yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1672920] [NEW] [RFE] Flavor support for VPNaaS

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Lingxian Kong <anlin.kong@xxxxxxxxx>
Date: Wed, 15 Mar 2017 02:28:36 -0000
Reply-to: Bug 1672920 <1672920@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Neutron already supports flavor framework, and currently, only l3
service is using it. In VPNaaS, we also would like to support flavor, in
order to support multiple vpn service drivers in one deployment.

One real use case from us:

We (a public cloud provider) are using openswan driver for vpnaas in our
public cloud, and recently, some customers are asking SHA2 for more
secure connection, it's time for us to do upgrade for vpnaas now (we are
still running liberty). Since openswan is not maintained properly, we
are also considering switching to stongswan smoothly without bring much
overhead to customers.

The upgrade will be a non-trivial job without flavor support. With
flavor, we could easily add strongswan as the default driver, but still
use openswan for old vpn connections. Of course, other things need to be
done to make sure operations for old resources are handled properly by
the right driver. With thad said, after upgrade, customers could still
use their old ipsec site connections which are served by openswan, but
new request will use strongswan to create vpn service.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: rfe

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1672920

Title:
  [RFE] Flavor support for VPNaaS

Status in neutron:
  New

Bug description:
  Neutron already supports flavor framework, and currently, only l3
  service is using it. In VPNaaS, we also would like to support flavor,
  in order to support multiple vpn service drivers in one deployment.

  One real use case from us:

  We (a public cloud provider) are using openswan driver for vpnaas in
  our public cloud, and recently, some customers are asking SHA2 for
  more secure connection, it's time for us to do upgrade for vpnaas now
  (we are still running liberty). Since openswan is not maintained
  properly, we are also considering switching to stongswan smoothly
  without bring much overhead to customers.

  The upgrade will be a non-trivial job without flavor support. With
  flavor, we could easily add strongswan as the default driver, but
  still use openswan for old vpn connections. Of course, other things
  need to be done to make sure operations for old resources are handled
  properly by the right driver. With thad said, after upgrade, customers
  could still use their old ipsec site connections which are served by
  openswan, but new request will use strongswan to create vpn service.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1672920/+subscriptions

Follow ups

[Bug 1672920] Re: [RFE] Flavor support for VPNaaS
From: OpenStack Infra, 2017-07-13