16:05:46 #startmeeting vpnaas 16:05:47 Meeting started Tue Jul 14 16:05:46 2015 UTC and is due to finish in 60 minutes. The chair is pc_m. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:05:48 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:05:50 The meeting name has been set to 'vpnaas' 16:05:54 #topic Announcements 16:06:25 FYI: Plan is to disable services for Neutron Grenade jobs. 16:06:46 Will need to, in the future, create a VPNaaS Grenade job to test updates. 16:07:25 I pushed up a DevStack plugin for VPN and corresponding commit to remove VPN setup from DevStack repo. Hoping to get those approved soon. 16:08:19 Upstreamed tox.ini changes so that we can, in the future, run VPN functional tests against Neutron change sets (hopefully reducing some breakage). 16:09:03 There is also some discussion by Sridhar R, about doing a "State of VPN" talk at summit. He doesn't appear to be on right now. 16:09:14 Any other announcements? 16:09:21 Hi pc_m: 16:09:27 mhanif: hi 16:09:43 I would like to announce the availability of new specs for edge VPN 16:10:00 mhanif: cool. Link? 16:10:22 This is in line with what we are discussion of splitting the spec to address the provisioning part and the API to attach the Neutron network to the edge VPN 16:10:46 APIs to provision edge VPN service is at: #link https://review.openstack.org/#/c/201378/ 16:11:01 Neutron extesion for edge VPN is at: #link https://review.openstack.org/#/c/201381/ 16:11:14 mhanif: Thanks. Encourage people to look at the specs. 16:11:21 I have updated the VPNaaS wiki to reflect this 16:11:32 mhanif: ty 16:11:41 Any other announcements? 16:12:14 #topic Local Tunnel IP 16:12:49 I pushed this up for review, please check it out #linkhttps://review.openstack.org/199670 16:13:23 There are a few issues. One is that there changes happening in Neutron for migration, so we'll need to wait and adapt this a bit for those changes. 16:14:09 The other is that we need to get a VPN based Grenade job running to better test this commit. 16:14:14 :( 16:14:53 Or go w/o upgrade testing that is automated for now. I have manually tested it. 16:15:12 Please look at the review and comment, though. 16:15:27 #topic VPN with HA Router 16:16:16 There is a review up #link https://review.openstack.org/200636. Please look at it and give feedback. There are some concerns on how this will work out, when there is an active/standby router. 16:16:35 Also some concern with how it fits in with the local tunnel IP change. 16:16:43 pc_m: neutron HA is based on VRRP ? 16:16:59 hi sridhar_ram: Not sure. 16:17:21 sridhar_ram: They want to be able to use VPN with L3 HA router. 16:17:35 sridhar_ram: And handle switching between active and standby. 16:18:12 I wonder if the HA routers share the same GW IP addresses, which are used for the tunnels (implicitely). 16:18:17 implicitly 16:18:51 In any case, please review and provide feedback. We need to make sure we get this one right. 16:18:51 I remember it will use a VIP .. so that would be the tunnel ip 16:19:06 #topic Multiple Local subnets 16:19:42 I'm still waiting for Drivers cores to review the developer reference commit that is out for review. #link https://review.openstack.org/#/c/191944 16:20:21 Please look over the updated commit and voice any questions/concerns with the proposals and which proposal is best (I'm rooting for C :) 16:20:51 Need to get going on this to make Liberty release... :( 16:21:06 #topic Bugs 16:21:56 Please look over the bugs and VPN reviews and help out. We desperately need reviewers, as the +1s will help cores in determining if domain experts (us) are happy with the changes. 16:22:25 Any particular reviews/bugs to discuss (besides the ones I posted above)? 16:23:06 pc_m: nothing particular..but question on neutron HA 16:23:15 sridhar_ram: sure shoot 16:23:47 at some point there were different neutron HA schemes floating around.. 16:23:56 Ref: https://bugs.launchpad.net/neutron/+bug/1471940 16:23:56 Launchpad bug 1471940 in neutron "VPNaaS Ipsec does not correctly determine master L3 HA Router" [Undecided,In progress] - Assigned to venkata anil (anil-venkata) 16:24:14 it will be good to understand for which HA scenario vpnaas is planned to be supported 16:24:44 okay.. will look at the bug! 16:24:49 sridhar_ram: :) 16:25:46 I guess they have active/standby router and switch over, and get a failure with namespace. 16:26:11 ofcourse .. the solution would be quite different for reference vpn vs the virtual appliance based ones 16:26:53 I guess .. then we need to loop at strongswan cookbook for vrrp and then translate back that to here 16:27:00 I really don't know much about how the HA router stuff works. I think Assaf does, so there is likely some discussion needed on this bug. 16:27:02 *look 16:27:15 exactly 16:27:18 Feel free to add to the bug comments and jump in on hte review. 