | |||
== Bugs under Review == | == Bugs under Review == | ||
+ | |||
Current bugs: [https://bugs.launchpad.net/neutron/+bugs?field.searchtext=vpnaas&search=Search&field.status%3Alist=NEW&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.assignee=&field.bug_reporter=&field.omit_dupes=on&field.has_patch=&field.has_no_package=&orderby=status&start=0 VPN bugs] | Current bugs: [https://bugs.launchpad.net/neutron/+bugs?field.searchtext=vpnaas&search=Search&field.status%3Alist=NEW&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.assignee=&field.bug_reporter=&field.omit_dupes=on&field.has_patch=&field.has_no_package=&orderby=status&start=0 VPN bugs] | ||
Line 34: | Line 35: | ||
Need resolution of gate issues for: https://review.openstack.org/#/c/159746 | Need resolution of gate issues for: https://review.openstack.org/#/c/159746 | ||
− | |||
− | + | == Multiple Local Subnets on VPN connection == | |
+ | |||
+ | Waiting for Drivers Team to review RFE. One question, should we add a (new) restriction that requires the local and peer subnets to be the same IP version? Currently, with the 1:N (local:peer) subnets, there is no check that the peer and local subnets are using the same IP versioning. Should they be required to both be IPv4 or IPv6 and not mixed? | ||
− | + | == BGP/MPLS and Edge VPN == | |
− | + | From last meeting, please contribute use cases to https://etherpad.openstack.org/p/vpn-flavors, so that we can better understand the VPN variants that are being discussed. | |
− | |||
− | |||
− | |||
− | + | Let's try to get the use cases and workflows documented on the etherpad, so we have a shared understanding of the different proposals out there. Can continue discussing the designs here. | |
Here's some info from the summit: | Here's some info from the summit: | ||
Line 52: | Line 51: | ||
* BGP VPN https://github.com/stackforge/networking-bgpvpn with API proposa https://review.openstack.org/#/c/177740 | * BGP VPN https://github.com/stackforge/networking-bgpvpn with API proposa https://review.openstack.org/#/c/177740 | ||
− | == | + | |
− | + | == DM VPN == | |
+ | |||
+ | Discussion on https://review.openstack.org/#/c/181563/ | ||
+ | |||
+ | |||
+ | == Open Discussion == | ||
== Bucket List == | == Bucket List == | ||
+ | |||
Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)... | Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)... | ||
* User documentation for Networking Guide. (including limitations/restrictions) | * User documentation for Networking Guide. (including limitations/restrictions) | ||
Line 64: | Line 69: | ||
* Remove /n from execute method in utils.py so that duplicate code can be removed in VPN drivers. | * Remove /n from execute method in utils.py so that duplicate code can be removed in VPN drivers. | ||
* Documentation on how to use StrongSwan | * Documentation on how to use StrongSwan | ||
+ | * Developer Reference Documentation needed. (pc_m adding empty DevRef doc sections). | ||
* Looks like StrongSwan is missing some configuration settings in template, so can only do defaults. Bug filed. | * Looks like StrongSwan is missing some configuration settings in template, so can only do defaults. Bug filed. | ||
* Documentation on the differences between StrongSwan and OpenSwan (and any limitations/restrictions of each - e.g. mixing IPv4/v6) | * Documentation on the differences between StrongSwan and OpenSwan (and any limitations/restrictions of each - e.g. mixing IPv4/v6) | ||
* StrongSwan execute_with_mount() to allow configurable rootwrap config file. | * StrongSwan execute_with_mount() to allow configurable rootwrap config file. | ||
* Support for BGP/MPLS VPN? DM VPN? OpenVPN (road-warrior)? Can they be integrated into VPNaaS? | * Support for BGP/MPLS VPN? DM VPN? OpenVPN (road-warrior)? Can they be integrated into VPNaaS? | ||
− | * Certificate support for IPSec (Barbican - see what LBaaS did to use certificate). - Will investigate '''pc_m''' | + | * Certificate support for IPSec (Barbican - see what LBaaS did to use certificate). - RFE created. Will investigate '''pc_m''' |
* Devstack support for VPNaaS (see LBaaS including devstack setup in their repo). | * Devstack support for VPNaaS (see LBaaS including devstack setup in their repo). | ||
− | * Multiple local subnet support for IPSec. - '''pc_m''' | + | * Multiple local subnet support for IPSec. - RFE created. '''pc_m''' |
* There is interest by some on other VPN types (e.g. something similar to AWS DirectConnect and Azure ExpressRoute). | * There is interest by some on other VPN types (e.g. something similar to AWS DirectConnect and Azure ExpressRoute). | ||
* Should enhance/add unit test cases for: | * Should enhance/add unit test cases for: | ||
Line 76: | Line 82: | ||
** Verification of contents of configuration files created for StrongSwan and OpenSwan. | ** Verification of contents of configuration files created for StrongSwan and OpenSwan. | ||
** Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down). | ** Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down). | ||
+ | |||
== Interested People == | == Interested People == | ||
+ | |||
List of people w/IRC that are interested in participating (coding, reviewing, testing, and/or documenting): | List of people w/IRC that are interested in participating (coding, reviewing, testing, and/or documenting): | ||
Line 84: | Line 92: | ||
− | == | + | == Charter == |
− | |||
[[NeutronSubteamCharters#VPNaaS_Team|VPNaaS Team Charter]] | [[NeutronSubteamCharters#VPNaaS_Team|VPNaaS Team Charter]] | ||
+ | |||
== Meeting Commands == | == Meeting Commands == |
Revision as of 11:35, 8 June 2015
Contents
Meetings
- Weekly on-demand on Tuesdays at 1600 UTC
- IRC channel: #openstack-meeting-3
- Chair: pc_m (Paul Michali)
If you want to hold a meeting. Update this wiki page with agenda modifications, date of meeting desired, date of update, and then post a notice on the openstack-dev mailing list, at least 24 hours prior to the meeting start time. We have reserved this (new) channel on the IRC for the time/day of week.
