OpenStack-Neutron-VPNaaS-API

1 命令

1.1 IKE策略

  • vpn-ikepolicy-create Create an IKEPolicy
  • vpn-ikepolicy-delete Delete a given IKE Policy.
  • vpn-ikepolicy-list List IKEPolicies that belong to a given tenant.
  • vpn-ikepolicy-show Show detailed information of a given IKEPolicy.
  • vpn-ikepolicy-update Update a given IKE Policy.

1.2 ipsec策略

  • vpn-ipsecpolicy-create Create an IPsec policy
  • vpn-ipsecpolicy-delete Delete a given IPsec Policy
  • vpn-ipsecpolicy-list List IPsecPolicies that belong to a given tenant * connection.
  • vpn-ipsecpolicy-show Show detailed information of a given IPsec Policy
  • vpn-ipsecpolicy-update Update a given IPsec Policy.

1.3 vpn服务

  • vpn-service-create Create a VPNService
  • vpn-service-delete Delete a given VPNService
  • vpn-service-list List all VPNService for a given tenant.
  • vpn-service-show Show detailed information of a given VPNService.
  • vpn-service-update Update a given VPNservice.

1.4 连接

  • ipsec-site-connection-create Create a ipsec-site-connection
  • ipsec-site-connection-delete Delete a given ipsec-site-connection.
  • ipsec-site-connection-list List ipsec-site-connections that belong to a given tenant.
  • ipsec-site-connection-show Show information of a given ipsec-site-connection.
  • ipsec-site-connection-update Update a given ipsec-site-connection.

2 API

2.1 IKE策略

获取IKE策略列表

GET
/v2.0/ikepolicies/

创建IKE策略

POST
/v2.0/ikepolicies

获取指定IKE策略

GET
/v2.0/ikepolicies/ikepolicy-id

更新指定IKE策略

UPDATE
/v2.0/ikepolicies/ikepolicy-id

删除IKE策略

DELETE
/v2.0/ikepolicies/ikepolicy-id

示例

创建IKE策略

发送参数

#!highlight javascript numbers=disable
POST /v1.0/ikepolicies
Accept: application/json
Content-Type: application/json
X-Auth-Token:xyz
Content-Length: abc

{
  "ikepolicy" : {
            "name": "ikepolicy_1",
            "auth-algorithm" : "sha1",
            "encryption-algorithm" : "aes-256",
            "phase1-negotiation-mode" : "main",
        "lifetime": "units=seconds,value=28800",
            "ike-version" : "v1",
            "pfs": " Group5",
           }
}

返回参数

#!highlight javascript numbers=disable
HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: abc

{
"ikepolicy" : {
            "id":"cfc6589d-f949-4c66-99d2-c2da56ef3764",
            "tenant_id": "310df60f-2a10-4ee5-9554-98393092194c",
            "name": "ikepolicy_1",
            "auth-algorithm" : "sha1",
            "encryption-algorithm" : "aes-256",
            "phase1-negotiation-mode" : "main",
        "lifetime": {
                      "units" : "seconds"
                      "value" : 28800,
             }
            "ike-version" : "v1",
            "pfs": "Group5",
        }
}

2.2 IPsec策略

获取ipsec策略列表

GET
/v2.0/ipsecpolicies/

创建ipsec策略

POST
/v2.0/ipsecpolicies

获取指定ipsec策略

GET
/v2.0/ipsecpolicies/ipsecpolicy-id

更新ipsec策略

UPDATE
/v2.0/ipsecpolicies/ipsecpolicy-id

删除ipsec策略

DELETE
/v2.0/ipsecpolicies/ipsecpolicy-id

示例

创建ipsec策略

发送参数json

#!highlight javascript numbers=disable
POST /v1.0/ipsecpolicies
Accept: application/json
Content-Type: application/json
X-Auth-Token:xyz
Content-Length: abc

{
  "ipsecpolicy" : {
            "name": "ipsecpolicy_1",
            "transform-protocol": "esp",
        "auth-algorithm" : "sha1",
            "encryption-algorithm" : "aes-256",
            "encapsulation-mode" : "tunnel",
            "lifetime": "units=seconds,value=28800",
            "pfs": "Group5"
          }
}

返回数据json

#!highlight javascript numbers=disable
HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: abc

{
  "ipsecpolicy" : {
            "id":"cfc6589d-f949-4c66-99d2-c2da56ef3764",
            "tenant-id": "310df60f-2a10-4ee5-9554-98393092194c",
            "name": "ipsecpolicy_1",
            "transform-protocol": "esp",
        "auth-algorithm" : "sha1",
            "encryption-algorithm" : "aes-256",
            "encapsulation-mode" : "tunnel",
             "lifetime": {
                      "units" : "seconds"
                      "value" : 28800,
             }
            "pfs": "Group5"
       }
}

