Difference between revisions of "Meetings/VPNaaS"
Paul Michali (talk | contribs) (→Devstack plugin) |
Paul Michali (talk | contribs) (→Agenda) |
||
| Line 16: | Line 16: | ||
Updated Aug 18th, 2015 | Updated Aug 18th, 2015 | ||
| − | * | + | * Endpoint groups |
* VPN Functional tests | * VPN Functional tests | ||
| − | |||
| − | |||
== Announcements == | == Announcements == | ||
| Line 27: | Line 25: | ||
* VPN DevStack plugin for neutron-client - pending decision | * VPN DevStack plugin for neutron-client - pending decision | ||
* Rally scenario tests under development | * Rally scenario tests under development | ||
| + | * MTU for StrongSwan is per service, versus OpenSwan (and others) is per connection. | ||
| − | |||
| − | |||
| + | == Endpoint Groups == | ||
| + | WIP out for review https://review.openstack.org/#/c/212692/2. | ||
| + | Polled operators and no-one indicated production deployment of VPNaaS. | ||
| + | Plan is to implement endpoint groups and multiple local subnets under existing v2 API, and to introduce as non-backward compatible change. | ||
| − | + | Ref: https://bugs.launchpad.net/neutron/+bug/1459423 (bug), https://review.openstack.org/#/c/191944(dev ref) | |
| − | Ref: https://bugs.launchpad.net/neutron/+bug/1459423 | ||
| − | |||
| − | + | == VPN Functional Tests for Neutron Commits == | |
| + | No action on this currently. Awaiting resolution of more pressing issues. | ||
Revision as of 21:06, 24 August 2015
Contents
Meetings
- Weekly on-demand on Tuesdays at 1600 UTC
- IRC channel: #openstack-meeting-3
- Chair: pc_m (Paul Michali)
If you want to hold a meeting. Update this wiki page with agenda modifications, date of meeting desired, date of update, and then post a notice on the openstack-dev mailing list, at least 24 hours prior to the meeting start time. We have reserved this (new) channel on the IRC for the time/day of week.
Next meeting: Tuesday, August 4th, 2015.
Logs and Minutes
Meetings, with their notes and logs, will be found under http://eavesdrop.openstack.org/meetings/vpnaas/
Agenda
Updated Aug 18th, 2015
- Endpoint groups
- VPN Functional tests
Announcements
- Rename of VPN DevStack plugin for VPN upstreamed
- Splitting model and database (216248)
- Working on endpoint-groups
- VPN DevStack plugin for neutron-client - pending decision
- Rally scenario tests under development
- MTU for StrongSwan is per service, versus OpenSwan (and others) is per connection.
Endpoint Groups
WIP out for review https://review.openstack.org/#/c/212692/2. Polled operators and no-one indicated production deployment of VPNaaS. Plan is to implement endpoint groups and multiple local subnets under existing v2 API, and to introduce as non-backward compatible change.
Ref: https://bugs.launchpad.net/neutron/+bug/1459423 (bug), https://review.openstack.org/#/c/191944(dev ref)
VPN Functional Tests for Neutron Commits
No action on this currently. Awaiting resolution of more pressing issues.
Bugs under Review
Current bugs: VPN bugs
Current reviews: VPNaaS reviews
Open Discussion
Bucket List
Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)...
- Could use python34 support added to neutron-vpnaas. Several tests are being disabled.
- Grenade work to support Advanced Services, so that plugin can be activated.
- Validation that peer IP for VPN connection is of same version as router's GW I/F.
- User documentation for Networking Guide. (including limitations/restrictions)
- Coverage, especially in database and device driver modules, is lacking.
- Need more functional tests for OpenSwan device driver (and StrongSwan driver). Identify what's needed (MTU check, connection delete, admin up/down?, non-default configs [API or unit?], IPv6).
- Refactor duplication out of device driver code (OpenSwan, StrongSwan, Cisco, Vyatta)
- The OpenSwan class should be separated from the ABC definition, and placed into a new module.
- Remove /n from execute method in utils.py so that duplicate code can be removed in VPN drivers.
- Documentation on how to use StrongSwan
- Developer Reference Documentation needed.
- Documentation on the differences between StrongSwan and OpenSwan (and any limitations/restrictions of each - e.g. mixing IPv4/v6)
- StrongSwan execute_with_mount() to allow configurable rootwrap config file.
- Support for BGP/MPLS VPN? DM VPN? OpenVPN (road-warrior)? Can/should they be integrated into VPNaaS?
- Certificate support for IPSec (Barbican - see what LBaaS did to use certificate). - RFE created.
- There is interest by some on other VPN types (e.g. something similar to AWS DirectConnect and Azure ExpressRoute).
- Should enhance/add unit test cases for:
- Checking various sync() cases: router w/o VPN running on it any more; router with VPN running, but no longer a service configured; process running VPN, but no longer VPN configured.
- Verification of contents of configuration files created for StrongSwan and OpenSwan.
- Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down).
BGP/MPLS and Edge VPN
Info:
- Edge-VPN http://git.openstack.org/cgit/stackforge/networking-edge-vpn/ with specs:
- Edge VPN service provisioning APIs: https://review.openstack.org/#/c/201378
- Neutron extension for edge VPN: https://review.openstack.org/#/c/201381
- BGP VPN https://github.com/stackforge/networking-bgpvpn with API proposal https://review.openstack.org/#/c/177740
Interested People
List of people w/IRC that are interested in participating (coding, reviewing, testing, and/or documenting):
- Paul Michali (pc_m)
- Sridhar Ramaswamy (sridha_ram)
- Al Miller (ajmiller)
Charter
Meeting Commands
/join #openstack-meeting-3
#startmeeting vpnaas
#topic Announcements
#undo
...
#endmeeting
