Jump to: navigation, search

Difference between revisions of "Neutron/VPNaaS/Brocade Vyatta VPNaaS Plugin"

(Describes Brocade Vyatta VPN plugin configuration)
 
(Overview:)
Line 2: Line 2:
  
 
<big>The Brocade Vyatta VPN plugin provides VPNaaS solution using Brocade Vyatta vRouter VM running as a  Neutron router.  
 
<big>The Brocade Vyatta VPN plugin provides VPNaaS solution using Brocade Vyatta vRouter VM running as a  Neutron router.  
The driver implements IPSec Site-to-Site tunnel to connect tenant private networks to remote networks using vRouter VM.
+
The plugin implements IPSec Site-to-Site tunnel to connect tenant private networks to remote networks using vRouter VM.
  
Vyatta VPNaaS device driver will invoke the Vyatta vRouter REST APIs for the below CRUD APIs as and when determined by the VPNaaS agent.
+
The plugin contains two parts. Vyatta VPN service-driver that interacts with neutron-server's vpn service-plugin and Vyatta VPN device-driver which is bundled with neutron-l3-agent. Both these components need to be configured correctly for the functionality to work.
 +
 
 +
Vyatta VPN device-driver component is the one that will invoke the Vyatta vRouter REST APIs for the below CRUD APIs as and when determined by the VPNaaS plugin.
  
 
1. create / delete ike policy
 
1. create / delete ike policy

Revision as of 01:43, 19 February 2015

Overview:

The Brocade Vyatta VPN plugin provides VPNaaS solution using Brocade Vyatta vRouter VM running as a Neutron router. The plugin implements IPSec Site-to-Site tunnel to connect tenant private networks to remote networks using vRouter VM.

The plugin contains two parts. Vyatta VPN service-driver that interacts with neutron-server's vpn service-plugin and Vyatta VPN device-driver which is bundled with neutron-l3-agent. Both these components need to be configured correctly for the functionality to work.

Vyatta VPN device-driver component is the one that will invoke the Vyatta vRouter REST APIs for the below CRUD APIs as and when determined by the VPNaaS plugin.

1. create / delete ike policy

2. create / delete ipsec policy

3. create / delete vpn-service policy

4. create / delete ipsec-site-connection

Configuration

1. Refer to link https://wiki.openstack.org/wiki/Brocade_Vyatta_L3_Plugin for L3 plugin configuration.

2. Edit Neutron configuration file /etc/neutron/neutron.conf to specify Vyatta vRouter L3 plugin and Vyatta VPN plugin service-driver

  service_plugins = neutron.plugins.brocade.vyatta.vrouter_neutron_plugin.VyattaVRouterPlugin,neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin

3. Edit the /etc/neutron/vpn_agent.ini file to use Brocade Vyatta VPN plugin device-driver

  [vpnagent]
  vpn_device_driver=neutron.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver

4. Create a launch utility with Vyatta VPN agent entry point, preferably in a file called /usr/local/bin/vyatta-vpn-agent,

  #!/usr/bin/python
  # EASY-INSTALL-ENTRY-SCRIPT: 'neutron-vpnaas==2015.1.dev51','console_scripts','vyatta-vpn-agent'
  __requires__ = 'neutron-vpnaas==2015.1.dev51'
  import sys
  from pkg_resources import load_entry_point
  
  if __name__ == '__main__':
      sys.exit(
          load_entry_point('neutron-vpnaas==2015.1.dev51', 'console_scripts', 'vyatta-vpn-agent')()
      )
  NOTE: Replace neutron-vpnaas pkg version 2015.1.dev51 to the correct version in your deployment 

5. Restart Vyatta-VPN agent.

 /usr/bin/python /usr/local/bin/vyatta-vpn-agent --config-file /etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent.ini --config-file=/etc/neutron/vpn_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/brocade/vyatta/vrouter.ini