Difference between revisions of "Neutron/VPNaaS/Brocade Vyatta VPNaaS Plugin"
(Describes Brocade Vyatta VPN plugin configuration) |
(→Overview:) |
||
Line 2: | Line 2: | ||
<big>The Brocade Vyatta VPN plugin provides VPNaaS solution using Brocade Vyatta vRouter VM running as a Neutron router. | <big>The Brocade Vyatta VPN plugin provides VPNaaS solution using Brocade Vyatta vRouter VM running as a Neutron router. | ||
− | The | + | The plugin implements IPSec Site-to-Site tunnel to connect tenant private networks to remote networks using vRouter VM. |
− | Vyatta | + | The plugin contains two parts. Vyatta VPN service-driver that interacts with neutron-server's vpn service-plugin and Vyatta VPN device-driver which is bundled with neutron-l3-agent. Both these components need to be configured correctly for the functionality to work. |
+ | |||
+ | Vyatta VPN device-driver component is the one that will invoke the Vyatta vRouter REST APIs for the below CRUD APIs as and when determined by the VPNaaS plugin. | ||
1. create / delete ike policy | 1. create / delete ike policy |
Revision as of 01:43, 19 February 2015
Overview:
The Brocade Vyatta VPN plugin provides VPNaaS solution using Brocade Vyatta vRouter VM running as a Neutron router. The plugin implements IPSec Site-to-Site tunnel to connect tenant private networks to remote networks using vRouter VM.
The plugin contains two parts. Vyatta VPN service-driver that interacts with neutron-server's vpn service-plugin and Vyatta VPN device-driver which is bundled with neutron-l3-agent. Both these components need to be configured correctly for the functionality to work.
Vyatta VPN device-driver component is the one that will invoke the Vyatta vRouter REST APIs for the below CRUD APIs as and when determined by the VPNaaS plugin.
1. create / delete ike policy
2. create / delete ipsec policy
3. create / delete vpn-service policy
4. create / delete ipsec-site-connection
Configuration
1. Refer to link https://wiki.openstack.org/wiki/Brocade_Vyatta_L3_Plugin for L3 plugin configuration.
2. Edit Neutron configuration file /etc/neutron/neutron.conf to specify Vyatta vRouter L3 plugin and Vyatta VPN plugin service-driver
service_plugins = neutron.plugins.brocade.vyatta.vrouter_neutron_plugin.VyattaVRouterPlugin,neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin
3. Edit the /etc/neutron/vpn_agent.ini file to use Brocade Vyatta VPN plugin device-driver
[vpnagent] vpn_device_driver=neutron.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver
4. Create a launch utility with Vyatta VPN agent entry point, preferably in a file called /usr/local/bin/vyatta-vpn-agent,
#!/usr/bin/python # EASY-INSTALL-ENTRY-SCRIPT: 'neutron-vpnaas==2015.1.dev51','console_scripts','vyatta-vpn-agent' __requires__ = 'neutron-vpnaas==2015.1.dev51' import sys from pkg_resources import load_entry_point if __name__ == '__main__': sys.exit( load_entry_point('neutron-vpnaas==2015.1.dev51', 'console_scripts', 'vyatta-vpn-agent')() )
NOTE: Replace neutron-vpnaas pkg version 2015.1.dev51 to the correct version in your deployment
5. Restart Vyatta-VPN agent.
/usr/bin/python /usr/local/bin/vyatta-vpn-agent --config-file /etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent.ini --config-file=/etc/neutron/vpn_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/brocade/vyatta/vrouter.ini