Difference between revisions of "Neutron/VPNaaS/Brocade Vyatta VPNaaS Plugin"
(→Overview:) |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
The plugin implements IPSec Site-to-Site tunnel to connect tenant private networks to remote networks using vRouter VM. | The plugin implements IPSec Site-to-Site tunnel to connect tenant private networks to remote networks using vRouter VM. | ||
− | The plugin contains two parts. Vyatta VPN service-driver that interacts with neutron-server's vpn service-plugin and Vyatta VPN device-driver which is bundled with neutron-l3-agent. Both these components need to be configured correctly for the functionality to work. | + | The plugin contains two parts. Vyatta VPN service-driver that interacts with neutron-server's vpn service-plugin and Vyatta VPN device-driver which is bundled with neutron-l3-agent. Both these components need to be configured correctly for the VPN functionality to work. |
− | Vyatta VPN device-driver component is the one that will invoke the Vyatta vRouter REST APIs for the below CRUD APIs as and when determined by the VPNaaS plugin. | + | Neutron L3 agent's Vyatta VPN device-driver component is the one that will invoke the Vyatta vRouter REST APIs for the below CRUD APIs as and when determined by the VPNaaS plugin. |
1. create / delete ike policy | 1. create / delete ike policy | ||
Line 17: | Line 17: | ||
</big> | </big> | ||
+ | ' | ||
+ | ==Block Diagram== | ||
+ | <big> | ||
+ | +----------------------+ +----------------------+ | ||
+ | | Neutron Server | | Neutron L3 Agent | | ||
+ | | | | | | ||
+ | | | | | | ||
+ | | +------------------+ | | +------------------+ | | ||
+ | | | VPN | | | | VPN Agent | | | ||
+ | | | Service Plugin | | | +------------------+ | | ||
+ | | +------------------+ | | | Vyatta VPN | | | ||
+ | | | Vyatta VPN | | RPC | | Device Driver | | | ||
+ | | | Service Driver | + <--------------> | | | | | ||
+ | +-+------------------+-+ +-+--------+---------+-+ | ||
+ | | | ||
+ | | | ||
+ | | REST API | ||
+ | | | ||
+ | +--------v---------+ | ||
+ | | | | ||
+ | | | | ||
+ | | Vyatta vRouter | | ||
+ | | | | ||
+ | | | | ||
+ | | | | ||
+ | | | | ||
+ | +------------------+ | ||
+ | |||
+ | |||
+ | |||
+ | </big> | ||
=='''Configuration'''== | =='''Configuration'''== | ||
<big> | <big> | ||
− | 1. Refer to link https://wiki.openstack.org/wiki/Brocade_Vyatta_L3_Plugin for L3 plugin configuration. | + | 1. Refer to link https://wiki.openstack.org/wiki/Brocade_Vyatta_L3_Plugin for Vyatta vRouter L3 plugin configuration. |
2. Edit Neutron configuration file /etc/neutron/neutron.conf to specify Vyatta vRouter L3 plugin and Vyatta VPN plugin service-driver | 2. Edit Neutron configuration file /etc/neutron/neutron.conf to specify Vyatta vRouter L3 plugin and Vyatta VPN plugin service-driver | ||
− | service_plugins = neutron. | + | service_plugins = neutron.services.l3_router.brocade.vyatta.vrouter_neutron_plugin.VyattaVRouterPlugin,neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin |
− | 3. Edit the /etc/neutron/vpn_agent.ini file to | + | [service_providers] |
+ | service_provider = VPN:vyatta:neutron_vpnaas.services.vpn.service_drivers.vyatta_ipsec.VyattaIPsecDriver:default | ||
+ | |||
+ | 3. Edit the /etc/neutron/vpn_agent.ini file to specify Brocade Vyatta VPN agent device-driver | ||
[vpnagent] | [vpnagent] | ||
− | vpn_device_driver= | + | vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver |
− | 4. Create a | + | 4. Create a launcher utility with Vyatta VPN agent entry point, preferably in a file in /usr/local/bin/vyatta-vpn-agent, |
#!/usr/bin/python | #!/usr/bin/python | ||
