Revision as of 11:35, 8 June 2015

Meetings

Weekly on-demand on Tuesdays at 1600 UTC
IRC channel: #openstack-meeting-3
Chair: pc_m (Paul Michali)

If you want to hold a meeting. Update this wiki page with agenda modifications, date of meeting desired, date of update, and then post a notice on the openstack-dev mailing list, at least 24 hours prior to the meeting start time. We have reserved this (new) channel on the IRC for the time/day of week.

Next meeting: Tuesday, June 9nd, 2015.

Logs and Minutes

Meetings, with their notes and logs, will be found under http://eavesdrop.openstack.org/meetings/vpnaas/

Agenda

Updated June 8th, 2015

Questions on multiple local subnet enhancement
BGP/MPLS VPN and Edge VPN discussion
Discuss DMVPN spec for Liberty (https://review.openstack.org/#/c/181563/)

Announcements

Anything?

Bugs under Review

Current bugs: VPN bugs

Current reviews: VPNaaS reviews

Need resolution of gate issues for: https://review.openstack.org/#/c/159746

Multiple Local Subnets on VPN connection

Waiting for Drivers Team to review RFE. One question, should we add a (new) restriction that requires the local and peer subnets to be the same IP version? Currently, with the 1:N (local:peer) subnets, there is no check that the peer and local subnets are using the same IP versioning. Should they be required to both be IPv4 or IPv6 and not mixed?

BGP/MPLS and Edge VPN

From last meeting, please contribute use cases to https://etherpad.openstack.org/p/vpn-flavors, so that we can better understand the VPN variants that are being discussed.

Let's try to get the use cases and workflows documented on the etherpad, so we have a shared understanding of the different proposals out there. Can continue discussing the designs here.

Here's some info from the summit:

Edge-VPN http://git.openstack.org/cgit/stackforge/networking-edge-vpn/ with spec https://review.openstack.org/#/c/152377/
BGP VPN https://github.com/stackforge/networking-bgpvpn with API proposa https://review.openstack.org/#/c/177740

DM VPN

Discussion on https://review.openstack.org/#/c/181563/

Open Discussion

Bucket List

Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)...

User documentation for Networking Guide. (including limitations/restrictions)
Coverage, especially in database and device driver modules, is lacking.
Need functional tests for OpenSwan device driver (and StrongSwan driver). Identify what's needed (MTU check, connection delete, admin up/down?, non-default configs).
Refactor duplication out of device driver code (OpenSwan, StrongSwan, Cisco, Vyatta)
The OpenSwan class should be separated from the ABC definition, and placed into a new module.
Remove /n from execute method in utils.py so that duplicate code can be removed in VPN drivers.
Documentation on how to use StrongSwan
Developer Reference Documentation needed. (pc_m adding empty DevRef doc sections).
Looks like StrongSwan is missing some configuration settings in template, so can only do defaults. Bug filed.
Documentation on the differences between StrongSwan and OpenSwan (and any limitations/restrictions of each - e.g. mixing IPv4/v6)
StrongSwan execute_with_mount() to allow configurable rootwrap config file.
Support for BGP/MPLS VPN? DM VPN? OpenVPN (road-warrior)? Can they be integrated into VPNaaS?
Certificate support for IPSec (Barbican - see what LBaaS did to use certificate). - RFE created. Will investigate pc_m
Devstack support for VPNaaS (see LBaaS including devstack setup in their repo).
Multiple local subnet support for IPSec. - RFE created. pc_m
There is interest by some on other VPN types (e.g. something similar to AWS DirectConnect and Azure ExpressRoute).
Should enhance/add unit test cases for:
- Checking various sync() cases: router w/o VPN running on it any more; router with VPN running, but no longer a service configured; process running VPN, but no longer VPN configured.
- Verification of contents of configuration files created for StrongSwan and OpenSwan.
- Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down).

Interested People

List of people w/IRC that are interested in participating (coding, reviewing, testing, and/or documenting):

Paul Michali (pc_m)
Al Miller (ajmiller)

Charter

VPNaaS Team Charter

Meeting Commands

/join #openstack-meeting-4
#startmeeting vpnaas
#topic Announcements
#undo

...

