Jump to: navigation, search

Heat/Blueprints/VPaaS Support

< Heat
Revision as of 22:04, 19 July 2013 by Hanney (talk | contribs) (Created page with "Adding new resources types: * VPNServices * IKEPolicy * IPsecPolicy * VPNConnections ===== VPNServices ===== {| class="wikitable" |- ! Property !! Description |- | name || N...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Adding new resources types:

  • VPNServices
  • IKEPolicy
  • IPsecPolicy
  • VPNConnections
VPNServices
Property Description
name Name of the VPN Service.
description Description of the VPN Service.
admin_state_up Administrative state of vpnservice. If false (down), port does not forward packets.
subnet_id Subnet id in which the tenant wants the vpn service.
router_id Router id to which the vpn service is inserted.

Example: 

...
"Resources" : {
    ...
    "VPNService" : {
        "Type" : "OS::Quantum::VPNService",
        "Properties" : {
            "name" : "My VPN",
            "description" : "My new VPN",
            "admin_state_up" : True,
            "subnet_Id" : { "Ref" : "Subnet" },
            "router_Id" : { "Ref" : "Router" }
        }
    }
    ...
},
...
IKEPolicy
Property Description
name Friendly name for the IKE policy.
description Description of the IKE policy.
auth_algorithm Authentication Hash algorithms "sha1".
encryption_algorithm Encryption Algorithms "3des", "aes-128", "aes-256", "aes-192" etc.
phase1_negotiation_mode IKE mode "main".
lifetime_units Lifetime of the SA unit in "seconds" or "kilobytes".
lifetime_value Lifetime value in seconds or kilobytes.
pfs Perfect Forward Secrecy (group2, group5, group14).
ike_version v1 or v2 version.

Example: 

...
"Resources" : {
    ...
    "IKEPolicy" : {
        "Type" : "OS::Quantum::IKEPolicy",
        "Properties" : {
            "name" : "My IKEPolicy",
            "description" : "My new IKE policy",
            "auth_algorithm" : "sha1",
            "encryption_algorithm" : "3des",
            "phase1_negotiation_mode" : "main",
            "lifetime_units" : "seconds",
            "lifetime_value" : 3600,
            "pfs" : "group5",
            "ike_version" : "v1"
        }
    }
    ...
},
...
IPsecPolicy
Property Description
name Friendly name for the IPsec policy.
description Description of the IPsec policy.
transform_protocol Transform Protocol used such as "esp" or "ah" or "ah-esp".
encapsulation_mode Encapsulation mode either "tunnel" mode or "transport" mode.
auth_algorithm Authentication Hash algorithms "sha1".
encryption_algorithm Encryption Algorithms "3des", "aes-128", "aes-256", "aes-192" etc.
lifetime_units Lifetime of the SA unit in "seconds" or "kilobytes".
lifetime_value Lifetime value in seconds or kilobytes.
pfs Perfect Forward Secrecy (group2, group5, group14).

Example: 

...
"Resources" : {
    ...
    "IPsecPolicy" : {
        "Type" : "OS::Quantum::IPsecPolicy",
        "Properties" : {
            "name" : "My IKEPolicy",
            "description" : "My new IKE policy",
            "transform_protocol": "esp",
            "encapsulation_mode" : "tunnel",
            "auth_algorithm" : "sha1",
            "encryption_algorithm" : "3des",
            "lifetime_units" : "seconds",
            "lifetime_value" : 3600,
            "pfs" : "group5"
        }
    }
    ...
},
...
VPNConnections
Property Description
name Friendly Name for the VPN connection.
description Description of the VPN connection.
peer_address Peer VPN gateway public address or FQDN.
peer_id Peer identifier (Can be name, string or FQDN).
mtu Maximum transmission unit to address fragmentation.
dpd_actions DPD actions controls the use of Dead Peer Detection Protocol. ("clear", "hold", "restart", "disabled", "restart-by-peer").
dpd_interval Number of seconds for DPD delay.
dpd_timeout Number of seconds for DPD timeout.
psk Pre-shared-key any string.
initiator Whether this VPN can only respond to connections or can initiate as well.
admin_state_up Administrative state of vpn connection. If false (down), VPN connection does not forward packets.
ikepolicy_id UUID id of IKE policy.
ipsecpolicy_id UUID id of IPsec policy.
vpnservice_id UUID id of VPN service.

Example: 

...
"Resources" : {
    ...
    "VPNConnection" : {
        "Type" : "OS::Quantum::VPNConnection",
        "Properties" : {
            "name" : "My VPN connection",
            "description" : "My new VPN connection",
            "peer_address" : "10.0.0.1",
            "peer_id" : "peer",
            "peer_cidrs" : ["10.0.0.0/24"],
            "mtu" : "1500",
            "dpd_actions" : "hold",
            "dpd_interval" : "30",
            "dpd_timeout" : "120",
            "psk" : "secret",
            "initiator" : "bi-directional",
            "admin_state_up" : True,
            "ikepolicy_id" : { "Ref" : "IKEPolicy" },
            "ipsecpolicy_Id" : { "Ref" : "IPsecPolicy" },
            "vpnservice_id" : { "Ref" : "VPNService" }
        }
    }
    ...
},
...
Retrieved from "https://wiki.openstack.org/w/index.php?title=Heat/Blueprints/VPaaS_Support&oldid=26515"