← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1316731] Re: VPNAAS: Updating the peer id from ip address to email id making the ipsec site connection forever down vm across the sites not able to ping each other

 

[Expired for neutron because there has been no activity for 60 days.]

** Changed in: neutron
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1316731

Title:
  VPNAAS: Updating the peer id from ip address to email id making the
  ipsec site connection forever down vm across the sites not able to
  ping each other

Status in neutron:
  Expired

Bug description:
  Steps to Reproduce: 
  1.Create two site with vpn service,vpn ike policy,ipsec policy and ipsec site connection.
  2. Make sure the vm across the sit are able to ping each other with successfull tunnel creation .
  3.Check the status of the operation on both the sites:
  neutron ipsec-site-connection-list
  +--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
  | id                                   | name           | peer_address  | peer_cidrs     | route_mode | auth_mode | status |
  +--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
  | 8af2322c-aaac-4de1-b026-d5a2afdc3845 | vpnconnection1 | $peer_address2 | "11.11.1.0/24" | static     | psk       | ACTIVE |
  +--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
  neutron vpn-service-list
  +--------------------------------------+--------+--------------------------------------+--------+
  | id                                   | name   | router_id                            | status |
  +--------------------------------------+--------+--------------------------------------+--------+
  | 58caaf89-ecc2-4cf4-a86c-374b2d22dc35 | myvpn1 | 336c444b-22d1-40a8-ad9c-54063aaaa5e2 | ACTIVE |
  +--------------------------------------+--------+--------------------------------------+--------+
  neutron vpn-service-list
  +--------------------------------------+--------+--------------------------------------+--------+
  | id                                   | name   | router_id                            | status |
  +--------------------------------------+--------+--------------------------------------+--------+
  | 9408fed3-35e3-48c6-ae1c-23324eb9b108 | myvpn1 | cfd9c896-c56f-4da1-93b5-3591fc0a7841 | ACTIVE |
  +--------------------------------------+--------+--------------------------------------+--------+
  neutron ipsec-site-connection-list
  +--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
  | id                                   | name           | peer_address  | peer_cidrs     | route_mode | auth_mode | status |
  +--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
  | 465cca84-49a4-4170-b15b-64d9a9664e90 | vpnconnection1 | $peer_address1 | "10.10.1.0/24" | static     | psk       | ACTIVE |
  +--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
  neutron vpn-service- show 465cca84-49a4-4170-b15b-64d9a9664e90
  +----------------+----------------------------------------------------+
  | Field          | Value                                              |
  +----------------+----------------------------------------------------+
  | admin_state_up | True                                               |
  | auth_mode      | psk                                                |
  | description    |                                                    |
  | dpd            | {"action": "hold", "interval": 30, "timeout": 120} |
  | id             | 465cca84-49a4-4170-b15b-64d9a9664e90               |
  | ikepolicy_id   | 6159a86b-38f2-415e-b583-bca27b6b8c15               |
  | initiator      | bi-directional                                     |
  | ipsecpolicy_id | e63d8cef-56a0-4b13-9094-940256ce7cc8               |
  | mtu            | 1500                                               |
  | name           | vpnconnection1                                     |
  | peer_address   | $peer_address1                                      |
  | peer_cidrs     | 10.10.1.0/24                                       |
  | peer_id        | $peer_address1                                      |
  | psk            | secret                                             |
  | route_mode     | static                                             |
  | status         | ACTIVE                                             |
  | tenant_id      | d209c7ac08304ff48c59a53c2c47516c                   |
  | vpnservice_id  | 9408fed3-35e3-48c6-ae1c-23324eb9b108               |
  +----------------+----------------------------------------------------+
  Make sure the VM across the site pinging each other.

  4. Now update the peer id onto one of the site as email id.
  neutron ipsec-site-connection-update 465cca84-49a4-4170-b15b-64d9a9664e90 --peer_id site2@xxxxxx
  Updated ipsec_site_connection: 465cca84-49a4-4170-b15b-64d9a9664e90

  5.Check the status of the vpn site conenction
  neutron ipsec-site-connection-list
  +--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
  | id                                   | name           | peer_address  | peer_cidrs     | route_mode | auth_mode | status |
  +--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
  | 465cca84-49a4-4170-b15b-64d9a9664e90 | vpnconnection1 | $peer_address1 | "10.10.1.0/24" | static     | psk       | DOWN   |
  +--------------------------------------+----------------+---------------+----------------+------------+-----------+--------+
   

  Actual Results: Updating the peer id from  peer ip addres to email id
  making ipsec site conenction down. VM across the sites not able to
  ping each other after the update

  Expected Results: Updating the peer id from  peer ip addres to email
  id should not make ipsec site conenction down forever and after
  succesfull updation the vm across the site should be able to ping each
  other.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1316731/+subscriptions


References