Open Stack

https://bugs.launchpad.net/neutron/+bug/1355360

I'm working on this vpn vendor bug and am looking for guidance on the
approach. I'm also relatively new to neutron development so bear with some
newbie gaffs :)

The problem reported in this bug, in a nutshell, is the policies in the
neutron vpn db and virtual-machine implementing vpn goes out of sync when
the agent restarts (restart could be either operator driven or due to a
software error).

CSR vpn device driver currently doesn't do a sync when it comes up. I'm
going to add that as part of this bug fix. Still it will only partially
solve the problem as it will take care of new connections created (which
goes to PENDING_CREATE state) & updates to existing connections while the
agent was down but NOT for deletes. For deletes the connection entry gets
deleted right at vpn_db level.

My proposal is to introduce PENDING_DELETE state for vpn site-to-site
connection.  Implementing pending_delete will involve,

1) Moving the delete operation from vpn_db into service driver
2) Changing the reference ipsec service driver to handle PENDING_DELETE
state. For now we can just do a simple db delete to preserve the existing
behavior.
3) CSR device driver will make use of PENDING_DELETE to correctly delete
the entries in the CSR device when the agent comes up.

Sounds reasonable? Any thoughts?

thanks,
- Sridhar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140828/d8527b1a/attachment.html>