Networking API v2.0

Networking API v2.0

General API Overview

API guide

This section introduces readers to OpenStack Networking (v2) API, providers guidelines on how to use it, and describes common features available to users throughout all Networking APIs.

General information

The Networking API v2.0 is a ReSTful HTTP service that uses all aspects of the HTTP protocol including methods, URIs, media types, response codes, and so on. Providers can use existing features of the protocol including caching, persistent connections, and content compression. For example, providers who employ a caching layer can respond with a 203 code instead of a 200 code when a request is served from the cache. Additionally, providers can offer support for conditional GET requests by using ETags, or they may send a redirect in response to a GET request. Create clients so that these differences are accounted for.

Authentication and authorization

The Networking API v2.0 uses the OpenStack Identity service as the default authentication service. When Keystone is enabled, users that submit requests to the OpenStack Networking service must provide an authentication token in X-Auth-Token request header. You obtain the token by authenticating to the Keystone endpoint.

When Keystone is enabled, the project_id attribute is not required in create requests because the project ID is derived from the authentication token.

NOTE: Currently the Networking API accepts the deprecated tenant_id attribute for the project ID for backward compatibility.

The default authorization settings allow only administrative users to create resources on behalf of a different project.

OpenStack Networking uses information received from Keystone to authorize user requests. OpenStack Networking handles the following types of authorization policies:

  • Operation-based policies specify access criteria for specific operations, possibly with fine-grained control over specific attributes.
  • Resource-based policies access a specific resource. Permissions might or might not be granted depending on the permissions configured for the resource. Currently available for only the network resource.

The actual authorization policies enforced in OpenStack Networking might vary from deployment to deployment.

Request and response formats

The Networking API v2.0 supports JSON data serialization request and response formats only.

Request format

The Networking API v2.0 only accepts requests with the JSON data serialization format. The Content-Type header is ignored.

Tenant and project attributes in requests

Starting with the Newton release of the Networking service, the Networking API accepts the project_id attribute in addition to the tenant_id attribute in requests. The tenant_id attribute is accepted for backward compatibility. If both the project_id and the tenant_id attribute are provided in the same request, their values must be identical.

To determine whether a Networking API v2.0 endpoint supports the project_id attribute in requests, check that the project-id API extension is enabled (see Extensions).

Response format

The Networking API v2.0 always responds with the JSON data serialization format. The Accept header is ignored.

Query extension

A .json extension can be added to the request URI. For example, the .json extension in the following requests are equivalent:

  • GET publicURL/networks
  • GET publicURL/networks.json

Tenant and project attributes in responses

Starting with the Newton release of the Networking service, the Networking API returns a project_id attribute in responses, while still returning a tenant_id attribute for backward compatibility. The values will always be identical.

To determine whether a Networking API v2.0 endpoint returns the project_id attribute in responses, check that the project-id API extension is enabled (see Extensions).

Filtering and column selection

The Networking API v2.0 supports filtering based on all top level attributes of a resource. Filters are applicable to all list requests.

For example, the following request returns all networks named foobar:

GET /v2.0/networks?name=foobar

When you specify multiple filters, the Networking API v2.0 returns only objects that meet all filtering criteria. The operation applies an AND condition among the filters.

Note

OpenStack Networking does not offer an OR mechanism for filters.

Alternatively, you can issue a distinct request for each filter and build a response set from the received responses on the client-side.

By default, OpenStack Networking returns all attributes for any show or list call. The Networking API v2.0 has a mechanism to limit the set of attributes returned. For example, return id.

You can use the fields query parameter to control the attributes returned from the Networking API v2.0.

For example, the following request returns only id and name for each network:

GET /v2.0/networks.json?fields=id&fields=name

Synchronous versus asynchronous plug-in behavior

The Networking API v2.0 presents a logical model of network connectivity consisting of networks, ports, and subnets. It is up to the OpenStack Networking plug-in to communicate with the underlying infrastructure to ensure packet forwarding is consistent with the logical model. A plug-in might perform these operations asynchronously.

When an API client modifies the logical model by issuing an HTTP POST, PUT, or DELETE request, the API call might return before the plug-in modifies underlying virtual and physical switching devices. However, an API client is guaranteed that all subsequent API calls properly reflect the changed logical model.

For example, if a client issues an HTTP PUT request to set the attachment for a port, there is no guarantee that packets sent by the interface named in the attachment are forwarded immediately when the HTTP call returns. However, it is guaranteed that a subsequent HTTP GET request to view the attachment on that port returns the new attachment value.

You can use the status attribute with the network and port resources to determine whether the OpenStack Networking plug-in has successfully completed the configuration of the resource.

Bulk-create

The Networking API v2.0 enables you to create several objects of the same type in the same API request. Bulk create operations use exactly the same API syntax as single create operations except that you specify a list of objects rather than a single object in the request body.

Bulk operations are always performed atomically, meaning that either all or none of the objects in the request body are created. If a particular plug-in does not support atomic operations, the Networking API v2.0 emulates the atomic behavior so that users can expect the same behavior regardless of the particular plug-in running in the background.

OpenStack Networking might be deployed without support for bulk operations and when the client attempts a bulk create operation, a 400 Bad request error is returned.

Sorting

You can use the sort_key and sort_dir parameters to sort the results of list operations. Currently sorting does not work with extended attributes of resource. The sort_key and sort_dir can be repeated, and the number of sort_key and sort_dir provided must be same. The sort_dir parameter indicates in which direction to sort. Acceptable values are asc (ascending) and desc (descending).

Sorting is optional feature of OpenStack Networking API, and it might be disabled. If sorting is disabled, the sorting parameters are ignored.

If a particular plug-in does not support sorting operations and sorting is enabled, the Networking API v2.0 emulates the sorting behavior so that users can expect the same behavior regardless of the particular plug-in that runs in the background.

To determine if sorting is supported, a user can check whether the ‘sorting’ extension API is available.

Extensions

The Networking API v2.0 is extensible.

The purpose of Networking API v2.0 extensions is to:

  • Introduce new features in the API without requiring a version change.
  • Introduce vendor-specific niche functionality.
  • Act as a proving ground for experimental functionalities that might be included in a future version of the API.

To programmatically determine which extensions are available, issue a GET request on the v2.0/extensions URI.

To query extensions individually by unique alias, issue a GET request on the /v2.0/extensions/*alias_name* URI. Use this method to easily determine if an extension is available. If the extension is not available, a 404 Not Found response is returned.

You can extend existing core API resources with new actions or extra attributes. Also, you can add new resources as extensions. Extensions usually have tags that prevent conflicts with other extensions that define attributes or resources with the same names, and with core resources and attributes. Because an extension might not be supported by all plug-ins, the availability of an extension varies with deployments and the specific plug-in in use.

Faults

The Networking API v2.0 returns an error response if a failure occurs while processing a request. OpenStack Networking uses only standard HTTP error codes. 4nn errors indicate problems in the particular request being sent from the client.

Error Description
400 Bad request Malformed request URI or body requested admin state invalid Invalid values entered Bulk operations disallowed Validation failed Method not allowed for request body (such as trying to update attributes that can be specified at create-time only)
404 Not Found Non existent URI Resource not found
409 Conflict Port configured on network IP allocated on subnet Conflicting IP allocation pools for subnet
500 Internal server error Internal OpenStack Networking error
503 Service unavailable Failure in Mac address generation

Users submitting requests to the Networking API v2.0 might also receive the following errors:

  • 401 Unauthorized - If invalid credentials are provided.
  • 403 Forbidden - If the user cannot access a specific resource or perform the requested operation.

API versions

Lists information for all Networking API versions.

GET
/

List API versions

Lists information about all Networking API versions.

Normal response codes: 200

Request

Response Parameters

Name In Type Description
versions body array List of versions.
status body string Status of the API, which can be CURRENT, STABLE or DEPRECATED.
id body string Version of the API.
links body array List of version links. Each link is a dict with ‘href’ and ‘rel’.
href body string Link to the API.
rel body string Relationship of link with the version.

Response Example

{
    "versions": [
        {
            "status": "CURRENT",
            "id": "v2.0",
            "links": [
                {
                    "href": "http://23.253.228.211:9696/v2.0",
                    "rel": "self"
                }
            ]
        }
    ]
}
GET
/v2.0/

Show API v2 details

Shows details for Networking API v2.0.

Normal response codes: 200

Error response codes: 401

Request

Response Parameters

Name In Type Description
resources body array List of resource objects.
name body string Name of the resource.
collection body string Collection name of the resource.
links body array List of links related to the resource. Each link is a dict with ‘href’ and ‘rel’.
href body string Link to the resource.
rel body string Relationship between link and the resource.

Response Example

{
    "resources": [
        {
            "links": [
                {
                    "href": "http://23.253.228.211:9696/v2.0/subnets",
                    "rel": "self"
                }
            ],
            "name": "subnet",
            "collection": "subnets"
        },
        {
            "links": [
                {
                    "href": "http://23.253.228.211:9696/v2.0/networks",
                    "rel": "self"
                }
            ],
            "name": "network",
            "collection": "networks"
        },
        {
            "links": [
                {
                    "href": "http://23.253.228.211:9696/v2.0/ports",
                    "rel": "self"
                }
            ],
            "name": "port",
            "collection": "ports"
        }
    ]
}

Extensions

Extensions introduce features and vendor-specific functionality to the API.

GET
/v2.0/extensions

List extensions

Lists available extensions.

Lists available Networking API v2.0 extensions and shows details for an extension.

Normal response codes: 200

Error response codes: 401

Request

Response Parameters

Name In Type Description
extensions body array A list of extension objects.
name body string Human-readable name of the resource.
links body array List of links related to the extension.
alias body string The alias for the extension. For example “quotas” or “security-group”.
updated body string The date and timestamp when the extension was last updated.
description body string The human-readable description for the resource.

Response Example

{
    "extensions": [
        {
            "updated": "2013-01-20T00:00:00-00:00",
            "name": "Neutron Service Type Management",
            "links": [],
            "alias": "service-type",
            "description": "API for retrieving service providers for Neutron advanced services"
        },
        {
            "updated": "2012-10-05T10:00:00-00:00",
            "name": "security-group",
            "links": [],
            "alias": "security-group",
            "description": "The security groups extension."
        },
        {
            "updated": "2013-02-07T10:00:00-00:00",
            "name": "L3 Agent Scheduler",
            "links": [],
            "alias": "l3_agent_scheduler",
            "description": "Schedule routers among l3 agents"
        },
        {
            "updated": "2013-02-07T10:00:00-00:00",
            "name": "Loadbalancer Agent Scheduler",
            "links": [],
            "alias": "lbaas_agent_scheduler",
            "description": "Schedule pools among lbaas agents"
        },
        {
            "updated": "2013-03-28T10:00:00-00:00",
            "name": "Neutron L3 Configurable external gateway mode",
            "links": [],
            "alias": "ext-gw-mode",
            "description": "Extension of the router abstraction for specifying whether SNAT should occur on the external gateway"
        },
        {
            "updated": "2014-02-03T10:00:00-00:00",
            "name": "Port Binding",
            "links": [],
            "alias": "binding",
            "description": "Expose port bindings of a virtual port to external application"
        },
        {
            "updated": "2012-09-07T10:00:00-00:00",
            "name": "Provider Network",
            "links": [],
            "alias": "provider",
            "description": "Expose mapping of virtual networks to physical networks"
        },
        {
            "updated": "2013-02-03T10:00:00-00:00",
            "name": "agent",
            "links": [],
            "alias": "agent",
            "description": "The agent management extension."
        },
        {
            "updated": "2012-07-29T10:00:00-00:00",
            "name": "Quota management support",
            "links": [],
            "alias": "quotas",
            "description": "Expose functions for quotas management per tenant"
        },
        {
            "updated": "2013-02-07T10:00:00-00:00",
            "name": "DHCP Agent Scheduler",
            "links": [],
            "alias": "dhcp_agent_scheduler",
            "description": "Schedule networks among dhcp agents"
        },
        {
            "updated": "2013-06-27T10:00:00-00:00",
            "name": "Multi Provider Network",
            "links": [],
            "alias": "multi-provider",
            "description": "Expose mapping of virtual networks to multiple physical networks"
        },
        {
            "updated": "2013-01-14T10:00:00-00:00",
            "name": "Neutron external network",
            "links": [],
            "alias": "external-net",
            "description": "Adds external network attribute to network resource."
        },
        {
            "updated": "2012-07-20T10:00:00-00:00",
            "name": "Neutron L3 Router",
            "links": [],
            "alias": "router",
            "description": "Router abstraction for basic L3 forwarding between L2 Neutron networks and access to external networks via a NAT gateway."
        },
        {
            "updated": "2013-07-23T10:00:00-00:00",
            "name": "Allowed Address Pairs",
            "links": [],
            "alias": "allowed-address-pairs",
            "description": "Provides allowed address pairs"
        },
        {
            "updated": "2013-03-17T12:00:00-00:00",
            "name": "Neutron Extra DHCP opts",
            "links": [],
            "alias": "extra_dhcp_opt",
            "description": "Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be specified (e.g. tftp-server, server-ip-address, bootfile-name)"
        },
        {
            "updated": "2012-10-07T10:00:00-00:00",
            "name": "LoadBalancing service",
            "links": [],
            "alias": "lbaas",
            "description": "Extension for LoadBalancing service"
        },
        {
            "updated": "2013-02-01T10:00:00-00:00",
            "name": "Neutron Extra Route",
            "links": [],
            "alias": "extraroute",
            "description": "Extra routes configuration for L3 router"
        }
    ]
}
GET
/v2.0/extensions/{alias}

Show extension details

Shows details for an extension, by alias. The response shows the extension name and its alias. To show details for an extension, you specify the alias.

Normal response codes: 200

Error response codes: 401, 404

Request

Name In Type Description
alias path string The alias of an extension.

Response Parameters

Name In Type Description
extension body object An extension object.
name body string Human-readable name of the resource.
links body array List of links related to the extension.
alias body string The alias for the extension. For example “quotas” or “security-group”.
updated body string The date and timestamp when the extension was last updated.
description body string The human-readable description for the resource.

Response Example

{
    "extension": {
        "updated": "2013-02-03T10:00:00-00:00",
        "name": "agent",
        "links": [],
        "alias": "agent",
        "description": "The agent management extension."
    }
}

Layer 2 Networking

Networks provider extended attributes (networks)

Lists, creates, shows information for, updates, and deletes networks.

The provider extension decorates network resources with additional attributes. These attributes are provider:network_type, provider:physical_network, and provider:segmentation_id. The validation rules for these attributes are the same as for the Networks multiple provider extension . You cannot use both extensions at the same time.

GET
/v2.0/networks/{network_id}

Show network details (provider network)

Shows details for a network.

Normal response codes: 200

Error response codes: 404,401

Request

Name In Type Description
network_id (Optional) path string The UUID of the network.

Response Parameters

Name In Type Description
status body string The network status.
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
availability_zone_hints body array The availability zone candidate for the network.
availability_zones body array The availability zone for the network.
name body string Human-readable name of the resource.
provider:physical_network (Optional) body string The physical network where this network object is implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each Compute host.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
provider:segmentation_id (Optional) body string An isolated segment on the physical network. The network_type attribute defines the segmentation model. For example, if the network_type value is vlan, this ID is a vlan identifier. If the network_type value is gre, this ID is a gre key.
mtu body integer The MTU of a network resource.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
subnets body array The associated subnets.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
provider:network_type (Optional) body string The type of physical network that maps to this network resource. For example, flat, vlan, vxlan, or gre.
id body string The UUID of the network.
network body object A network object.

Response Example

{
    "network": {
        "status": "ACTIVE",
        "subnets": [
            "54d6f61d-db07-451c-9ab3-b9609b6b6f0b"
        ],
        "name": "private-network",
        "router:external": false,
        "admin_state_up": true,
        "project_id": "4fd44f30292945e481c7b8a0c8908869",
        "tenant_id": "4fd44f30292945e481c7b8a0c8908869",
        "qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
        "created_at": "2016-03-08T20:19:41",
        "mtu": 0,
        "shared": true,
        "port_security_enabled": true,
        "updated_at": "2016-03-08T20:19:41",
        "id": "d32019d3-bc6e-4319-9c1d-6722fc136a22"
    }
}
PUT
/v2.0/networks/{network_id}

Update network (provider network)

Updates a network.

Normal response codes: 200

Error response codes: 404,401,400

Request

Name In Type Description
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
availability_zone_hints body array The availability zone candidate for the network.
availability_zones body array The availability zone for the network.
network body object A network object.
provider:physical_network (Optional) body string The physical network where this network object is implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each Compute host.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
provider:network_type (Optional) body string The type of physical network that maps to this network resource. For example, flat, vlan, vxlan, or gre.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
provider:segmentation_id (Optional) body string An isolated segment on the physical network. The network_type attribute defines the segmentation model. For example, if the network_type value is vlan, this ID is a vlan identifier. If the network_type value is gre, this ID is a gre key.
name body string Human-readable name of the resource.
network_id (Optional) path string The UUID of the network.

Request Example

{
    "network": {
        "name": "sample_network_5_updated"
    }
}

Response Parameters

Name In Type Description
status body string The network status.
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
subnets body array The associated subnets.
network body object A network object.
provider:physical_network (Optional) body string The physical network where this network object is implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each Compute host.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
provider:segmentation_id (Optional) body string An isolated segment on the physical network. The network_type attribute defines the segmentation model. For example, if the network_type value is vlan, this ID is a vlan identifier. If the network_type value is gre, this ID is a gre key.
mtu body integer The MTU of a network resource.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
provider:network_type (Optional) body string The type of physical network that maps to this network resource. For example, flat, vlan, vxlan, or gre.
id body string The UUID of the network.
name body string Human-readable name of the resource.

Response Example

{
    "network": {
        "status": "ACTIVE",
        "subnets": [],
        "name": "sample_network_5_updated",
        "provider:physical_network": null,
        "admin_state_up": true,
        "project_id": "4fd44f30292945e481c7b8a0c8908869",
        "tenant_id": "4fd44f30292945e481c7b8a0c8908869",
        "qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
        "provider:network_type": "local",
        "router:external": false,
        "mtu": 0,
        "shared": false,
        "port_security_enabled": true,
        "id": "1f370095-98f6-4079-be64-6d3d4a6adcc6",
        "provider:segmentation_id": null
    }
}
DELETE
/v2.0/networks/{network_id}

Delete network (provider network)

Deletes a network.

