yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #57882
[Bug 1316731] Re: VPNAAS: Updating the peer id from ip address to email id making the ipsec site connection forever down vm across the sites not able to ping each other
[Expired for neutron because there has been no activity for 60 days.]
** Changed in: neutron
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1316731
Title:
VPNAAS: Updating the peer id from ip address to email id making the
ipsec site connection forever down vm across the sites not able to
ping each other
Status in neutron:
Expired
Bug description:
Steps to Reproduce:
1.Create two site with vpn service,vpn ike policy,ipsec policy and ipsec site connection.
2. Make sure the vm across the sit are able to ping each other with successfull tunnel creation .
3.Check the status of the operation on both the sites:
neutron ipsec-site-connection-list
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| 8af2322c-aaac-4de1-b026-d5a2afdc3845 | vpnconnection1 | $peer_address2 | "11.11.1.0/24" | static | psk | ACTIVE |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
neutron vpn-service-list
+--------------------------------------+--------+--------------------------------------+--------+
| id | name | router_id | status |
+--------------------------------------+--------+--------------------------------------+--------+
| 58caaf89-ecc2-4cf4-a86c-374b2d22dc35 | myvpn1 | 336c444b-22d1-40a8-ad9c-54063aaaa5e2 | ACTIVE |
+--------------------------------------+--------+--------------------------------------+--------+
neutron vpn-service-list
+--------------------------------------+--------+--------------------------------------+--------+
| id | name | router_id | status |
+--------------------------------------+--------+--------------------------------------+--------+
| 9408fed3-35e3-48c6-ae1c-23324eb9b108 | myvpn1 | cfd9c896-c56f-4da1-93b5-3591fc0a7841 | ACTIVE |
+--------------------------------------+--------+--------------------------------------+--------+
neutron ipsec-site-connection-list
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| 465cca84-49a4-4170-b15b-64d9a9664e90 | vpnconnection1 | $peer_address1 | "10.10.1.0/24" | static | psk | ACTIVE |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
neutron vpn-service- show 465cca84-49a4-4170-b15b-64d9a9664e90
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 465cca84-49a4-4170-b15b-64d9a9664e90 |
| ikepolicy_id | 6159a86b-38f2-415e-b583-bca27b6b8c15 |
| initiator | bi-directional |
| ipsecpolicy_id | e63d8cef-56a0-4b13-9094-940256ce7cc8 |
| mtu | 1500 |
| name | vpnconnection1 |
| peer_address | $peer_address1 |
| peer_cidrs | 10.10.1.0/24 |
| peer_id | $peer_address1 |
| psk | secret |
| route_mode | static |
| status | ACTIVE |
| tenant_id | d209c7ac08304ff48c59a53c2c47516c |
| vpnservice_id | 9408fed3-35e3-48c6-ae1c-23324eb9b108 |
+----------------+----------------------------------------------------+
Make sure the VM across the site pinging each other.
4. Now update the peer id onto one of the site as email id.
neutron ipsec-site-connection-update 465cca84-49a4-4170-b15b-64d9a9664e90 --peer_id site2@xxxxxx
Updated ipsec_site_connection: 465cca84-49a4-4170-b15b-64d9a9664e90
5.Check the status of the vpn site conenction
neutron ipsec-site-connection-list
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| id | name | peer_address | peer_cidrs | route_mode | auth_mode | status |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
| 465cca84-49a4-4170-b15b-64d9a9664e90 | vpnconnection1 | $peer_address1 | "10.10.1.0/24" | static | psk | DOWN |
+--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
Actual Results: Updating the peer id from peer ip addres to email id
making ipsec site conenction down. VM across the sites not able to
ping each other after the update
Expected Results: Updating the peer id from peer ip addres to email
id should not make ipsec site conenction down forever and after
succesfull updation the vm across the site should be able to ping each
other.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1316731/+subscriptions
References
