yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #37612
[Bug 1491679] [NEW] ipsec-site-connection-create is not back to ACTIVE state after updating admin_state_up as True -> False -> True
Public bug reported:
neutron vpn-service-create --name myvpnA --description "My vpnA service" routerA subA
neutron vpn-service-create --name myvpnB --description "My vpnB service" routerB subB
neutron ipsec-site-connection-create --name vpnconnectionA --vpnservice-id myvpnA \
--ikepolicy-id ikepolicy --ipsecpolicy-id ipsecpolicy --peer-address 172.24.4.102 \
--peer-id 172.24.4.102 --peer-cidr 10.2.0.0/24 --psk secret
neutron ipsec-site-connection-create --name vpnconnectionB --vpnservice-id myvpnB \
--ikepolicy-id ikepolicy --ipsecpolicy-id ipsecpolicy --peer-address 172.24.4.101 \
--peer-id 172.24.4.101 --peer-cidr 10.1.0.0/24 --psk secret
docker@ubuntu:~/devstack$ neutron ipsec-site-connection-list
+--------------------------------------+----------------+--------------+---------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+--------------+---------------+------------+-----------+--------+
| 4ca689a5-180a-4661-bd5b-6182d9dad5e4 | vpnconnectionA | 172.24.4.102 | "10.2.0.0/24" | static | psk | ACTIVE |
| f65263bd-b5cf-46c5-a809-a376bec461d9 | vpnconnectionB | 172.24.4.101 | "10.1.0.0/24" | static | psk | ACTIVE |
+--------------------------------------+----------------+--------------+---------------+------------+-----------+--------+
Now, change the admin_state_up as false for ipsec-site-connection -
vpnconnectionA.
docker@ubuntu:~/devstack$ neutron ipsec-site-connection-list
+--------------------------------------+----------------+--------------+---------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+--------------+---------------+------------+-----------+--------+
| 4ca689a5-180a-4661-bd5b-6182d9dad5e4 | vpnconnectionA | 172.24.4.102 | "10.2.0.0/24" | static | psk | DOWN |
| f65263bd-b5cf-46c5-a809-a376bec461d9 | vpnconnectionB | 172.24.4.101 | "10.1.0.0/24" | static | psk | ACTIVE |
+--------------------------------------+----------------+--------------+---------------+------------+-----------+--------+
ping vm1 to vm2 does not work and ping vm2 and vm1 does not work ( this
is expected)
Change back the admin_state_up as True, the status is still shown as
DOWN, even the vpn-service for myvpnA is at DOWN
docker@ubuntu:~/devstack$ neutron ipsec-site-connection-show vpnconnectionA
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 4ca689a5-180a-4661-bd5b-6182d9dad5e4 |
| ikepolicy_id | d5112709-8909-4ce3-a7aa-99569474c812 |
| initiator | bi-directional |
| ipsecpolicy_id | 430ece29-8cf5-488a-b77d-798f0e7d455e |
| mtu | 1500 |
| name | vpnconnectionA |
| peer_address | 172.24.4.102 |
| peer_cidrs | 10.2.0.0/24 |
| peer_id | 172.24.4.102 |
| psk | secret |
| route_mode | static |
| status | DOWN |
| tenant_id | 7d0f12937859462bb7c1d5d012111dec |
| vpnservice_id | 33311333-a6be-4b59-bedc-d3f1583459e7 |
+----------------+----------------------------------------------------+
docker@ubuntu:~/devstack$ neutron vpn-service-show myvpnA
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| admin_state_up | True |
| description | My vpnA service |
| external_v4_ip | 172.24.4.101 |
| external_v6_ip | |
| id | 33311333-a6be-4b59-bedc-d3f1583459e7 |
| name | myvpnA |
| router_id | 3b4fab84-6bac-4a29-8bf2-65378e342dc4 |
| status | DOWN |
| subnet_id | 63d99342-c9e0-41a9-993d-3c2a6e0256ad |
| tenant_id | 7d0f12937859462bb7c1d5d012111dec |
+----------------+--------------------------------------+
In-order to make it work, have to restart vpn-service ( meaning update
vpn-service for myvpnA's admin_state_up as True) and ipsite-connection
for vpnconnectionA's admin_state_up as True.
Is this expected behavior?