Error response codes: 409,404,204,401

Request

Name In Type Description
network_id (Optional) path string The UUID of the network.
GET
/v2.0/networks

List networks (provider network)

Lists networks that are accessible to the user who submits the request.

Normal response codes: 200

Error response codes: 401

Request

Response Parameters

Name In Type Description
status body string The network status.
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
availability_zone_hints body array The availability zone candidate for the network.
availability_zones body array The availability zone for the network.
name body string Human-readable name of the resource.
provider:physical_network (Optional) body string The physical network where this network object is implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each Compute host.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
networks body array A list of network objects.
mtu body integer The MTU of a network resource.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
subnets body array The associated subnets.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
provider:network_type (Optional) body string The type of physical network that maps to this network resource. For example, flat, vlan, vxlan, or gre.
id body string The UUID of the network.
provider:segmentation_id (Optional) body string An isolated segment on the physical network. The network_type attribute defines the segmentation model. For example, if the network_type value is vlan, this ID is a vlan identifier. If the network_type value is gre, this ID is a gre key.

Response Example

{
    "networks": [
        {
            "status": "ACTIVE",
            "subnets": [
                "54d6f61d-db07-451c-9ab3-b9609b6b6f0b"
            ],
            "name": "private-network",
            "provider:physical_network": null,
            "admin_state_up": true,
            "project_id": "4fd44f30292945e481c7b8a0c8908869",
            "tenant_id": "4fd44f30292945e481c7b8a0c8908869",
            "qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
            "provider:network_type": "local",
            "router:external": true,
            "mtu": 0,
            "shared": true,
            "id": "d32019d3-bc6e-4319-9c1d-6722fc136a22",
            "provider:segmentation_id": null
        },
        {
            "status": "ACTIVE",
            "subnets": [
                "08eae331-0402-425a-923c-34f7cfe39c1b"
            ],
            "name": "private",
            "provider:physical_network": null,
            "admin_state_up": true,
            "project_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
            "tenant_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
            "qos_policy_id": "bfdb6c39f71e4d44b1dfbda245c50819",
            "provider:network_type": "local",
            "router:external": true,
            "mtu": 0,
            "shared": true,
            "id": "db193ab3-96e3-4cb3-8fc5-05f4296d0324",
            "provider:segmentation_id": null
        }
    ]
}
POST
/v2.0/networks

Create network (provider network)

Creates a network.

Error response codes: 201,401,400

Request

Name In Type Description
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
network body object A network object.
provider:physical_network (Optional) body string The physical network where this network object is implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each Compute host.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
provider:network_type (Optional) body string The type of physical network that maps to this network resource. For example, flat, vlan, vxlan, or gre.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
provider:segmentation_id (Optional) body string An isolated segment on the physical network. The network_type attribute defines the segmentation model. For example, if the network_type value is vlan, this ID is a vlan identifier. If the network_type value is gre, this ID is a gre key.
name body string Human-readable name of the resource.

Request Example

{
    "network": {
        "name": "sample_network",
        "admin_state_up": true
    }
}

Response Parameters

Name In Type Description
status body string The network status.
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
availability_zone_hints body array The availability zone candidate for the network.
network body object A network object.
provider:physical_network (Optional) body string The physical network where this network object is implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each Compute host.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
provider:segmentation_id (Optional) body string An isolated segment on the physical network. The network_type attribute defines the segmentation model. For example, if the network_type value is vlan, this ID is a vlan identifier. If the network_type value is gre, this ID is a gre key.
mtu body integer The MTU of a network resource.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
subnets body array The associated subnets.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
provider:network_type (Optional) body string The type of physical network that maps to this network resource. For example, flat, vlan, vxlan, or gre.
id body string The UUID of the network.
name body string Human-readable name of the resource.

Networks

Lists, shows details for, creates, updates, and deletes networks.

GET
/v2.0/networks/{network_id}

Show network details

Shows details for a network.

You can control which response parameters are returned by using the fields query parameter. For information, see Filtering and column selection.

The response might show extension response parameters. For information, see Networks multiple provider extension (networks).

Normal response codes: 200

Error response codes: 404,401

Request

Name In Type Description
network_id body string The UUID of the network.

Response Parameters

Name In Type Description
status body string The network status.
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
availability_zone_hints body array The availability zone candidate for the network.
availability_zones body array The availability zone for the network.
name body string Human-readable name of the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
updated_at body string Time at which port has been updated.
changed_at body string Time at which the network has been created.
mtu body integer The MTU of a network resource.
qos_policy_id (Optional) body string The UUID of the QoS policy.
subnets body array The associated subnets.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
id body string The UUID of the network.
network body object A network object.

Response Example

{
    "network": {
        "status": "ACTIVE",
        "subnets": [
            "54d6f61d-db07-451c-9ab3-b9609b6b6f0b"
        ],
        "name": "private-network",
        "router:external": false,
        "admin_state_up": true,
        "project_id": "4fd44f30292945e481c7b8a0c8908869",
        "tenant_id": "4fd44f30292945e481c7b8a0c8908869",
        "qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
        "created_at": "2016-03-08T20:19:41",
        "mtu": 0,
        "shared": true,
        "port_security_enabled": true,
        "updated_at": "2016-03-08T20:19:41",
        "id": "d32019d3-bc6e-4319-9c1d-6722fc136a22"
    }
}
PUT
/v2.0/networks/{network_id}

Update network

Updates a network.

Normal response codes: 200

Error response codes: 404,403,401,400

Request

Name In Type Description
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
network body object A network object.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
name body string Human-readable name of the resource.
network_id body string The UUID of the network.

Request Example

{
    "network": {
        "name": "sample_network_5_updated"
    }
}

Response Parameters

Name In Type Description
status body string The network status.
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
availability_zone_hints body array The availability zone candidate for the network.
availability_zones body array The availability zone for the network.
name body string Human-readable name of the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
mtu body integer The MTU of a network resource.
qos_policy_id (Optional) body string The UUID of the QoS policy.
subnets body array The associated subnets.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
id body string The UUID of the network.
network body object A network object.

Response Example

{
    "network": {
        "status": "ACTIVE",
        "subnets": [],
        "name": "sample_network_5_updated",
        "provider:physical_network": null,
        "admin_state_up": true,
        "project_id": "4fd44f30292945e481c7b8a0c8908869",
        "tenant_id": "4fd44f30292945e481c7b8a0c8908869",
        "qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
        "provider:network_type": "local",
        "router:external": false,
        "mtu": 0,
        "shared": false,
        "port_security_enabled": true,
        "id": "1f370095-98f6-4079-be64-6d3d4a6adcc6",
        "provider:segmentation_id": null
    }
}
DELETE
/v2.0/networks/{network_id}

Delete network

Deletes a network and its associated resources.

Error response codes: 409,404,204,401

Request

Name In Type Description
network_id body string The UUID of the network.
GET
/v2.0/networks

List networks

Lists networks to which the user has access.

Use the fields query parameter to filter the response. For information, see Filtering and Column Selection.

Use the tags, tags-any, not-tags, not-tags-any query parameter to filter the response with tags. For information, see REST API Impact.

Normal response codes: 200

Error response codes: 401

Request

Response Parameters

Name In Type Description
status body string The network status.
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
availability_zone_hints body array The availability zone candidate for the network.
availability_zones body array The availability zone for the network.
name body string Human-readable name of the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
networks body array A list of network objects.
mtu body integer The MTU of a network resource.
subnets body array The associated subnets.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
id body string The UUID of the network.
qos_policy_id (Optional) body string The UUID of the QoS policy.

Response Example

{
    "networks": [
        {
            "status": "ACTIVE",
            "subnets": [
                "54d6f61d-db07-451c-9ab3-b9609b6b6f0b"
            ],
            "name": "private-network",
            "provider:physical_network": null,
            "admin_state_up": true,
            "project_id": "4fd44f30292945e481c7b8a0c8908869",
            "tenant_id": "4fd44f30292945e481c7b8a0c8908869",
            "qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
            "provider:network_type": "local",
            "router:external": true,
            "mtu": 0,
            "shared": true,
            "id": "d32019d3-bc6e-4319-9c1d-6722fc136a22",
            "provider:segmentation_id": null
        },
        {
            "status": "ACTIVE",
            "subnets": [
                "08eae331-0402-425a-923c-34f7cfe39c1b"
            ],
            "name": "private",
            "provider:physical_network": null,
            "admin_state_up": true,
            "project_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
            "tenant_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
            "qos_policy_id": "bfdb6c39f71e4d44b1dfbda245c50819",
            "provider:network_type": "local",
            "router:external": true,
            "mtu": 0,
            "shared": true,
            "id": "db193ab3-96e3-4cb3-8fc5-05f4296d0324",
            "provider:segmentation_id": null
        }
    ]
}
POST
/v2.0/networks

Create network

Creates a network.

A request body is optional. An administrative user can specify another project ID, which is the project that owns the network, in the request body.

Error response codes: 201,401,400

Request

Request Example

{
    "network": {
        "name": "sample_network",
        "admin_state_up": true
    }
}

Response Parameters

Name In Type Description
status body string The network status.
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
availability_zone_hints body array The availability zone candidate for the network.
availability_zones body array The availability zone for the network.
name body string Human-readable name of the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
mtu body integer The MTU of a network resource.
qos_policy_id (Optional) body string The UUID of the QoS policy.
subnets body array The associated subnets.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
id body string The UUID of the network.
network body object A network object.
POST
/v2.0/networks

Bulk create networks

Creates multiple networks in a single request.

In the request body, specify a list of networks.

The bulk create operation is always atomic. Either all or no networks in the request body are created.

Error response codes: 201,401,400

Request

Name In Type Description
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
name body string Human-readable name of the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
networks body array A list of network objects.

Request Example

{
    "networks": [
        {
            "name": "sample_network3",
            "admin_state_up": true
        },
        {
            "name": "sample_network4",
            "admin_state_up": true
        }
    ]
}

Response Parameters

Name In Type Description
status body string The network status.
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
subnets body array The associated subnets.
name body string Human-readable name of the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
mtu body integer The MTU of a network resource.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
id body string The UUID of the network.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
networks body array A list of network objects.

Networks multiple provider extension (networks)

Enables administrative users to define multiple physical bindings for an OpenStack Networking network and list or show details for networks with multiple physical bindings.

You cannot update any provider attributes. If you try to do so, an error occurs.

To delete a network with multiple physical bindings, issue a normal delete network request.

To define multiple physical bindings for a network, include a segments list in the request body of a POST /v2.0/networks request. Each element in the segments list has the same structure as the provider network attributes. These attributes are provider:network_type, provider:physical_network, and provider:segmentation_id. The validation rules for these attributes are the same as for the Networks provider extended attributes . You cannot use both extensions at the same time.

The NSX and ML2 plug-ins support this extension. With the ML2 plug- in, you can specify multiple VLANs for a network, a VXLAN tunnel ID, and a VLAN.

GET
/v2.0/networks/{network_id}

Show details for a network with multiple segments

Shows details for a network with multiple segments.

Normal response codes: 200

Error response codes: 404,401

Request

Name In Type Description
network_id (Optional) path string The UUID of the network.

Response Parameters

Name In Type Description
status body string The network status.
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
subnets body array The associated subnets.
network body object A network object.
provider:physical_network (Optional) body string The physical network where this network object is implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each Compute host.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
segments body array A list of provider segment objects.
provider:segmentation_id (Optional) body string An isolated segment on the physical network. The network_type attribute defines the segmentation model. For example, if the network_type value is vlan, this ID is a vlan identifier. If the network_type value is gre, this ID is a gre key.
mtu body integer The MTU of a network resource.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
provider:network_type (Optional) body string The type of physical network that maps to this network resource. For example, flat, vlan, vxlan, or gre.
id body string The UUID of the network.
name body string Human-readable name of the resource.

Response Example

{
    "network": {
        "status": "ACTIVE",
        "subnets": [],
        "name": "net1",
        "admin_state_up": true,
        "project_id": "9bacb3c5d39d41a79512987f338cf177",
        "tenant_id": "9bacb3c5d39d41a79512987f338cf177",
        "qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
        "segments": [
            {
                "provider:segmentation_id": 2,
                "provider:physical_network": "8bab8453-1bc9-45af-8c70-f83aa9b50453",
                "provider:network_type": "vlan"
            },
            {
                "provider:segmentation_id": 0,
                "provider:physical_network": "8bab8453-1bc9-45af-8c70-f83aa9b50453",
                "provider:network_type": "stt"
            }
        ],
        "router:external": false,
        "shared": false,
        "id": "4e8e5957-649f-477b-9e5b-f1f75b21c03c"
    }
}
GET
/v2.0/networks

List networks with multiple segment mappings

Lists networks that are accessible to the user who submits the request. Networks with multiple segments include the segments list in the response.

Normal response codes: 200

Error response codes: 401

Request

Response Parameters

Name In Type Description
status body string The network status.
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
subnets body array The associated subnets.
name body string Human-readable name of the resource.
provider:physical_network (Optional) body string The physical network where this network object is implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each Compute host.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
segments body array A list of provider segment objects.
mtu body integer The MTU of a network resource.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
id body string The UUID of the network.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
provider:network_type (Optional) body string The type of physical network that maps to this network resource. For example, flat, vlan, vxlan, or gre.
networks body array A list of network objects.
provider:segmentation_id (Optional) body string An isolated segment on the physical network. The network_type attribute defines the segmentation model. For example, if the network_type value is vlan, this ID is a vlan identifier. If the network_type value is gre, this ID is a gre key.

Response Example

{
    "networks": [
        {
            "status": "ACTIVE",
            "subnets": [],
            "name": "net1",
            "admin_state_up": true,
            "project_id": "9bacb3c5d39d41a79512987f338cf177",
            "tenant_id": "9bacb3c5d39d41a79512987f338cf177",
            "qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
            "segments": [
                {
                    "provider:segmentation_id": 2,
                    "provider:physical_network": "8bab8453-1bc9-45af-8c70-f83aa9b50453",
                    "provider:network_type": "vlan"
                },
                {
                    "provider:segmentation_id": 0,
                    "provider:physical_network": "8bab8453-1bc9-45af-8c70-f83aa9b50453",
                    "provider:network_type": "stt"
                }
            ],
            "router:external": false,
            "shared": false,
            "id": "4e8e5957-649f-477b-9e5b-f1f75b21c03c"
        },
        {
            "status": "ACTIVE",
            "subnets": [
                "08eae331-0402-425a-923c-34f7cfe39c1b"
            ],
            "name": "private",
            "provider:physical_network": null,
            "router:external": true,
            "admin_state_up": true,
            "project_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
            "tenant_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
            "qos_policy_id": "bfdb6c39f71e4d44b1dfbda245c50819",
            "provider:network_type": "local",
            "shared": true,
            "id": "db193ab3-96e3-4cb3-8fc5-05f4296d0324",
            "provider:segmentation_id": null
        }
    ]
}
POST
/v2.0/networks

Create network with multiple segment mappings

Creates a network with multiple segment mappings.

Error response codes: 201,401,400

Request

Name In Type Description
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
network body object A network object.
provider:physical_network (Optional) body string The physical network where this network object is implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each Compute host.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
segments body array A list of provider segment objects.
provider:network_type (Optional) body string The type of physical network that maps to this network resource. For example, flat, vlan, vxlan, or gre.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
provider:segmentation_id (Optional) body string An isolated segment on the physical network. The network_type attribute defines the segmentation model. For example, if the network_type value is vlan, this ID is a vlan identifier. If the network_type value is gre, this ID is a gre key.
name body string Human-readable name of the resource.

Request Example

{
    "network": {
        "segments": [
            {
                "provider:segmentation_id": "2",
                "provider:physical_network": "8bab8453-1bc9-45af-8c70-f83aa9b50453",
                "provider:network_type": "vlan"
            },
            {
                "provider:physical_network": "8bab8453-1bc9-45af-8c70-f83aa9b50453",
                "provider:network_type": "stt"
            }
        ],
        "name": "net1",
        "admin_state_up": true
    }
}

Response Parameters

Name In Type Description
status body string The network status.
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
subnets body array The associated subnets.
network body object A network object.
provider:physical_network (Optional) body string The physical network where this network object is implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each Compute host.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
provider:segmentation_id (Optional) body string An isolated segment on the physical network. The network_type attribute defines the segmentation model. For example, if the network_type value is vlan, this ID is a vlan identifier. If the network_type value is gre, this ID is a gre key.
mtu body integer The MTU of a network resource.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
provider:network_type (Optional) body string The type of physical network that maps to this network resource. For example, flat, vlan, vxlan, or gre.
id body string The UUID of the network.
name body string Human-readable name of the resource.

VLAN transparency extension (networks)

Enables plug-ins that support VLAN transparency to deliver VLAN- transparent trunk networks. If the service does not support VLAN transparency and a user requests a VLAN-transparent network, the plug-in refuses to create one and returns an appropriate error to the user.

You cannot update the vlan-transparent attribute. If you try to do so, an error occurs.

To delete a VLAN-transparent network, issue a normal delete network request.

The ML2 plug-in currently supports this extension. With the ML2 plug-in, you can set the vlan-transparent attribute to either true or false.

GET
/v2.0/networks/{network_id}

Show VLAN-transparent network details

Shows details for a VLAN-transparent network.

Normal response codes: 200

Error response codes: 404,401

Request

Name In Type Description
network_id (Optional) path string The UUID of the network.

Response Parameters

Name In Type Description
status body string The network status.
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
subnets body array The associated subnets.
network body object A network object.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
mtu body integer The MTU of a network resource.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
vlan_transparent body boolean The state of the network, which is VLAN transparent (true) or not VLAN transparent (false).
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
id body string The UUID of the network.
name body string Human-readable name of the resource.

Response Example

{
    "network": {
        "status": "ACTIVE",
        "subnets": [],
        "name": "net1",
        "admin_state_up": true,
        "project_id": "e926fd5a-e9f6-4dc8-8043-a352d974ceaf",
        "tenant_id": "e926fd5a-e9f6-4dc8-8043-a352d974ceaf",
        "router:external": false,
        "vlan_transparent": true,
        "shared": false,
        "id": "20403fe9-6c9c-48e5-9edb-c3426a955068"
    }
}
GET
/v2.0/networks

List networks with VLAN transparency attribute

Lists networks. The response shows the VLAN transparency attribute.