2.3 VPN服务

获取vpn服务列表

GET
/v2.0/vpnservices/

获取指定vpn服务

GET
/v2.0/vpnservices/vpnservice-id

创建vpn服务

POST
/v2.0/vpnservices

更新指定vpn服务

UPDATE
/v2.0/vpnservices/vpnservice-id

删除vpn服务 DELETE /v2.0/vpnservices/vpnservice-id

示例

创建vpn服务

发送数据json

#!highlight javascript numbers=disable
POST /v1.0/vpnservices
Content-Type: application/json
Accept: application/json
X-Auth-Token:xyz
Content-Length: abc

{
  "vpnservice": {

           "tenant_id": "310df60f-2a10-4ee5-9554-98393092194c",
           "name": "cloud_vpn",
           "subnet": "96a4386a-f8c3-42ed-afce-d7954eee77b3",
       "router": "8acda86a-f8c3-42ed-afce-d7954eee77b3",
           }
}

返回数据json

#!highlight javascript numbers=disable
HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: abc

{
  "vpnservice": {
           "id": "02b1fef7-16f5-4917-bf19-c40a9af805ed",
           "tenant-id": "310df60f-2a10-4ee5-9554-98393092194c",
           "name": "cloud_vpn",
           "subnet-id": "96a4386a-f8c3-42ed-afce-d7954eee77b3",
       "router-id": "8acda86a-f8c3-42ed-afce-d7954eee77b3",
           "admin_state_up": true,
           "status": "PENDING_CREATE"
           }
}

2.4 连接服务

获取连接列表

GET
/v2.0/ipsec-site-connections/

创建连接

POST
/v2.0/ipsec-site-connections

获取指定连接

GET
/v2.0/ipsec-site-connections/ipsec-site-connection-id

更新连接

UPDATE
/v2.0/ipsec-site-connections/ipsec-site-connection-id

删除连接

DELETE
/v2.0/ipsec-site-connections/ipsec-site-connection-id

示例

创建连接

发送数据json

#!highlight javascript numbers=disable
POST /v1.0/ipsec-site-connections
Accept: application/json
Content-Type: application/json
X-Auth-Token:xyz
Content-Length: abc

{
  "ipsec_site_connection" : {
            "name": "ipsec_connection_1",
            "peer-address": "192.168.2.255",
            "peer-id" : "192.168.2.255",
        "peer-cidr" : "10.30.2.0/24",
            "dpd": "action=hold,interval=20,timeout=120",
           "mtu": "1500",
           "psk": "bla_bla_bla",
           "initiator": "bi-directional",
           "vpnservice-id": "02b1fef7-16f5-4917-bf19-c40a9af805ed",
            "ikepolicy-id": "03299abc-16f5-4917-bf19-c40a9af805ed",
            "ipsecpolicy-id": "0dbc1234-16f5-4917-bf19-c40a9af805ed"
         }
}

返回数据json

#!highlight javascript numbers=disable
HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: abc

{
  "ipsec_site_connection" : {
            "id":"cfc6589d-f949-4c66-99d2-c2da56ef3764",
            "tenant-id": "310df60f-2a10-4ee5-9554-98393092194c",
            "name": "ipsec_connection_1",
            "peer-address": "192.168.2.255",
            "peer-id" : "192.168.2.255",
        "peer-cidr" : "10.30.2.0/24",
            "dpd": {
                      "action" : "hold"
                      "interval" : 20,
                      "timeout" : 120,
             }
           "mtu": "1500",
           "psk": "bla_bla_bla",
           "initiator": "bi-directional",
            "vpnservice-id": "02b1fef7-16f5-4917-bf19-c40a9af805ed",
            "ikepolicy-id": "03299abc-16f5-4917-bf19-c40a9af805ed",
            "ipsecpolicy-id": "0dbc1234-16f5-4917-bf19-c40a9af805ed",
            "admin_state_up": true,
            "status": "PENDING_CREATE"
          }
}
时间: 2024-12-09 04:04:59

OpenStack-Neutron-VPNaaS-API的相关文章

openstack neutron L3 HA

作者:Liping Mao  发表于:2014-08-20 版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本版权声明 最近Assaf Muller写了一篇关于Neutron L3 HA的文章很不错. 建议看原文,地址如下: http://assafmuller.wordpress.com/category/ml2/ 大致翻译如下: L3 Agent Low Availability(L3 agent的低可用性) 目前,在Openstack中,你只能用多个网络节点达到

怎样写 OpenStack Neutron 的 Extension (四)

