VPNaaS (VPN-as-a-Service) is a Quantum extension that introduces VPN feature set.
The following is the proposed plan for design and implementation of the VPN as a Service feature in OpenStack Networking for the Havana release. While our long term goal for VPNaaS is to make it very feature rich and to support multiple tunneling,security protocols that supports both static and dynamic routing, but for the short term we would want to deliver a basic experimental reference implementation based on opensource for IPsec based VPNs using just static routing that will allow us to evaluate the API, resource model and usability of this feature. This will allow us to gather feedback, and make enhancements if required.
Also we would like to have a simple model such as the AWS for configuring the VPN. In AWS the IKE and IPsec Policies are pre-defined, but we would want to make it more user configurable rather than pre-defined templates.
Again for simplicity we will be just implementing IKE with “PSK” authentication mode rather than using certificates. In future we can extend to support certificate based authentication.
Current Design Discussions
- API and Resource Model Document Quantum/VPNaaS/API
Client API ( CLI for VPNaaS) This section describes commands that will be introduced into python-quantumclient in order to support VPNaaS advanced service.
|vpn-vpnservice-create||Create a VPNService|
|vpn-vpnservice-delete||Delete a given VPNService|
|vpn-vpnservice-list||List all VPNService for a given tenant.|
|vpn-vpnservice-show||Show detailed information of a given VPNService.|
|vpn-vpnservice-update||Update a given VPNservice.|
|vpn-ikepolicy-create||Create an IKEPolicy|
|vpn-ikepolicy-delete||Delete a given IKE Policy.|
|vpn-ikepolicy-list||List IKEPolicies that belong to a given tenant.|
|vpn-ikepolicy-show||Show detailed information of a given IKEPolicy.|
|vpn-ikepolicy-update||Update a given IKE Policy.|
|vpn-ipsecpolicy-create||Create an IPsec policy|
|vpn-ipsecpolicy-delete||Delete a given IPsec Policy|
|vpn-ipsecpolicy-list||List IPsec Policy that belong to a given tenant connection.|
|vpn-ipsecpolicy-show||Show detailed information of a given IPsec Policy|
|vpn-ipsecpolicy-update||Update a given IPsec Policy.|
|vpn-vpnserviceconnection-create||Create a VPNServiceConnection|
|vpn-vpnserviceconnection-delete||Delete a given VPNServiceConnection.|
|vpn-vpnserviceconnection-list||List VPNServiceConnections that belong to a given tenant.|
|vpn-vpnserviceconnection-show||Show information of a given VPNServiceConnection.|
|vpn-vpnserviceconnection-update||Update a given VPNServiceConnection.|