Normal response codes: 200

Error response codes: 401

Request

Response Parameters

Name In Type Description
status body string The network status.
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
subnets body array The associated subnets.
name body string Human-readable name of the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
mtu body integer The MTU of a network resource.
vlan_transparent body boolean The state of the network, which is VLAN transparent (true) or not VLAN transparent (false).
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
id body string The UUID of the network.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
networks body array A list of network objects.

Response Example

{
    "networks": [
        {
            "status": "ACTIVE",
            "subnets": [],
            "name": "net1",
            "admin_state_up": true,
            "project_id": "e252a863-92ee-480f-8bd8-71be77089499",
            "tenant_id": "e252a863-92ee-480f-8bd8-71be77089499",
            "shared": false,
            "router:external": false,
            "vlan_transparent": true,
            "id": "f5e6d63c-04a4-4b2c-8b27-a9854412d5a7"
        },
        {
            "status": "ACTIVE",
            "subnets": [
                "3daba37a-bced-4153-a4bb-d83dcc0552d9"
            ],
            "name": "private",
            "admin_state_up": true,
            "project_id": "109e5fae-d976-4791-84c7-6ae0bb3896c3",
            "tenant_id": "109e5fae-d976-4791-84c7-6ae0bb3896c3",
            "shared": true,
            "router:external": false,
            "vlan_transparent": false,
            "id": "37e11503-3244-49f1-b92a-9f21bab017d9"
        }
    ]
}
POST
/v2.0/networks

Create VLAN-transparent network

Creates a VLAN-transparent network.

Error response codes: 201,401,400

Request

Name In Type Description
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
network body object A network object.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
vlan_transparent body boolean The state of the network, which is VLAN transparent (true) or not VLAN transparent (false).
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
name body string Human-readable name of the resource.

Request Example

{
    "network": {
        "name": "net1",
        "admin_state_up": true,
        "vlan_transparent": true
    }
}

Response Parameters

Name In Type Description
status body string The network status.
router:external (Optional) body boolean Indicates whether this network can provide floating IPs via a router.
subnets body array The associated subnets.
network body object A network object.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
mtu body integer The MTU of a network resource.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
vlan_transparent body boolean The state of the network, which is VLAN transparent (true) or not VLAN transparent (false).
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
id body string The UUID of the network.
name body string Human-readable name of the resource.

Ports binding extended attributes (ports)

Lists, creates, shows information for, updates, and deletes ports.

GET
/v2.0/ports/{port_id}

Show port details (port binding)

Shows details for a port.

Normal response codes: 200

Request

Name In Type Description
port_id (Optional) path string The UUID of the port.

Response Example

{
    "port": {
        "status": "ACTIVE",
        "binding:host_id": "devstack",
        "name": "",
        "allowed_address_pairs": [],
        "admin_state_up": true,
        "network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
        "project_id": "7e02058126cc4950b75f9970368ba177",
        "tenant_id": "7e02058126cc4950b75f9970368ba177",
        "extra_dhcp_opts": [],
        "binding:vif_details": {
            "port_filter": true,
            "ovs_hybrid_plug": true
        },
        "binding:vif_type": "ovs",
        "device_owner": "network:router_interface",
        "port_security_enabled": false,
        "mac_address": "fa:16:3e:23:fd:d7",
        "binding:profile": {},
        "binding:vnic_type": "normal",
        "fixed_ips": [
            {
                "subnet_id": "a0304c3a-4f08-4c43-88af-d796509c97d2",
                "ip_address": "10.0.0.1"
            }
        ],
        "id": "46d4bfb9-b26e-41f3-bd2e-e6dcc1ccedb2",
        "security_groups": [],
        "device_id": "5e3898d7-11be-483e-9732-b2f5eccd2b2e"
    }
}
PUT
/v2.0/ports/{port_id}

Update port (port binding)

Updates a port.

Normal response codes: 200

Error response codes: 404,401,400

Request

Name In Type Description
port_id (Optional) path string The UUID of the port.

Request Example

{
    "port": {
        "network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
        "name": "private-port",
        "admin_state_up": true
    }
}

Response Example

{
    "port": {
        "status": "DOWN",
        "binding:host_id": "",
        "name": "private-port",
        "allowed_address_pairs": [],
        "admin_state_up": true,
        "network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
        "project_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
        "tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
        "binding:vif_details": {},
        "binding:vnic_type": "normal",
        "binding:vif_type": "unbound",
        "device_owner": "",
        "mac_address": "fa:16:3e:c9:cb:f0",
        "binding:profile": {},
        "fixed_ips": [
            {
                "subnet_id": "a0304c3a-4f08-4c43-88af-d796509c97d2",
                "ip_address": "10.0.0.2"
            }
        ],
        "id": "65c0ee9f-d634-4522-8954-51021b570b0d",
        "security_groups": [
            "f0ac4394-7e4a-4409-9701-ba8be283dbc3"
        ],
        "device_id": ""
    }
}
DELETE
/v2.0/ports/{port_id}

Delete port (port binding)

Deletes a port.

Error response codes: 409,404,204,401

Request

Name In Type Description
port_id (Optional) path string The UUID of the port.
GET
/v2.0/ports

List ports (port binding)

Lists ports to which the user has access.

Normal response codes: 200

Error response codes: 401

Request

Response Example

{
    "ports": [
        {
            "status": "ACTIVE",
            "name": "",
            "allowed_address_pairs": [],
            "admin_state_up": true,
            "network_id": "70c1db1f-b701-45bd-96e0-a313ee3430b3",
            "project_id": "",
            "tenant_id": "",
            "extra_dhcp_opts": [],
            "device_owner": "network:router_gateway",
            "mac_address": "fa:16:3e:58:42:ed",
            "fixed_ips": [
                {
                    "subnet_id": "008ba151-0b8c-4a67-98b5-0d2b87666062",
                    "ip_address": "172.24.4.2"
                }
            ],
            "id": "d80b1a3b-4fc1-49f3-952e-1e2ab7081d8b",
            "security_groups": [],
            "device_id": "9ae135f4-b6e0-4dad-9e91-3c223e385824"
        },
        {
            "status": "ACTIVE",
            "name": "",
            "allowed_address_pairs": [],
            "admin_state_up": true,
            "network_id": "f27aa545-cbdd-4907-b0c6-c9e8b039dcc2",
            "project_id": "d397de8a63f341818f198abb0966f6f3",
            "tenant_id": "d397de8a63f341818f198abb0966f6f3",
            "extra_dhcp_opts": [],
            "device_owner": "network:router_interface",
            "mac_address": "fa:16:3e:bb:3c:e4",
            "fixed_ips": [
                {
                    "subnet_id": "288bf4a1-51ba-43b6-9d0a-520e9005db17",
                    "ip_address": "10.0.0.1"
                }
            ],
            "id": "f71a6703-d6de-4be1-a91a-a570ede1d159",
            "security_groups": [],
            "device_id": "9ae135f4-b6e0-4dad-9e91-3c223e385824"
        }
    ]
}
POST
/v2.0/ports

Create port (port binding)

Creates a port on a network.

Error response codes: 201,403,401,400

Request

Request Example

{
    "port": {
        "network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
        "name": "private-port",
        "admin_state_up": true
    }
}

Ports

Lists, shows details for, creates, updates, and deletes ports.

GET
/v2.0/ports/{port_id}

Show port details

Shows details for a port.

Normal response codes: 200

Error response codes: 404,401

Request

Name In Type Description
port_id (Optional) path string The UUID of the port.

Response Parameters

Name In Type Description
opt_value (Optional) body string The extra DHCP option value.
status body string The network status.
name body string Human-readable name of the resource.
allowed_address_pairs (Optional) body array A set of zero or more allowed address pairs. An address pair contains an IP address and MAC address.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
network_id body string The UUID of the network.
ip_address (Optional) body string The IP address of an allowed address pair.
extra_dhcp_opts body array A set of zero or more extra DHCP option pairs. An option pair consists of an option value and name.
opt_name (Optional) body string The extra DHCP option name.
updated_at body string Time at which port has been updated.
id body string The UUID of the network.
port body object A port object.
subnet_id (Optional) body string If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
device_owner (Optional) body string The UUID of the entity that uses this port. For example, a DHCP agent.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
mac_address (Optional) body string The MAC address of an allowed address pair.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
fixed_ips (Optional) body array If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
created_at body string Time at which port has been created.
security_groups (Optional) body array One or more security group UUIDs.
device_id (Optional) body string The UUID of the device that uses this port. For example, a virtual server.

Response Example

{
    "port": {
        "status": "ACTIVE",
        "name": "",
        "allowed_address_pairs": [],
        "admin_state_up": true,
        "network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
        "project_id": "7e02058126cc4950b75f9970368ba177",
        "tenant_id": "7e02058126cc4950b75f9970368ba177",
        "created_at": "2016-03-08T20:19:41",
        "extra_dhcp_opts": [],
        "device_owner": "network:router_interface",
        "mac_address": "fa:16:3e:23:fd:d7",
        "fixed_ips": [
            {
                "subnet_id": "a0304c3a-4f08-4c43-88af-d796509c97d2",
                "ip_address": "10.0.0.1"
            }
        ],
        "id": "46d4bfb9-b26e-41f3-bd2e-e6dcc1ccedb2",
        "updated_at": "2016-03-08T20:19:41",
        "security_groups": [],
        "device_id": "5e3898d7-11be-483e-9732-b2f5eccd2b2e"
    }
}
PUT
/v2.0/ports/{port_id}

Update port

Updates a port.

You can update information for a port, such as its symbolic name and associated IPs. When you update IPs for a port, any previously associated IPs are removed, returned to the respective subnet allocation pools, and replaced by the IPs in the request body. Therefore, this operation replaces the fixed_ip attribute when you specify it in the request body. If the updated IP addresses are not valid or are already in use, the operation fails and the existing IP addresses are not removed from the port.

When you update security groups for a port and the operation succeeds, any associated security groups are removed and replaced by the security groups in the request body. Therefore, this operation replaces the security_groups attribute when you specify it in the request body. If the security groups are not valid, the operation fails and the existing security groups are not removed from the port.

Normal response codes: 200

Error response codes: 404,403,401,400,409

Request

Name In Type Description
opt_value (Optional) body string The extra DHCP option value.
name body string Human-readable name of the resource.
allowed_address_pairs (Optional) body array A set of zero or more allowed address pairs. An address pair contains an IP address and MAC address.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
network_id body string The UUID of the network.
fixed_ips (Optional) body array If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
opt_name (Optional) body string The extra DHCP option name.
subnet_id (Optional) body string If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
device_owner (Optional) body string The UUID of the entity that uses this port. For example, a DHCP agent.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
mac_address (Optional) body string The MAC address of an allowed address pair.
ip_address (Optional) body string The IP address of an allowed address pair.
port body object A port object.
security_groups (Optional) body array One or more security group UUIDs.
device_id (Optional) body string The UUID of the device that uses this port. For example, a virtual server.
port_id (Optional) path string The UUID of the port.

Request Example

{
    "port": {
        "name": "test-for-port-update",
        "admin_state_up": true,
        "device_owner": "compute:nova",
        "binding:host_id": "test_for_port_update_host"
    }
}

Response Parameters

Name In Type Description
opt_value (Optional) body string The extra DHCP option value.
status body string The network status.
name body string Human-readable name of the resource.
allowed_address_pairs (Optional) body array A set of zero or more allowed address pairs. An address pair contains an IP address and MAC address.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
network_id body string The UUID of the network.
ip_address (Optional) body string The IP address of an allowed address pair.
extra_dhcp_opts body array A set of zero or more extra DHCP option pairs. An option pair consists of an option value and name.
opt_name (Optional) body string The extra DHCP option name.
updated_at body string Time at which port has been updated.
id body string The UUID of the network.
port body object A port object.
subnet_id (Optional) body string If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
device_owner (Optional) body string The UUID of the entity that uses this port. For example, a DHCP agent.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
mac_address (Optional) body string The MAC address of an allowed address pair.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
fixed_ips (Optional) body array If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
created_at body string Time at which port has been created.
security_groups (Optional) body array One or more security group UUIDs.
device_id (Optional) body string The UUID of the device that uses this port. For example, a virtual server.

Response Example

{
    "port": {
        "status": "DOWN",
        "binding:host_id": "test_for_port_update_host",
        "allowed_address_pairs": [],
        "extra_dhcp_opts": [],
        "device_owner": "compute:nova",
        "binding:profile": {},
        "fixed_ips": [
            {
                "subnet_id": "898dec4a-74df-4193-985f-c76721bcc746",
                "ip_address": "20.20.0.4"
            }
        ],
        "id": "43c831e0-19ce-4a76-9a49-57b57e69428b",
        "security_groups": [
            "ce0179d6-8a94-4f7c-91c2-f3038e2acbd0"
        ],
        "device_id": "",
        "name": "test-for-port-update",
        "admin_state_up": true,
        "network_id": "883fc383-5ea1-4c8b-8916-e1ddb0a9f365",
        "project_id": "522eda8d23124b25bf03fe44f1986b74",
        "tenant_id": "522eda8d23124b25bf03fe44f1986b74",
        "binding:vif_details": {},
        "binding:vnic_type": "normal",
        "binding:vif_type": "binding_failed",
        "mac_address": "fa:16:3e:11:11:5e"
    }
}
DELETE
/v2.0/ports/{port_id}

Delete port

Deletes a port.

Any IP addresses that are associated with the port are returned to the respective subnets allocation pools.

Error response codes: 404,403,204,401

Request

Name In Type Description
port_id (Optional) path string The UUID of the port.
GET
/v2.0/ports

List ports

Lists ports to which the user has access.

Default policy settings return only those ports that are owned by the project of the user who submits the request, unless the request is submitted by a user with administrative rights. Users can control which attributes are returned by using the fields query parameter. You can use query parameters to filter the response.For information, see Filtering and Column Selection.

Normal response codes: 200

Error response codes: 401

Request

Response Parameters

Name In Type Description
opt_value (Optional) body string The extra DHCP option value.
status body string The network status.
name body string Human-readable name of the resource.
allowed_address_pairs (Optional) body array A set of zero or more allowed address pairs. An address pair contains an IP address and MAC address.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
network_id body string The UUID of the network.
ip_address (Optional) body string The IP address of an allowed address pair.
extra_dhcp_opts body array A set of zero or more extra DHCP option pairs. An option pair consists of an option value and name.
opt_name (Optional) body string The extra DHCP option name.
updated_at body string Time at which port has been updated.
id body string The UUID of the network.
ports body array A list of port objects.
subnet_id (Optional) body string If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
device_owner (Optional) body string The UUID of the entity that uses this port. For example, a DHCP agent.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
mac_address (Optional) body string The MAC address of an allowed address pair.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
fixed_ips (Optional) body array If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
created_at body string Time at which port has been created.
security_groups (Optional) body array One or more security group UUIDs.
device_id (Optional) body string The UUID of the device that uses this port. For example, a virtual server.

Response Example

{
    "ports": [
        {
            "status": "ACTIVE",
            "name": "",
            "allowed_address_pairs": [],
            "admin_state_up": true,
            "network_id": "70c1db1f-b701-45bd-96e0-a313ee3430b3",
            "project_id": "",
            "tenant_id": "",
            "extra_dhcp_opts": [],
            "device_owner": "network:router_gateway",
            "mac_address": "fa:16:3e:58:42:ed",
            "fixed_ips": [
                {
                    "subnet_id": "008ba151-0b8c-4a67-98b5-0d2b87666062",
                    "ip_address": "172.24.4.2"
                }
            ],
            "id": "d80b1a3b-4fc1-49f3-952e-1e2ab7081d8b",
            "security_groups": [],
            "device_id": "9ae135f4-b6e0-4dad-9e91-3c223e385824"
        },
        {
            "status": "ACTIVE",
            "name": "",
            "allowed_address_pairs": [],
            "admin_state_up": true,
            "network_id": "f27aa545-cbdd-4907-b0c6-c9e8b039dcc2",
            "project_id": "d397de8a63f341818f198abb0966f6f3",
            "tenant_id": "d397de8a63f341818f198abb0966f6f3",
            "extra_dhcp_opts": [],
            "device_owner": "network:router_interface",
            "mac_address": "fa:16:3e:bb:3c:e4",
            "fixed_ips": [
                {
                    "subnet_id": "288bf4a1-51ba-43b6-9d0a-520e9005db17",
                    "ip_address": "10.0.0.1"
                }
            ],
            "id": "f71a6703-d6de-4be1-a91a-a570ede1d159",
            "security_groups": [],
            "device_id": "9ae135f4-b6e0-4dad-9e91-3c223e385824"
        }
    ]
}
POST
/v2.0/ports

Create port

Creates a port on a network.

To define the network in which to create the port, specify the network_id attribute in the request body.

Error response codes: 201,404,403,401,400,503

Request

Name In Type Description
opt_value (Optional) body string The extra DHCP option value.
name body string Human-readable name of the resource.
allowed_address_pairs (Optional) body array A set of zero or more allowed address pairs. An address pair contains an IP address and MAC address.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
network_id body string The UUID of the network.
fixed_ips (Optional) body array If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
opt_name (Optional) body string The extra DHCP option name.
subnet_id (Optional) body string If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
device_owner (Optional) body string The UUID of the entity that uses this port. For example, a DHCP agent.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
mac_address (Optional) body string The MAC address of an allowed address pair.
ip_address (Optional) body string The IP address of an allowed address pair.
port body object A port object.
security_groups (Optional) body array One or more security group UUIDs.
device_id (Optional) body string The UUID of the device that uses this port. For example, a virtual server.

Request Example

{
    "port": {
        "network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
        "name": "private-port",
        "admin_state_up": true
    }
}

Response Parameters

Name In Type Description
opt_value (Optional) body string The extra DHCP option value.
status body string The network status.
name body string Human-readable name of the resource.
allowed_address_pairs (Optional) body array A set of zero or more allowed address pairs. An address pair contains an IP address and MAC address.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
network_id body string The UUID of the network.
ip_address (Optional) body string The IP address of an allowed address pair.
extra_dhcp_opts body array A set of zero or more extra DHCP option pairs. An option pair consists of an option value and name.
opt_name (Optional) body string The extra DHCP option name.
updated_at body string Time at which port has been updated.
id body string The UUID of the network.
port body object A port object.
subnet_id (Optional) body string If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
device_owner (Optional) body string The UUID of the entity that uses this port. For example, a DHCP agent.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
mac_address (Optional) body string The MAC address of an allowed address pair.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
fixed_ips (Optional) body array If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
created_at body string Time at which port has been created.
security_groups (Optional) body array One or more security group UUIDs.
device_id (Optional) body string The UUID of the device that uses this port. For example, a virtual server.
POST
/v2.0/ports

Bulk create ports

Creates multiple ports in a single request. Specify a list of ports in the request body.

