[openstack-dev] How to implement and configure a new Neutron vpnaas driver from scratch?

Nachi Ueno nachi at ntti3.com
Thu Apr 10 17:56:52 UTC 2014


Hi Julio

Unfortunately, we couldn't get forward about VPNaaS much in Icehouse.
We will discuss this design in next summit, so let's get this progress in
Juno.



2014-04-10 10:51 GMT-07:00 Julio Carlos Barrera Juez <
juliocarlos.barrera at i2cat.net>:

> Hi.
>
> After 8 months of the patch creation and being abandoned weeks ago (
> https://review.openstack.org/#/c/41827/) I still don't how can we develop
> a VPNaaS plugin following Bo Lin instructions. Is there any other patch
> trying to solve the problem? Is there any way to workaround the issue to
> get a VPNaaS plugin working?
>
> Thank you!
>
>
> Julio C. Barrera Juez
> Office phone: +34 93 357 99 27
> Distributed Applications and Networks Area (DANA)
> i2CAT Foundation, Barcelona, Spain
> http://dana.i2cat.net
>
>
> On 27 February 2014 10:51, Bo Lin <linb at vmware.com> wrote:
>
>> Hi Julio,
>> You can take https://review.openstack.org/#/c/74156/ and
>> https://review.openstack.org/#/c/74144/ as examples to write your own
>> vpnaas driver. More info about service type framework, you can also refer
>> to neutron/services/loadbalancer codes.
>>
>> ------------------------------
>> *From: *"Julio Carlos Barrera Juez" <juliocarlos.barrera at i2cat.net>
>> *To: *"OpenStack Development Mailing List (not for usage questions)" <
>> openstack-dev at lists.openstack.org>
>> *Sent: *Thursday, February 27, 2014 5:26:32 PM
>> *Subject: *Re: [openstack-dev] How to implement and configure a new
>> Neutron vpnaas driver from scratch?
>>
>>
>> I'm following the change you pointed a week ago. It seems that it is
>> working now, and will be eventually approved soon. I will be happy when it
>> is approved.
>>
>> Anyway, I need more information about how to develop a service driver and
>> a device driver for VPN plugin. I realize doing reverse-engineering that I
>> need and RPC agent and and RPC between them to communicate and use a kind
>> of callbacks to answer. Where I can find documentation about it and some
>> examples? Is there any best practise guide of the use of this architecture?
>>
>> Thank you again!
>>
>> [image: i2cat]
>> Julio C. Barrera Juez
>> Office phone: +34 93 357 99 27
>> Distributed Applications and Networks Area (DANA)
>> i2CAT Foundation, Barcelona, Spain
>> http://dana.i2cat.net<https://urldefense.proofpoint.com/v1/url?u=http://dana.i2cat.net/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=c98b2d74b41b9c8efe74e5f89d418dc5b64cd5b5003dc82b3d794c290d876d04>
>>
>>
>> On 19 February 2014 09:13, Julio Carlos Barrera Juez <
>> juliocarlos.barrera at i2cat.net> wrote:
>>
>>> Thank you very much Bo. I will try all your advices and check if it
>>> works!
>>>
>>> [image: i2cat]
>>> Julio C. Barrera Juez
>>> Office phone: +34 93 357 99 27
>>> Distributed Applications and Networks Area (DANA)
>>> i2CAT Foundation, Barcelona, Spain
>>> http://dana.i2cat.net<https://urldefense.proofpoint.com/v1/url?u=http://dana.i2cat.net/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=c98b2d74b41b9c8efe74e5f89d418dc5b64cd5b5003dc82b3d794c290d876d04>
>>>
>>>
>>> On 18 February 2014 09:18, Bo Lin <linb at vmware.com> wrote:
>>>
>>>>  I wonder whether your neutron server codes have added the " VPNaaS
>>>> integration with service type framework" change on
>>>> https://review.openstack.org/#/c/41827/21<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/41827/21&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=4a935821d551bb10de76c121ea8f83f57c00bf3a88ac0c73b51d87f96be1524f> ,
>>>> if not, the service_provider option is useless. You need to include the
>>>> change before developing your own driver.
>>>>
>>>> QA (In my opinion and sth may be missing):
>>>> - What is the difference between service drivers and device drivers?
>>>>     service drivers are driven by vpn service plugin and are
>>>> responsible for casting rpc request (CRUD of vpnservices) to and do
>>>> callbacks from vpn agent.
>>>>     device drivers are driven by vpn agent and are responsible for
