← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1318550] [NEW] vpnaas:Aether->Vpn_agent is not able to handle two ipsec-site connection creation request simultaneously.

 

Public bug reported:


neutron net-create  ext-net1 --router:external=True
neutron subnet-create  --allocation-pool start=192.142.0.60,end=192.142.0.100 --gateway 192.142.0.1 ext-net1 192.142.0.0/16 --enable_dhcp=False

step 1=>
neutron net-create net1
neutron subnet-create net1 10.10.1.0/24 --name sub1
neutron router-create r1
neutron router-interface-add r1 sub1
neutron router-gateway-set r1 ext-net1

neutron net-create net2
neutron subnet-create net2 10.10.2.0/24 --name sub2
neutron router-create r2
neutron router-interface-add r2 sub2
neutron router-gateway-set r2 ext-net1


neutron vpn-ikepolicy-create ikepolicy1
neutron vpn-ipsecpolicy-create ipsecpolicy1
neutron vpn-service-create --name myvpn1 --description "My vpn service" r1 sub1
neutron ipsec-site-connection-create --name vpnconnection1 --vpnservice-id myvpn1 --ikepolicy-id ikepolicy1 --ipsecpolicy-id ipsecpolicy1 --peer-address 192.142.0.61 --peer-id 192.142.0.61 --peer-cidr 10.10.2.0/24 --psk secret


neutron vpn-ikepolicy-create ikepolicy2
neutron vpn-ipsecpolicy-create ipsecpolicy2
neutron vpn-service-create --name myvpn2 --description "My vpn service" r2 sub2

neutron ipsec-site-connection-create --name vpnconnection2 --vpnservice-
id myvpn2 --ikepolicy-id ikepolicy2 --ipsecpolicy-id ipsecpolicy2
--peer-address 192.142.0.60 --peer-id 192.142.0.60 --peer-cidr
10.10.1.0/24 --psk secret


create  one more network on site1  net3  with subnet 5.5.5.0/24 sub3
create  a network on site2 net4 with subnet 8.8.8.0/24 sub4

create a  service objects   myvpn3  with  r1 and sub3
create a service  objects  myvpn4 with r2 and sub4


create a ipsecsite connection 

 neutron ipsec-site-connection-create --name vpnconnection3
--vpnservice-id myvpn3 --ikepolicy-id ikepolicy1 --ipsecpolicy-id
ipsecpolicy1 --peer-address 192.142.0.61 --peer-id 192.142.0.61 --peer-
cidr 5.5.5.0/24 --psk secret


neutron ipsec-site-connection-create --name vpnconnection4  --vpnservice-id myvpn2 --ikepolicy-id ikepolicy2 --ipsecpolicy-id ipsecpolicy2 --peer-address 192.142.0.60 --peer-id 192.142.0.60 --peer-cidr 8.8.8.0/24 --psk secret

ipsecsite  connection with vpnconnection3 and  vpnconnection4  always
goes into pending create state.

basically i am trying to bind  two vpn service  objects  with one
routerid

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1318550

Title:
  vpnaas:Aether->Vpn_agent is not able to handle two ipsec-site
  connection creation request simultaneously.

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  
  neutron net-create  ext-net1 --router:external=True
  neutron subnet-create  --allocation-pool start=192.142.0.60,end=192.142.0.100 --gateway 192.142.0.1 ext-net1 192.142.0.0/16 --enable_dhcp=False

  step 1=>
  neutron net-create net1
  neutron subnet-create net1 10.10.1.0/24 --name sub1
  neutron router-create r1
  neutron router-interface-add r1 sub1
  neutron router-gateway-set r1 ext-net1

  neutron net-create net2
  neutron subnet-create net2 10.10.2.0/24 --name sub2
  neutron router-create r2
  neutron router-interface-add r2 sub2
  neutron router-gateway-set r2 ext-net1

  
  neutron vpn-ikepolicy-create ikepolicy1
  neutron vpn-ipsecpolicy-create ipsecpolicy1
  neutron vpn-service-create --name myvpn1 --description "My vpn service" r1 sub1
  neutron ipsec-site-connection-create --name vpnconnection1 --vpnservice-id myvpn1 --ikepolicy-id ikepolicy1 --ipsecpolicy-id ipsecpolicy1 --peer-address 192.142.0.61 --peer-id 192.142.0.61 --peer-cidr 10.10.2.0/24 --psk secret


  neutron vpn-ikepolicy-create ikepolicy2
  neutron vpn-ipsecpolicy-create ipsecpolicy2
  neutron vpn-service-create --name myvpn2 --description "My vpn service" r2 sub2

  neutron ipsec-site-connection-create --name vpnconnection2
  --vpnservice-id myvpn2 --ikepolicy-id ikepolicy2 --ipsecpolicy-id
  ipsecpolicy2 --peer-address 192.142.0.60 --peer-id 192.142.0.60
  --peer-cidr 10.10.1.0/24 --psk secret

  
  create  one more network on site1  net3  with subnet 5.5.5.0/24 sub3
  create  a network on site2 net4 with subnet 8.8.8.0/24 sub4

  create a  service objects   myvpn3  with  r1 and sub3
  create a service  objects  myvpn4 with r2 and sub4

  
  create a ipsecsite connection 

   neutron ipsec-site-connection-create --name vpnconnection3
  --vpnservice-id myvpn3 --ikepolicy-id ikepolicy1 --ipsecpolicy-id
  ipsecpolicy1 --peer-address 192.142.0.61 --peer-id 192.142.0.61
  --peer-cidr 5.5.5.0/24 --psk secret

  
  neutron ipsec-site-connection-create --name vpnconnection4  --vpnservice-id myvpn2 --ikepolicy-id ikepolicy2 --ipsecpolicy-id ipsecpolicy2 --peer-address 192.142.0.60 --peer-id 192.142.0.60 --peer-cidr 8.8.8.0/24 --psk secret

  ipsecsite  connection with vpnconnection3 and  vpnconnection4  always
  goes into pending create state.

  basically i am trying to bind  two vpn service  objects  with one
  routerid

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1318550/+subscriptions


Follow ups

References