Guarantees the atomic completion of the bulk operation.

Error response codes: 201,404,403,401,400,503,409

Request

Name In Type Description
opt_value (Optional) body string The extra DHCP option value.
name body string Human-readable name of the resource.
allowed_address_pairs (Optional) body array A set of zero or more allowed address pairs. An address pair contains an IP address and MAC address.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
network_id body string The UUID of the network.
fixed_ips (Optional) body array If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
opt_name (Optional) body string The extra DHCP option name.
subnet_id (Optional) body string If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
device_owner (Optional) body string The UUID of the entity that uses this port. For example, a DHCP agent.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
mac_address (Optional) body string The MAC address of an allowed address pair.
ip_address (Optional) body string The IP address of an allowed address pair.
ports body array A list of port objects.
security_groups (Optional) body array One or more security group UUIDs.
device_id (Optional) body string The UUID of the device that uses this port. For example, a virtual server.

Request Example

{
    "ports": [
        {
            "name": "sample_port_1",
            "admin_state_up": false,
            "network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7"
        },
        {
            "name": "sample_port_2",
            "admin_state_up": false,
            "network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7"
        }
    ]
}

Response Parameters

Name In Type Description
opt_value (Optional) body string The extra DHCP option value.
status body string The network status.
name body string Human-readable name of the resource.
allowed_address_pairs (Optional) body array A set of zero or more allowed address pairs. An address pair contains an IP address and MAC address.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
network_id body string The UUID of the network.
ip_address (Optional) body string The IP address of an allowed address pair.
extra_dhcp_opts body array A set of zero or more extra DHCP option pairs. An option pair consists of an option value and name.
opt_name (Optional) body string The extra DHCP option name.
updated_at body string Time at which port has been updated.
id body string The UUID of the network.
ports body array A list of port objects.
subnet_id (Optional) body string If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
device_owner (Optional) body string The UUID of the entity that uses this port. For example, a DHCP agent.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
mac_address (Optional) body string The MAC address of an allowed address pair.
port_security_enabled (Optional) body boolean The port security status. A valid value is enabled (true) or disabled (false).
fixed_ips (Optional) body array If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
created_at body string Time at which port has been created.
security_groups (Optional) body array One or more security group UUIDs.
device_id (Optional) body string The UUID of the device that uses this port. For example, a virtual server.

Segments

Lists, shows details for, creates, updates, and deletes segments. The segments API is admin-only.

GET
/v2.0/segments/{segment_id}

Show segment details

Shows details for a segment.

You can control which response parameters are returned by using the fields query parameter. For information, see Filtering and column selection.

Normal response codes: 200

Error response codes: 404,401

Request

Name In Type Description
segment_id path string The UUID of the segment.

Response Parameters

Name In Type Description
id body string The UUID of the segment.
network_id body string The UUID of the network.
physical_network (Optional) body string The physical network where this network object is implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each Compute host.
network_type body string The type of physical network that maps to this network resource. For example, flat, vlan, vxlan, or gre.
segmentation_id (Optional) body string An isolated segment on the physical network. The network_type attribute defines the segmentation model. For example, if the network_type value is vlan, this ID is a vlan identifier. If the network_type value is gre, this ID is a gre key.
name body string Human-readable name of the resource.
description body string The human-readable description for the resource.

Response Example

{
  "segment": {
    "name": null,
    "network_id": "5c0cb560-4089-41dd-be29-469907a23b49",
    "segmentation_id": 2000,
    "network_type": "vlan",
    "physical_network": "segment-1",
    "id": "57fe85e4-ca2f-4192-b3cd-d5c249d7a21f",
    "description": null
  }
}
PUT
/v2.0/segments/{segment_id}

Update segment

Updates a segment.

Normal response codes: 200

Error response codes: 404,403,401,400

Request

Name In Type Description
segment_id path string The UUID of the segment.
name (Optional) body string Human-readable name of the segment.
description (Optional) body string The human-readable description for the resource.

Request Example

{
    "segment": {
        "name": "1",
        "description": "Segment One"
    }
}

Response Parameters

Name In Type Description
id body string The UUID of the segment.
network_id body string The UUID of the network.
physical_network (Optional) body string The physical network where this network object is implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each Compute host.
network_type body string The type of physical network that maps to this network resource. For example, flat, vlan, vxlan, or gre.
segmentation_id (Optional) body string An isolated segment on the physical network. The network_type attribute defines the segmentation model. For example, if the network_type value is vlan, this ID is a vlan identifier. If the network_type value is gre, this ID is a gre key.
name body string Human-readable name of the resource.
description body string The human-readable description for the resource.

Response Example

{
  "segment": {
    "name": "1",
    "network_id": "5c0cb560-4089-41dd-be29-469907a23b49",
    "segmentation_id": 2000,
    "network_type": "vlan",
    "physical_network": "segment-1",
    "id": "57fe85e4-ca2f-4192-b3cd-d5c249d7a21f",
    "description": "Segment One"
  }
}
DELETE
/v2.0/segments/{segment_id}

Delete segment

Deletes a segment and its associated resources.

Normal response codes: 204

Error response codes: 409,404,401

Request

Name In Type Description
segment_id path string The UUID of the segment.

Response

There is no body content for the response of a successful DELETE request.

GET
/v2.0/segments

List segments

Lists segments to which the project has access.

Use the fields query parameter to filter the response. For information, see Filtering and Column Selection.

Normal response codes: 200

Error response codes: 401

Request

Name In Type Description
fields (Optional) query string The fields that you want the server to return. If no fields query parameter is specified, the networking API returns all attributes allowed by the policy settings. By using fields parameter, the API returns only the requested set of attributes. fields parameter can be specified multiple times. For example, if you specify fields=id&fields=name in the request URL, only id and name attributes will be returned.

Response Parameters

Name In Type Description
id body string The UUID of the segment.
network_id body string The UUID of the network.
physical_network (Optional) body string The physical network where this network object is implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each Compute host.
network_type body string The type of physical network that maps to this network resource. For example, flat, vlan, vxlan, or gre.
segmentation_id (Optional) body string An isolated segment on the physical network. The network_type attribute defines the segmentation model. For example, if the network_type value is vlan, this ID is a vlan identifier. If the network_type value is gre, this ID is a gre key.
name body string Human-readable name of the resource.
description body string The human-readable description for the resource.

Response Example

{
  "segments": [
    {
      "name": null,
      "network_id": "5c0cb560-4089-41dd-be29-469907a23b49",
      "segmentation_id": 2000,
      "network_type": "vlan",
      "physical_network": "segment-1",
      "id": "57fe85e4-ca2f-4192-b3cd-d5c249d7a21f",
      "description": null
    },
    {
      "name": null,
      "network_id": "5c0cb560-4089-41dd-be29-469907a23b49",
      "segmentation_id": 2000,
      "network_type": "vlan",
      "physical_network": "segment-2",
      "id": "f1364c3a-4fc1-4206-b2dc-3254bc25cbfc",
      "description": null
    }
  ]
}
POST
/v2.0/segments

Create segment

Creates a segment.

Normal response codes: 201

Error response codes: 401,400

Request

Name In Type Description
network_id body string The UUID of the network.
physical_network (Optional) body string The physical network where this network object is implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each Compute host.
network_type body string The type of physical network that maps to this network resource. For example, flat, vlan, vxlan, or gre.
segmentation_id (Optional) body string An isolated segment on the physical network. The network_type attribute defines the segmentation model. For example, if the network_type value is vlan, this ID is a vlan identifier. If the network_type value is gre, this ID is a gre key.
name (Optional) body string Human-readable name of the segment.
description (Optional) body string The human-readable description for the resource.

Request Example

{
    "segment": {
        "network_id": "5c0cb560-4089-41dd-be29-469907a23b49",
        "segmentation_id": 2000,
        "network_type": "vlan",
        "physical_network": "segment-1"
    }
}

Response Parameters

Name In Type Description
id body string The UUID of the segment.
network_id body string The UUID of the network.
physical_network (Optional) body string The physical network where this network object is implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each Compute host.
network_type body string The type of physical network that maps to this network resource. For example, flat, vlan, vxlan, or gre.
segmentation_id (Optional) body string An isolated segment on the physical network. The network_type attribute defines the segmentation model. For example, if the network_type value is vlan, this ID is a vlan identifier. If the network_type value is gre, this ID is a gre key.
name body string Human-readable name of the resource.
description body string The human-readable description for the resource.

Response Example

{
  "segment": {
    "name": null,
    "network_id": "5c0cb560-4089-41dd-be29-469907a23b49",
    "segmentation_id": 2000,
    "network_type": "vlan",
    "physical_network": "segment-1",
    "id": "57fe85e4-ca2f-4192-b3cd-d5c249d7a21f",
    "description": null
  }
}

Trunk networking

The trunk extension can be used to multiplex packets coming from and going to multiple neutron logical networks using a single neutron logical port. A trunk is modeled in neutron as a collection of neutron logical ports. One port, called parent port, must be associated to a trunk and it is the port to be used to connect instances with neutron. A sequence of subports (or sub_ports) each typically belonging to distinct neutron networks, is also associated to a trunk, and each subport may have a segmentation type and ID used to mux/demux the traffic coming in and out of the parent port.

In more details, the extension introduces the following resources:

  • trunk. A top level logical entity to model the group of neutron logical networks whose traffic flows through the trunk.
  • sub_port. An association to a neutron logical port with attributes segmentation_id and segmentation_type.
GET
/v2.0/trunks

List trunks

Lists trunks that are accessible to the user who submits the request.

Default policy settings return only those trunks that are owned by the user who submits the request, unless an admin user submits the request.

Use the fields query parameter to control which fields are returned in the response body. Additionally, you can filter results by using query string parameters. For information, see the Filtering section for more details.

Normal response codes: 200

Error response codes: 401,404

Response Parameters

Name In Type Description
admin_state_up (Optional) body boolean The administrative state of the trunk, which is up (true) or down (false).
created_at body string Time at which the resource has been created (in UTC ISO8601 format).
description body string The description for the resource.
id body string The ID for the resource.
name (Optional) body string The name of the resource.
port_id body string The ID of the parent port.
revision_number body integer The revision number of the resource.
status body string The status for the trunk. Possible values are ACTIVE, DOWN, BUILD, DEGRADED, and ERROR.
tenant_id (Optional) body string The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies.
project_id (Optional) body string The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies.
sub_ports body array A list of ports associated with the trunk.
updated_at body string Time at which the resource has been updated (in UTC ISO8601 format).

Response Example

{
    "trunks": [
        {
            "status": "DOWN",
            "sub_ports": [],
            "name": "test",
            "admin_state_up": true,
            "project_id": "313be01bd0744cea86643c711c57012b",
            "tenant_id": "313be01bd0744cea86643c711c57012b",
            "created_at": "2016-10-05T20:11:16Z",
            "updated_at": "2016-10-05T20:11:16Z",
            "revision_number": 1,
            "port_id": "8027c4da-772f-4e43-bfbf-023b4a4e63de",
            "id": "ee98bdb4-a817-43af-943f-4318bff98f51",
            "description": ""
        }
    ]
}
POST
/v2.0/trunks

Create trunk

Error codes:

  • 400 The operation returns this error code if the request is malformed, e.g. there are missing or invalid parameters in the request.
  • 401 The operation is not authorized.
  • 404 If the extension is not available or the port UUID of any of the specified ports is not found.
  • 409 The operation returns this error code for one of these reasons:
    • A port to be used as subport is in use by another trunk.
    • The segmentation type and segmentation ID are already in use in the trunk.
    • A port to be used as parent port is in use by another trunk or cannot be trunked.
    • A system configuration prevents the operation from succeeding.

Error response codes: 201,400,401,404,409

Request

Name In Type Description
tenant_id path string The ID of the project.
project_id path string The ID of the project.
port_id body string The ID of the parent port.
name (Optional) body string The name of the resource.
description body string The description for the resource.
admin_state_up (Optional) body boolean The administrative state of the trunk, which is up (true) or down (false).
sub_ports body array A list of ports associated with the trunk.

Request Example

{
    "trunk": {
        "port_id": "8027c4da-772f-4e43-bfbf-023b4a4e63de",
        "name": "test",
        "admin_state_up": true
    }
}

Response Parameters

Name In Type Description
admin_state_up (Optional) body boolean The administrative state of the trunk, which is up (true) or down (false).
created_at body string Time at which the resource has been created (in UTC ISO8601 format).
description body string The description for the resource.
id body string The ID for the resource.
name (Optional) body string The name of the resource.
port_id body string The ID of the parent port.
revision_number body integer The revision number of the resource.
status body string The status for the trunk. Possible values are ACTIVE, DOWN, BUILD, DEGRADED, and ERROR.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
sub_ports body array A list of ports associated with the trunk.
updated_at body string Time at which the resource has been updated (in UTC ISO8601 format).
PUT
/v2.0/trunks/{trunk_id}/add_subports

Add subports to trunk

Normal response codes: 200

Error response codes: 400,401,404,409

Request

Name In Type Description
trunk_id path string The ID of the trunk.
segmentation_id (Optional) body integer The segmentation ID for the subport.
segmentation_type (Optional) body string The segmentation type for the subport.
port_id body string The ID of the subport.

Request Example

{
    "sub_ports": [
        {
            "segmentation_id": 44,
            "port_id": "4b4c691b-086d-43d2-8a65-5487e9434155",
            "segmentation_type": "vlan"
        }
    ]
}

Response Parameters

Name In Type Description
admin_state_up (Optional) body boolean The administrative state of the trunk, which is up (true) or down (false).
created_at body string Time at which the resource has been created (in UTC ISO8601 format).
description body string The description for the resource.
id body string The ID for the resource.
name (Optional) body string The name of the resource.
port_id body string The ID of the parent port.
revision_number body integer The revision number of the resource.
status body string The status for the trunk. Possible values are ACTIVE, DOWN, BUILD, DEGRADED, and ERROR.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
sub_ports body array A list of ports associated with the trunk.
updated_at body string Time at which the resource has been updated (in UTC ISO8601 format).

Response Example

{
    "status": "DOWN",
    "sub_ports": [
        {
            "segmentation_type": "vlan",
            "port_id": "4b4c691b-086d-43d2-8a65-5487e9434155",
            "segmentation_id": 44
        }
    ],
    "name": "test",
    "admin_state_up": true,
    "project_id": "145a14e4a64b49bf98baad8945dbd4f1",
    "tenant_id": "145a14e4a64b49bf98baad8945dbd4f1",
    "created_at": "2016-10-05T22:31:37Z",
    "updated_at": "2016-10-05T22:52:04Z",
    "revision_number": 2,
    "port_id": "8027c4da-772f-4e43-bfbf-023b4a4e63de",
    "id": "114a26b1-d124-4835-bb4f-021d3d886023",
    "description": ""
}
PUT
/v2.0/trunks/{trunk_id}/remove_subports

Delete subports from trunk

Normal response codes: 200

Error response codes: 400,401,404,409

Request

Name In Type Description
trunk_id path string The ID of the trunk.
port_id (Optional) path string The UUID of the port.

Request Example

{
    "sub_ports": [
       {
           "port_id": "4b4c691b-086d-43d2-8a65-5487e9434155"
       }
    ]
}

Response Parameters

Name In Type Description
admin_state_up (Optional) body boolean The administrative state of the trunk, which is up (true) or down (false).
created_at body string Time at which the resource has been created (in UTC ISO8601 format).
description body string The description for the resource.
id body string The ID for the resource.
name (Optional) body string The name of the resource.
port_id body string The ID of the parent port.
revision_number body integer The revision number of the resource.
status body string The status for the trunk. Possible values are ACTIVE, DOWN, BUILD, DEGRADED, and ERROR.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
sub_ports body array A list of ports associated with the trunk.
updated_at body string Time at which the resource has been updated (in UTC ISO8601 format).

Response Example

{
    "status": "DOWN",
    "sub_ports": [],
    "name": "test",
    "admin_state_up": true,
    "project_id": "145a14e4a64b49bf98baad8945dbd4f1",
    "tenant_id": "145a14e4a64b49bf98baad8945dbd4f1",
    "created_at": "2016-10-05T22:31:37Z",
    "updated_at": "2016-10-05T22:57:44Z",
    "revision_number": 3,
    "port_id": "8027c4da-772f-4e43-bfbf-023b4a4e63de",
    "id": "114a26b1-d124-4835-bb4f-021d3d886023",
    "description": ""
}
GET
/v2.0/trunks/{trunk_id}/get_subports

List subports for trunk

Normal response codes: 200

Error response codes: 401,404

Request

Name In Type Description
trunk_id path string The ID of the trunk.

Response Parameters

Name In Type Description
port_id body string The ID of the subport.
segmentation_type (Optional) body string The segmentation type for the subport.
segmentation_id (Optional) body integer The segmentation ID for the subport.

Response Example

{
    "sub_ports": [
        {
            "segmentation_type": "vlan",
            "port_id": "4b4c691b-086d-43d2-8a65-5487e9434155",
            "segmentation_id": 44
        }
    ]
}
PUT
/v2.0/trunks/{trunk_id}

Update trunk

The update request is only for changing fields like name, description or admin_state_up. Setting the admin_state_up to False locks the trunk in that it prevents operations such as as adding/removing subports.

Normal response codes: 200

Error response codes: 400,401,404,409

Request

Name In Type Description
name_resource (Optional) body string The name of the resource.
admin_state_up_trunk body boolean The administrative state of the resource, which is up (true) or down (false).
description_resource body string The description for the resource.