>>>> implementing specific vpn operations and report vpn running status.
>>>>
>>>> - Could I implement only one of them?
>>>>     device driver must be implemented based on your own device. Unless
>>>> the default ipsec service driver is definitely appropriate, suggest you
>>>> implement both of them. After including "VPNaaS integration with service
>>>> type framework", the service driver work is simple.
>>>>
>>>> - Where I need to put my Python implementation in my OpenStack
>>>> instance?
>>>>    Do you mean let your instance runs your new codes? The default
>>>> source codes dir is /opt/stack/neutron, you need to put your new changes
>>>> into the dir and restart the neutron server.
>>>>
>>>> - How could I configure my OpenStack instance to use this
>>>> implementation?
>>>>    1.  Add your new codes into source dir
>>>>    2. Add appropriate vpnaas service_provider into neutron.conf and add
>>>> appropriate "vpn_device_driver" option into vpn_agent.ini
>>>>    3. restart n-svc and q-vpn
>>>>
>>>> Hope help you.
>>>>
>>>> ------------------------------
>>>> *From: *"Julio Carlos Barrera Juez" <juliocarlos.barrera at i2cat.net>
>>>> *To: *"OpenStack Development Mailing List" <
>>>> openstack-dev at lists.openstack.org>
>>>> *Sent: *Monday, February 17, 2014 7:18:44 PM
>>>> *Subject: *[openstack-dev] How to implement and configure a new
>>>> Neutron vpnaas        driver from scratch?
>>>>
>>>>
>>>> Hi.
>>>>
>>>> I have asked in the Q&A website without success (
>>>> https://ask.openstack.org/en/question/12072/how-to-implement-and-configure-a-new-vpnaas-driver-from-scratch/<https://urldefense.proofpoint.com/v1/url?u=https://ask.openstack.org/en/question/12072/how-to-implement-and-configure-a-new-vpnaas-driver-from-scratch/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=9uhm%2F59JRfiZ3CXzuhBOpqcTqWk8APswRGJFZ8H2Tos%3D%0A&s=73a239e478da9a7d12255611481016295433378154fb612bd567c30d77788648>
>>>> ).
>>>>
>>>> I want to develop a vpnaas implementation. It seems that since Havana,
>>>> there are plugins, services and device implementations. I like the plugin
>>>> and his current API, then I don't need to reimplement it. Now I want yo
>>>> implement a vpnaas driver, and I see I have two main parts to take into
>>>> account: the service_drivers and the device_drivers. IPsec/OpenSwan
>>>> implementation is the unique sample I've found.
>>>>
>>>> I'm using devstack to test my experiments.
>>>>
>>>> I tried to implement VpnDriver Python class extending the main API
>>>> methods like IPsecVPNDriver does. I placed basic implementation files at
>>>> the same level of IPsec/OpenSwan does and configured Neutron adding this
>>>> line to /etc/neutron/neutron.conf file:
>>>>
>>>> service_provider =
>>>> VPN:VPNaaS:neutron.services.vpn.service_drivers.our_python_filename.OurClassName:default
>>>>
>>>> I restarted Neutron related services in my devstack instance, but it
>>>> seemed it didn't work.
>>>>
>>>>
>>>>
>>>> - What is the difference between service drivers and device drivers?
>>>> - Could I implement only one of them?
>>>> - Where I need to put my Python implementation in my OpenStack
>>>> instance?
>>>> - How could I configure my OpenStack instance to use this
>>>> implementation?
>>>>
>>>>
>>>>
>>>> I didn't find almost any documentation about these topics.
>>>>
>>>> Thank you very much.
>>>>
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>>
>>>> https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=9uhm%2F59JRfiZ3CXzuhBOpqcTqWk8APswRGJFZ8H2Tos%3D%0A&s=46fe06049efb1d29a85b63f7ce101cd69695a368c3da6ea3a91bcd7d2b71ce59
>>>>
>>>>
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev<https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=638a7f219d00817d3d17746251a9b5090cce130fed11727be8a4cabd09754657>
>>>>
>>>>
>>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>>
>> https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=638a7f219d00817d3d17746251a9b5090cce130fed11727be8a4cabd09754657
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140410/29b9f6d8/attachment-0001.html>


More information about the OpenStack-dev mailing list