neutron

[RFE] Flavor support for VPNaaS

Bug #1672920 reported by Lingxian Kong on 2017-03-15

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Wishlist	Hunt Xu	neutron pike-rc1 "p-rc1"

Bug Description

Neutron already supports flavor framework, and currently, only l3 service is using it. In VPNaaS, we also would like to support flavor, in order to support multiple vpn service drivers in one deployment.

One real use case from us:

We (a public cloud provider) are using openswan driver for vpnaas in our public cloud, and recently, some customers are asking SHA2 for more secure connection, it's time for us to do upgrade for vpnaas now (we are still running liberty). Since openswan is not maintained properly, we are also considering switching to stongswan smoothly without bring much overhead to customers.

The upgrade will be a non-trivial job without flavor support. With flavor, we could easily add strongswan as the default driver, but still use openswan for old vpn connections. Of course, other things need to be done to make sure operations for old resources are handled properly by the right driver. With thad said, after upgrade, customers could still use their old ipsec site connections which are served by openswan, but new request will use strongswan to create vpn service.

Tags:

YAMAMOTO Takashi (yamamoto) on 2017-03-15

tags:

added: vpnaas

Hunt Xu (huntxu) on 2017-04-06

Changed in neutron:
assignee:	nobody → Hunt Xu (huntxu)
status:	New → Confirmed
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-04-18: Fix proposed to neutron-vpnaas (master)

Fix proposed to branch: master
Review: https://review.openstack.org/457527

Revision history for this message

YAMAMOTO Takashi (yamamoto) wrote on 2017-04-19:

this looks fine to me. move this back to new as it still needs an attention from drivers team.

Changed in neutron:
status:	In Progress → New

OpenStack Infra (hudson-openstack) on 2017-04-19

Changed in neutron:
status:	New → In Progress

Hunt Xu (huntxu) on 2017-04-19

Changed in neutron:
status:	In Progress → New

OpenStack Infra (hudson-openstack) on 2017-05-02

Changed in neutron:
status:	New → In Progress

Hunt Xu (huntxu) on 2017-05-02

Changed in neutron:
status:	In Progress → New

Hunt Xu (huntxu) on 2017-05-24

Changed in neutron:
status:	New → Confirmed

Armando Migliaccio (armando-migliaccio) on 2017-05-25

Changed in neutron:
importance:	Undecided → Wishlist

Revision history for this message

Armando Migliaccio (armando-migliaccio) wrote on 2017-05-25:

I don't see why not, though there's a longer laundry list to make VPNaaS more tested and user friendly.

Changed in neutron:
status:	Confirmed → Triaged

Revision history for this message

Kevin Benton (kevinbenton) wrote on 2017-06-22:

This is fine, just make sure it's well tested/documented so it doesn't interfere with the VPNaaS goal of stadium inclusion.

tags:

added: rfe-approved
removed: rfe

Hunt Xu (huntxu) on 2017-06-23

Changed in neutron:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-13: Fix merged to neutron-vpnaas (master)

Reviewed: https://review.openstack.org/457527
Committed: https://git.openstack.org/cgit/openstack/neutron-vpnaas/commit/?id=058469e1b99b647537a5228c6a384d93df5484df
Submitter: Jenkins
Branch: master

commit 058469e1b99b647537a5228c6a384d93df5484df
Author: Hunt Xu <email address hidden>
Date: Wed Apr 12 19:20:43 2017 +0800

VPNaaS integration with services flavor framework

* adds new attribute 'flavor_id' for vpnservice
* adds support for multiple drivers for VPNaaS

    This solution uses a flavor of service type VPN associated with a flavor
    profile containing a driver. During vpnservice creation, if a flavor_id
    is passed, it is used to find the provider for the driver which would
    handle the newly created vpnservice. The flavor_id and the
    provider-vpnservice association are pesisted in the DB.

    ApiImpact and DocImpact tags are added as the new optional flavor_id
    parameter should be described, as well as the support of multiple VPNaaS
    drivers.

    The original work and discussion about integrating VPNaaS and service
    type framework can be found in the following change:
    I9e195dfaee21b1cf204cb9b9fc773bc9e5af5936

    ApiImpact
    DocImpact
    Closes-Bug: #1672920

Signed-off-by: Hunt Xu <email address hidden>

Change-Id: I0095e160481f1d4572e38ad1d3bbc8e183039b84

Changed in neutron:
status:	In Progress → Fix Released

Revision history for this message

Lingxian Kong (kong) wrote on 2017-07-13:

Thanks you guys for the implementation!

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-28: Fix included in openstack/networking-midonet 5.0.0.0b3

This issue was fixed in the openstack/networking-midonet 5.0.0.0b3 development milestone.

Revision history for this message

YAMAMOTO Takashi (yamamoto) wrote on 2017-08-11: Fix included in openstack/neutron-vpnaas 11.0.0.0rc1

This issue was fixed in the openstack/neutron-vpnaas 11.0.0.0rc1 release candidate.

Akihiro Motoki (amotoki) on 2018-02-28

Changed in neutron:
milestone:	none → pike-rc1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.