yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #14188
[Bug 1316731] [NEW] VPNAAS: Updating the peer id from ip address to email id making the ipsec site connection forever down vm across the sites not able to ping each other
Public bug reported:
Steps to Reproduce:
1.Create two site with vpn service,vpn ike policy,ipsec policy and ipsec site connection.
2. Make sure the vm across the sit are able to ping each other with successfull tunnel creation .
3.Check the status of the operation on both the sites:
neutron ipsec-site-connection-list
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| 8af2322c-aaac-4de1-b026-d5a2afdc3845 | vpnconnection1 | $peer_address2 | "11.11.1.0/24" | static | psk | ACTIVE |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
neutron vpn-service-list
+--------------------------------------+--------+--------------------------------------+--------+
| id | name | router_id | status |
+--------------------------------------+--------+--------------------------------------+--------+
| 58caaf89-ecc2-4cf4-a86c-374b2d22dc35 | myvpn1 | 336c444b-22d1-40a8-ad9c-54063aaaa5e2 | ACTIVE |
+--------------------------------------+--------+--------------------------------------+--------+
neutron vpn-service-list
+--------------------------------------+--------+--------------------------------------+--------+
| id | name | router_id | status |
+--------------------------------------+--------+--------------------------------------+--------+
| 9408fed3-35e3-48c6-ae1c-23324eb9b108 | myvpn1 | cfd9c896-c56f-4da1-93b5-3591fc0a7841 | ACTIVE |
+--------------------------------------+--------+--------------------------------------+--------+
neutron ipsec-site-connection-list
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| 465cca84-49a4-4170-b15b-64d9a9664e90 | vpnconnection1 | $peer_address1 | "10.10.1.0/24" | static | psk | ACTIVE |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
neutron vpn-service- show 465cca84-49a4-4170-b15b-64d9a9664e90
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 465cca84-49a4-4170-b15b-64d9a9664e90 |
| ikepolicy_id | 6159a86b-38f2-415e-b583-bca27b6b8c15 |
| initiator | bi-directional |
| ipsecpolicy_id | e63d8cef-56a0-4b13-9094-940256ce7cc8 |
| mtu | 1500 |
| name | vpnconnection1 |
| peer_address | $peer_address1 |
| peer_cidrs | 10.10.1.0/24 |
| peer_id | $peer_address1 |
| psk | secret |
| route_mode | static |
| status | ACTIVE |
| tenant_id | d209c7ac08304ff48c59a53c2c47516c |
| vpnservice_id | 9408fed3-35e3-48c6-ae1c-23324eb9b108 |
+----------------+----------------------------------------------------+
Make sure the VM across the site pinging each other.
4. Now update the peer id onto one of the site as email id.
neutron ipsec-site-connection-update 465cca84-49a4-4170-b15b-64d9a9664e90 --peer_id site2@xxxxxx
Updated ipsec_site_connection: 465cca84-49a4-4170-b15b-64d9a9664e90
5.Check the status of the vpn site conenction
neutron ipsec-site-connection-list
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| 465cca84-49a4-4170-b15b-64d9a9664e90 | vpnconnection1 | $peer_address1 | "10.10.1.0/24" | static | psk | DOWN |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
Actual Results: Updating the peer id from peer ip addres to email id
making ipsec site conenction down. VM across the sites not able to ping
each other after the update
Expected Results: Updating the peer id from peer ip addres to email id
should not make ipsec site conenction down forever and after succesfull
updation the vm across the site should be able to ping each other.
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1316731
Title:
VPNAAS: Updating the peer id from ip address to email id making the
ipsec site connection forever down vm across the sites not able to
ping each other
Status in OpenStack Neutron (virtual network service):
New
Bug description:
Steps to Reproduce:
1.Create two site with vpn service,vpn ike policy,ipsec policy and ipsec site connection.
2. Make sure the vm across the sit are able to ping each other with successfull tunnel creation .
3.Check the status of the operation on both the sites:
neutron ipsec-site-connection-list
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| 8af2322c-aaac-4de1-b026-d5a2afdc3845 | vpnconnection1 | $peer_address2 | "11.11.1.0/24" | static | psk | ACTIVE |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
neutron vpn-service-list
+--------------------------------------+--------+--------------------------------------+--------+
| id | name | router_id | status |
+--------------------------------------+--------+--------------------------------------+--------+
| 58caaf89-ecc2-4cf4-a86c-374b2d22dc35 | myvpn1 | 336c444b-22d1-40a8-ad9c-54063aaaa5e2 | ACTIVE |
+--------------------------------------+--------+--------------------------------------+--------+
neutron vpn-service-list
+--------------------------------------+--------+--------------------------------------+--------+
| id | name | router_id | status |
+--------------------------------------+--------+--------------------------------------+--------+
| 9408fed3-35e3-48c6-ae1c-23324eb9b108 | myvpn1 | cfd9c896-c56f-4da1-93b5-3591fc0a7841 | ACTIVE |
+--------------------------------------+--------+--------------------------------------+--------+
neutron ipsec-site-connection-list
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| 465cca84-49a4-4170-b15b-64d9a9664e90 | vpnconnection1 | $peer_address1 | "10.10.1.0/24" | static | psk | ACTIVE |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
neutron vpn-service- show 465cca84-49a4-4170-b15b-64d9a9664e90
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 465cca84-49a4-4170-b15b-64d9a9664e90 |
| ikepolicy_id | 6159a86b-38f2-415e-b583-bca27b6b8c15 |
| initiator | bi-directional |
| ipsecpolicy_id | e63d8cef-56a0-4b13-9094-940256ce7cc8 |
| mtu | 1500 |
| name | vpnconnection1 |
| peer_address | $peer_address1 |
| peer_cidrs | 10.10.1.0/24 |
| peer_id | $peer_address1 |
| psk | secret |
| route_mode | static |
| status | ACTIVE |
| tenant_id | d209c7ac08304ff48c59a53c2c47516c |
| vpnservice_id | 9408fed3-35e3-48c6-ae1c-23324eb9b108 |
+----------------+----------------------------------------------------+
Make sure the VM across the site pinging each other.
4. Now update the peer id onto one of the site as email id.
neutron ipsec-site-connection-update 465cca84-49a4-4170-b15b-64d9a9664e90 --peer_id site2@xxxxxx
Updated ipsec_site_connection: 465cca84-49a4-4170-b15b-64d9a9664e90
5.Check the status of the vpn site conenction
neutron ipsec-site-connection-list
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| 465cca84-49a4-4170-b15b-64d9a9664e90 | vpnconnection1 | $peer_address1 | "10.10.1.0/24" | static | psk | DOWN |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
Actual Results: Updating the peer id from peer ip addres to email id
making ipsec site conenction down. VM across the sites not able to
ping each other after the update
Expected Results: Updating the peer id from peer ip addres to email
id should not make ipsec site conenction down forever and after
succesfull updation the vm across the site should be able to ping each
other.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1316731/+subscriptions
Follow ups
References