Request Example

{
    "trunk": {
        "name": "foo",
        "admin_state_up": true
    }
}

Response Parameters

Name In Type Description
admin_state_up (Optional) body boolean The administrative state of the trunk, which is up (true) or down (false).
created_at body string Time at which the resource has been created (in UTC ISO8601 format).
description body string The description for the resource.
id body string The ID for the resource.
name (Optional) body string The name of the resource.
port_id body string The ID of the parent port.
revision_number body integer The revision number of the resource.
status body string The status for the trunk. Possible values are ACTIVE, DOWN, BUILD, DEGRADED, and ERROR.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
sub_ports body array A list of ports associated with the trunk.
updated_at body string Time at which the resource has been updated (in UTC ISO8601 format).

Response Example

{
    "trunk": {
        "status": "DOWN",
        "sub_ports": [
            {
                "segmentation_type": "vlan",
                "port_id": "4b4c691b-086d-43d2-8a65-5487e9434155",
                "segmentation_id": 44
            }
        ],
        "name": "foo",
        "admin_state_up": true,
        "project_id": "145a14e4a64b49bf98baad8945dbd4f1",
        "tenant_id": "145a14e4a64b49bf98baad8945dbd4f1",
        "created_at": "2016-10-05T22:31:37Z",
        "updated_at": "2016-10-05T23:28:17Z",
        "revision_number": 9,
        "port_id": "8027c4da-772f-4e43-bfbf-023b4a4e63de",
        "id": "114a26b1-d124-4835-bb4f-021d3d886023",
        "description": ""
    }
}
GET
/v2.0/trunks/{trunk_id}

Show trunk

Shows details for a trunk.

Use the fields query parameter to control which fields are returned in the response body. For information, see Filtering and Column Selection.

Normal response codes: 200

Error response codes: 404,401

Request

Name In Type Description
trunk_id path string The ID of the trunk.

Response Parameters

Name In Type Description
admin_state_up (Optional) body boolean The administrative state of the trunk, which is up (true) or down (false).
created_at body string Time at which the resource has been created (in UTC ISO8601 format).
description body string The description for the resource.
id body string The ID for the resource.
name (Optional) body string The name of the resource.
port_id body string The ID of the parent port.
revision_number body integer The revision number of the resource.
status body string The status for the trunk. Possible values are ACTIVE, DOWN, BUILD, DEGRADED, and ERROR.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
sub_ports body array A list of ports associated with the trunk.
updated_at body string Time at which the resource has been updated (in UTC ISO8601 format).

Response Example

{
    "trunk": {
        "status": "DOWN",
        "sub_ports": [
            {
                 "segmentation_type": "vlan",
                 "port_id": "4b4c691b-086d-43d2-8a65-5487e9434155",
                 "segmentation_id": 44
            }
        ],
        "name": "foo",
        "admin_state_up": true,
        "project_id": "145a14e4a64b49bf98baad8945dbd4f1",
        "tenant_id": "145a14e4a64b49bf98baad8945dbd4f1",
        "created_at": "2016-10-05T22:31:37Z",
        "updated_at": "2016-10-05T23:28:17Z",
        "revision_number": 9,
        "port_id": "8027c4da-772f-4e43-bfbf-023b4a4e63de",
        "id": "114a26b1-d124-4835-bb4f-021d3d886023",
        "description": ""
    }
}
DELETE
/v2.0/trunks/{trunk_id}

Delete trunk

Deletes a trunk, if its state allows it.

Normal response codes: 204

Error response codes: 401,404,409

Request

Name In Type Description
trunk_id path string The ID of the trunk.

Trunk details extended attributes (ports)

The trunk_details extension attribute is available when showing a port resource that participates in a trunk as parent. The extension is useful for REST clients that may want to access trunk details when getting the parent port, and it allows them to avoid extra lookups.

GET
/v2.0/ports/{port_id}

Show trunk details

Shows details for a port. The details available in the trunk_details attribute contain the trunk ID and the array showing information about the subports that belong to the trunk: the port UUID, the segmentation type, the segmentation ID, and the MAC address.

Normal response codes: 200

Request

Name In Type Description
port_id (Optional) path string The UUID of the port.

Response Parameters

Name In Type Description
trunk_details (Optional) body dict The details about the trunk.

Response Example

{
    "port": {
        "status": "DOWN",
        "created_at": "2016-10-05T20:05:14Z",
        "description": "",
        "admin_state_up": true,
        "network_id": "1cf9e069-365f-4a78-8784-616bc12c4c5a",
        "project_id": "313be01bd0744cea86643c711c57012b",
        "tenant_id": "313be01bd0744cea86643c711c57012b",
        "extra_dhcp_opts": [],
        "updated_at": "2016-10-05T20:05:14Z",
        "name": "test",
        "device_owner": "",
        "trunk_details": {
            "trunk_id": "8905d084-010c-46e8-a863-f21cb4441ab1",
            "sub_ports": [
               {
                   "segmentation_id": 33,
                   "port_id": "70df9f3e-b409-4761-8304-ce029b2079f5",
                   "segmentation_type": "vlan",
                   "mac_address": "fa:16:3e:86:9b:dc"
               },
               {
                   "segmentation_id": 44,
                   "port_id": "4b4c691b-086d-43d2-8a65-5487e9434155",
                   "segmentation_type": "vlan",
                   "mac_address": "fa:16:3e:fe:29:97"
               }
           ]
       },
       "revision_number": 5,
       "mac_address": "fa:16:3e:5c:e9:a3",
       "fixed_ips": [
           {
               "subnet_id": "76a059c0-b189-479f-882c-5e8bd464ea49",
               "ip_address": "40.0.0.3"
           }
       ],
       "id": "8027c4da-772f-4e43-bfbf-023b4a4e63de",
       "security_groups": ["da88a249-12ac-4221-9565-c406b6feeb48"],
       "device_id": ""
    }
}

Layer 3 Networking

Floating IPs (floatingips)

GET
/v2.0/floatingips

List floating IPs

Lists floating IPs visible to the user.

Default policy settings return only the floating IPs owned by the user’s project, unless the user has admin role.

This example request lists floating IPs in JSON format:

GET /v2.0/floatingips
Accept: application/json

Use the fields query parameter to control which fields are returned in the response body. Additionally, you can filter results by using query string parameters. For information, see Filtering and Column Selection.

Normal response codes: 200 Error response codes:401,

Request

Response Parameters

Name In Type Description
router_id path string The ID of the router.
status body string The network status.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
floating_network_id body string The UUID of the network associated with the floating IP.
fixed_ip_address (Optional) body string The fixed IP address that is associated with the floating IP. To associate the floating IP with a fixed IP at creation time, you must specify the identifier of the internal port. If an internal port has multiple associated IP addresses, the service chooses the first IP address unless you explicitly define a fixed IP address in the fixed_ip_address parameter.
floating_ip_address (Optional) body string The floating IP address.
port_id (Optional) path string The UUID of the port.
id body string The UUID of the network.
floatingips body array A list of floatingip objects.

Response Example

{
    "floatingips": [
        {
            "router_id": "d23abc8d-2991-4a55-ba98-2aaea84cc72f",
            "project_id": "4969c491a3c74ee4af974e6d800c62de",
            "tenant_id": "4969c491a3c74ee4af974e6d800c62de",
            "floating_network_id": "376da547-b977-4cfe-9cba-275c80debf57",
            "fixed_ip_address": "10.0.0.3",
            "floating_ip_address": "172.24.4.228",
            "port_id": "ce705c24-c1ef-408a-bda3-7bbd946164ab",
            "id": "2f245a7b-796b-4f26-9cf9-9e82d248fda7",
            "status": "ACTIVE"
        },
        {
            "router_id": null,
            "project_id": "4969c491a3c74ee4af974e6d800c62de",
            "tenant_id": "4969c491a3c74ee4af974e6d800c62de",
            "floating_network_id": "376da547-b977-4cfe-9cba-275c80debf57",
            "fixed_ip_address": null,
            "floating_ip_address": "172.24.4.227",
            "port_id": null,
            "id": "61cea855-49cb-4846-997d-801b70c71bdd",
            "status": "DOWN"
        }
    ]
}
POST
/v2.0/floatingips

Create floating IP

Creates a floating IP, and, if you specify port information, associates the floating IP with an internal port.

To associate the floating IP with an internal port, specify the port UUID attribute in the request body. If you do not specify a port UUID in the request, you can issue a PUT request instead of a POST request.

Default policy settings enable only administrative users to set floating IP addresses and some non-administrative users might require a floating IP address. If you do not specify a floating IP address in the request, the operation automatically allocates one.

By default, this operation associates the floating IP address with a single fixed IP address that is configured on an OpenStack Networking port. If a port has multiple IP addresses, you must specify the fixed_ip_address attribute in the request body to associate a fixed IP address with the floating IP address.

You can create floating IPs on only external networks. When you create a floating IP, you must specify the UUID of the network on which you want to create the floating IP. Alternatively, you can create a floating IP on a subnet in the external network, based on the costs and quality of that subnet.

You must configure an IP address with the internal OpenStack Networking port that is associated with the floating IP address.

Error codes:

  • 400 The operation returns this error code for one of these reasons:
    • The network is not external, such as router:external=False.
    • The internal OpenStack Networking port is not associated with the floating IP address.
    • The requested floating IP address does not fall in the subnet range for the external network.
    • The fixed IP address is not valid.
  • 401 The operation is not authorized.
  • 404 The port UUID is not valid.
  • 409 The operation returns this error code for one of these reasons:
    • The requested floating IP address is already in use.
    • The internal OpenStack Networking port and fixed IP address are already associated with another floating IP.

Error response codes:201,404,409,401,400,

Request

Name In Type Description
floatingip body object A floatingip object. When you associate a floating IP address with a VM, the instance has the same public IP address each time that it boots, basically to maintain a consistent IP address for maintaining DNS assignment.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
floating_network_id body string The UUID of the network associated with the floating IP.
fixed_ip_address (Optional) body string The fixed IP address that is associated with the floating IP. To associate the floating IP with a fixed IP at creation time, you must specify the identifier of the internal port. If an internal port has multiple associated IP addresses, the service chooses the first IP address unless you explicitly define a fixed IP address in the fixed_ip_address parameter.
floating_ip_address (Optional) body string The floating IP address.
port_id (Optional) path string The UUID of the port.

Request Example

{
    "floatingip": {
        "floating_network_id": "376da547-b977-4cfe-9cba-275c80debf57",
        "port_id": "ce705c24-c1ef-408a-bda3-7bbd946164ab"
    }
}

Response Parameters

Name In Type Description
router_id path string The ID of the router.
status body string The network status.
floatingip body object A floatingip object. When you associate a floating IP address with a VM, the instance has the same public IP address each time that it boots, basically to maintain a consistent IP address for maintaining DNS assignment.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
floating_network_id body string The UUID of the network associated with the floating IP.
fixed_ip_address (Optional) body string The fixed IP address that is associated with the floating IP. To associate the floating IP with a fixed IP at creation time, you must specify the identifier of the internal port. If an internal port has multiple associated IP addresses, the service chooses the first IP address unless you explicitly define a fixed IP address in the fixed_ip_address parameter.
floating_ip_address (Optional) body string The floating IP address.
port_id (Optional) path string The UUID of the port.
id body string The UUID of the network.
GET
/v2.0/floatingips/{floatingip_id}

Show floating IP details

Shows details for a floating IP.

Use the fields query parameter to control which fields are returned in the response body. For information, see Filtering and Column Selection.

This example request shows details for a floating IP in JSON format. This example also filters the result by the fixed_ip_address and floating_ip_address fields.

GET /v2.0/floatingips/{floatingip_id}?fields=fixed_ip_address
&
fields=floating_ip_address
Accept: application/json

Normal response codes: 200 Error response codes:404,403,401,

Request

Name In Type Description
floatingip_id (Optional) path string The UUID of the floating IP address.

Response Parameters

Name In Type Description
router_id path string The ID of the router.
status body string The network status.
floatingip body object A floatingip object. When you associate a floating IP address with a VM, the instance has the same public IP address each time that it boots, basically to maintain a consistent IP address for maintaining DNS assignment.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
floating_network_id body string The UUID of the network associated with the floating IP.
fixed_ip_address (Optional) body string The fixed IP address that is associated with the floating IP. To associate the floating IP with a fixed IP at creation time, you must specify the identifier of the internal port. If an internal port has multiple associated IP addresses, the service chooses the first IP address unless you explicitly define a fixed IP address in the fixed_ip_address parameter.
floating_ip_address (Optional) body string The floating IP address.
port_id (Optional) path string The UUID of the port.
id body string The UUID of the network.

Response Example

{
    "floatingip": {
        "floating_network_id": "376da547-b977-4cfe-9cba-275c80debf57",
        "router_id": "d23abc8d-2991-4a55-ba98-2aaea84cc72f",
        "fixed_ip_address": "10.0.0.3",
        "floating_ip_address": "172.24.4.228",
        "project_id": "4969c491a3c74ee4af974e6d800c62de",
        "tenant_id": "4969c491a3c74ee4af974e6d800c62de",
        "status": "ACTIVE",
        "port_id": "ce705c24-c1ef-408a-bda3-7bbd946164ab",
        "id": "2f245a7b-796b-4f26-9cf9-9e82d248fda7"
    }
}
PUT
/v2.0/floatingips/{floatingip_id}

Update floating IP

Updates a floating IP and its association with an internal port.

The association process is the same as the process for the create floating IP operation.

To disassociate a floating IP from a port, set the port_id attribute to null or omit it from the request body.

This example updates a floating IP:

PUT /v2.0/floatingips/{floatingip_id} Accept: application/json

Depending on the request body that you submit, this request associates a port with or disassociates a port from a floating IP.

Normal response codes: 200 Error response codes:404,409,401,400,

Request

Name In Type Description
port_id (Optional) path string The UUID of the port.
floatingip body object A floatingip object. When you associate a floating IP address with a VM, the instance has the same public IP address each time that it boots, basically to maintain a consistent IP address for maintaining DNS assignment.
floatingip_id (Optional) path string The UUID of the floating IP address.

Request Example

{
    "floatingip": {
        "port_id": null
    }
}

Response Parameters

Name In Type Description
router_id path string The ID of the router.
status body string The network status.
floatingip body object A floatingip object. When you associate a floating IP address with a VM, the instance has the same public IP address each time that it boots, basically to maintain a consistent IP address for maintaining DNS assignment.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
floating_network_id body string The UUID of the network associated with the floating IP.
fixed_ip_address (Optional) body string The fixed IP address that is associated with the floating IP. To associate the floating IP with a fixed IP at creation time, you must specify the identifier of the internal port. If an internal port has multiple associated IP addresses, the service chooses the first IP address unless you explicitly define a fixed IP address in the fixed_ip_address parameter.
floating_ip_address (Optional) body string The floating IP address.
port_id (Optional) path string The UUID of the port.
id body string The UUID of the network.

Response Example

{
    "floatingip": {
        "floating_network_id": "376da547-b977-4cfe-9cba-275c80debf57",
        "router_id": "d23abc8d-2991-4a55-ba98-2aaea84cc72f",
        "fixed_ip_address": null,
        "floating_ip_address": "172.24.4.228",
        "project_id": "4969c491a3c74ee4af974e6d800c62de",
        "tenant_id": "4969c491a3c74ee4af974e6d800c62de",
        "status": "ACTIVE",
        "port_id": null,
        "id": "2f245a7b-796b-4f26-9cf9-9e82d248fda7"
    }
}
DELETE
/v2.0/floatingips/{floatingip_id}

Delete floating IP

Deletes a floating IP and, if present, its associated port.

This example deletes a floating IP:

DELETE /v2.0/floatingips/{floatingip_id} Accept: application/json

Error response codes:404,204,401,

Request

Name In Type Description
floatingip_id (Optional) path string The UUID of the floating IP address.

Routers (routers)

A router is a logical entity for forwarding packets across internal subnets and NATting them on external networks through an appropriate external gateway.

This resource is provided when router extension is enabled.

GET
/v2.0/routers

List routers

Lists logical routers that the project who submits the request can access.

Default policy settings return only those routers that the project who submits the request owns, unless an administrative user submits the request.

Use the fields query parameter to control which fields are returned in the response body. Additionally, you can filter results by using query string parameters. For information, see Filtering and Column Selection.

Normal response codes: 200

Error response codes: 401

Request

Name In Type Description
fields (Optional) query string The fields that you want the server to return. If no fields query parameter is specified, the networking API returns all attributes allowed by the policy settings. By using fields parameter, the API returns only the requested set of attributes. fields parameter can be specified multiple times. For example, if you specify fields=id&fields=name in the request URL, only id and name attributes will be returned.

Response Parameters

Name In Type Description
routers body array A list of router objects.
id body string The ID of the router.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
name body string Human-readable name of the resource.
description body string The human-readable description for the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
status body string The router status.
external_gateway_info body object The external gateway information of the router. If the router has an external gateway, this would be a dict with network_id, enable_snat and external_fixed_ips. Otherwise, this would be null.
network_id body string Network ID which the router gateway is connected to.
enable_snat body boolean Enable Source NAT (SNAT) attribute. true means Network Address Translation (NAT) is enabled for traffic generated by subnets attached to the router when the traffic is sent to/received from the external network. false means no NAT is applied for traffic from/to the external network. It is available when ext-gw-mode extension is enabled.
external_fixed_ips body array IP address(es) of the external gateway of the router. It is a list of IP addresses. Each element of the list is a dictionary of ip_address and subnet_id.
routes body array The extra routes configuration for L3 router. A list of dictionaries with destination and nexthop parameters. It is available when extraroute extension is enabled.
destination body string The destination CIDR.
nexthop body string The IP address of the next hop for the corresponding destination. The next hop IP address must be a part of one of the subnets to which the router interfaces are connected.
distributed body boolean true indicates a distributed router. It is available when dvr extension is enabled.
ha body boolean true indicates a highly-available router. It is available when l3-ha extension is enabled.
availability_zone_hints body array The availability zone candidates for the router. It is available when router_availability_zone extension is enabled.
availability_zones body array The availability zone(s) for the router. It is available when router_availability_zone extension is enabled.

