Difference between revisions of "Neutron/VPNaaS/Brocade Vyatta VPNaaS Plugin"
(→Overview:) |
(This page describes how to configure Brocade Vyatta VPN plugin for OpenStack Neutron) |
||
Line 4: | Line 4: | ||
The plugin implements IPSec Site-to-Site tunnel to connect tenant private networks to remote networks using vRouter VM. | The plugin implements IPSec Site-to-Site tunnel to connect tenant private networks to remote networks using vRouter VM. | ||
− | The plugin contains two parts. Vyatta VPN service-driver that interacts with neutron-server's vpn service-plugin and Vyatta VPN device-driver which is bundled with neutron-l3-agent. Both these components need to be configured correctly for the functionality to work. | + | The plugin contains two parts. Vyatta VPN service-driver that interacts with neutron-server's vpn service-plugin and Vyatta VPN device-driver which is bundled with neutron-l3-agent. Both these components need to be configured correctly for the VPN functionality to work. |
− | Vyatta VPN device-driver component is the one that will invoke the Vyatta vRouter REST APIs for the below CRUD APIs as and when determined by the VPNaaS plugin. | + | Neutron L3 agent's Vyatta VPN device-driver component is the one that will invoke the Vyatta vRouter REST APIs for the below CRUD APIs as and when determined by the VPNaaS plugin. |
1. create / delete ike policy | 1. create / delete ike policy | ||
Line 21: | Line 21: | ||
<big> | <big> | ||
− | 1. Refer to link https://wiki.openstack.org/wiki/Brocade_Vyatta_L3_Plugin for L3 plugin configuration. | + | 1. Refer to link https://wiki.openstack.org/wiki/Brocade_Vyatta_L3_Plugin for Vyatta vRouter L3 plugin configuration. |
2. Edit Neutron configuration file /etc/neutron/neutron.conf to specify Vyatta vRouter L3 plugin and Vyatta VPN plugin service-driver | 2. Edit Neutron configuration file /etc/neutron/neutron.conf to specify Vyatta vRouter L3 plugin and Vyatta VPN plugin service-driver | ||
service_plugins = neutron.plugins.brocade.vyatta.vrouter_neutron_plugin.VyattaVRouterPlugin,neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin | service_plugins = neutron.plugins.brocade.vyatta.vrouter_neutron_plugin.VyattaVRouterPlugin,neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin | ||
+ | service_provider = VPN:vyatta:neutron_vpnaas.services.vpn.service_drivers.vyatta_ipsec.VyattaIPsecDriver:default | ||
− | 3. Edit the /etc/neutron/vpn_agent.ini file to | + | 3. Edit the /etc/neutron/vpn_agent.ini file to specify Brocade Vyatta VPN agent device-driver |
[vpnagent] | [vpnagent] | ||
vpn_device_driver=neutron.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver | vpn_device_driver=neutron.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver | ||
− | 4. Create a | + | 4. Create a launcher utility with Vyatta VPN agent entry point, preferably in a file in /usr/local/bin/vyatta-vpn-agent, |
#!/usr/bin/python | #!/usr/bin/python | ||
Line 49: | Line 50: | ||
5. Restart Vyatta-VPN agent. | 5. Restart Vyatta-VPN agent. | ||
− | + | /usr/bin/python /usr/local/bin/vyatta-vpn-agent --config-file /etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent.ini --config-file=/etc/neutron/vpn_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/brocade/vyatta/vrouter.ini | |
+ | NOTE: make sure neutron-l3-agent is not started. vyatta-vpn-agent includes both traditional L3 agent and Vyatta VPN agent functionality | ||
</big> | </big> |
Revision as of 21:42, 19 February 2015
Overview:
The Brocade Vyatta VPN plugin provides VPNaaS solution using Brocade Vyatta vRouter VM running as a Neutron router. The plugin implements IPSec Site-to-Site tunnel to connect tenant private networks to remote networks using vRouter VM.
The plugin contains two parts. Vyatta VPN service-driver that interacts with neutron-server's vpn service-plugin and Vyatta VPN device-driver which is bundled with neutron-l3-agent. Both these components need to be configured correctly for the VPN functionality to work.
Neutron L3 agent's Vyatta VPN device-driver component is the one that will invoke the Vyatta vRouter REST APIs for the below CRUD APIs as and when determined by the VPNaaS plugin.
1. create / delete ike policy
2. create / delete ipsec policy
3. create / delete vpn-service policy
4. create / delete ipsec-site-connection
Configuration
1. Refer to link https://wiki.openstack.org/wiki/Brocade_Vyatta_L3_Plugin for Vyatta vRouter L3 plugin configuration.
2. Edit Neutron configuration file /etc/neutron/neutron.conf to specify Vyatta vRouter L3 plugin and Vyatta VPN plugin service-driver
service_plugins = neutron.plugins.brocade.vyatta.vrouter_neutron_plugin.VyattaVRouterPlugin,neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin service_provider = VPN:vyatta:neutron_vpnaas.services.vpn.service_drivers.vyatta_ipsec.VyattaIPsecDriver:default
3. Edit the /etc/neutron/vpn_agent.ini file to specify Brocade Vyatta VPN agent device-driver
[vpnagent] vpn_device_driver=neutron.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver
4. Create a launcher utility with Vyatta VPN agent entry point, preferably in a file in /usr/local/bin/vyatta-vpn-agent,
#!/usr/bin/python # EASY-INSTALL-ENTRY-SCRIPT: 'neutron-vpnaas==2015.1.dev51','console_scripts','vyatta-vpn-agent' __requires__ = 'neutron-vpnaas==2015.1.dev51' import sys from pkg_resources import load_entry_point if __name__ == '__main__': sys.exit( load_entry_point('neutron-vpnaas==2015.1.dev51', 'console_scripts', 'vyatta-vpn-agent')() )
NOTE: Replace neutron-vpnaas pkg version 2015.1.dev51 to the correct version in your deployment
5. Restart Vyatta-VPN agent.
/usr/bin/python /usr/local/bin/vyatta-vpn-agent --config-file /etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent.ini --config-file=/etc/neutron/vpn_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/brocade/vyatta/vrouter.ini
NOTE: make sure neutron-l3-agent is not started. vyatta-vpn-agent includes both traditional L3 agent and Vyatta VPN agent functionality