Skip to content

Enhance site-to-site VPN reliability and test CLI#2371

Merged
cb-github-robot merged 1 commit intocloud-barista:mainfrom
yunkon-kim:260312-16
Mar 16, 2026
Merged

Enhance site-to-site VPN reliability and test CLI#2371
cb-github-robot merged 1 commit intocloud-barista:mainfrom
yunkon-kim:260312-16

Conversation

@yunkon-kim
Copy link
Copy Markdown
Member

@yunkon-kim yunkon-kim commented Mar 16, 2026
edited
Loading

This PR enhances site-to-site VPN reliability and provides a batch test CLI.

  • Added a one-time retry for VPN create/delete operations to handle transient CSP timing issues
  • Extended support for AWS-Site VPNs to OpenStack and added BGP peering CIDR model fields for Azure
  • Added an optional refresh query param to the VPN GET API (includes updated Swagger/documentation)
  • Replaced the existing gcp-aws script with a configuration-based cross-site batch test CLI that generates reports
  • Updated the mc-terrarium integration to v0.1.2 and aligned local configuration documentation and make targets

Changes in details

  1. VPN reliability improvements

    • Added a one-time retry policy to create/delete API calls to improve resilience against transient failures.

  2. CSP-support expansion and model updates

    • Added AWS-to-OpenStack support coverage.
    • Extended Azure BGP peering CIDR-related model fields.

  3. API and documentation updates

    • Added a refresh query parameter for VPN detail retrieval (i.e., read resource info from CSPs).
    • Updated Swagger descriptions and schemas to match current behavior.

  4. Test CLI enhancement

    • Removed the legacy CLI at src/testclient/test-clis/vpn-tunnel/gcp-aws.
    • Added a batch VPN test CLI at src/testclient/test-clis/site-to-site-vpn.
    • Supports CSP auto-filtering, step-by-step API logging, and Markdown report output.

  5. Operations and developer experience

    • Upgraded mc-terrarium and aligned related configuration.
    • Updated ignore rules for .env and VPN test result directories.

Testing

  • Executed the following site-to-site VPN test cases locally
    • After waiting 1 minute, the connectivity check (i.e., ping test) was performed.
    • Even if the resource status is 'Ready' or 'Available', it may still take several minutes for actual traffic to start flowing.
  • Results:
    • aws-to-azure: Passed
    • aws-to-gcp: Passed
    • aws-to-alibaba: Passed
    • aws-to-tencent: Passed
    • aws-to-ibm: Passed
    • aws-to-openstack: Partially passed

Notes

  • The attached sample below is masked to protect project identifiers, resource IDs, IP addresses, and endpoints.
  • Full test outputs are not included in the PR body because they contain sensitive environment-specific information.
Attached sample: aws-to-gcp-vpn test result (masked, click to expand)

VPN Test: aws to gcp

Step 1: Create VPN

  • Method: POST
  • URL: http://<TB_ENDPOINT>/tumblebug/ns/<NS_ID>/mci/<MCI_ID>/vpn
  • Status: 200 OK
  • Elapsed: 8m53.947s

Request Body

{
	"name": "vpn-aws-gcp",
	"site1": {
		"cspSpecificProperty": {
			"aws": {
				"bgpAsn": "64512"
			}
		},
		"vNetId": "<AWS_VNET_ID>"
	},
	"site2": {
		"cspSpecificProperty": {
			"gcp": {
				"bgpAsn": "65530"
			}
		},
		"vNetId": "<GCP_VNET_ID>"
	}
}

Response Body (summary)

{
	"id": "vpn-aws-gcp",
	"status": "Available",
	"uid": "<VPN_UID>",
	"vpnSites": [
		{
			"connectionName": "<AWS_CONN>",
			"resourceDetails": [
				{ "cspResourceId": "<AWS_CGW_ID_1>", "cspResourceName": "<AWS_CGW_NAME_1>" },
				{ "cspResourceId": "<AWS_CGW_ID_2>", "cspResourceName": "<AWS_CGW_NAME_2>" },
				{ "cspResourceId": "<AWS_VPN_CONN_ID_1>", "cspResourceName": "<AWS_VPN_CONN_NAME_1>" },
				{ "cspResourceId": "<AWS_VPN_CONN_ID_2>", "cspResourceName": "<AWS_VPN_CONN_NAME_2>" },
				{ "cspResourceId": "<AWS_VGW_ID>", "cspResourceName": "<AWS_VGW_NAME>" }
			]
		},
		{
			"connectionName": "<GCP_CONN>",
			"resourceDetails": [
				{ "cspResourceId": "projects/<GCP_PROJECT>/global/externalVpnGateways/<GW>", "cspResourceName": "<GW_NAME>" },
				{ "cspResourceId": "projects/<GCP_PROJECT>/regions/<REGION>/vpnTunnels/<TUNNEL_1>", "cspResourceName": "<TUNNEL_1>" },
				{ "cspResourceId": "projects/<GCP_PROJECT>/regions/<REGION>/vpnTunnels/<TUNNEL_2>", "cspResourceName": "<TUNNEL_2>" },
				{ "cspResourceId": "projects/<GCP_PROJECT>/regions/<REGION>/vpnTunnels/<TUNNEL_3>", "cspResourceName": "<TUNNEL_3>" },
				{ "cspResourceId": "projects/<GCP_PROJECT>/regions/<REGION>/vpnTunnels/<TUNNEL_4>", "cspResourceName": "<TUNNEL_4>" }
			]
		}
	]
}

