Heat/Blueprints/VPaaS Support

Summary
The point of this blueprint is to add VPNaaS components to resources supported by Heat.

VPNaaS componets to add:
 * VPNService
 * IKEPolicy
 * IPsecPolicy
 * IPsecSiteConnection

VPNServices
Example:

... "Resources" : { ...   "VPNService" : { "Type" : "OS::Neutron::VPNService", "Properties" : { "name" : "My VPN", "description" : "My new VPN", "admin_state_up" : True, "subnet_Id" : { "Ref" : "Subnet" }, "router_Id" : { "Ref" : "Router" } }   }    ... }, ...

IKEPolicy
Example:

... "Resources" : { ...   "IKEPolicy" : { "Type" : "OS::Neutron::IKEPolicy", "Properties" : { "name" : "My IKEPolicy", "description" : "My new IKE policy", "auth_algorithm" : "sha1", "encryption_algorithm" : "3des", "phase1_negotiation_mode" : "main", "lifetime" : { "units" : "seconds", "value" : 3600 },           "pfs" : "group5", "ike_version" : "v1" }   }    ... }, ...

IPsecPolicy
Example:

... "Resources" : { ...   "IPsecPolicy" : { "Type" : "OS::Neutron::IPsecPolicy", "Properties" : { "name" : "My IKEPolicy", "description" : "My new IKE policy", "transform_protocol": "esp", "encapsulation_mode" : "tunnel", "auth_algorithm" : "sha1", "encryption_algorithm" : "3des", "lifetime" : { "units" : "seconds", "value" : 3600 },           "pfs" : "group5" }   }    ... }, ...

IPsecSiteConnection
Example:

... "Resources" : { ...   "VPNConnection" : { "Type" : "OS::Neutron::VPNConnection", "Properties" : { "name" : "My VPN connection", "description" : "My new VPN connection", "peer_address" : "10.0.0.1", "peer_id" : "peer", "peer_cidrs" : ["10.0.0.0/24"], "mtu" : 1500, "dpd" : { "actions" : "hold", "interval" : 30, "timeout" : 120 },           "psk" : "secret", "initiator" : "bi-directional", "admin_state_up" : True, "ikepolicy_id" : { "Ref" : "IKEPolicy" }, "ipsecpolicy_Id" : { "Ref" : "IPsecPolicy" }, "vpnservice_id" : { "Ref" : "VPNService" } }   }    ... }, ...

Dependencies & References

 * BL: VPN as a Service providing IPsec VPN with Static routing (UNDER REVIEW)
 * UI Patch
 * Backend Patch
 * API Patch
 * Instruction
 * Data Model

VPNaaS.template
{ "AWSTemplateFormatVersion" : "2010-09-09",

"Description" : "",

"Parameters" : {

"ExternalNetworkId" : { "Description" : "External network id", "Type" : "String", "ConstraintDescription" : "must be a id of existing external network" },

"ExternalGatewayIPAddress" : { "Description" : "External Gateway IP address", "Type" : "String", "ConstraintDescription" : "must be an IP address of external gateway" },

"SubnetCidr" : { "Description" : "Subnet cidr", "Type" : "String", "ConstraintDescription" : "must be a cidr" },

"SubnetPoolStart" : { "Description" : "Start of allocation pool for subnet", "Type" : "String", "ConstraintDescription" : "must be a valid IP address" },

"SubnetPoolEnd" : { "Description" : "End of allocation pool for subnet", "Type" : "String", "ConstraintDescription" : "must be a valid IP address" },   "VPNPeerCidr" : { "Description" : "Cidr for VPN peer", "Type" : "String", "ConstraintDescription" : "must be a valid cidr" }

}, "Resources" : { "Network": { "Type": "OS::Quantum::Net", "Properties": { "name": "My Network" }   },

"Subnet": { "Type": "OS::Quantum::Subnet", "Properties": { "name": "My Subnet", "network_id": { "Ref" : "Network" }, "ip_version": 4, "cidr": { "Ref" : "SubnetCidr" }, "dns_nameservers": ["8.8.8.8"], "allocation_pools": [ { "start": { "Ref" : "SubnetPoolStart" }, "end": { "Ref" : "SubnetPoolEnd" } }       ]      }    },

"Router": { "Type": "OS::Quantum::Router", "Properties": { "name": "My Router" }   },

"RouterInterface": { "Type": "OS::Quantum::RouterInterface", "Properties": { "router_id": { "Ref" : "Router" }, "subnet_id": { "Ref" : "Subnet" } }   },    "RouterGateway": { "Type": "OS::Quantum::RouterGateway", "Properties": { "router_id": { "Ref" : "Router" }, "network_id": { "Ref" : "ExternalNetworkId" } }   },

"VPNService" : { "Type" : "OS::Neutron::VPNService", "Properties" : { "name" : "VPNService", "description" : "My new VPN service", "admin_state_up" : true, "router_id" : { "Ref" : "Router" }, "subnet_id" : { "Ref" : "Subnet" } }   },

"IKEPolicy" : { "Type" : "OS::Neutron::IKEPolicy", "Properties" : { "name" : "IKEPolicy", "description" : "My new IKE policy", "auth_algorithm" : "sha1", "encryption_algorithm" : "3des", "phase1_negotiation_mode" : "main", "lifetime" : { "units" : "seconds", "value" : 3600 },       "pfs" : "group5", "ike_version" : "v1" }   },

"IPsecPolicy" : { "Type" : "OS::Neutron::IPsecPolicy", "Properties" : { "name" : "IPsecPolicy", "description" : "My new IPsec policy", "transform_protocol": "esp", "encapsulation_mode" : "tunnel", "auth_algorithm" : "sha1", "encryption_algorithm" : "3des", "lifetime" : { "units" : "seconds", "value" : 3600 },       "pfs" : "group5" }   },

"IPsecSiteConnection" : { "Type" : "OS::Neutron::VPNConnection", "Properties" : { "name" : "VPNConnection", "description" : "My new VPN connection", "peer_address" : { "Ref" : "ExternalGatewayIPAddress" }, "peer_id" : { "Ref" : "ExternalGatewayIPAddress" }, "peer_cidrs" : [ { "Ref" : "VPNPeerCidr" } ], "mtu" : 1500, "dpd" : { "actions" : "hold", "interval" : 30, "timeout" : 120 },       "psk" : "secret", "initiator" : "bi-directional", "admin_state_up" : true, "ikepolicy_id" : { "Ref" : "IKEPolicy" }, "ipsecpolicy_id" : { "Ref" : "IPsecPolicy" }, "vpnservice_id" : { "Ref" : "VPNService" } }   }  } }