** Affects: neutron
Importance: Undecided
Status: New
** Tags: vpnaas
** Project changed: bagpipe-l2 => neutron
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1491679
Title:
ipsec-site-connection-create is not back to ACTIVE state after
updating admin_state_up as True -> False -> True
Status in neutron:
New
Bug description:
neutron vpn-service-create --name myvpnA --description "My vpnA service" routerA subA
neutron vpn-service-create --name myvpnB --description "My vpnB service" routerB subB
neutron ipsec-site-connection-create --name vpnconnectionA --vpnservice-id myvpnA \
--ikepolicy-id ikepolicy --ipsecpolicy-id ipsecpolicy --peer-address 172.24.4.102 \
--peer-id 172.24.4.102 --peer-cidr 10.2.0.0/24 --psk secret
neutron ipsec-site-connection-create --name vpnconnectionB --vpnservice-id myvpnB \
--ikepolicy-id ikepolicy --ipsecpolicy-id ipsecpolicy --peer-address 172.24.4.101 \
--peer-id 172.24.4.101 --peer-cidr 10.1.0.0/24 --psk secret
docker@ubuntu:~/devstack$ neutron ipsec-site-connection-list
+--------------------------------------+----------------+--------------+---------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+--------------+---------------+------------+-----------+--------+
| 4ca689a5-180a-4661-bd5b-6182d9dad5e4 | vpnconnectionA | 172.24.4.102 | "10.2.0.0/24" | static | psk | ACTIVE |
| f65263bd-b5cf-46c5-a809-a376bec461d9 | vpnconnectionB | 172.24.4.101 | "10.1.0.0/24" | static | psk | ACTIVE |
+--------------------------------------+----------------+--------------+---------------+------------+-----------+--------+
Now, change the admin_state_up as false for ipsec-site-connection -
vpnconnectionA.
docker@ubuntu:~/devstack$ neutron ipsec-site-connection-list
+--------------------------------------+----------------+--------------+---------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+--------------+---------------+------------+-----------+--------+
| 4ca689a5-180a-4661-bd5b-6182d9dad5e4 | vpnconnectionA | 172.24.4.102 | "10.2.0.0/24" | static | psk | DOWN |
| f65263bd-b5cf-46c5-a809-a376bec461d9 | vpnconnectionB | 172.24.4.101 | "10.1.0.0/24" | static | psk | ACTIVE |
+--------------------------------------+----------------+--------------+---------------+------------+-----------+--------+
ping vm1 to vm2 does not work and ping vm2 and vm1 does not work (
this is expected)
Change back the admin_state_up as True, the status is still shown as
DOWN, even the vpn-service for myvpnA is at DOWN
docker@ubuntu:~/devstack$ neutron ipsec-site-connection-show vpnconnectionA
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 4ca689a5-180a-4661-bd5b-6182d9dad5e4 |
| ikepolicy_id | d5112709-8909-4ce3-a7aa-99569474c812 |
| initiator | bi-directional |
| ipsecpolicy_id | 430ece29-8cf5-488a-b77d-798f0e7d455e |
| mtu | 1500 |
| name | vpnconnectionA |
| peer_address | 172.24.4.102 |
| peer_cidrs | 10.2.0.0/24 |
| peer_id | 172.24.4.102 |
| psk | secret |
| route_mode | static |
| status | DOWN |
| tenant_id | 7d0f12937859462bb7c1d5d012111dec |
| vpnservice_id | 33311333-a6be-4b59-bedc-d3f1583459e7 |
+----------------+----------------------------------------------------+
docker@ubuntu:~/devstack$ neutron vpn-service-show myvpnA
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| admin_state_up | True |
| description | My vpnA service |
| external_v4_ip | 172.24.4.101 |
| external_v6_ip | |
| id | 33311333-a6be-4b59-bedc-d3f1583459e7 |
| name | myvpnA |
| router_id | 3b4fab84-6bac-4a29-8bf2-65378e342dc4 |
| status | DOWN |
| subnet_id | 63d99342-c9e0-41a9-993d-3c2a6e0256ad |
| tenant_id | 7d0f12937859462bb7c1d5d012111dec |
+----------------+--------------------------------------+
In-order to make it work, have to restart vpn-service ( meaning update
vpn-service for myvpnA's admin_state_up as True) and ipsite-connection
for vpnconnectionA's admin_state_up as True.
Is this expected behavior?
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1491679/+subscriptions
Follow ups