15:03:33 <pc_m> #startmeeting vpnaas
15:03:33 <openstack> Meeting started Tue Jan  6 15:03:33 2015 UTC and is due to finish in 60 minutes.  The chair is pc_m. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:03:34 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:03:37 <openstack> The meeting name has been set to 'vpnaas'
15:03:43 <mhanif> Hi
15:03:57 <pc_m> hi matrohon: mhanif:
15:04:15 <pc_m> Hope everyone had a good break
15:04:46 <pc_m> #topic announcements
15:05:06 <matrohon> really nice! I saw you had hard time debugging ipsec connection during your vacations
15:05:29 <pc_m> matrohon: Yeah, will bring up under open discussion.
15:05:40 <pc_m> Initial L3 refactoring for VPN is upstreamed. Please update any reviews.
15:05:50 <pc_m> UTs are operational as well.
15:06:08 <matrohon> pc_m : cool!
15:06:23 <pc_m> We had to move to meeting-4 (I missed that meeting-3 was in use).
15:06:37 <pc_m> #topic Bugs
15:06:59 <pc_m> I see these bugs:
15:07:17 <pc_m> #link https://review.openstack.org/#/c/143203/1
15:07:36 <pc_m> Looks like it needs a rebase and some cleanup.
15:08:22 * pc_m don't see Swaminathan on.
15:08:39 <pc_m> #link https://review.openstack.org/#/c/145005/1
15:09:03 <pc_m> Wondering what peoples thoughts are on this one?
15:09:33 <pc_m> Should we resolve the FQDN versus use next hop?
15:10:28 <matrohon> resolving fqdn sounds better, no?
15:10:42 <pc_m> matrohon: Yeah, that's what I'm thinking.
15:10:58 <pc_m> Will note that in review.
15:11:08 <pc_m> #link https://review.openstack.org/#/c/142484/
15:11:35 <pc_m> This looks fine to me. Please review (and other bugs listed).
15:12:15 <pc_m> #link https://review.openstack.org/#/c/143203/
15:12:49 <matrohon> you already talked about this one
15:13:02 <pc_m> whoops...
15:13:20 <pc_m> #link https://review.openstack.org/#/c/145219/
15:13:31 <pc_m> So this is just a place holder.
15:14:02 <pc_m> Idea here is to eventually remove all these methods from the VPNService class, once we have a router instance.
15:14:37 <pc_m> Carl and others are refactoring L3 to pull out a router class and once we have that, the device drivers can
15:15:01 <pc_m> communicate with the router directly.
15:15:12 <pc_m> Any other bugs to consider?
15:15:36 * pc_m wish the bot was working to expand the review summary
15:16:13 <pc_m> #topic Open Discussion
15:16:35 <pc_m> Anyone have anything else to discuss (I know I do, but will give others' a chance)?
15:16:59 <mhanif> Update on couple of action items from last meeting
15:17:02 <matrohon> mhanif : did you ping any core to have a clear understanding
15:17:17 <pc_m> mhanif: Great... go ahead...
15:17:17 <matrohon> about stackforge project or not
15:17:26 <matrohon> mhanif : +1
15:17:28 <mhanif> Yes, as we all know the L3Gateway is now being done in stackforge
15:17:53 <mhanif> For edge VPN, we are also asked to work in stackforge
15:18:18 <mhanif> I am setting up stackforge for edge VPN work as we speak
15:18:25 <pc_m> cool
15:18:43 <mhanif> Hope to share with the team the link to the project as soon as I am done.
15:18:51 <mhanif> pc_m: Thanks!
15:18:57 <matrohon> you are going to implement your spec as is
15:19:01 <matrohon> for edge vpn?
15:19:01 <pc_m> mhanif: That would be great.
15:19:40 <pc_m> mhanif: Do you have a link to the spec for those curious?
15:19:45 <mhanif> matrohon: It will be up for review and contribution.  Very open to any and all suggestions.
15:20:35 <mhanif> pc_m:  Here you go: https://review.openstack.org/#/c/136929
15:20:40 <pc_m> ty
15:20:57 <mhanif> #link https://review.openstack.org/#/c/136929
15:21:28 <matrohon> mhanif : do you have the spec for l3gateway?
15:21:28 <pc_m> Will be breaking new ground with all this.
15:22:03 <mhanif> matrohon: No.  not yet.
15:22:45 <matrohon> mhanif : you were mentioning that l3gateway will land in stackforge. There is no associated spec?
15:22:56 <matrohon> or were you talking about l2gateway?
15:23:15 <mhanif> It was l2gateway.  sorry
15:24:27 <mhanif> The link to L2Gateway project is at: #link https://review.openstack.org/#/c/141289/
15:25:01 <pc_m> mhanif: Thanks for the link
15:25:45 <matrohon> what will be the overlap between edge vpn and l2gateway?
15:26:43 <mhanif> Crrently, l2gw only talks about overlay networks to vlans bridging
15:27:01 <matrohon> mhanif : I mean for l2 vpn, your PE can be considered as a l2gateway
15:27:32 <matrohon> mhanif : does it sounds crasy?
15:28:07 <mhanif> Yes, it can be.  The distinction is edge VPN also talk about provisioning of VPNs
15:28:14 * pc_m need to read up on L2 VPN...
15:29:21 <pc_m> I did have some questions for the group about VPN testing...