Step 2: Get VPN Info

  • Method: GET
  • URL: http://<TB_ENDPOINT>/tumblebug/ns/<NS_ID>/mci/<MCI_ID>/vpn/vpn-aws-gcp
  • Status: 200 OK
  • Elapsed: 26.12s

Result: Confirmed VPN status is Available

Step 3: List VPN IDs

  • Method: GET
  • URL: http://<TB_ENDPOINT>/tumblebug/ns/<NS_ID>/mci/<MCI_ID>/vpn?option=IdList
  • Status: 200 OK
  • Elapsed: 3ms

Response

{
	"vpnIdList": ["vpn-aws-gcp"]
}

Step 4: List VPN Infos

  • Method: GET
  • URL: http://<TB_ENDPOINT>/tumblebug/ns/<NS_ID>/mci/<MCI_ID>/vpn?option=InfoList
  • Status: 200 OK
  • Elapsed: 6ms

Result: Confirmed VPN list and detailed metadata are returned correctly

Step 5: Ping Test

  • Method: POST
  • URL: http://<TB_ENDPOINT>/tumblebug/ns/<NS_ID>/cmd/mci/<MCI_ID>?vmId=<AWS_VM_ID>
  • Status: 200 OK
  • Elapsed: 2.092s

Request Body

{
	"command": ["ping <GCP_PRIVATE_IP_MASKED> -c 1"],
	"userName": "cb-user"
}

Response (summary)

{
	"results": [
		{
			"error": "",
			"stdout": {
				"0": "1 packets transmitted, 1 received, 0% packet loss"
			},
			"vmId": "<AWS_VM_ID>",
			"vmIp": "<AWS_PUBLIC_IP_MASKED>"
		}
	]
}

Step 6: Delete VPN

  • Method: DELETE
  • URL: http://<TB_ENDPOINT>/tumblebug/ns/<NS_ID>/mci/<MCI_ID>/vpn/vpn-aws-gcp
  • Status: 200 OK
  • Elapsed: 3m30.928s

Response

{
	"message": "successfully deleted the site-to-site VPN (vpn-aws-gcp)"
}

@yunkon-kim yunkon-kim requested a review from seokho-son as a code owner March 16, 2026 09:14
@github-actions github-actions bot added the src label Mar 16, 2026
@yunkon-kim
Enhance site-to-site VPN reliability and test CLI
7046290 
* Add one-time retry handling for VPN create/delete to absorb transient CSP timing failures
* Extend AWS hub support to OpenStack and add Azure BGP peering CIDR model fields
* Add optional refresh query support to VPN GET API and update Swagger/docs accordingly
* Replace legacy gcp-aws VPN test CLI with config-driven site-to-site batch test CLI and reports
* Update mc-terrarium integration to v0.1.2 and align local setup/init docs and Make targets
@yunkon-kim
Copy link
Copy Markdown
Member Author

yunkon-kim commented Mar 16, 2026

Force-pushed after resolving conflicts

seokho-son
seokho-son approved these changes Mar 16, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@seokho-son seokho-son left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yunkon-kim Thanks!

LGTM.

@seokho-son
Copy link
Copy Markdown
Member

seokho-son commented Mar 16, 2026

/approve

@github-actions github-actions bot added the approved This PR is approved and will be merged soon. label Mar 16, 2026
@cb-github-robot cb-github-robot merged commit e01a56d into cloud-barista:main Mar 16, 2026
4 checks passed
@yunkon-kim yunkon-kim deleted the 260312-16 branch March 17, 2026 01:21
@yunkon-kim yunkon-kim mentioned this pull request Mar 17, 2026
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@seokho-son seokho-son seokho-son approved these changes

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

approved This PR is approved and will be merged soon. src

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@yunkon-kim @seokho-son @cb-github-robot