OpenStack-Neutron-VPNaaS-API

1 命令

1.1 IKE策略

• vpn-ikepolicy-create Create an IKEPolicy
• vpn-ikepolicy-delete Delete a given IKE Policy.
• vpn-ikepolicy-list List IKEPolicies that belong to a given tenant.
• vpn-ikepolicy-show Show detailed information of a given IKEPolicy.
• vpn-ikepolicy-update Update a given IKE Policy.

1.2 ipsec策略

• vpn-ipsecpolicy-create Create an IPsec policy
• vpn-ipsecpolicy-delete Delete a given IPsec Policy
• vpn-ipsecpolicy-list List IPsecPolicies that belong to a given tenant * connection.
• vpn-ipsecpolicy-show Show detailed information of a given IPsec Policy
• vpn-ipsecpolicy-update Update a given IPsec Policy.

1.3 vpn服务

• vpn-service-create Create a VPNService
• vpn-service-delete Delete a given VPNService
• vpn-service-list List all VPNService for a given tenant.
• vpn-service-show Show detailed information of a given VPNService.
• vpn-service-update Update a given VPNservice.

1.4 连接

• ipsec-site-connection-create Create a ipsec-site-connection
• ipsec-site-connection-delete Delete a given ipsec-site-connection.
• ipsec-site-connection-list List ipsec-site-connections that belong to a given tenant.
• ipsec-site-connection-show Show information of a given ipsec-site-connection.
• ipsec-site-connection-update Update a given ipsec-site-connection.

2 API

2.1 IKE策略

获取IKE策略列表

GET
/v2.0/ikepolicies/

创建IKE策略

POST
/v2.0/ikepolicies

获取指定IKE策略

GET
/v2.0/ikepolicies/ikepolicy-id

更新指定IKE策略

UPDATE
/v2.0/ikepolicies/ikepolicy-id

删除IKE策略

DELETE
/v2.0/ikepolicies/ikepolicy-id

示例

创建IKE策略

发送参数

#!highlight javascript numbers=disable
POST /v1.0/ikepolicies
Accept: application/json
Content-Type: application/json
X-Auth-Token:xyz
Content-Length: abc

{
  "ikepolicy" : {
            "name": "ikepolicy_1",
            "auth-algorithm" : "sha1",
            "encryption-algorithm" : "aes-256",
            "phase1-negotiation-mode" : "main",
        "lifetime": "units=seconds,value=28800",
            "ike-version" : "v1",
            "pfs": " Group5",
           }
}

返回参数

#!highlight javascript numbers=disable
HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: abc

{
"ikepolicy" : {
            "id":"cfc6589d-f949-4c66-99d2-c2da56ef3764",
            "tenant_id": "310df60f-2a10-4ee5-9554-98393092194c",
            "name": "ikepolicy_1",
            "auth-algorithm" : "sha1",
            "encryption-algorithm" : "aes-256",
            "phase1-negotiation-mode" : "main",
        "lifetime": {
                      "units" : "seconds"
                      "value" : 28800,
             }
            "ike-version" : "v1",
            "pfs": "Group5",
        }
}

2.2 IPsec策略

获取ipsec策略列表

GET
/v2.0/ipsecpolicies/

创建ipsec策略

POST
/v2.0/ipsecpolicies

获取指定ipsec策略

GET
/v2.0/ipsecpolicies/ipsecpolicy-id

更新ipsec策略

UPDATE
/v2.0/ipsecpolicies/ipsecpolicy-id

删除ipsec策略

DELETE
/v2.0/ipsecpolicies/ipsecpolicy-id

示例

创建ipsec策略

发送参数json

#!highlight javascript numbers=disable
POST /v1.0/ipsecpolicies
Accept: application/json
Content-Type: application/json
X-Auth-Token:xyz
Content-Length: abc

{
  "ipsecpolicy" : {
            "name": "ipsecpolicy_1",
            "transform-protocol": "esp",
        "auth-algorithm" : "sha1",
            "encryption-algorithm" : "aes-256",
            "encapsulation-mode" : "tunnel",
            "lifetime": "units=seconds,value=28800",
            "pfs": "Group5"
          }
}

返回数据json

#!highlight javascript numbers=disable
HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: abc