Next meeting: Tuesday, June 9nd, 2015.
Logs and Minutes
Meetings, with their notes and logs, will be found under http://eavesdrop.openstack.org/meetings/vpnaas/
Agenda
Updated June 8th, 2015
- Questions on multiple local subnet enhancement
- BGP/MPLS VPN and Edge VPN discussion
- Discuss DMVPN spec for Liberty (https://review.openstack.org/#/c/181563/)
Announcements
- Anything?
Bugs under Review
Current bugs: VPN bugs
Current reviews: VPNaaS reviews
Need resolution of gate issues for: https://review.openstack.org/#/c/159746
Multiple Local Subnets on VPN connection
Waiting for Drivers Team to review RFE. One question, should we add a (new) restriction that requires the local and peer subnets to be the same IP version? Currently, with the 1:N (local:peer) subnets, there is no check that the peer and local subnets are using the same IP versioning. Should they be required to both be IPv4 or IPv6 and not mixed?
BGP/MPLS and Edge VPN
From last meeting, please contribute use cases to https://etherpad.openstack.org/p/vpn-flavors, so that we can better understand the VPN variants that are being discussed.
Let's try to get the use cases and workflows documented on the etherpad, so we have a shared understanding of the different proposals out there. Can continue discussing the designs here.
Here's some info from the summit:
- Edge-VPN http://git.openstack.org/cgit/stackforge/networking-edge-vpn/ with spec https://review.openstack.org/#/c/152377/
- BGP VPN https://github.com/stackforge/networking-bgpvpn with API proposa https://review.openstack.org/#/c/177740
DM VPN
Discussion on https://review.openstack.org/#/c/181563/
Open Discussion
Bucket List
Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)...
- User documentation for Networking Guide. (including limitations/restrictions)
- Coverage, especially in database and device driver modules, is lacking.
- Need functional tests for OpenSwan device driver (and StrongSwan driver). Identify what's needed (MTU check, connection delete, admin up/down?, non-default configs).
- Refactor duplication out of device driver code (OpenSwan, StrongSwan, Cisco, Vyatta)
- The OpenSwan class should be separated from the ABC definition, and placed into a new module.
- Remove /n from execute method in utils.py so that duplicate code can be removed in VPN drivers.
- Documentation on how to use StrongSwan
- Developer Reference Documentation needed. (pc_m adding empty DevRef doc sections).
- Looks like StrongSwan is missing some configuration settings in template, so can only do defaults. Bug filed.
- Documentation on the differences between StrongSwan and OpenSwan (and any limitations/restrictions of each - e.g. mixing IPv4/v6)
- StrongSwan execute_with_mount() to allow configurable rootwrap config file.
- Support for BGP/MPLS VPN? DM VPN? OpenVPN (road-warrior)? Can they be integrated into VPNaaS?
- Certificate support for IPSec (Barbican - see what LBaaS did to use certificate). - RFE created. Will investigate pc_m
- Devstack support for VPNaaS (see LBaaS including devstack setup in their repo).
- Multiple local subnet support for IPSec. - RFE created. pc_m
- There is interest by some on other VPN types (e.g. something similar to AWS DirectConnect and Azure ExpressRoute).
- Should enhance/add unit test cases for:
- Checking various sync() cases: router w/o VPN running on it any more; router with VPN running, but no longer a service configured; process running VPN, but no longer VPN configured.
- Verification of contents of configuration files created for StrongSwan and OpenSwan.
- Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down).
Interested People
List of people w/IRC that are interested in participating (coding, reviewing, testing, and/or documenting):
- Paul Michali (pc_m)
- Al Miller (ajmiller)
Charter
Meeting Commands
/join #openstack-meeting-4
#startmeeting vpnaas
#topic Announcements
#undo
...
#endmeeting