Response Example

{
    "routers": [
        {
            "admin_state_up": true,
            "availability_zone_hints": [],
            "availability_zones": [
                "nova"
            ],
            "description": "",
            "distributed": false,
            "external_gateway_info": {
                "enable_snat": true,
                "external_fixed_ips": [
                    {
                        "ip_address": "172.24.4.3",
                        "subnet_id": "b930d7f6-ceb7-40a0-8b81-a425dd994ccf"
                    },
                    {
                        "ip_address": "2001:db8::c",
                        "subnet_id": "0c56df5d-ace5-46c8-8f4c-45fa4e334d18"
                    }
                ],
                "network_id": "ae34051f-aa6c-4c75-abf5-50dc9ac99ef3"
            },
            "ha": false,
            "id": "915a14a6-867b-4af7-83d1-70efceb146f9",
            "name": "router2",
            "routes": [],
            "status": "ACTIVE",
            "project_id": "0bd18306d801447bb457a46252d82d13",
            "tenant_id": "0bd18306d801447bb457a46252d82d13"
        },
        {
            "admin_state_up": true,
            "availability_zone_hints": [],
            "availability_zones": [
                "nova"
            ],
            "description": "",
            "distributed": false,
            "external_gateway_info": {
                "enable_snat": true,
                "external_fixed_ips": [
                    {
                        "ip_address": "172.24.4.6",
                        "subnet_id": "b930d7f6-ceb7-40a0-8b81-a425dd994ccf"
                    },
                    {
                        "ip_address": "2001:db8::9",
                        "subnet_id": "0c56df5d-ace5-46c8-8f4c-45fa4e334d18"
                    }
                ],
                "network_id": "ae34051f-aa6c-4c75-abf5-50dc9ac99ef3"
            },
            "ha": false,
            "id": "f8a44de0-fc8e-45df-93c7-f79bf3b01c95",
            "name": "router1",
            "routes": [],
            "status": "ACTIVE",
            "project_id": "0bd18306d801447bb457a46252d82d13",
            "tenant_id": "0bd18306d801447bb457a46252d82d13"
        }
    ]
}
POST
/v2.0/routers

Create router

Creates a logical router.

This operation creates a logical router. The logical router does not have any internal interface and it is not associated with any subnet. You can optionally specify an external gateway for a router at create time. The external gateway for the router must be plugged into an external network. An external network has its router:external extended field set to true. To specify an external gateway, the ID of the external network must be passed in the network_id parameter of the external_gateway_info attribute in the request body.

Normal response codes: 201

Error response codes: 400, 401

Request

Name In Type Description
router body object A router object.
tenant_id (Optional) body string The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies.
project_id (Optional) body string The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies.
name (Optional) body string Human-readable name of the resource. Default is an empty string.
description (Optional) body string The human-readable description for the resource.
admin_state_up (Optional) body boolean The administrative state of the resource, which is up (true) or down (false). Default is true.
external_gateway_info (Optional) body object The external gateway information of the router. If the router has an external gateway, this would be a dict with network_id, enable_snat and external_fixed_ips. Otherwise, this would be null.
network_id body string Network ID which the router gateway is connected to.
enable_snat (Optional) body boolean Enable Source NAT (SNAT) attribute. Default is true. To persist this attribute value, set the enable_snat_by_default option in the neutron.conf file. It is available when ext-gw-mode extension is enabled.
external_fixed_ips (Optional) body array IP address(es) of the external gateway interface of the router. It is a list of IP addresses you would like to assign to the external gateway interface. Each element of ths list is a dictionary of ip_address and subnet_id.
distributed (Optional) body boolean true indicates a distributed router. It is available when dvr extension is enabled.
ha (Optional) body boolean true indicates a highly-available router. It is available when l3-ha extension is enabled.
availability_zone_hints (Optional) body array The availability zone candidates for the router. It is available when router_availability_zone extension is enabled.

Request Example

{
    "router": {
        "name": "router1",
        "external_gateway_info": {
            "network_id": "ae34051f-aa6c-4c75-abf5-50dc9ac99ef3",
            "enable_snat": true,
            "external_fixed_ips": [
                {
                    "ip_address": "172.24.4.6",
                    "subnet_id": "b930d7f6-ceb7-40a0-8b81-a425dd994ccf"
                }
            ]
        },
        "admin_state_up": true
    }
}

Response Parameters

Name In Type Description
router body object A router object.
id body string The ID of the router.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
name body string Human-readable name of the resource.
description body string The human-readable description for the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
status body string The router status.
external_gateway_info body object The external gateway information of the router. If the router has an external gateway, this would be a dict with network_id, enable_snat and external_fixed_ips. Otherwise, this would be null.
network_id body string Network ID which the router gateway is connected to.
enable_snat body boolean Enable Source NAT (SNAT) attribute. true means Network Address Translation (NAT) is enabled for traffic generated by subnets attached to the router when the traffic is sent to/received from the external network. false means no NAT is applied for traffic from/to the external network. It is available when ext-gw-mode extension is enabled.
external_fixed_ips body array IP address(es) of the external gateway of the router. It is a list of IP addresses. Each element of the list is a dictionary of ip_address and subnet_id.
routes body array The extra routes configuration for L3 router. A list of dictionaries with destination and nexthop parameters. It is available when extraroute extension is enabled.
destination body string The destination CIDR.
nexthop body string The IP address of the next hop for the corresponding destination. The next hop IP address must be a part of one of the subnets to which the router interfaces are connected.
distributed body boolean true indicates a distributed router. It is available when dvr extension is enabled.
ha body boolean true indicates a highly-available router. It is available when l3-ha extension is enabled.
availability_zone_hints body array The availability zone candidates for the router. It is available when router_availability_zone extension is enabled.
availability_zones body array The availability zone(s) for the router. It is available when router_availability_zone extension is enabled.

Response Example

{
    "router": {
        "admin_state_up": true,
        "availability_zone_hints": [],
        "availability_zones": [
            "nova"
        ],
        "description": "",
        "distributed": false,
        "external_gateway_info": {
            "enable_snat": true,
            "external_fixed_ips": [
                {
                    "ip_address": "172.24.4.6",
                    "subnet_id": "b930d7f6-ceb7-40a0-8b81-a425dd994ccf"
                }
            ],
            "network_id": "ae34051f-aa6c-4c75-abf5-50dc9ac99ef3"
        },
        "ha": false,
        "id": "f8a44de0-fc8e-45df-93c7-f79bf3b01c95",
        "name": "router1",
        "routes": [],
        "status": "ACTIVE",
        "project_id": "0bd18306d801447bb457a46252d82d13",
        "tenant_id": "0bd18306d801447bb457a46252d82d13"
    }
}
GET
/v2.0/routers/{router_id}

Show router details

Shows details for a router.

Use the fields query parameter to control which fields are returned in the response body. For information, see Filtering and Column Selection.

Normal response codes: 200

Error response codes: 401, 403, 404

Request

Name In Type Description
router_id path string The ID of the router.
fields (Optional) query string The fields that you want the server to return. If no fields query parameter is specified, the networking API returns all attributes allowed by the policy settings. By using fields parameter, the API returns only the requested set of attributes. fields parameter can be specified multiple times. For example, if you specify fields=id&fields=name in the request URL, only id and name attributes will be returned.

Response Parameters

Name In Type Description
router body object A router object.
id body string The ID of the router.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
name body string Human-readable name of the resource.
description body string The human-readable description for the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
status body string The router status.
external_gateway_info body object The external gateway information of the router. If the router has an external gateway, this would be a dict with network_id, enable_snat and external_fixed_ips. Otherwise, this would be null.
network_id body string Network ID which the router gateway is connected to.
enable_snat body boolean Enable Source NAT (SNAT) attribute. true means Network Address Translation (NAT) is enabled for traffic generated by subnets attached to the router when the traffic is sent to/received from the external network. false means no NAT is applied for traffic from/to the external network. It is available when ext-gw-mode extension is enabled.
external_fixed_ips body array IP address(es) of the external gateway of the router. It is a list of IP addresses. Each element of the list is a dictionary of ip_address and subnet_id.
routes body array The extra routes configuration for L3 router. A list of dictionaries with destination and nexthop parameters. It is available when extraroute extension is enabled.
destination body string The destination CIDR.
nexthop body string The IP address of the next hop for the corresponding destination. The next hop IP address must be a part of one of the subnets to which the router interfaces are connected.
distributed body boolean true indicates a distributed router. It is available when dvr extension is enabled.
ha body boolean true indicates a highly-available router. It is available when l3-ha extension is enabled.
availability_zone_hints body array The availability zone candidates for the router. It is available when router_availability_zone extension is enabled.
availability_zones body array The availability zone(s) for the router. It is available when router_availability_zone extension is enabled.

Response Example

{
    "router": {
        "admin_state_up": true,
        "availability_zone_hints": [],
        "availability_zones": [
            "nova"
        ],
        "description": "",
        "distributed": false,
        "external_gateway_info": {
            "enable_snat": true,
            "external_fixed_ips": [
                {
                    "ip_address": "172.24.4.6",
                    "subnet_id": "b930d7f6-ceb7-40a0-8b81-a425dd994ccf"
                },
                {
                    "ip_address": "2001:db8::9",
                    "subnet_id": "0c56df5d-ace5-46c8-8f4c-45fa4e334d18"
                }
            ],
            "network_id": "ae34051f-aa6c-4c75-abf5-50dc9ac99ef3"
        },
        "ha": false,
        "id": "f8a44de0-fc8e-45df-93c7-f79bf3b01c95",
        "name": "router1",
        "routes": [],
        "status": "ACTIVE",
        "project_id": "0bd18306d801447bb457a46252d82d13",
        "tenant_id": "0bd18306d801447bb457a46252d82d13"
    }
}
PUT
/v2.0/routers/{router_id}

Update router

Updates a logical router.

This operation does not enable the update of router interfaces. To update a router intreface, use the add router interface and remove router interface operations.

Normal response codes: 200

Error response codes: 400, 401, 404

Request

Name In Type Description
router body object A router object.
external_gateway_info body object The external gateway information of the router. If the router has an external gateway, this would be a dict with network_id, enable_snat and external_fixed_ips. Otherwise, this would be null.
enable_snat body boolean Enable Source NAT (SNAT) attribute. true means Network Address Translation (NAT) is enabled for traffic generated by subnets attached to the router when the traffic is sent to/received from the external network. false means no NAT is applied for traffic from/to the external network. It is available when ext-gw-mode extension is enabled.
name body string Human-readable name of the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
external_fixed_ips body array IP address(es) of the external gateway of the router. It is a list of IP addresses. Each element of the list is a dictionary of ip_address and subnet_id.
router_id path string The ID of the router.

Request Example

{
    "router": {
        "external_gateway_info": {
            "network_id": "ae34051f-aa6c-4c75-abf5-50dc9ac99ef3",
            "enable_snat": true,
            "external_fixed_ips": [
                {
                    "ip_address": "172.24.4.6",
                    "subnet_id": "b930d7f6-ceb7-40a0-8b81-a425dd994ccf"
                }
            ]
        }
    }
}

Response Parameters

Name In Type Description
router body object A router object.
id body string The ID of the router.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
name body string Human-readable name of the resource.
description body string The human-readable description for the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
status body string The router status.
external_gateway_info body object The external gateway information of the router. If the router has an external gateway, this would be a dict with network_id, enable_snat and external_fixed_ips. Otherwise, this would be null.
network_id body string Network ID which the router gateway is connected to.
enable_snat body boolean Enable Source NAT (SNAT) attribute. true means Network Address Translation (NAT) is enabled for traffic generated by subnets attached to the router when the traffic is sent to/received from the external network. false means no NAT is applied for traffic from/to the external network. It is available when ext-gw-mode extension is enabled.
external_fixed_ips body array IP address(es) of the external gateway of the router. It is a list of IP addresses. Each element of the list is a dictionary of ip_address and subnet_id.
routes body array The extra routes configuration for L3 router. A list of dictionaries with destination and nexthop parameters. It is available when extraroute extension is enabled.
destination body string The destination CIDR.
nexthop body string The IP address of the next hop for the corresponding destination. The next hop IP address must be a part of one of the subnets to which the router interfaces are connected.
distributed body boolean true indicates a distributed router. It is available when dvr extension is enabled.
ha body boolean true indicates a highly-available router. It is available when l3-ha extension is enabled.
availability_zone_hints body array The availability zone candidates for the router. It is available when router_availability_zone extension is enabled.
availability_zones body array The availability zone(s) for the router. It is available when router_availability_zone extension is enabled.

Response Example

{
    "router": {
        "admin_state_up": true,
        "availability_zone_hints": [],
        "availability_zones": [
            "nova"
        ],
        "description": "",
        "distributed": false,
        "external_gateway_info": {
            "enable_snat": true,
            "external_fixed_ips": [
                {
                    "ip_address": "172.24.4.6",
                    "subnet_id": "b930d7f6-ceb7-40a0-8b81-a425dd994ccf"
                }
            ],
            "network_id": "ae34051f-aa6c-4c75-abf5-50dc9ac99ef3"
        },
        "ha": false,
        "id": "f8a44de0-fc8e-45df-93c7-f79bf3b01c95",
        "name": "router1",
        "routes": [],
        "status": "ACTIVE",
        "project_id": "0bd18306d801447bb457a46252d82d13",
        "tenant_id": "0bd18306d801447bb457a46252d82d13"
    }
}
DELETE
/v2.0/routers/{router_id}

Delete router

Deletes a logical router and, if present, its external gateway interface.

This operation fails if the router has attached interfaces. Use the remove router interface operation to remove all router interfaces before you delete the router.

Normal response codes: 204

Error response codes: 401, 404, 409

Request

Name In Type Description
router_id path string The ID of the router.

Response

There is no body content for the response of a successful DELETE request.

PUT
/v2.0/routers/{router_id}/add_router_interface

Add interface to router

Adds an internal interface to a logical router. This means a specified subnet is attached to a router as an internal router interface.

Specify the ID of a subnet or port in the request body:

  • Subnet ID. The gateway IP address for the subnet is used as an IP address of the created router interface.
  • Port ID. The IP address associated with the port is used as an IP address of the created router interface.

When you specify an IPv6 subnet, this operation adds the subnet to an existing internal port with same network ID, on the router. If a port with the same network ID does not exist, this operation creates a port on the router for that subnet.

The limitation of one IPv4 subnet per router port remains, though a port can contain any number of IPv6 subnets that belong to the same network ID.

When you use the port-create command to add a port and then call router-interface-add with this port ID, this operation adds the port to the router if the following conditions are met:

  • The port has no more than one IPv4 subnet.
  • The IPv6 subnets, if any, on the port do not have same network ID as the network ID of IPv6 subnets on any other ports.

If you specify both subnet ID and port ID, this operation returns the Bad Request (400) response code.

If the port is already in use, this operation returns the Conflict (409) response code.

This operation returns a port ID that is either:

  • The same ID that is passed in the request body when a port is specified.
  • The ID of a port that this operation creates to attach the subnet to the router.

After you run this operation, the operation sets:

  • The device_id attribute of this port to the router ID
  • The device_owner attribute to network:router_interface

Normal response codes: 200

Error response codes: 400, 401, 404, 409

Request

Name In Type Description
router_id path string The ID of the router.
subnet_id (Optional) body string The ID of the subnet. One of subnet_id or port_id must be specified.
port_id (Optional) body string The ID of the port. One of subnet_id or port_id must be specified.

Request Example

{
    "subnet_id": "a2f1f29d-571b-4533-907f-5803ab96ead1"
}

or

{
    "port_id": "2dc46bcc-d1f2-4077-b99e-91ee28afaff0"
}

Response Parameters

Name In Type Description
id body string The ID of the router.
subnet_id body string The ID of the subnet which the router interface belongs to.
subnet_ids body array A list of the ID of the subnet which the router interface belongs to. The list contains only one member.
tenant_id body string The ID of the project who owns the router interface.
project_id body string The ID of the project who owns the router interface.
port_id body string The ID of the port which represents the router interface.
network_id body string Network ID which the router interface is connected to.

Response Example

{
    "id": "915a14a6-867b-4af7-83d1-70efceb146f9",
    "network_id": "91c013e2-d65a-474e-9177-c3e1799ca726",
    "port_id": "2dc46bcc-d1f2-4077-b99e-91ee28afaff0",
    "subnet_id": "a2f1f29d-571b-4533-907f-5803ab96ead1",
    "subnet_ids": [
        "a2f1f29d-571b-4533-907f-5803ab96ead1"
    ],
    "project_id": "0bd18306d801447bb457a46252d82d13",
    "tenant_id": "0bd18306d801447bb457a46252d82d13"
}
PUT
/v2.0/routers/{router_id}/remove_router_interface

Remove interface from router

Deletes an internal interface from a logical router.

This operation deletes an internal router interface, which detaches a subnet from the router. If this subnet ID is the last subnet on the port, this operation deletes the port itself. You must specify either a subnet ID or port ID in the request body; the operation uses this value to identify which router interface to deletes.

You can also specify both a subnet ID and port ID. If you specify both IDs, the subnet ID must correspond to the subnet ID of the first IP address on the port. Otherwise, this operation returns the Conflict (409) response code with information about the affected router and interface.

If you try to delete the router interface for subnets that are used by one or more routes, this operation returns the Conflict (409) response. In this case, you first need to delete such routes from the router.

If the router or the subnet and port do not exist or are not visible to you, this operation returns the Not Found (404) response code. As a consequence of this operation, the operation removes the port connecting the router with the subnet from the subnet for the network.

Normal response codes: 200

Error response codes: 400, 401, 404, 409

Request

Name In Type Description
router_id path string The ID of the router.
subnet_id (Optional) body string The ID of the subnet. One of subnet_id or port_id must be specified.
port_id (Optional) body string The ID of the port. One of subnet_id or port_id must be specified.

Request Example

{
    "subnet_id": "a2f1f29d-571b-4533-907f-5803ab96ead1"
}

or

{
    "port_id": "2dc46bcc-d1f2-4077-b99e-91ee28afaff0"
}

Response Parameters

Name In Type Description
id body string The ID of the router.
subnet_id body string The ID of the subnet which the router interface belongs to.
subnet_ids body array A list of the ID of the subnet which the router interface belongs to. The list contains only one member.
tenant_id body string The ID of the project who owns the router interface.
project_id body string The ID of the project who owns the router interface.
port_id body string The ID of the port which represents the router interface.
network_id body string Network ID which the router interface is connected to.

