cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <Chiradeep.Vit...@citrix.com>
Subject site-to-site VPN review
Date Mon, 02 Jul 2012 19:48:33 GMT
I took another look at the FS
http://wiki.cloudstack.org/display/DesignDocs/Site-to-site+VPN+functional+spec
And the test suite
http://wiki.cloudstack.org/display/QA/Site-to-Site+VPN


 1.  It isn't clear if we are going to use pre-shared keys (PSK) or public-key (RSA keys)
    *   If PSK, who generates this and what is the strength of this key?
    *   Can this PSK be changed / revoked ?
 2.  Why is this restricted to admin only?
 3.  Does this require "conserve mode = true" ?
 4.  Is NAT traversal supported?
 5.  FS and test suite in my mind should cover FCAPS (faults, configuration, administration,
performance, security)
    *   How do you deal with faults? What happens when the VR is restarted? What happens if
VR gets disconnected from the remote end?
    *   The API parameters and responses need to be more completely documented.
    *   If a user complains that his s-2-s VPN is not working / used to work but does not
now, how can customer support diagnose this problem?
    *   How well does this perform: what is the target throughput and what is the size (RAM/CPU)
needed to achieve this performance?
       *   Is there a need for a later kernel on the VR for AES support?
    *   How secure is this implementation? Can the PSK be guessed? Are the latest security
patches for OpenSwan available in the VR?

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message