yahoo-eng-team team mailing list archive

[Paul Michali <1503862@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Currently, if the CIDR of a subnet changes, and that subnet is used by
VPN, there is no checking performed.

Should add a notification for subnet CIDR changes and either block the
change, if in use by VPN service/endpoint group, or to cause a sync
operation in VPN so that existing connections are updated (if possible).

I'm not sure which would be better. Need to ensure that we don't disrupt
any existing IPSec connections that have not changed.

Need to ensure this supports the new endpoint group capability for
VPNaaS, where local subnets are specified in endpoint groups (versus the
older method of a sole subnet being associated with a VPN service).

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: vpnaas

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1503862

Title:
  VPNaaS: Enhance error checking on subnet changes

Status in neutron:
  New

Bug description:
  Currently, if the CIDR of a subnet changes, and that subnet is used by
  VPN, there is no checking performed.

  Should add a notification for subnet CIDR changes and either block the
  change, if in use by VPN service/endpoint group, or to cause a sync
  operation in VPN so that existing connections are updated (if
  possible).

  I'm not sure which would be better. Need to ensure that we don't
  disrupt any existing IPSec connections that have not changed.

  Need to ensure this supports the new endpoint group capability for
  VPNaaS, where local subnets are specified in endpoint groups (versus
  the older method of a sole subnet being associated with a VPN
  service).

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1503862/+subscriptions