上文说到需要在 /neutronclient/v2_0/myextension/extension.py 中分别定义五个 class:List/Show/Create/Delete/UpdateExtension.具体形式如下: import argparse import logging from neutronclient.neutron import v2_0 as neutronV20 from neutronclient.openstack.common.gettextutils im

如何区分 OpenStack Neutron Extension 和 Plugin

Neutron 里面的 extension 和 plugin 是非常相似的两个概念,我花了好久才貌似搞懂了两者的区别,还不一定完全正确. 在OpenStack 的官网wiki中,可以找到它们两个的定义: Plugin: Neutron exposes a logical API to define network connectivity between devices from other OpenStack services (e.g., vNICs from Nova VMs). The

深入浅出新一代云网络——VPC中的那些功能与基于OpenStack Neutron的实现(二)

在VPC功能实现第一篇中,简单介绍了一下VPC网络对租户间隔离能力的提升以及基于路由提供的一系列网络功能.在这一篇中,将继续介绍VPC网络中十分重要的一个内容:网络带宽的控制,共享以及分离. 首先是对第一篇中,端口转发功能的样例代码,all-in-one http service 风格的实现. 核心功能: find_router_ip = "ip netns exec qrouter-{router_id} ifconfig |grep -A1 qg- | grep inet | awk '{{

怎样写 OpenStack Neutron 的 Extension (一)

前两篇文章讨论了怎么写一个 Neutron 的插件.但是最基本的插件只包括 Network, Port,和 Subnet 三种资源.如果需要引入新的资源,比如一个二层的 gateway 的话,就需要在插件的基础上再写一个 extension, 也就是扩展. Neutron 已经预定义了很多扩展,可以参看 neutron/extensions 下面的文件,我在这里就不一一列举了.如果正好有一种是你需要的,那直接拿过来用就好了.如果需要自己从头搭起的话,可以现在 自己的 plugin 文件夹下面创建

怎样写 OpenStack Neutron 的 Plugin (二)

其实上一篇博文中的内容已经涵盖了大部分写Neutron插件的技术问题,这里主要还遗留了一些有关插件的具体实现的问题. 首先,Neutron对最基本的三个资源:Network, Port 和 Subnet 的基本调用都已经定义好了API接口.如果你的插件也需要用到这些资源,最好直接实现它们的接口.API接口的定义可以再 neutron/neutron_plugin_base_v2.py 这个文件中找到,其中每个参数的作用也有比较详细的介绍.对于用不着的资源,直接放任不管就好了,最多下次不小心调用了

怎样写 OpenStack Neutron 的 Plugin (一)

鉴于不知道Neutron的人也不会看这篇文章,而知道的人也不用我再啰嗦Neutron是什么东西,我决定跳过Neutron简介,直接爆料. 首先要介绍一下我的开发环境.我没有使用DevStack,而是直接在电脑上安装了三个Virtual Box,然后根据OpenStack的Ubuntu 安装指南部署了一个环境:一个控制节点,一个网络节点和一个计算节点.接下来我会直接在控制节点上修改 <your path>/neutron/ 下面的文件,然后通过重启neutron 的各个service来更新我的修

怎样写 OpenStack Neutron 的 Extension (二)

接着之前一篇文章,再来谈谈 Extension 的具体实现问题.我使用的是本地数据库加远程API调用的方法,所以先要定义一下数据库中 myextension 如何存储.首先,我们可以在自己的 plugin 根目录下新建一个 db 文件夹,以及三个文件: - neutron/ - plugins/ - myplugin/ - __init__.py - plugin.py - extensions/ - db/ - __init__.py - db.py - models.py db.py 用来存

openstack Neutron分析(3)—— neutron-dhcp-agent源码分析

1.neutron dhcp3个主要部件分别为什么?2.dhcp模块包含哪些内容?3.Dnsmasq配置文件是如何创建和更新的?4.DHCP agent的信息存放在neutron数据库的哪个表中? 扩展: neutron-dhcp-agent在neutron的作用是什么? 一.概述 neutron dhcp为租户网络提供DHCP服务,即IP地址动态分配,另外还会提供metadata请求服务. 3个主要的部件:DHCP agent scheduler:负责DHCP agent与network的调度

OpenStack Neutron L3层高可靠

英文地址:http://assafmuller.com/2014/08/16/layer-3-high-availability/ L3层Agent的低可靠解决方案 当前,你可以通过多网络节点的方式解决负载均衡,但是这并非高可靠和冗余的解决方案.假设你有三个网络节点,创建新的路由,会自动的规划和分布在这三个网络节点上.但是,如果一个节点坏掉,所有路由将无法提供服务,路由转发也无法正常进行.Neutron,在IceHouse版本中,没有提供任何内置的解决方案. DHCP Agent的高可靠的变通之