Response Example

{
    "id": "915a14a6-867b-4af7-83d1-70efceb146f9",
    "network_id": "91c013e2-d65a-474e-9177-c3e1799ca726",
    "port_id": "a5b7d209-dc02-4c46-a51f-805eadd3de64",
    "subnet_id": "4e5fe97c-82bc-432e-87d8-06d7e157dffa",
    "subnet_ids": [
        "4e5fe97c-82bc-432e-87d8-06d7e157dffa"
    ],
    "project_id": "0bd18306d801447bb457a46252d82d13",
    "tenant_id": "0bd18306d801447bb457a46252d82d13"
}

Subnet pools extension (subnetpools)

Lists, creates, shows details for, updates, and deletes subnet pools.

GET
/v2.0/subnetpools/{subnetpool_id}

Show subnet pool

Shows information for a subnet pool.

Use the fields query parameter to control which fields are returned in the response body. Additionally, you can filter results by using query string parameters. For information, see Filtering and Column Selection.

Normal response codes: 200

Error response codes: 404, 401

Request

Name In Type Description
subnetpool_id path string The UUID of the subnet pool.
fields (Optional) query string The fields that you want the server to return. If no fields query parameter is specified, the networking API returns all attributes allowed by the policy settings. By using fields parameter, the API returns only the requested set of attributes. fields parameter can be specified multiple times. For example, if you specify fields=id&fields=name in the request URL, only id and name attributes will be returned.

Response Parameters

Name In Type Description
subnetpool body object A subnetpool object.
id body string The ID of the subnet.
name body string Human-readable name of the resource.
default_quota (Optional) body integer A per-project quota on the prefix space that can be allocated from the subnet pool for project subnets. Default is no quota is enforced on allocations from the subnet pool. For IPv4 subnet pools, default_quota is measured in units of /32. For IPv6 subnet pools, default_quota is measured units of /64. All projects that use the subnet pool have the same prefix quota applied.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
created_at body string Time at which port has been created.
updated_at body string Time at which port has been updated.
prefixes body array A list of subnet prefixes to assign to the subnet pool. The API merges adjacent prefixes and treats them as a single prefix. Each subnet prefix must be unique among all subnet prefixes in all subnet pools that are associated with the address scope.
min_prefixlen (Optional) body integer The smallest prefix that can be allocated from a subnet pool. For IPv4 subnet pools, default is 8. For IPv6 subnet pools, default is 64.
address_scope_id (Optional) body string An address scope to assign to the subnet pool.
ip_version (Optional) body integer The IP protocol version. Valid value is 4 or 6. Default is 4.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
default_prefixlen (Optional) body integer The size of the prefix to allocate when the cidr or prefixlen attributes are omitted when you create the subnet. Default is min_prefixlen.
max_prefixlen (Optional) body integer The maximum prefix size that can be allocated from the subnet pool. For IPv4 subnet pools, default is 32. For IPv6 subnet pools, default is 128.
description body string Description of the subnetpool.
is_default body boolean The subnetpool is default pool or not.
revision_number body string The revision number of the subnetpool.

Response Example

{
    "subnetpool": {
        "min_prefixlen": "64",
        "address_scope_id": null,
        "default_prefixlen": "64",
        "id": "03f761e6-eee0-43fc-a921-8acf64c14988",
        "max_prefixlen": "64",
        "name": "my-subnet-pool",
        "default_quota": null,
        "is_default": false,
        "project_id": "9fadcee8aa7c40cdb2114fff7d569c08",
        "tenant_id": "9fadcee8aa7c40cdb2114fff7d569c08",
        "created_at": "2016-03-08T20:19:41",
        "prefixes": [
            "2001:db8:0:2::/64",
            "2001:db8::/63"
        ],
        "updated_at": "2016-03-08T20:19:41",
        "ip_version": 6,
        "shared": false,
        "description": "",
        "revision_number": 2
    }
}
PUT
/v2.0/subnetpools/{subnetpool_id}

Update subnet pool

Updates a subnet pool.

Normal response codes: 200

Error response codes: 404, 403, 401, 400

Request

Name In Type Description
subnetpool_id path string The UUID of the subnet pool.
subnetpool body object A subnetpool object.
name body string Human-readable name of the resource.
default_quota (Optional) body integer A per-project quota on the prefix space that can be allocated from the subnet pool for project subnets. Default is no quota is enforced on allocations from the subnet pool. For IPv4 subnet pools, default_quota is measured in units of /32. For IPv6 subnet pools, default_quota is measured units of /64. All projects that use the subnet pool have the same prefix quota applied.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
prefixes body array A list of subnet prefixes to assign to the subnet pool. The API merges adjacent prefixes and treats them as a single prefix. Each subnet prefix must be unique among all subnet prefixes in all subnet pools that are associated with the address scope.
min_prefixlen (Optional) body integer The smallest prefix that can be allocated from a subnet pool. For IPv4 subnet pools, default is 8. For IPv6 subnet pools, default is 64.
address_scope_id (Optional) body string An address scope to assign to the subnet pool.
default_prefixlen (Optional) body integer The size of the prefix to allocate when the cidr or prefixlen attributes are omitted when you create the subnet. Default is min_prefixlen.
max_prefixlen (Optional) body integer The maximum prefix size that can be allocated from the subnet pool. For IPv4 subnet pools, default is 32. For IPv6 subnet pools, default is 128.
description (Optional) body string Description of the subnetpool.

Request Example

{
    "subnetpool": {
        "name": "my-new-subnetpool-name",
        "prefixes": [
            "2001:db8::/64",
            "2001:db8:0:1::/64",
            "2001:db8:0:2::/64"
        ],
        "min_prefixlen": 64,
        "default_prefixlen": 64,
        "max_prefixlen": 64
    }
}

Response Parameters

Name In Type Description
subnetpool body object A subnetpool object.
id body string The ID of the subnet.
name body string Human-readable name of the resource.
default_quota (Optional) body integer A per-project quota on the prefix space that can be allocated from the subnet pool for project subnets. Default is no quota is enforced on allocations from the subnet pool. For IPv4 subnet pools, default_quota is measured in units of /32. For IPv6 subnet pools, default_quota is measured units of /64. All projects that use the subnet pool have the same prefix quota applied.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
created_at body string Time at which port has been created.
updated_at body string Time at which port has been updated.
prefixes body array A list of subnet prefixes to assign to the subnet pool. The API merges adjacent prefixes and treats them as a single prefix. Each subnet prefix must be unique among all subnet prefixes in all subnet pools that are associated with the address scope.
min_prefixlen (Optional) body integer The smallest prefix that can be allocated from a subnet pool. For IPv4 subnet pools, default is 8. For IPv6 subnet pools, default is 64.
address_scope_id (Optional) body string An address scope to assign to the subnet pool.
ip_version (Optional) body integer The IP protocol version. Valid value is 4 or 6. Default is 4.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
default_prefixlen (Optional) body integer The size of the prefix to allocate when the cidr or prefixlen attributes are omitted when you create the subnet. Default is min_prefixlen.
max_prefixlen (Optional) body integer The maximum prefix size that can be allocated from the subnet pool. For IPv4 subnet pools, default is 32. For IPv6 subnet pools, default is 128.
description body string Description of the subnetpool.
is_default body boolean The subnetpool is default pool or not.
revision_number body string The revision number of the subnetpool.

Response Example

{
    "subnetpool": {
        "name": "my-new-subnetpool-name",
        "default_quota": null,
        "is_default": false,
        "project_id": "9fadcee8aa7c40cdb2114fff7d569c08",
        "tenant_id": "9fadcee8aa7c40cdb2114fff7d569c08",
        "prefixes": [
            "2001:db8::/63",
            "2001:db8:0:2::/64"
        ],
        "min_prefixlen": 64,
        "address_scope_id": null,
        "ip_version": 6,
        "shared": false,
        "default_prefixlen": 64,
        "id": "03f761e6-eee0-43fc-a921-8acf64c14988",
        "max_prefixlen": 64,
        "description": "",
        "revision_number": 2
    }
}
DELETE
/v2.0/subnetpools/{subnetpool_id}

Delete subnet pool

Deletes a subnet pool.

The operation fails if any subnets allocated from the subnet pool are still in use.

Normal response codes: 204

Error response codes: 404, 401

Request

Name In Type Description
subnetpool_id path string The UUID of the subnet pool.

Response

There is no body content for the response of a successful DELETE request.

GET
/v2.0/subnetpools

List subnet pools

Lists subnet pools that the project has access to.

Default policy settings return only the subnet pools owned by the project of the user submitting the request, unless the user has administrative role.

Use the fields query parameter to control which fields are returned in the response body. Additionally, you can filter results by using query string parameters. For information, see Filtering and Column Selection.

Normal response codes: 200

Error response codes: 401

Request

Name In Type Description
fields (Optional) query string The fields that you want the server to return. If no fields query parameter is specified, the networking API returns all attributes allowed by the policy settings. By using fields parameter, the API returns only the requested set of attributes. fields parameter can be specified multiple times. For example, if you specify fields=id&fields=name in the request URL, only id and name attributes will be returned.

Response Parameters

Name In Type Description
subnetpools body array A list of subnetpool objects.
id body string The ID of the subnet.
name body string Human-readable name of the resource.
default_quota (Optional) body integer A per-project quota on the prefix space that can be allocated from the subnet pool for project subnets. Default is no quota is enforced on allocations from the subnet pool. For IPv4 subnet pools, default_quota is measured in units of /32. For IPv6 subnet pools, default_quota is measured units of /64. All projects that use the subnet pool have the same prefix quota applied.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
created_at body string Time at which port has been created.
updated_at body string Time at which port has been updated.
prefixes body array A list of subnet prefixes to assign to the subnet pool. The API merges adjacent prefixes and treats them as a single prefix. Each subnet prefix must be unique among all subnet prefixes in all subnet pools that are associated with the address scope.
min_prefixlen (Optional) body integer The smallest prefix that can be allocated from a subnet pool. For IPv4 subnet pools, default is 8. For IPv6 subnet pools, default is 64.
address_scope_id (Optional) body string An address scope to assign to the subnet pool.
ip_version (Optional) body integer The IP protocol version. Valid value is 4 or 6. Default is 4.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
default_prefixlen (Optional) body integer The size of the prefix to allocate when the cidr or prefixlen attributes are omitted when you create the subnet. Default is min_prefixlen.
max_prefixlen (Optional) body integer The maximum prefix size that can be allocated from the subnet pool. For IPv4 subnet pools, default is 32. For IPv6 subnet pools, default is 128.
description body string Description of the subnetpool.
is_default body boolean The subnetpool is default pool or not.
revision_number body string The revision number of the subnetpool.

Response Example

{
    "subnetpools": [
        {
            "min_prefixlen": "64",
            "address_scope_id": null,
            "default_prefixlen": "64",
            "id": "03f761e6-eee0-43fc-a921-8acf64c14988",
            "max_prefixlen": "64",
            "name": "my-subnet-pool-ipv6",
            "default_quota": null,
            "is_default": false,
            "project_id": "9fadcee8aa7c40cdb2114fff7d569c08",
            "tenant_id": "9fadcee8aa7c40cdb2114fff7d569c08",
            "prefixes": [
                "2001:db8:0:2::/64",
                "2001:db8::/63"
            ],
            "ip_version": 6,
            "shared": false,
            "description": "",
            "revision_number": 2
        },
        {
            "min_prefixlen": "24",
            "address_scope_id": null,
            "default_prefixlen": "25",
            "id": "f49a1319-423a-4ee6-ba54-1d95a4f6cc68",
            "max_prefixlen": "30",
            "name": "my-subnet-pool-ipv4",
            "default_quota": null,
            "is_default": false,
            "project_id": "9fadcee8aa7c40cdb2114fff7d569c08",
            "tenant_id": "9fadcee8aa7c40cdb2114fff7d569c08",
            "prefixes": [
                "10.10.0.0/21",
                "192.168.0.0/16"
            ],
            "ip_version": 4,
            "shared": false,
            "description": "",
            "revision_number": 2
        }
    ]
}
POST
/v2.0/subnetpools

Create subnet pool

Creates a subnet pool.

Normal response codes: 201

Error response codes: 404, 403, 401, 400

Request

Name In Type Description
subnetpool body object A subnetpool object.
name body string Human-readable name of the resource.
default_quota (Optional) body integer A per-project quota on the prefix space that can be allocated from the subnet pool for project subnets. Default is no quota is enforced on allocations from the subnet pool. For IPv4 subnet pools, default_quota is measured in units of /32. For IPv6 subnet pools, default_quota is measured units of /64. All projects that use the subnet pool have the same prefix quota applied.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
prefixes body array A list of subnet prefixes to assign to the subnet pool. The API merges adjacent prefixes and treats them as a single prefix. Each subnet prefix must be unique among all subnet prefixes in all subnet pools that are associated with the address scope.
min_prefixlen (Optional) body integer The smallest prefix that can be allocated from a subnet pool. For IPv4 subnet pools, default is 8. For IPv6 subnet pools, default is 64.
address_scope_id (Optional) body string An address scope to assign to the subnet pool.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
default_prefixlen (Optional) body integer The size of the prefix to allocate when the cidr or prefixlen attributes are omitted when you create the subnet. Default is min_prefixlen.
max_prefixlen (Optional) body integer The maximum prefix size that can be allocated from the subnet pool. For IPv4 subnet pools, default is 32. For IPv6 subnet pools, default is 128.
description (Optional) body string Description of the subnetpool.

Request Example

{
    "subnetpool": {
        "name": "my-subnet-pool",
        "prefixes": [
            "192.168.0.0/16",
            "10.10.0.0/21"
        ],
        "default_prefixlen": 25,
        "min_prefixlen": 24,
        "max_prefixlen": 30,
        "shared": "false"
    }
}

Response Parameters

Name In Type Description
subnetpool body object A subnetpool object.
id body string The ID of the subnet.
name body string Human-readable name of the resource.
default_quota (Optional) body integer A per-project quota on the prefix space that can be allocated from the subnet pool for project subnets. Default is no quota is enforced on allocations from the subnet pool. For IPv4 subnet pools, default_quota is measured in units of /32. For IPv6 subnet pools, default_quota is measured units of /64. All projects that use the subnet pool have the same prefix quota applied.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
created_at body string Time at which port has been created.
updated_at body string Time at which port has been updated.
prefixes body array A list of subnet prefixes to assign to the subnet pool. The API merges adjacent prefixes and treats them as a single prefix. Each subnet prefix must be unique among all subnet prefixes in all subnet pools that are associated with the address scope.
min_prefixlen (Optional) body integer The smallest prefix that can be allocated from a subnet pool. For IPv4 subnet pools, default is 8. For IPv6 subnet pools, default is 64.
address_scope_id (Optional) body string An address scope to assign to the subnet pool.
ip_version (Optional) body integer The IP protocol version. Valid value is 4 or 6. Default is 4.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
default_prefixlen (Optional) body integer The size of the prefix to allocate when the cidr or prefixlen attributes are omitted when you create the subnet. Default is min_prefixlen.
max_prefixlen (Optional) body integer The maximum prefix size that can be allocated from the subnet pool. For IPv4 subnet pools, default is 32. For IPv6 subnet pools, default is 128.
description body string Description of the subnetpool.
is_default body boolean The subnetpool is default pool or not.
revision_number body string The revision number of the subnetpool.

Subnets

Lists, shows details for, creates, updates, and deletes subnet resources.

GET
/v2.0/subnets

List subnets

Lists subnets that the project has access to.

Default policy settings return only subnets owned by the project of the user submitting the request, unless the user has administrative role. You can control which attributes are returned by using the fields query parameter. You can filter results by using query string parameters.

Use the fields query parameter to control which fields are returned in the response body. Additionally, you can filter results by using query string parameters. For information, see Filtering and Column Selection.

Normal response codes: 200

Error response codes: 401

Request

Name In Type Description
fields (Optional) query string The fields that you want the server to return. If no fields query parameter is specified, the networking API returns all attributes allowed by the policy settings. By using fields parameter, the API returns only the requested set of attributes. fields parameter can be specified multiple times. For example, if you specify fields=id&fields=name in the request URL, only id and name attributes will be returned.

Response Parameters

Name In Type Description
subnets body array A list of subnet objects.
id body string The ID of the subnet.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
name body string Human-readable name of the resource.
enable_dhcp body boolean Indicates whether dhcp is enabled or disabled for the subnet.
network_id body string The ID of the network to which the subnet belongs.
dns_nameservers body array List of dns name servers associated with the subnet.
allocation_pools body array Allocation pools with start and end IP addresses for this subnet.
host_routes body array Additional routes for the subnet. A list of dictionaries with destination and nexthop parameters.
ip_version body integer The IP protocol version. Value is 4 or 6.
gateway_ip body string Gateway IP of this subnet. If the value is null that implies no gateway is associated with the subnet.
cidr body string The CIDR of the subnet.
created_at body string Time at which the subnet has been created.
description body string Description of the subnet.
ipv6_address_mode body string The IPv6 address modes specifies mechanisms for assigning IP addresses. Value is slaac, dhcpv6-stateful, dhcpv6-stateless or null.
ipv6_ra_mode body string The IPv6 router advertisement specifies whether the networking service should transmit ICMPv6 packets, for a subnet. Value is slaac, dhcpv6-stateful, dhcpv6-stateless or null.
revision_number body string The revision number of the subnet.
segment_id body string The ID of a network segment the subnet is associated with. It is available when segment extension is enabled.
service_types body string The service types associated with the subnet.
subnetpool_id body string The ID of the subnet pool associated with the subnet.
updated_at body string Time at which the subnet has been updated.

Response Example

{
    "subnets": [
        {
            "name": "private-subnet",
            "enable_dhcp": true,
            "network_id": "db193ab3-96e3-4cb3-8fc5-05f4296d0324",
            "segment_id": null,
            "project_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
            "tenant_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
            "dns_nameservers": [],
            "allocation_pools": [
                {
                    "start": "10.0.0.2",
                    "end": "10.0.0.254"
                }
            ],
            "host_routes": [],
            "ip_version": 4,
            "gateway_ip": "10.0.0.1",
            "cidr": "10.0.0.0/24",
            "id": "08eae331-0402-425a-923c-34f7cfe39c1b",
            "created_at": "2016-10-10T14:35:34Z",
            "description": "",
            "ipv6_address_mode": null,
            "ipv6_ra_mode": null,
            "revision_number": 2,
            "service_types": [],
            "subnetpool_id": null,
            "updated_at": "2016-10-10T14:35:34Z"
        },
        {
            "name": "my_subnet",
            "enable_dhcp": true,
            "network_id": "d32019d3-bc6e-4319-9c1d-6722fc136a22",
            "segment_id": null,
            "project_id": "4fd44f30292945e481c7b8a0c8908869",
            "tenant_id": "4fd44f30292945e481c7b8a0c8908869",
            "dns_nameservers": [],
            "allocation_pools": [
                {
                    "start": "192.0.0.2",
                    "end": "192.255.255.254"
                }
            ],
            "host_routes": [],
            "ip_version": 4,
            "gateway_ip": "192.0.0.1",
            "cidr": "192.0.0.0/8",
            "id": "54d6f61d-db07-451c-9ab3-b9609b6b6f0b",
            "created_at": "2016-10-10T14:35:47Z",
            "description": "",
            "ipv6_address_mode": null,
            "ipv6_ra_mode": null,
            "revision_number": 2,
            "service_types": [],
            "subnetpool_id": null,
            "updated_at": "2016-10-10T14:35:47Z"
        }
    ]
}
POST
/v2.0/subnets

Create subnet

Creates a subnet on a network.

