Meetings

• Weekly on-demand on Tuesdays at 1600 UTC
• IRC channel: #openstack-meeting-3
• Chair: pc_m (Paul Michali)

If you want to hold a meeting. Update this wiki page with agenda modifications, date of meeting desired, date of update, and then post a notice on the openstack-dev mailing list, at least 24 hours prior to the meeting start time. We have reserved this (new) channel on the IRC for the time/day of week.

Next meeting: Tuesday, June 9nd, 2015.

Logs and Minutes

Meetings, with their notes and logs, will be found under http://eavesdrop.openstack.org/meetings/vpnaas/

Agenda

Updated June 8th, 2015

• Questions on multiple local subnet enhancement
• BGP/MPLS VPN and Edge VPN discussion
• Discuss DMVPN spec for Liberty (https://review.openstack.org/#/c/181563/)

Announcements

• Anything?

Bugs under Review

Current bugs: VPN bugs

Current reviews: VPNaaS reviews

Need resolution of gate issues for: https://review.openstack.org/#/c/159746

Multiple Local Subnets on VPN connection

Waiting for Drivers Team to review RFE. One question, should we add a (new) restriction that requires the local and peer subnets to be the same IP version? Currently, with the 1:N (local:peer) subnets, there is no check that the peer and local subnets are using the same IP versioning. Should they be required to both be IPv4 or IPv6 and not mixed?

BGP/MPLS and Edge VPN

From last meeting, please contribute use cases to https://etherpad.openstack.org/p/vpn-flavors, so that we can better understand the VPN variants that are being discussed.

Let's try to get the use cases and workflows documented on the etherpad, so we have a shared understanding of the different proposals out there. Can continue discussing the designs here.

Here's some info from the summit:

• Edge-VPN http://git.openstack.org/cgit/stackforge/networking-edge-vpn/ with spec https://review.openstack.org/#/c/152377/
• BGP VPN https://github.com/stackforge/networking-bgpvpn with API proposa https://review.openstack.org/#/c/177740

DM VPN

Discussion on https://review.openstack.org/#/c/181563/

Open Discussion

Bucket List

Here are some ideas for tasks that need to be done (feel free to work on them - put your name by any you choose)...

• User documentation for Networking Guide. (including limitations/restrictions)
• Coverage, especially in database and device driver modules, is lacking.
• Need functional tests for OpenSwan device driver (and StrongSwan driver). Identify what's needed (MTU check, connection delete, admin up/down?, non-default configs).
• Refactor duplication out of device driver code (OpenSwan, StrongSwan, Cisco, Vyatta)
• The OpenSwan class should be separated from the ABC definition, and placed into a new module.
• Remove /n from execute method in utils.py so that duplicate code can be removed in VPN drivers.
• Documentation on how to use StrongSwan
• Developer Reference Documentation needed. (pc_m adding empty DevRef doc sections).
• Looks like StrongSwan is missing some configuration settings in template, so can only do defaults. Bug filed.
• Documentation on the differences between StrongSwan and OpenSwan (and any limitations/restrictions of each - e.g. mixing IPv4/v6)
• StrongSwan execute_with_mount() to allow configurable rootwrap config file.
• Support for BGP/MPLS VPN? DM VPN? OpenVPN (road-warrior)? Can they be integrated into VPNaaS?
• Certificate support for IPSec (Barbican - see what LBaaS did to use certificate). - RFE created. Will investigate pc_m
• Devstack support for VPNaaS (see LBaaS including devstack setup in their repo).
• Multiple local subnet support for IPSec. - RFE created. pc_m
• There is interest by some on other VPN types (e.g. something similar to AWS DirectConnect and Azure ExpressRoute).
• Should enhance/add unit test cases for:
  • Checking various sync() cases: router w/o VPN running on it any more; router with VPN running, but no longer a service configured; process running VPN, but no longer VPN configured.
  • Verification of contents of configuration files created for StrongSwan and OpenSwan.
  • Verification of reported status for various cases: connections (active, down, pending create), service (created, deleted, admin down).

Interested People

List of people w/IRC that are interested in participating (coding, reviewing, testing, and/or documenting):

• Paul Michali (pc_m)
• Al Miller (ajmiller)

Charter

VPNaaS Team Charter

Meeting Commands

/join #openstack-meeting-4
#startmeeting vpnaas
#topic Announcements
#undo

...

#endmeeting