yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1503862] Re: VPNaaS: Enhance error checking on subnet changes

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Paul Michali <1503862@xxxxxxxxxxxxxxxxxx>
Date: Wed, 28 Oct 2015 08:31:42 -0000
Reply-to: Bug 1503862 <1503862@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Found out that the CIDR for a subnet is read-only, so we don't have to
block changes, when the subnet is used by VPNaaS.

** Changed in: neutron
       Status: In Progress => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1503862

Title:
  VPNaaS: Enhance error checking on subnet changes

Status in neutron:
  Invalid

Bug description:
  Currently, if the CIDR of a subnet changes, and that subnet is used by
  VPN, there is no checking performed.

  Should add a notification for subnet CIDR changes and either block the
  change, if in use by VPN service/endpoint group, or to cause a sync
  operation in VPN so that existing connections are updated (if
  possible).

  I'm not sure which would be better. Need to ensure that we don't
  disrupt any existing IPSec connections that have not changed.

  Need to ensure this supports the new endpoint group capability for
  VPNaaS, where local subnets are specified in endpoint groups (versus
  the older method of a sole subnet being associated with a VPN
  service).

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1503862/+subscriptions

References

[Bug 1503862] [NEW] VPNaaS: Enhance error checking on subnet changes
From: Paul Michali, 2015-10-07