yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #14193
[Bug 1316760] [NEW] VPNAAS :Creating a IPSEC site-to-site connection with peer id as email id ping across the site vm is not operational
Public bug reported:
Steps to Reproduce:
1. Create a site to site connection with peer id as the email of the peers.
2. For sites
site1 --peer_id site2@xxxxxx
site2 peer_id site1@xxxxxx
Perform ipsec-site-connection-list
+--------------------------------------+-------+--------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+-------+--------------+----------------+------------+-----------+--------+
| 1affd6c2-0bbf-4254-ab97-2356fc6c170c | site1 | $peer_address2 | "10.10.2.0/24" | static | psk | DOWN |
| e30a89e2-de2d-425f-9197-f6c54de5d231 | site2 | $peer_address1 | "10.10.1.0/24" | static | psk | DOWN |
+--------------------------------------+-------+--------------+----------------+------------+-----------+--------+
neutron vpn-service-list
+--------------------------------------+------+--------------------------------------+--------+
| id | name | router_id | status |
+--------------------------------------+------+--------------------------------------+--------+
| 2eef507c-878c-4b5f-9afc-ee36193cef59 | vpn2 | 0ff7111e-fe10-4796-a551-fb35b533a26b | ACTIVE |
| 75382ad5-1507-42af-ac41-d9d9fdba5dc9 | vpn1 | 873d7987-1a64-47e6-be2a-bf5b3206aded | ACTIVE |
neutron ipsec-site-connection-show site1
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 1affd6c2-0bbf-4254-ab97-2356fc6c170c |
| ikepolicy_id | 068c2389-861c-45e6-bc20-03fba90dd3b4 |
| initiator | bi-directional |
| ipsecpolicy_id | 8fe5380f-0e1b-40f4-b398-0b30bd5c625a |
| mtu | 1500 |
| name | site1 |
| peer_address | $peer_address2 |
| peer_cidrs | 10.10.2.0/24 |
| peer_id | @site1@xxxxxx |
| psk | secret |
| route_mode | static |
| status | DOWN |
| tenant_id | 9d199ee4597649a6886578c565e933bc |
| vpnservice_id | 75382ad5-1507-42af-ac41-d9d9fdba5dc9 |
+----------------+----------------------------------------------------+
neutron ipsec-site-connection-show site2
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | e30a89e2-de2d-425f-9197-f6c54de5d231 |
| ikepolicy_id | 3b63a07d-f217-4c5b-b6d0-ff8877e63131 |
| initiator | bi-directional |
| ipsecpolicy_id | 1bd89192-e9e2-4804-8fa7-5a1857096912 |
| mtu | 1500 |
| name | site2 |
| peer_address |$peer_address1 |
| peer_cidrs | 10.10.1.0/24 |
| peer_id | @site2@xxxxxx |
| psk | secret |
| route_mode | static |
| status | DOWN |
| tenant_id | 9d199ee4597649a6886578c565e933bc |
| vpnservice_id | 2eef507c-878c-4b5f-9afc-ee36193cef59 |
+----------------+----------------------------------------------------+
Now ping the VM across the sites.
Actual Results: Creating a IPSEC site-to-site connection with peer id as email id ping across the site vm is not operational
Expected Results: Creating a IPSEC site-to-site connection with peer id
as email id ping across the site vm should be operational too.
*Note: Do we need to do some extra configuration to create sites with
peer id as email id?
** Affects: neutron
Importance: Undecided
Status: New
** Attachment added: "server.zip"
https://bugs.launchpad.net/bugs/1316760/+attachment/4106732/+files/server.zip
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1316760
Title:
VPNAAS :Creating a IPSEC site-to-site connection with peer id as email
id ping across the site vm is not operational
Status in OpenStack Neutron (virtual network service):
New
Bug description:
Steps to Reproduce:
1. Create a site to site connection with peer id as the email of the peers.
2. For sites
site1 --peer_id site2@xxxxxx
site2 peer_id site1@xxxxxx
Perform ipsec-site-connection-list
+--------------------------------------+-------+--------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+-------+--------------+----------------+------------+-----------+--------+
| 1affd6c2-0bbf-4254-ab97-2356fc6c170c | site1 | $peer_address2 | "10.10.2.0/24" | static | psk | DOWN |
| e30a89e2-de2d-425f-9197-f6c54de5d231 | site2 | $peer_address1 | "10.10.1.0/24" | static | psk | DOWN |
+--------------------------------------+-------+--------------+----------------+------------+-----------+--------+
neutron vpn-service-list
+--------------------------------------+------+--------------------------------------+--------+
| id | name | router_id | status |
+--------------------------------------+------+--------------------------------------+--------+
| 2eef507c-878c-4b5f-9afc-ee36193cef59 | vpn2 | 0ff7111e-fe10-4796-a551-fb35b533a26b | ACTIVE |
| 75382ad5-1507-42af-ac41-d9d9fdba5dc9 | vpn1 | 873d7987-1a64-47e6-be2a-bf5b3206aded | ACTIVE |
neutron ipsec-site-connection-show site1
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 1affd6c2-0bbf-4254-ab97-2356fc6c170c |
| ikepolicy_id | 068c2389-861c-45e6-bc20-03fba90dd3b4 |
| initiator | bi-directional |
| ipsecpolicy_id | 8fe5380f-0e1b-40f4-b398-0b30bd5c625a |
| mtu | 1500 |
| name | site1 |
| peer_address | $peer_address2 |
| peer_cidrs | 10.10.2.0/24 |
| peer_id | @site1@xxxxxx |
| psk | secret |
| route_mode | static |
| status | DOWN |
| tenant_id | 9d199ee4597649a6886578c565e933bc |
| vpnservice_id | 75382ad5-1507-42af-ac41-d9d9fdba5dc9 |
+----------------+----------------------------------------------------+
neutron ipsec-site-connection-show site2
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | e30a89e2-de2d-425f-9197-f6c54de5d231 |
| ikepolicy_id | 3b63a07d-f217-4c5b-b6d0-ff8877e63131 |
| initiator | bi-directional |
| ipsecpolicy_id | 1bd89192-e9e2-4804-8fa7-5a1857096912 |
| mtu | 1500 |
| name | site2 |
| peer_address |$peer_address1 |
| peer_cidrs | 10.10.1.0/24 |
| peer_id | @site2@xxxxxx |
| psk | secret |
| route_mode | static |
| status | DOWN |
| tenant_id | 9d199ee4597649a6886578c565e933bc |
| vpnservice_id | 2eef507c-878c-4b5f-9afc-ee36193cef59 |
+----------------+----------------------------------------------------+
Now ping the VM across the sites.
Actual Results: Creating a IPSEC site-to-site connection with peer id as email id ping across the site vm is not operational
Expected Results: Creating a IPSEC site-to-site connection with peer
id as email id ping across the site vm should be operational too.
*Note: Do we need to do some extra configuration to create sites with
peer id as email id?
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1316760/+subscriptions
Follow ups
References