15:29:24 <mhanif> matrohon: There is little overlap
15:30:05 <pc_m> I've been trying to figure out how to test VPN using VMs (versus bare metal).
15:30:34 <matrohon> mhanif : it would be really fine if edge vpn only deals with VPN attachment to the cloud, and not how this attachment is done technically
15:31:16 <matrohon> mhanif : lets continue during review
15:31:27 <mhanif> matrohon: +1
15:31:44 <vikram2> +1
15:31:45 <mhanif> matrohon: sure
15:31:52 <mhanif> matrohon: Thanks
15:32:22 <matrohon> pc_m : so what is the current status of your tests?
15:32:25 <pc_m> Has anyone setup VPN on VMs (one or two) and been able to test IPSec connections?
15:32:41 <pc_m> Over break, I was looking at A) one DevStack with two routers and two private nets, and B) two DevStacks in two VMs.
15:33:20 <matrohon> a while ago, I've been testing B)
15:33:33 <matrohon> but A) looks better...
15:33:36 <pc_m> With A) I create a second router and what I see is that from the second router's namespace, I can ping the private interface of router1
15:33:48 <pc_m> Not expecting that to be possible.
15:34:00 <pc_m> And don't see that on bare metal.
15:34:06 <matrohon> really weird
15:34:33 <matrohon> and VM can ping each others?
15:34:44 <pc_m> I started a bit on B), but had a bunch of problems, but I was running OoO and I guess there was some issue with nested virtualizations.
15:35:21 <pc_m> matrohon: Well, didn't go that far yet as I was worried about the connectivity as it stands.
15:35:56 <matrohon> the main benefit with A) is that we could have a corresponding functional test upstream
15:36:22 <pc_m> So, hoping for some help on trying to get A working. Later, I'll try B) under virtualbox.
15:36:27 <pc_m> markmcclain: ping
15:37:32 <matrohon> I can imagine that swami needs a test config for its patch : https://review.openstack.org/#/c/143203/
15:37:48 <matrohon> s/its/his
15:38:12 <pc_m> matrohon: Yeah not sure how much people are testing actual connectivity...
15:38:43 <markmcclain> pc_m: pong but in a meeting
15:39:14 <pc_m> markmcclain: Yeah, we are discussing VPN on VM in VPNaaS subteam meeting.
15:39:35 <pc_m> markmcclain: Maybe we can discuss in Neutron channel later? Need some help.
15:40:09 <pc_m> #action pc_m to hook up with markmcclain on VPN testing in VMs
15:40:34 <pc_m> I'd like to get this working, so that we can have a VPN scenario test case (which we are lacking).
15:41:11 <pc_m> If anyone has gotten it to work, or has B working, please let me know your config.
15:41:35 <pc_m> I'll keep plugging away at A) and later on try B) again.
15:41:52 <matrohon> pc_m : can you share your config somewhere?
15:42:35 <pc_m> matrohon: For A, sure. It is very basic. One min.
15:43:34 <matrohon> pc_m : I mean our local.conf and the steps to provision IPSec connections
15:44:17 <matrohon> I would really love ta have a test like A) in the gate
15:44:39 <pc_m> The local.conf I have is:  http://paste.openstack.org/show/155740/
15:45:55 <matrohon> pc_m : do you have a script to provision IPSec connection?
15:46:59 <pc_m> matrohon: Mostly manual steps right now (including creating the second router/subnet/net. But I have the notes in a text file.
15:48:12 <pc_m> gathering together...
15:48:24 <matrohon> pc_m : +1
15:49:10 <pc_m> Here are the commands to create the connections... http://paste.openstack.org/show/155741/
15:50:09 <matrohon> pc_m : cool I will try to test this.
15:50:20 <pc_m> Here are some notes on setting up the second router/net/subnet: http://paste.openstack.org/show/155742/
15:50:28 <matrohon> pc_m : I dindn't understand why anteaya told you to add an item to infra meeting
15:50:39 <pc_m> I have sever other notes, some with trying to use a separate tenant.
15:51:05 <pc_m> matrohon: She was suggesting I ask infra at meeting on how to setup (A), I think.
15:51:11 <anteaya> yes
15:51:18 <anteaya> if you reach a dead end
15:51:29 <anteaya> and are tired of bouncing your skull off a brick wall
15:51:37 <anteaya> you are welcome to ask for guidance and direction
15:51:40 <anteaya> you don't have to
15:51:48 <pc_m> anteaya: Yeah. Will see if I can hook up with Mark.
15:51:50 <anteaya> if you prefer the rhythm of a bouncing skull
15:51:54 <anteaya> just an option
15:52:06 <pc_m> Maybe I can try to ask in open discussion, if I'm still stuck...
15:52:17 <anteaya> pc_m: was a suggestion for you
15:52:23 <anteaya> not a requirement or expectation
15:52:30 <anteaya> we don't tend to make it to open discussion
15:52:34 <anteaya> but you never know
15:52:48 <pc_m> anteaya: yeah, sure understood. Appreciate the suggestion!
15:52:54 <anteaya> anytime
15:53:02 * pc_m I'm looking for any way to relieve the pain
15:53:09 <anteaya> that is what I thought
15:53:27 <pc_m> #action pc_m will ask at infra meeting, if still stuck.
15:53:41 <pc_m> That's all I have... any other open discussion items?
15:54:47 <pc_m> OK. Thanks for joining in!
15:54:55 <pc_m> #endmeeting