yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1318550] Re: Vpnaas: Vpn_agent is not able to handle two vpn service object for the same router.

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Paul Michali <1318550@xxxxxxxxxxxxxxxxxx>
Date: Thu, 16 Apr 2015 16:02:56 -0000
Reply-to: Bug 1318550 <1318550@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This is, by design, not supported. The service and router must be 1:1. A
blueprint would need to be submitted to change the design, IMO. Changing
to invalid.

** Changed in: neutron
       Status: In Progress => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1318550

Title:
  Vpnaas: Vpn_agent is not able to handle two vpn service object for the
  same router.

Status in OpenStack Neutron (virtual network service):
  Invalid

Bug description:
  
  neutron net-create  ext-net1 --router:external=True
  neutron subnet-create  --allocation-pool start=192.142.0.60,end=192.142.0.100 --gateway 192.142.0.1 ext-net1 192.142.0.0/16 --enable_dhcp=False

  step 1=>
  neutron net-create net1
  neutron subnet-create net1 10.10.1.0/24 --name sub1
  neutron router-create r1
  neutron router-interface-add r1 sub1
  neutron router-gateway-set r1 ext-net1

  neutron net-create net2
  neutron subnet-create net2 10.10.2.0/24 --name sub2
  neutron router-create r2
  neutron router-interface-add r2 sub2
  neutron router-gateway-set r2 ext-net1

  
  neutron vpn-ikepolicy-create ikepolicy1
  neutron vpn-ipsecpolicy-create ipsecpolicy1
  neutron vpn-service-create --name myvpn1 --description "My vpn service" r1 sub1
  neutron ipsec-site-connection-create --name vpnconnection1 --vpnservice-id myvpn1 --ikepolicy-id ikepolicy1 --ipsecpolicy-id ipsecpolicy1 --peer-address 192.142.0.61 --peer-id 192.142.0.61 --peer-cidr 10.10.2.0/24 --psk secret


  neutron vpn-ikepolicy-create ikepolicy2
  neutron vpn-ipsecpolicy-create ipsecpolicy2
  neutron vpn-service-create --name myvpn2 --description "My vpn service" r2 sub2

  neutron ipsec-site-connection-create --name vpnconnection2
  --vpnservice-id myvpn2 --ikepolicy-id ikepolicy2 --ipsecpolicy-id
  ipsecpolicy2 --peer-address 192.142.0.60 --peer-id 192.142.0.60
  --peer-cidr 10.10.1.0/24 --psk secret

  
  create  one more network on site1  net3  with subnet 5.5.5.0/24 sub3
  create  a network on site2 net4 with subnet 8.8.8.0/24 sub4

  create a  service objects   myvpn3  with  r1 and sub3
  create a service  objects  myvpn4 with r2 and sub4

  
  create a ipsecsite connection 

   neutron ipsec-site-connection-create --name vpnconnection3
  --vpnservice-id myvpn3 --ikepolicy-id ikepolicy1 --ipsecpolicy-id
  ipsecpolicy1 --peer-address 192.142.0.61 --peer-id 192.142.0.61
  --peer-cidr 5.5.5.0/24 --psk secret

  
  neutron ipsec-site-connection-create --name vpnconnection4  --vpnservice-id myvpn2 --ikepolicy-id ikepolicy2 --ipsecpolicy-id ipsecpolicy2 --peer-address 192.142.0.60 --peer-id 192.142.0.60 --peer-cidr 8.8.8.0/24 --psk secret

  ipsecsite  connection with vpnconnection3 and  vpnconnection4  always
  goes into pending create state.

  basically i am trying to bind  two vpn service  objects  with one
  routerid

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1318550/+subscriptions

References

[Bug 1318550] [NEW] vpnaas:Aether->Vpn_agent is not able to handle two ipsec-site connection creation request simultaneously.
From: varun kumar yadav, 2014-05-12