[Yahoo-eng-team] [Bug 1586253] [NEW] [RFE] Add VPNaaS support for OVN networking
Public bug reported: Problem Description Currently VPNaaS service plugin only has support for the reference Neutron software routers, such as neutron L3 router. It can't work together with OVN distributed router. Proposed Change Add a new VPN agent to support VPN+OVN, the new VPN agent can support any distributed router solution. Together with the new agent, changes for VPNaaS plugin service driver are also needed. This will have no impact on existing VPN solution. The existing VPN agent can still work with neutron l3 router. This does not need any changes for OVN l3 plugin. So it is compatible with current OVN L3 plugin. ** Affects: neutron Importance: Undecided Assignee: MingShuang Xian (xianms) Status: New ** Tags: rfe ** Tags added: rfe ** Changed in: neutron Assignee: (unassigned) => MingShuang Xian (xianms) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1586253 Title: [RFE] Add VPNaaS support for OVN networking Status in neutron: New Bug description: Problem Description Currently VPNaaS service plugin only has support for the reference Neutron software routers, such as neutron L3 router. It can't work together with OVN distributed router. Proposed Change Add a new VPN agent to support VPN+OVN, the new VPN agent can support any distributed router solution. Together with the new agent, changes for VPNaaS plugin service driver are also needed. This will have no impact on existing VPN solution. The existing VPN agent can still work with neutron l3 router. This does not need any changes for OVN l3 plugin. So it is compatible with current OVN L3 plugin. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1586253/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1570852] [NEW] vpn service can't be active again if the openswan process crash
Public bug reported: We are using VPNaaS with OpenSwan on Ubuntu and found that the OpenSwan will crash when it receives some kinds of IKE2 attack packets. But I'm not very sure the format of the packet. After the OpenSwan crash, VPN- agent can't bring up it again and the VPN service status will be alway DOWN. We could use following steps to reproduce it. 1. Bring up a VPN connection and show the VPN service status vpn-service-list +--+--+--++ | id | name | router_id | status | +--+--+--++ | c354e5d7-aa81-44c0-9aa7-0f157a2c7b7d | s1 | dde4af28-31ff-4dff-bff9-8355998c5d0c | ACTIVE | | daa15ef8-3e99-4e37-a839-18dcf7910f9d | s2 | 0e8fb378-3e25-493c-9610-e48025b640ba | ACTIVE | +--+--+--++ 2. Kill the OpenSwan process 3. Show the VPN service status again vpn-service-list +--+--+--++ | id | name | router_id | status | +--+--+--++ | c354e5d7-aa81-44c0-9aa7-0f157a2c7b7d | s1 | dde4af28-31ff-4dff-bff9-8355998c5d0c | DOWN | | daa15ef8-3e99-4e37-a839-18dcf7910f9d | s2 | 0e8fb378-3e25-493c-9610-e48025b640ba | ACTIVE | +--+--+--++ The VPN service will keep DOWN until the VPN-agent is restarted. So we expect the VPN-agent can bring the OpenSwan process again if it crashed. We found this issue with vpnaas-agent master ** Affects: neutron Importance: Undecided Assignee: MingShuang Xian (xianms) Status: New ** Changed in: neutron Assignee: (unassigned) => MingShuang Xian (xianms) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1570852 Title: vpn service can't be active again if the openswan process crash Status in neutron: New Bug description: We are using VPNaaS with OpenSwan on Ubuntu and found that the OpenSwan will crash when it receives some kinds of IKE2 attack packets. But I'm not very sure the format of the packet. After the OpenSwan crash, VPN-agent can't bring up it again and the VPN service status will be alway DOWN. We could use following steps to reproduce it. 1. Bring up a VPN connection and show the VPN service status vpn-service-list +--+--+--++ | id | name | router_id | status | +--+--+--++ | c354e5d7-aa81-44c0-9aa7-0f157a2c7b7d | s1 | dde4af28-31ff-4dff-bff9-8355998c5d0c | ACTIVE | | daa15ef8-3e99-4e37-a839-18dcf7910f9d | s2 | 0e8fb378-3e25-493c-9610-e48025b640ba | ACTIVE | +--+--+--++ 2. Kill the OpenSwan process 3. Show the VPN service status again vpn-service-list +--+--+--++ | id | name | router_id | status | +--+--+--++ | c354e5d7-aa81-44c0-9aa7-0f157a2c7b7d | s1 | dde4af28-31ff-4dff-bff9-8355998c5d0c | DOWN | | daa15ef8-3e99-4e37-a839-18dcf7910f9d | s2 | 0e8fb378-3e25-493c-9610-e48025b640ba | ACTIVE | +--+--+--++ The VPN service will keep DOWN until the VPN-agent is restarted. So we expect the VPN-agent can bring the OpenSwan process again if it crashed. We found this issue with vpnaas-agent master To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1570852/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1569875] [NEW] the interval between two neutron metering reports are not correct
Public bug reported: the interval between two neutron metering reports are not correct. For example, we have below configuration in file metering_agent.ini # Interval between two metering measures measure_interval = 30 # Interval between two metering reports report_interval = 600 then go to the ceilometer to dump all neutron metering samples, the reports interval will be 630 seconds. Below are some dump result: ceilometer sample-list -m bandwidth -q 'resource_id=2cd7f8be-8dee-4c9c-9e58-6975fe83944a' +--+---+---++--++ | Resource ID | Name | Type | Volume | Unit | Timestamp | +--+---+---++--++ | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T12:32:42.353000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T12:22:12.416000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T12:11:42.415000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T12:01:12.396000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T11:50:42.446000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T11:40:12.355000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T11:29:42.361000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T11:19:12.377000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T11:08:42.353000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T10:58:12.389000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T10:47:42.409000 | >From above ceilometer result we can know the actual report interval is report_interval+measure_interval This issue is found in all openstack version ** Affects: neutron Importance: Undecided Assignee: MingShuang Xian (xianms) Status: New ** Changed in: neutron Assignee: (unassigned) => MingShuang Xian (xianms) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1569875 Title: the interval between two neutron metering reports are not correct Status in neutron: New Bug description: the interval between two neutron metering reports are not correct. For example, we have below configuration in file metering_agent.ini # Interval between two metering measures measure_interval = 30 # Interval between two metering reports report_interval = 600 then go to the ceilometer to dump all neutron metering samples, the reports interval will be 630 seconds. Below are some dump result: ceilometer sample-list -m bandwidth -q 'resource_id=2cd7f8be-8dee-4c9c-9e58-6975fe83944a' +--+---+---++--++ | Resource ID | Name | Type | Volume | Unit | Timestamp | +--+---+---++--++ | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T12:32:42.353000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T12:22:12.416000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T12:11:42.415000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T12:01:12.396000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T11:50:42.446000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T11:40:12.355000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T11:29:42.361000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T11:19:12.377000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T11:08:42.353000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T10:58:12.389000 | | 2cd7f8be-8dee-4c9c-9e58-6975fe83944a | bandwidth | delta | 0.0| B| 2016-04-13T10:47:42.409000 | From above ceilometer result we can know the actual report interval is report_interval+measure_interval This issue is found in all openstack version To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1569875/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-tea