[openstack-dev] VPNaaS questions...

Nachi Ueno nachi at ntti3.com
Wed Oct 23 20:53:11 UTC 2013


Hi Paul

I rebased the patch, and working on unit testing too
https://review.openstack.org/#/c/41827/


2013/10/23 Paul Michali <pcm at cisco.com>:
> See PCM: in-line.
>
>
> PCM (Paul Michali)
>
> MAIL pcm at cisco.com
> IRC   pcm_  (irc.freenode.net)
> TW   @pmichali
>
> On Oct 23, 2013, at 9:41 AM, Akihiro Motoki <amotoki at gmail.com> wrote:
>
> Hi Paul,
>
>
> On Wed, Oct 23, 2013 at 9:56 PM, Paul Michali <pcm at cisco.com> wrote:
>
>
> Hi guys,
>
> Some questions on VPNaaS…
>
> Can we get the review reopened of the service type framework changes for VPN
> on the server side?
> I was thinking of trying to rebase that patch, based on the latest from
> master, but before doing so, I ran TOX on the latest master commit. TOX
> fails with a bunch of errors, some reporting that the system is out of
> memory. I have a 4GB Ubuntu 12.04 VM for this and I see it max out on
> memory, when TOX is run on the whole Neutron code for py27. Anyone seen
> this?
>
>
> I see this too. On 4GB Ubuntu 13.04 VM, I have over 1GB swap while
> running the whole test
> and the test slows down after swap begins….
>
>
> PCM: Whew! I was worried that it was something in my setup.  Any idea on a
> root cause/workaround? Is this happening when Jenkins runs?
>
>
>
>
>
> I have tried the current patch of service type framework, and found that
> client changes are needed too. I have changes ready for review, should I
> post them, or do we need to wait (or indicate some dependency on the server
> side changes)?
>
>
> My suggestion is to post a patch with WIP status.
> We can test the server side patch with CLI. It really helps us all.
>
>
> PCM: Thanks! I wasn't sure how to proceed as the client change is useless
> w/o the server change.

Yeah, please push wip :)

>
> I see that there is VPN connection status and VPN service status. What is
> the purpose of the latter? What is the status, if the service has multiple
> connections in different states?
>
>
> I see the same.
>
>
> PCM: Yeah, need to understand what the desired meaning is for the service
> status in this context.
>

In openswan impl,
vpnservice state is the state of openswan process.
ipsec-site-connection state is actual connection state.

so let's say we have two site.
Vpnservice will be ACTIVE and ipsec-site-connection's state will be DOWN after
 we setup only one site.


>
>
> Have you guys tried VPNaaS with Havana and the now default ML2 plugin? I got
> a failure on connection create, saying that it could not find
> get_l3_agents_hosting_routers() attribute. I haven't looked into this yet,
> but will try as soon as I can.
>
>
> I think https://bugs.launchpad.net/neutron/+bug/1238846 is same as
> what you encountered.
> I believe this bug was fixed in the final RC. Doesn't it work?
>
>
> PCM: Ah, I missed that bug review. I probably need to update my repo with
> the latest to pick this up.  Thanks!
>
> Regards,
>
> PCM
>
>
>
> Thanks,
> Akihiro
>
>
> Thanks!
>
> PCM (Paul Michali)
>
> Contact info for Cisco users http://twiki.cisco.com/Main/pcm
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>



More information about the OpenStack-dev mailing list