Public bug reported: Currently, if the CIDR of a subnet changes, and that subnet is used by VPN, there is no checking performed.
Should add a notification for subnet CIDR changes and either block the change, if in use by VPN service/endpoint group, or to cause a sync operation in VPN so that existing connections are updated (if possible). I'm not sure which would be better. Need to ensure that we don't disrupt any existing IPSec connections that have not changed. Need to ensure this supports the new endpoint group capability for VPNaaS, where local subnets are specified in endpoint groups (versus the older method of a sole subnet being associated with a VPN service). ** Affects: neutron Importance: Undecided Status: New ** Tags: vpnaas -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1503862 Title: VPNaaS: Enhance error checking on subnet changes Status in neutron: New Bug description: Currently, if the CIDR of a subnet changes, and that subnet is used by VPN, there is no checking performed. Should add a notification for subnet CIDR changes and either block the change, if in use by VPN service/endpoint group, or to cause a sync operation in VPN so that existing connections are updated (if possible). I'm not sure which would be better. Need to ensure that we don't disrupt any existing IPSec connections that have not changed. Need to ensure this supports the new endpoint group capability for VPNaaS, where local subnets are specified in endpoint groups (versus the older method of a sole subnet being associated with a VPN service). To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1503862/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp