Jump to: navigation, search


< Neutron
Revision as of 20:53, 10 May 2013 by Swaminathan Vasudevan (talk | contribs) (Current Design Discussions)


VPNaaS (VPN-as-a-Service) is a Quantum extension that introduces VPN feature set.

The following is the proposed plan for design and implementation of the VPN as a Service feature in OpenStack Networking for the Havana release. While our long term goal for VPNaaS is to make it very feature rich and to support multiple tunneling,security protocols that supports both static and dynamic routing, but for the short term we would want to deliver a basic experimental reference implementation based on opensource for IPsec based VPNs using just static routing that will allow us to evaluate the API, resource model and usability of this feature. This will allow us to gather feedback, and make enhancements if required.

Also we would like to have a simple model such as the AWS for configuring the VPN. In AWS the IKE and IPsec Policies are pre-defined, but we would want to make it more user configurable rather than pre-defined templates.

Again for simplicity we will be just implementing IKE with “PSK” authentication mode rather than using certificates. In future we can extend to support certificate based authentication.

Current Design Discussions

  1. API and Resource Model Document Quantum/VPNaaS/API

Client API ( CLI for VPNaaS) This section describes commands that will be introduced into python-quantumclient in order to support VPNaaS advanced service.

CLI Command Functionaliy
vpn-vpnservice-create Create a VPNService
vpn-vpnservice-delete Delete a given VPNService
vpn-vpnservice-list List all VPNService for a given tenant.
vpn-vpnservice-show Show detailed information of a given VPNService.
vpn-vpnservice-update Update a given VPNservice.
vpn-ikepolicy-create Create an IKEPolicy
vpn-ikepolicy-delete Delete a given IKE Policy.
vpn-ikepolicy-list List IKEPolicies that belong to a given tenant.
vpn-ikepolicy-show Show detailed information of a given IKEPolicy.
vpn-ikepolicy-update Update a given IKE Policy.
vpn-ipsecpolicy-create Create an IPsec policy
vpn-ipsecpolicy-delete Delete a given IPsec Policy
vpn-ipsecpolicy-list List IPsec Policy that belong to a given tenant connection.
vpn-ipsecpolicy-show Show detailed information of a given IPsec Policy
vpn-ipsecpolicy-update Update a given IPsec Policy.
vpn-vpnserviceconnection-create Create a VPNServiceConnection
vpn-vpnserviceconnection-delete Delete a given VPNServiceConnection.
vpn-vpnserviceconnection-list List VPNServiceConnections that belong to a given tenant.
vpn-vpnserviceconnection-show Show information of a given VPNServiceConnection.
vpn-vpnserviceconnection-update Update a given VPNServiceConnection.


Havana Plan