Public bug reported:
Problem: Currently VPNaaS is not supported with L3 HA.
1) When user tries to create ipsec site connection, vpn agent tries to run
ipsec process on both HA master and backup routers. Running ipsec process on
backup router fails as it's router interfaces will be down.
2) Running two separate ipsec processes for the same side of connection(
East or West) is not allowed.
3) During HA router state transitions( master to backup and backup to
master), spawning and terminating of vpn process is not handled. For
example, when master transitioned to backup, that vpn connection will be
lost forever(unless both the agents hosting HA routers restarted).
Solution: When VPN process is created for HA router, it should run only on HA
master node. On transition from master to backup router, vpn process should be
shutdown (same like disabling radvd/metadata proxy) on that agent. On
transition from backup to master, vpn process should be enabled and running on
that agent.
Advantages: Through this we will have the advantages of L3 HA router i.e No
need for user intervention for reestablishing vpn connection when the router is
down. When existing master router is down, same vpn connection will be
established automatically on the new master router.
** Affects: neutron
Importance: Undecided
Status: New
** Tags: l3-ha rfe vpnaas
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1478012
Title:
VPNaaS: Support VPNaaS with L3 HA
Status in neutron:
New
Bug description:
Problem: Currently VPNaaS is not supported with L3 HA.
1) When user tries to create ipsec site connection, vpn agent tries to run
ipsec process on both HA master and backup routers. Running ipsec process on
backup router fails as it's router interfaces will be down.
2) Running two separate ipsec processes for the same side of
connection( East or West) is not allowed.
3) During HA router state transitions( master to backup and backup to
master), spawning and terminating of vpn process is not handled. For
example, when master transitioned to backup, that vpn connection will
be lost forever(unless both the agents hosting HA routers restarted).
Solution: When VPN process is created for HA router, it should run only on
HA master node. On transition from master to backup router, vpn process should
be shutdown (same like disabling radvd/metadata proxy) on that agent. On
transition from backup to master, vpn process should be enabled and running on
that agent.
Advantages: Through this we will have the advantages of L3 HA router i.e
No need for user intervention for reestablishing vpn connection when the router
is down. When existing master router is down, same vpn connection will be
established automatically on the new master router.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1478012/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