− | # | + | # PBR Generated from u'console_scripts' |
− | + | ||
import sys | import sys | ||
− | |||
− | if __name__ == | + | from neutron_vpnaas.cmd.eventlet.vyatta_agent import main |
− | sys.exit( | + | |
− | + | ||
− | + | if __name__ == "__main__": | |
+ | sys.exit(main()) | ||
− | |||
5. Restart Vyatta-VPN agent. | 5. Restart Vyatta-VPN agent. | ||
− | + | /usr/bin/python /usr/local/bin/vyatta-vpn-agent --config-file /etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent.ini --config-file=/etc/neutron/vpn_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/brocade/vyatta/vrouter.ini | |
+ | NOTE: make sure neutron-l3-agent is not started. vyatta-vpn-agent includes both traditional L3 agent and Vyatta VPN agent functionality | ||
</big> | </big> |
Latest revision as of 23:18, 6 May 2015
Overview:
The Brocade Vyatta VPN plugin provides VPNaaS solution using Brocade Vyatta vRouter VM running as a Neutron router. The plugin implements IPSec Site-to-Site tunnel to connect tenant private networks to remote networks using vRouter VM.
The plugin contains two parts. Vyatta VPN service-driver that interacts with neutron-server's vpn service-plugin and Vyatta VPN device-driver which is bundled with neutron-l3-agent. Both these components need to be configured correctly for the VPN functionality to work.
Neutron L3 agent's Vyatta VPN device-driver component is the one that will invoke the Vyatta vRouter REST APIs for the below CRUD APIs as and when determined by the VPNaaS plugin.
1. create / delete ike policy
2. create / delete ipsec policy
3. create / delete vpn-service policy
4. create / delete ipsec-site-connection
'
Block Diagram
+----------------------+ +----------------------+ | Neutron Server | | Neutron L3 Agent | | | | | | | | | | +------------------+ | | +------------------+ | | | VPN | | | | VPN Agent | | | | Service Plugin | | | +------------------+ | | +------------------+ | | | Vyatta VPN | | | | Vyatta VPN | | RPC | | Device Driver | | | | Service Driver | + <--------------> | | | | +-+------------------+-+ +-+--------+---------+-+ | | | REST API | +--------v---------+ | | | | | Vyatta vRouter | | | | | | | | | +------------------+
Configuration
1. Refer to link https://wiki.openstack.org/wiki/Brocade_Vyatta_L3_Plugin for Vyatta vRouter L3 plugin configuration.
2. Edit Neutron configuration file /etc/neutron/neutron.conf to specify Vyatta vRouter L3 plugin and Vyatta VPN plugin service-driver
service_plugins = neutron.services.l3_router.brocade.vyatta.vrouter_neutron_plugin.VyattaVRouterPlugin,neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin
[service_providers] service_provider = VPN:vyatta:neutron_vpnaas.services.vpn.service_drivers.vyatta_ipsec.VyattaIPsecDriver:default
3. Edit the /etc/neutron/vpn_agent.ini file to specify Brocade Vyatta VPN agent device-driver
[vpnagent] vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver
4. Create a launcher utility with Vyatta VPN agent entry point, preferably in a file in /usr/local/bin/vyatta-vpn-agent,
#!/usr/bin/python # PBR Generated from u'console_scripts' import sys from neutron_vpnaas.cmd.eventlet.vyatta_agent import main if __name__ == "__main__": sys.exit(main())
5. Restart Vyatta-VPN agent.
/usr/bin/python /usr/local/bin/vyatta-vpn-agent --config-file /etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent.ini --config-file=/etc/neutron/vpn_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/brocade/vyatta/vrouter.ini
NOTE: make sure neutron-l3-agent is not started. vyatta-vpn-agent includes both traditional L3 agent and Vyatta VPN agent functionality