VPNaaS: Support VPNaaS with L3 HA
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Undecided
|
venkata anil |
Bug Description
Problem: Currently VPNaaS is not supported with L3 HA.
1) When user tries to create ipsec site connection, vpn agent tries to run ipsec process on both HA master and backup routers. Running ipsec process on backup router fails as it's router interfaces will be down.
2) Running two separate ipsec processes for the same side of connection( East or West) is not allowed.
3) During HA router state transitions( master to backup and backup to master), spawning and terminating of vpn process is not handled. For example, when master transitioned to backup, that vpn connection will be lost forever(unless both the agents hosting HA routers restarted).
Solution: When VPN process is created for HA router, it should run only on HA master node. On transition from master to backup router, vpn process should be shutdown (same like disabling radvd/metadata proxy) on that agent. On transition from backup to master, vpn process should be enabled and running on that agent.
Advantages: Through this we will have the advantages of L3 HA router i.e No need for user intervention for reestablishing vpn connection when the router is down. When existing master router is down, same vpn connection will be established automatically on the new master router.
Changed in neutron: | |
assignee: | nobody → venkata anil (anil-venkata) |
status: | New → In Progress |
Changed in neutron: | |
milestone: | none → liberty-rc1 |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | liberty-rc1 → 7.0.0 |
Fix already proposed for this support. /review. openstack. org/#/c/ 200636/
https:/