Open Stack

Hi folks,

I have a bunch of questions for you on VPNaaS in specific, and services in general...

Nachi,

1) You hd a bug fix to do service provider framework support for VPN (41827). It was held for Icehouse. Is that pretty much a working patch? 
2) When are you planning on reopening the review?


Anyone,

I see that there is an agent.py file for VPN that has a main() and it starts up an L3 agent, specifying the VPNAgent class (in same file).

3) How does this file get invoked? IOW how does the main() get invoked?
4) I take it we can specify multiple device drivers in the config file for the agent?


Currently, for the reference device driver, the hierarchy is currently DeviceDriver [ABC] -> IPsecDriver [Swan based logic] -> OpenSwanDriver [one function, OpenSwan specific]. The ABC has a specific set of APIs. Wondering how to incorporate provider based device drivers.

5) Should I push up more general methods from IPsecDriver to DeviceDriver, so that they can be reused by other providers?
6) Should I push down the swan based methods from DeviceDriver to IPsecDriver and maybe name it SwanDeviceDriver?


I see that vpnaas.py is an extension for VPN that defines attributes and the base plugin functions.

7) If a provider as additional attributes (can't think of any yet), how can the attribute be extended, only for that provider (or is that the wrong way to handle this)?

For VPN, there are several attributes, each with varying ranges of values allowed. This is reflected in the CLI help messages, the database (e.g. enums), and is validated (some) in the client code and in the VPN service.

8) How do we provide different limits/allowed values for attributes, for a specific provider (e.g. let's say the provider supports or doesn't support an encryption method, or doesn't support IKE v1 or v2)?
9) Should the code be changed not to do any client validation, and to have generic help, so that different values could be provided, or is there a way to customize this based on provider?
10) If customized, is it possible to reflect the difference in allowed values in the help strings (and client validation)?
11) How do we handle the variation in the database (e.g. when enums specifying a fixed set of values)? Do we need to change the database to be more generic (strings and ints) or do we somehow extend the database?

I was wondering in general how providers can customize service features, based on their capabilities (better or worse than reference). I could create a Summit session topic on this, but wanted to know if this is something that has already been addressed or if a different architectural approach has already been defined.


Regards,


PCM (Paul Michali)

MAIL pcm at cisco.com
IRC   pcm_  (irc.freenode.net)
TW   @pmichali

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131011/fbf28507/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131011/fbf28507/attachment.pgp>