16:27:40 IMO it is not trivial bug :-) 16:28:03 sridhar_ram: Yeah, I'm thinking that too. 16:28:17 sure, will try.. juggling few other things my side these days. will try my best get back to reviewing 16:28:24 hopefully soon! 16:28:39 sridhar_ram: Thanks! 16:28:48 #topic BGP VPN and Edge VPN 16:29:17 Is there anything to discuss here, beyond reviewing the specs mhanif noted? 16:29:23 mhanif: anyting? 16:29:29 anything 16:29:30 Yes 16:29:37 all yours... 16:29:39 i have a question on Edge VPN 16:30:01 As you know that we have a implementation of the edge spec in the stackforge 16:30:19 However, it was based on the Icehouse release 16:30:42 We are updating it to the Liberty release and will announce it very soon 16:31:03 The dir structure will also be updated to match the Liberty dir structure 16:31:26 Vendor specific drivers then can be added there as well 16:31:30 mhanif: this is great! 16:31:42 mhanif: thanks for the info. 16:31:52 SrikanthPoolla: You had a question... 16:32:04 i am trying to implement service plugin for edge vpn...is that the base_ipsec.py base driver class? 16:32:06 Again would like to encourage folks to please review the spec and post your comments 16:32:41 SrikanthPoolla: base_ipsec.py is for IPSec site-to-site connection VPN. 16:32:44 SrikanthPoolla: Have you looked at the code? 16:32:47 in the stackforge 16:33:03 i was trying to get MPLSVpnDriver class which i didnt'd find 16:33:25 mhanif:i had looked into the code in stackforge 16:33:44 SrikanthPoolla: sorry. Are you talking about base_ipsec.py in stackforge or in the neutron-vpnaas repo? 16:34:01 SrikanthPoolla: Stuff in neutron-vpnaas is for IPSec VPN. 16:34:06 i was in trying to figure out a base class of edge vpn 16:34:14 Much of the implementation is done by angela_allen from my team. Not sure she is online right now 16:35:10 i was talking about base_ipsec.py in neutron-vpnass repo 16:35:37 SrikanthPoolla: yeah, that is IPSec site-to-site connection VPN stuff. 16:35:50 SrikanthPoolla: I can find out more about this and will get back to you 16:35:54 mhanif: Can you provide a pointer to the stackforge repo for SrikanthPoolla? 16:36:10 mhanif: That's even better. 16:36:23 pc_m: http://git.openstack.org/cgit/stackforge/networking-edge-vpn/ 16:36:30 #action mhanif to provide info on base class for edge bpn to SrikanthPoolla 16:37:05 The link to the stackforge is at: #link http://git.openstack.org/cgit/stackforge/networking-edge-vpn/ 16:37:30 thanks much paul and hanif 16:37:34 I see angela-s: online 16:37:50 yes, i finally made it 16:38:17 angela-s: Question for info on base class for edge vpn? 16:38:42 angela-s: Do you want to chime in? 16:39:16 SrikanthPoolla: is this in reference to the issue we've already been discussing? 16:39:29 yep Angela.. 16:40:34 so, the issue here is that I modeled the Edge VPN code based off of the VPN code 16:40:52 there is a reference to a VpnDriver class, that doesn't exist in the code base 16:42:46 apparantly this is causing some error, SrikanthPoolla can elaborate on the error 16:43:09 angela:exactly 16:44:11 there is a base class missing here which is MPLSVPNDriver and we are extending it to vendor specific implementation. since it was not there i ams seeing some import errors 16:44:21 pc_m: maybe you can help us understand the VPN code, then that will help us with the Edge VPN code 16:44:23 should be in service_drivers/__init__.py 16:45:15 in this code: https://github.com/openstack/neutron-vpnaas/blob/master/neutron_vpnaas/services/vpn/service_drivers/base_ipsec.py#L68, there is reference to VpnDriver, but that class doesn't exist 16:45:40 angela-s: I can. Let's take this off-line in openstack-neutron after this meeting (and after I eat quickly). 16:45:48 sure 16:46:05 it should be in the __init__.py in that directory. 16:46:30 It's an ABC, and the __init__.py is not empty. 16:46:50 In any case, let's try to wrap up here. 16:47:00 Anything else on BGP/Edge VPN? 16:47:10 pc_m: I am good thanks 16:47:17 #topic Open Discussion 16:47:26 Anyone have anything else to discuss? 16:47:46 waiting for Mathieu to respond for the M-talk submission 16:48:13 is there anyway I can convince our beloved vpn core to co-submit ? ;-) 16:48:23 Please help reviewing some of the commits that are out (DevStack plugin, local tunnel IP, L3 HA + VPN, and multiple local subnet developer reference proposals). 16:48:41 sridhar_ram: Yeah, I probably can. 16:49:00 * pc_m assuming I get to go to the summit :) 16:49:06 pc_m: awesome! 16:49:38 * sridhar_ram pc_m will be containerized and shipped to tokyo no matter what 16:49:40 sridhar_ram: Need some input from BGP VPN folks and Edge as well. 16:49:53 :) 16:50:43 pc_m: edge VPN team is already on board 16:50:49 :-) 16:50:59 mhanif: great! 16:51:06 Looks like we're done. Thanks for joining everyone. angela-s and SrikanthPoolla, ping me on Neutron IRC in about 15 mins. 16:51:12 #endmeeting