Public bug reported:
Currently, if the CIDR of a subnet changes, and that subnet is used by
VPN, there is no checking performed.
Should add a notification for subnet CIDR changes and either block the
change, if in use by VPN service/endpoint group, or to cause a sync
operation in VPN so that existing connections are updated (if possible).
I'm not sure which would be better. Need to ensure that we don't disrupt
any existing IPSec connections that have not changed.
Need to ensure this supports the new endpoint group capability for
VPNaaS, where local subnets are specified in endpoint groups (versus the
older method of a sole subnet being associated with a VPN service).
** Affects: neutron
Importance: Undecided
Status: New
** Tags: vpnaas
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1503862
Title:
VPNaaS: Enhance error checking on subnet changes
Status in neutron:
New
Bug description:
Currently, if the CIDR of a subnet changes, and that subnet is used by
VPN, there is no checking performed.
Should add a notification for subnet CIDR changes and either block the
change, if in use by VPN service/endpoint group, or to cause a sync
operation in VPN so that existing connections are updated (if
possible).
I'm not sure which would be better. Need to ensure that we don't
disrupt any existing IPSec connections that have not changed.
Need to ensure this supports the new endpoint group capability for
VPNaaS, where local subnets are specified in endpoint groups (versus
the older method of a sole subnet being associated with a VPN
service).
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1503862/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