{
  "ipsecpolicy" : {
            "id":"cfc6589d-f949-4c66-99d2-c2da56ef3764",
            "tenant-id": "310df60f-2a10-4ee5-9554-98393092194c",
            "name": "ipsecpolicy_1",
            "transform-protocol": "esp",
        "auth-algorithm" : "sha1",
            "encryption-algorithm" : "aes-256",
            "encapsulation-mode" : "tunnel",
             "lifetime": {
                      "units" : "seconds"
                      "value" : 28800,
             }
            "pfs": "Group5"
       }
}

2.3 VPN服务

获取vpn服务列表

GET
/v2.0/vpnservices/

获取指定vpn服务

GET
/v2.0/vpnservices/vpnservice-id

创建vpn服务

POST
/v2.0/vpnservices

更新指定vpn服务

UPDATE
/v2.0/vpnservices/vpnservice-id

删除vpn服务 DELETE /v2.0/vpnservices/vpnservice-id

示例

创建vpn服务

发送数据json

#!highlight javascript numbers=disable
POST /v1.0/vpnservices
Content-Type: application/json
Accept: application/json
X-Auth-Token:xyz
Content-Length: abc

{
  "vpnservice": {

           "tenant_id": "310df60f-2a10-4ee5-9554-98393092194c",
           "name": "cloud_vpn",
           "subnet": "96a4386a-f8c3-42ed-afce-d7954eee77b3",
       "router": "8acda86a-f8c3-42ed-afce-d7954eee77b3",
           }
}

返回数据json

#!highlight javascript numbers=disable
HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: abc

{
  "vpnservice": {
           "id": "02b1fef7-16f5-4917-bf19-c40a9af805ed",
           "tenant-id": "310df60f-2a10-4ee5-9554-98393092194c",
           "name": "cloud_vpn",
           "subnet-id": "96a4386a-f8c3-42ed-afce-d7954eee77b3",
       "router-id": "8acda86a-f8c3-42ed-afce-d7954eee77b3",
           "admin_state_up": true,
           "status": "PENDING_CREATE"
           }
}

2.4 连接服务

获取连接列表

GET
/v2.0/ipsec-site-connections/

创建连接

POST
/v2.0/ipsec-site-connections

获取指定连接

GET
/v2.0/ipsec-site-connections/ipsec-site-connection-id

更新连接

UPDATE
/v2.0/ipsec-site-connections/ipsec-site-connection-id

删除连接

DELETE
/v2.0/ipsec-site-connections/ipsec-site-connection-id

示例

创建连接

发送数据json

#!highlight javascript numbers=disable
POST /v1.0/ipsec-site-connections
Accept: application/json
Content-Type: application/json
X-Auth-Token:xyz
Content-Length: abc

{
  "ipsec_site_connection" : {
            "name": "ipsec_connection_1",
            "peer-address": "192.168.2.255",
            "peer-id" : "192.168.2.255",
        "peer-cidr" : "10.30.2.0/24",
            "dpd": "action=hold,interval=20,timeout=120",
           "mtu": "1500",
           "psk": "bla_bla_bla",
           "initiator": "bi-directional",
           "vpnservice-id": "02b1fef7-16f5-4917-bf19-c40a9af805ed",
            "ikepolicy-id": "03299abc-16f5-4917-bf19-c40a9af805ed",
            "ipsecpolicy-id": "0dbc1234-16f5-4917-bf19-c40a9af805ed"
         }
}

返回数据json

#!highlight javascript numbers=disable
HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: abc

{
  "ipsec_site_connection" : {
            "id":"cfc6589d-f949-4c66-99d2-c2da56ef3764",
            "tenant-id": "310df60f-2a10-4ee5-9554-98393092194c",
            "name": "ipsec_connection_1",
            "peer-address": "192.168.2.255",
            "peer-id" : "192.168.2.255",
        "peer-cidr" : "10.30.2.0/24",
            "dpd": {
                      "action" : "hold"
                      "interval" : 20,
                      "timeout" : 120,
             }
           "mtu": "1500",
           "psk": "bla_bla_bla",
           "initiator": "bi-directional",
            "vpnservice-id": "02b1fef7-16f5-4917-bf19-c40a9af805ed",
            "ikepolicy-id": "03299abc-16f5-4917-bf19-c40a9af805ed",
            "ipsecpolicy-id": "0dbc1234-16f5-4917-bf19-c40a9af805ed",
            "admin_state_up": true,
            "status": "PENDING_CREATE"
          }
}