Uploaded image for project: 'OpenShift Core Networking'
  1. OpenShift Core Networking
  2. CORENET-5371

Evaluate improvements to ovs-monitor-ipsec/libreswan

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 1
    • None
    • None
    • CORENET Sprint 269, CORENET Sprint 270

      If opportunistic IPSec is a dead-end we need to investigate whether or not further improvements to what we have is possible. Some ideas are:

      1. Improve ovs-monitor-ipsec logic to reconcile. Ilya is already working on this: https://issues.redhat.com/browse/FDP-846
      2. Check if there is a native API solution where we can talk to libreswan, instead of forking bash commands.
      3. strongswan enables dynamic config file watching, consult with IPSec team if it is possible for that same capability to be added to libreswan. Then we eliminate the need to manage ipsec connections in ovs-monitor-ipsec, and can simply update the config file.
      4. Examine using a different ipsec control plane (maybe strongswan) instead of libreswan.

              pepalani@redhat.com Periyasamy Palanisamy
              trozet@redhat.com Tim Rozet
              None
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: