Difference between revisions of "Neutron/VPNaaS/Brocade Vyatta VPNaaS Plugin"
(Describes Brocade Vyatta VPN plugin configuration) |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
<big>The Brocade Vyatta VPN plugin provides VPNaaS solution using Brocade Vyatta vRouter VM running as a Neutron router. | <big>The Brocade Vyatta VPN plugin provides VPNaaS solution using Brocade Vyatta vRouter VM running as a Neutron router. | ||
| − | The | + | The plugin implements IPSec Site-to-Site tunnel to connect tenant private networks to remote networks using vRouter VM. |
| − | Vyatta | + | The plugin contains two parts. Vyatta VPN service-driver that interacts with neutron-server's vpn service-plugin and Vyatta VPN device-driver which is bundled with neutron-l3-agent. Both these components need to be configured correctly for the VPN functionality to work. |
| + | |||
| + | Neutron L3 agent's Vyatta VPN device-driver component is the one that will invoke the Vyatta vRouter REST APIs for the below CRUD APIs as and when determined by the VPNaaS plugin. | ||
1. create / delete ike policy | 1. create / delete ike policy | ||
| Line 15: | Line 17: | ||
</big> | </big> | ||
| + | ' | ||
| + | ==Block Diagram== | ||
| + | <big> | ||
| + | |||
| + | +----------------------+ +----------------------+ | ||
| + | | Neutron Server | | Neutron L3 Agent | | ||
| + | | | | | | ||
| + | | | | | | ||
| + | | +------------------+ | | +------------------+ | | ||
| + | | | VPN | | | | VPN Agent | | | ||
| + | | | Service Plugin | | | +------------------+ | | ||
| + | | +------------------+ | | | Vyatta VPN | | | ||
| + | | | Vyatta VPN | | RPC | | Device Driver | | | ||
| + | | | Service Driver | + <--------------> | | | | | ||
| + | +-+------------------+-+ +-+--------+---------+-+ | ||
| + | | | ||
| + | | | ||
| + | | REST API | ||
| + | | | ||
| + | +--------v---------+ | ||
| + | | | | ||
| + | | | | ||
| + | | Vyatta vRouter | | ||
| + | | | | ||
| + | | | | ||
| + | | | | ||
| + | | | | ||
| + | +------------------+ | ||
| + | |||
| + | |||
| + | </big> | ||
=='''Configuration'''== | =='''Configuration'''== | ||
<big> | <big> | ||
| − | 1. Refer to link https://wiki.openstack.org/wiki/Brocade_Vyatta_L3_Plugin for L3 plugin configuration. | + | 1. Refer to link https://wiki.openstack.org/wiki/Brocade_Vyatta_L3_Plugin for Vyatta vRouter L3 plugin configuration. |
2. Edit Neutron configuration file /etc/neutron/neutron.conf to specify Vyatta vRouter L3 plugin and Vyatta VPN plugin service-driver | 2. Edit Neutron configuration file /etc/neutron/neutron.conf to specify Vyatta vRouter L3 plugin and Vyatta VPN plugin service-driver | ||
| − | service_plugins = neutron. | + | service_plugins = neutron.services.l3_router.brocade.vyatta.vrouter_neutron_plugin.VyattaVRouterPlugin,neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin |
| − | 3. Edit the /etc/neutron/vpn_agent.ini file to | + | [service_providers] |
| + | service_provider = VPN:vyatta:neutron_vpnaas.services.vpn.service_drivers.vyatta_ipsec.VyattaIPsecDriver:default | ||
| + | |||
| + | 3. Edit the /etc/neutron/vpn_agent.ini file to specify Brocade Vyatta VPN agent device-driver | ||
[vpnagent] | [vpnagent] | ||
| − | vpn_device_driver= | + | vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver |
| − | 4. Create a | + | 4. Create a launcher utility with Vyatta VPN agent entry point, preferably in a file in /usr/local/bin/vyatta-vpn-agent, |
#!/usr/bin/python | #!/usr/bin/python | ||
| − | # | + | # PBR Generated from u'console_scripts' |
| − | + | ||
import sys | import sys | ||
| − | |||
| − | if __name__ == | + | from neutron_vpnaas.cmd.eventlet.vyatta_agent import main |
| − | sys.exit( | + | |
| − | + | ||
| − | + | if __name__ == "__main__": | |
| + | sys.exit(main()) | ||
| − | |||
5. Restart Vyatta-VPN agent. | 5. Restart Vyatta-VPN agent. | ||
| − | + | /usr/bin/python /usr/local/bin/vyatta-vpn-agent --config-file /etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent.ini --config-file=/etc/neutron/vpn_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/brocade/vyatta/vrouter.ini | |
| + | NOTE: make sure neutron-l3-agent is not started. vyatta-vpn-agent includes both traditional L3 agent and Vyatta VPN agent functionality | ||
</big> | </big> | ||
Latest revision as of 23:18, 6 May 2015
Overview:
The Brocade Vyatta VPN plugin provides VPNaaS solution using Brocade Vyatta vRouter VM running as a Neutron router. The plugin implements IPSec Site-to-Site tunnel to connect tenant private networks to remote networks using vRouter VM.
The plugin contains two parts. Vyatta VPN service-driver that interacts with neutron-server's vpn service-plugin and Vyatta VPN device-driver which is bundled with neutron-l3-agent. Both these components need to be configured correctly for the VPN functionality to work.
Neutron L3 agent's Vyatta VPN device-driver component is the one that will invoke the Vyatta vRouter REST APIs for the below CRUD APIs as and when determined by the VPNaaS plugin.
1. create / delete ike policy
2. create / delete ipsec policy
3. create / delete vpn-service policy
4. create / delete ipsec-site-connection
'
Block Diagram
+----------------------+ +----------------------+
| Neutron Server | | Neutron L3 Agent |
| | | |
| | | |
| +------------------+ | | +------------------+ |
| | VPN | | | | VPN Agent | |
| | Service Plugin | | | +------------------+ |
| +------------------+ | | | Vyatta VPN | |
| | Vyatta VPN | | RPC | | Device Driver | |
| | Service Driver | + <--------------> | | | |
+-+------------------+-+ +-+--------+---------+-+
|
|
| REST API
|
+--------v---------+
| |
| |
| Vyatta vRouter |
| |
| |
| |
| |
+------------------+
Configuration
1. Refer to link https://wiki.openstack.org/wiki/Brocade_Vyatta_L3_Plugin for Vyatta vRouter L3 plugin configuration.
2. Edit Neutron configuration file /etc/neutron/neutron.conf to specify Vyatta vRouter L3 plugin and Vyatta VPN plugin service-driver
service_plugins = neutron.services.l3_router.brocade.vyatta.vrouter_neutron_plugin.VyattaVRouterPlugin,neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin
[service_providers] service_provider = VPN:vyatta:neutron_vpnaas.services.vpn.service_drivers.vyatta_ipsec.VyattaIPsecDriver:default
3. Edit the /etc/neutron/vpn_agent.ini file to specify Brocade Vyatta VPN agent device-driver
[vpnagent] vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver
4. Create a launcher utility with Vyatta VPN agent entry point, preferably in a file in /usr/local/bin/vyatta-vpn-agent,
#!/usr/bin/python
# PBR Generated from u'console_scripts'
import sys
from neutron_vpnaas.cmd.eventlet.vyatta_agent import main
if __name__ == "__main__":
sys.exit(main())
5. Restart Vyatta-VPN agent.
/usr/bin/python /usr/local/bin/vyatta-vpn-agent --config-file /etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent.ini --config-file=/etc/neutron/vpn_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/brocade/vyatta/vrouter.ini
NOTE: make sure neutron-l3-agent is not started. vyatta-vpn-agent includes both traditional L3 agent and Vyatta VPN agent functionality