#endmeeting

@@ Line 15: / Line 15: @@
 = Agenda =
-Updated May 26th, 2015
+Updated June 8th, 2015
-* BGP/MPLS VPN and Edge VPN evaluation
+* Questions on multiple local subnet enhancement
+* BGP/MPLS VPN and Edge VPN discussion
 * Discuss DMVPN spec for Liberty (https://review.openstack.org/#/c/181563/)
-* Discuss whether VPNaaS should be enhanced to support multiple local subnets
 == Announcements ==
-* Reviewers/testers needed for specs and code changes
-* Liberty first milestone is...?
+* Anything?
-* Sign up for buck-list items below, so there is no overlap.
 == Bugs under Review ==
 Current bugs: [https://bugs.launchpad.net/neutron/+bugs?field.searchtext=vpnaas&search=Search&field.status%3Alist=NEW&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.assignee=&field.bug_reporter=&field.omit_dupes=on&field.has_patch=&field.has_no_package=&orderby=status&start=0 VPN bugs]
@@ Line 34: / Line 35: @@
 Need resolution of gate issues for: https://review.openstack.org/#/c/159746
-== BGP/MPLS and Edge VPN ==
-https://etherpad.openstack.org/p/vpn-flavors created for people to express their thoughts...
+== Multiple Local Subnets on VPN connection ==
+Waiting for Drivers Team to review RFE.  One question, should we add a (new) restriction that requires the local and peer subnets to be the same IP version? Currently, with the 1:N (local:peer) subnets, there is no check that the peer and local subnets are using the same IP versioning. Should they be required to both be IPv4 or IPv6 and not mixed?
-As a team, we need to see if we can come up with a seamless way for users to make use of BGP/MPLS VPN and Edge VPN (and other types, like equivalent of AWS Direct Connect), providing a consistent and uniform experience for customers.
+== BGP/MPLS and Edge VPN ==
-Toward that goal, we should do the following:
+From last meeting, please contribute use cases to https://etherpad.openstack.org/p/vpn-flavors, so that we can better understand the VPN variants that are being discussed.
-* Collect information on the two solutions (design specs, APIs, etc) so that everyone has a basic understanding of the features.
-* Review the VPNaaS object model and see if it can accommodate either/both of these features.
-* Determine if we can come up with (and it makes sense to have) a common API for these that provides the user with a consistent experience.
-For example, should there be list commands that indicate all the types of connections created, with maybe an optional filter by type?  Are there top level VPN APIs, like vpn-service-create that can be used for all VPN types? Etc.
+Let's try to get the use cases and workflows documented on the etherpad, so we have a shared understanding of the different proposals out there. Can continue discussing the designs here.
 Here's some info from the summit:
@@ Line 52: / Line 51: @@
 * BGP VPN https://github.com/stackforge/networking-bgpvpn with API proposa https://review.openstack.org/#/c/177740
-== Multiple Local Subnets on VPN connection ==
-I'll work on a blueprint spec for this. Will need to decide if this should be done independently of other work.
+== DM VPN ==
+Discussion on https://review.openstack.org/#/c/181563/
+== Open Discussion ==
 == Bucket List ==
 Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)...
 * User documentation for Networking Guide. (including limitations/restrictions)
@@ Line 64: / Line 69: @@
 * Remove /n from execute method in utils.py so that duplicate code can be removed in VPN drivers.
 * Documentation on how to use StrongSwan
+* Developer Reference Documentation needed. (pc_m adding empty DevRef doc sections).
 * Looks like StrongSwan is missing some configuration settings in template, so can only do defaults. Bug filed.
 * Documentation on the differences between StrongSwan and OpenSwan (and any limitations/restrictions of each - e.g. mixing IPv4/v6)
 * StrongSwan execute_with_mount() to allow configurable rootwrap config file.
 * Support for BGP/MPLS VPN? DM VPN? OpenVPN (road-warrior)? Can they be integrated into VPNaaS?
-* Certificate support for IPSec (Barbican - see what LBaaS did to use certificate). - Will investigate '''pc_m'''
+* Certificate support for IPSec (Barbican - see what LBaaS did to use certificate). - RFE created. Will investigate '''pc_m'''
 * Devstack support for VPNaaS (see LBaaS including devstack setup in their repo).
-* Multiple local subnet support for IPSec. - '''pc_m'''
+* Multiple local subnet support for IPSec. - RFE created. '''pc_m'''
 * There is interest by some on other VPN types (e.g. something similar to AWS DirectConnect and Azure ExpressRoute).
 * Should enhance/add unit test cases for:
@@ Line 76: / Line 82: @@
 ** Verification of contents of configuration files created for StrongSwan and OpenSwan.
 ** Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down).
 == Interested People ==
 List of people w/IRC that are interested in participating (coding, reviewing, testing, and/or documenting):
@@ Line 84: / Line 92: @@
-== Open Discussion ==
+== Charter ==
-== Charter ==
 [[NeutronSubteamCharters#VPNaaS_Team|VPNaaS Team Charter]]
 == Meeting Commands ==

Difference between revisions of "Meetings/VPNaaS"