OpenStack Networking does not try to derive the correct IP version from the CIDR. If you do not specify the gateway_ip attribute, OpenStack Networking allocates an address from the CIDR for the gateway for the subnet.

To specify a subnet without a gateway, set the gateway_ip attribute to null in the request body. If you do not specify the allocation_pools attribute, OpenStack Networking automatically allocates pools for covering all IP addresses in the CIDR, excluding the address reserved for the subnet gateway. Otherwise, you can explicitly specify allocation pools as shown in the following example.

When you specify both the allocation_pools and gateway_ip attributes, you must ensure that the gateway IP does not overlap with the allocation pools; otherwise, the call returns the Conflict (409) response code.

A subnet can have one or more name servers and host routes. Hosts in this subnet use the name servers. Devices with IP addresses from this subnet, not including the local subnet route, use the host routes.

Specify the ipv6_ra_mode and ipv6_address_mode attributes to create subnets that support IPv6 configurations, such as stateless address autoconfiguration (SLAAC), DHCPv6 stateful, and DHCPv6 stateless configurations.

A subnet can optionally be associated with a network segment when it is created by specifying the segment_id of a valid segment on the specified network. A network with subnets associated in this way is called a routed network. On any given network, all of the subnets must be associated with segments or none of them can be. Neutron enforces this invariant. Currently, routed networks are only supported for provider networks.

Normal response codes: 201

Error response codes: 404, 403, 401, 400, 409

Request

Name In Type Description
subnet body string A subnet object.
tenant_id (Optional) body string The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies.
project_id (Optional) body string The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies.
name (Optional) body string Human-readable name of the resource. Default is an empty string.
enable_dhcp (Optional) body boolean Indicates whether dhcp is enabled or disabled for the subnet. Default is true.
network_id body string The ID of the network to which the subnet belongs.
dns_nameservers (Optional) body array List of dns name servers associated with the subnet. Default is an empty list.
allocation_pools (Optional) body array Allocation pools with start and end IP addresses for this subnet. If allocation_pools are not specified, OpenStack Networking automatically allocates pools for covering all IP addresses in the CIDR, excluding the address reserved for the subnet gateway by default.
host_routes (Optional) body array Additional routes for the subnet. A list of dictionaries with destination and nexthop parameters. Default value is an empty list.
ip_version body integer The IP protocol version. Value is 4 or 6.
gateway_ip (Optional) body string Gateway IP of this subnet. If the value is null that implies no gateway is associated with the subnet. If the gateway_ip is not specified, OpenStack Networking allocates an address from the CIDR for the gateway for the subnet by default.
cidr body string The CIDR of the subnet.
description (Optional) body string The human-readable description for the resource.
ipv6_address_mode (Optional) body string The IPv6 address modes specifies mechanisms for assigning IP addresses. Value is slaac, dhcpv6-stateful, dhcpv6-stateless.
ipv6_ra_mode (Optional) body string The IPv6 router advertisement specifies whether the networking service should transmit ICMPv6 packets, for a subnet. Value is slaac, dhcpv6-stateful, dhcpv6-stateless.
segment_id (Optional) body string The ID of a network segment the subnet is associated with. It is available when segment extension is enabled.
subnetpool_id (Optional) body string The ID of the subnet pool associated with the subnet.

Request Example

{
    "subnet": {
        "network_id": "d32019d3-bc6e-4319-9c1d-6722fc136a22",
        "ip_version": 4,
        "cidr": "192.168.199.0/24"
    }
}

Response Parameters

Name In Type Description
subnet body string A subnet object.
id body string The ID of the subnet.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
name body string Human-readable name of the resource.
enable_dhcp body boolean Indicates whether dhcp is enabled or disabled for the subnet.
network_id body string The ID of the network to which the subnet belongs.
dns_nameservers body array List of dns name servers associated with the subnet.
allocation_pools body array Allocation pools with start and end IP addresses for this subnet.
host_routes body array Additional routes for the subnet. A list of dictionaries with destination and nexthop parameters.
ip_version body integer The IP protocol version. Value is 4 or 6.
gateway_ip body string Gateway IP of this subnet. If the value is null that implies no gateway is associated with the subnet.
cidr body string The CIDR of the subnet.
created_at body string Time at which the subnet has been created.
description body string Description of the subnet.
ipv6_address_mode body string The IPv6 address modes specifies mechanisms for assigning IP addresses. Value is slaac, dhcpv6-stateful, dhcpv6-stateless or null.
ipv6_ra_mode body string The IPv6 router advertisement specifies whether the networking service should transmit ICMPv6 packets, for a subnet. Value is slaac, dhcpv6-stateful, dhcpv6-stateless or null.
revision_number body string The revision number of the subnet.
service_types body string The service types associated with the subnet.
subnetpool_id body string The ID of the subnet pool associated with the subnet.
segment_id body string The ID of a network segment the subnet is associated with. It is available when segment extension is enabled.
updated_at body string Time at which the subnet has been updated.

Response Example

{
    "subnet": {
        "name": "",
        "enable_dhcp": true,
        "network_id": "d32019d3-bc6e-4319-9c1d-6722fc136a22",
        "segment_id": null,
        "project_id": "4fd44f30292945e481c7b8a0c8908869",
        "tenant_id": "4fd44f30292945e481c7b8a0c8908869",
        "dns_nameservers": [],
        "allocation_pools": [
            {
                "start": "192.168.199.2",
                "end": "192.168.199.254"
            }
        ],
        "host_routes": [],
        "ip_version": 4,
        "gateway_ip": "192.168.199.1",
        "cidr": "192.168.199.0/24",
        "id": "3b80198d-4f7b-4f77-9ef5-774d54e17126",
        "created_at": "2016-10-10T14:35:47Z",
        "description": "",
        "ipv6_address_mode": null,
        "ipv6_ra_mode": null,
        "revision_number": 2,
        "service_types": [],
        "subnetpool_id": null,
        "updated_at": "2016-10-10T14:35:47Z"
    }
}
POST
/v2.0/subnets

Bulk create subnet

Creates multiple subnets in a single request. Specify a list of subnets in the request body.

The bulk create operation is always atomic. Either all or no subnets in the request body are created.

Normal response codes: 201

Error response codes: 404, 403, 401, 400, 409

Request

Name In Type Description
subnets body array A list of subnet objects.
tenant_id (Optional) body string The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies.
project_id (Optional) body string The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies.
name (Optional) body string Human-readable name of the resource. Default is an empty string.
enable_dhcp (Optional) body boolean Indicates whether dhcp is enabled or disabled for the subnet. Default is true.
network_id body string The ID of the network to which the subnet belongs.
dns_nameservers (Optional) body array List of dns name servers associated with the subnet. Default is an empty list.
allocation_pools (Optional) body array Allocation pools with start and end IP addresses for this subnet. If allocation_pools are not specified, OpenStack Networking automatically allocates pools for covering all IP addresses in the CIDR, excluding the address reserved for the subnet gateway by default.
host_routes (Optional) body array Additional routes for the subnet. A list of dictionaries with destination and nexthop parameters. Default value is an empty list.
ip_version body integer The IP protocol version. Value is 4 or 6.
gateway_ip (Optional) body string Gateway IP of this subnet. If the value is null that implies no gateway is associated with the subnet. If the gateway_ip is not specified, OpenStack Networking allocates an address from the CIDR for the gateway for the subnet by default.
cidr body string The CIDR of the subnet.
description (Optional) body string The human-readable description for the resource.
ipv6_address_mode (Optional) body string The IPv6 address modes specifies mechanisms for assigning IP addresses. Value is slaac, dhcpv6-stateful, dhcpv6-stateless.
ipv6_ra_mode (Optional) body string The IPv6 router advertisement specifies whether the networking service should transmit ICMPv6 packets, for a subnet. Value is slaac, dhcpv6-stateful, dhcpv6-stateless.
segment_id (Optional) body string The ID of a network segment the subnet is associated with. It is available when segment extension is enabled.
subnetpool_id (Optional) body string The ID of the subnet pool associated with the subnet.

Request Example

{
    "subnets": [
        {
            "cidr": "192.168.199.0/24",
            "ip_version": 4,
            "network_id": "e6031bc2-901a-4c66-82da-f4c32ed89406"
        },
        {
            "cidr": "10.56.4.0/22",
            "ip_version": 4,
            "network_id": "64239a54-dcc4-4b39-920b-b37c2144effa"
        }
    ]
}

Response Parameters

Name In Type Description
subnets body array A list of subnet objects.
id body string The ID of the subnet.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
name body string Human-readable name of the resource.
enable_dhcp body boolean Indicates whether dhcp is enabled or disabled for the subnet.
network_id body string The ID of the network to which the subnet belongs.
dns_nameservers body array List of dns name servers associated with the subnet.
allocation_pools body array Allocation pools with start and end IP addresses for this subnet.
host_routes body array Additional routes for the subnet. A list of dictionaries with destination and nexthop parameters.
ip_version body integer The IP protocol version. Value is 4 or 6.
gateway_ip body string Gateway IP of this subnet. If the value is null that implies no gateway is associated with the subnet.
cidr body string The CIDR of the subnet.
created_at body string Time at which the subnet has been created.
description body string Description of the subnet.
ipv6_address_mode body string The IPv6 address modes specifies mechanisms for assigning IP addresses. Value is slaac, dhcpv6-stateful, dhcpv6-stateless or null.
ipv6_ra_mode body string The IPv6 router advertisement specifies whether the networking service should transmit ICMPv6 packets, for a subnet. Value is slaac, dhcpv6-stateful, dhcpv6-stateless or null.
revision_number body string The revision number of the subnet.
segment_id body string The ID of a network segment the subnet is associated with. It is available when segment extension is enabled.
service_types body string The service types associated with the subnet.
subnetpool_id body string The ID of the subnet pool associated with the subnet.
updated_at body string Time at which the subnet has been updated.

Response Example

{
    "subnets": [
        {
            "allocation_pools": [
                {
                    "end": "192.168.199.254",
                    "start": "192.168.199.2"
                }
            ],
            "cidr": "192.168.199.0/24",
            "dns_nameservers": [],
            "enable_dhcp": true,
            "gateway_ip": "192.168.199.1",
            "host_routes": [],
            "id": "0468a7a7-290d-4127-aedd-6c9449775a24",
            "ip_version": 4,
            "name": "",
            "network_id": "e6031bc2-901a-4c66-82da-f4c32ed89406",
            "segment_id": null,
            "project_id": "d19231fc08ec4bc4829b668040d34512",
            "tenant_id": "d19231fc08ec4bc4829b668040d34512",
            "created_at": "2016-10-10T14:35:47Z",
            "description": "",
            "ipv6_address_mode": null,
            "ipv6_ra_mode": null,
            "revision_number": 2,
            "service_types": [],
            "subnetpool_id": null,
            "updated_at": "2016-10-10T14:35:47Z"
        },
        {
            "allocation_pools": [
                {
                    "end": "10.56.7.254",
                    "start": "10.56.4.2"
                }
            ],
            "cidr": "10.56.4.0/22",
            "dns_nameservers": [],
            "enable_dhcp": true,
            "gateway_ip": "10.56.4.1",
            "host_routes": [],
            "id": "b0e7435c-1512-45fb-aa9e-9a7c5932fb30",
            "ip_version": 4,
            "name": "",
            "network_id": "64239a54-dcc4-4b39-920b-b37c2144effa",
            "segment_id": null,
            "project_id": "d19231fc08ec4bc4829b668040d34512",
            "tenant_id": "d19231fc08ec4bc4829b668040d34512",
            "created_at": "2016-10-10T14:35:34Z",
            "description": "",
            "ipv6_address_mode": null,
            "ipv6_ra_mode": null,
            "revision_number": 2,
            "service_types": [],
            "subnetpool_id": null,
            "updated_at": "2016-10-10T14:35:34Z"
        }
    ]
}
GET
/v2.0/subnets/{subnet_id}

Show subnet details

Shows details for a subnet.

Use the fields query parameter to filter the results.

Normal response codes: 200

Error response codes: 404,401

Request

Name In Type Description
subnet_id path string The ID of the subnet.

Response Parameters

Name In Type Description
subnet body string A subnet object.
id body string The ID of the subnet.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
created_at body string Time at which the subnet has been created.
name body string Human-readable name of the resource.
enable_dhcp body boolean Indicates whether dhcp is enabled or disabled for the subnet.
network_id body string The ID of the network to which the subnet belongs.
dns_nameservers body array List of dns name servers associated with the subnet.
allocation_pools body array Allocation pools with start and end IP addresses for this subnet.
host_routes body array Additional routes for the subnet. A list of dictionaries with destination and nexthop parameters.
ip_version body integer The IP protocol version. Value is 4 or 6.
gateway_ip body string Gateway IP of this subnet. If the value is null that implies no gateway is associated with the subnet.
cidr body string The CIDR of the subnet.
updated_at body string Time at which the subnet has been updated.
description body string Description of the subnet.
ipv6_address_mode body string The IPv6 address modes specifies mechanisms for assigning IP addresses. Value is slaac, dhcpv6-stateful, dhcpv6-stateless or null.
ipv6_ra_mode body string The IPv6 router advertisement specifies whether the networking service should transmit ICMPv6 packets, for a subnet. Value is slaac, dhcpv6-stateful, dhcpv6-stateless or null.
revision_number body string The revision number of the subnet.
segment_id body string The ID of a network segment the subnet is associated with. It is available when segment extension is enabled.
service_types body string The service types associated with the subnet.
subnetpool_id body string The ID of the subnet pool associated with the subnet.

Response Example

{
    "subnet": {
        "name": "my_subnet",
        "enable_dhcp": true,
        "network_id": "d32019d3-bc6e-4319-9c1d-6722fc136a22",
        "segment_id": null,
        "project_id": "4fd44f30292945e481c7b8a0c8908869",
        "tenant_id": "4fd44f30292945e481c7b8a0c8908869",
        "created_at": "2016-03-08T20:19:41",
        "dns_nameservers": [],
        "allocation_pools": [
            {
                "start": "192.0.0.2",
                "end": "192.255.255.254"
            }
        ],
        "host_routes": [],
        "ip_version": 4,
        "gateway_ip": "192.0.0.1",
        "cidr": "192.0.0.0/8",
        "updated_at": "2016-03-08T20:19:41",
        "id": "54d6f61d-db07-451c-9ab3-b9609b6b6f0b",
        "description": "",
        "ipv6_address_mode": null,
        "ipv6_ra_mode": null,
        "revision_number": 2,
        "service_types": [],
        "subnetpool_id": null
    }
}
PUT
/v2.0/subnets/{subnet_id}

Update subnet

Updates a subnet.

Some attributes, such as IP version (ip_version), CIDR (cidr), and segment (segment_id) cannot be updated. Attempting to update these attributes results in a 400 Bad Request error.

Normal response codes: 200

Error response codes: 404,403,401,400

Request

Name In Type Description
subnet_id path string The ID of the subnet.
name (Optional) body string Human-readable name of the resource.
enable_dhcp (Optional) body boolean Indicates whether dhcp is enabled or disabled for the subnet. Default is true.
dns_nameservers (Optional) body array List of dns name servers associated with the subnet. Default is an empty list.
allocation_pools (Optional) body array Allocation pools with start and end IP addresses for this subnet. If allocation_pools are not specified, OpenStack Networking automatically allocates pools for covering all IP addresses in the CIDR, excluding the address reserved for the subnet gateway by default.
host_routes (Optional) body array Additional routes for the subnet. A list of dictionaries with destination and nexthop parameters. Default value is an empty list.
gateway_ip (Optional) body string Gateway IP of this subnet. If the value is null that implies no gateway is associated with the subnet. If the gateway_ip is not specified, OpenStack Networking allocates an address from the CIDR for the gateway for the subnet by default.

Request Example

{
    "subnet": {
        "name": "my_subnet"
    }
}

Response Parameters

Name In Type Description
subnet body string A subnet object.
id body string The ID of the subnet.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
name body string Human-readable name of the resource.
enable_dhcp body boolean Indicates whether dhcp is enabled or disabled for the subnet.
network_id body string The ID of the network to which the subnet belongs.
dns_nameservers body array List of dns name servers associated with the subnet.
allocation_pools body array Allocation pools with start and end IP addresses for this subnet.
host_routes body array Additional routes for the subnet. A list of dictionaries with destination and nexthop parameters.
ip_version body integer The IP protocol version. Value is 4 or 6.
gateway_ip body string Gateway IP of this subnet. If the value is null that implies no gateway is associated with the subnet.
cidr body string The CIDR of the subnet.
created_at body string Time at which the subnet has been created.
description body string Description of the subnet.
ipv6_address_mode body string The IPv6 address modes specifies mechanisms for assigning IP addresses. Value is slaac, dhcpv6-stateful, dhcpv6-stateless or null.
ipv6_ra_mode body string The IPv6 router advertisement specifies whether the networking service should transmit ICMPv6 packets, for a subnet. Value is slaac, dhcpv6-stateful, dhcpv6-stateless or null.
revision_number body string The revision number of the subnet.
segment_id body string The ID of a network segment the subnet is associated with. It is available when segment extension is enabled.
service_types body string The service types associated with the subnet.
subnetpool_id body string The ID of the subnet pool associated with the subnet.
updated_at body string Time at which the subnet has been updated.

Response Example

{
    "subnet": {
        "name": "my_subnet",
        "enable_dhcp": true,
        "network_id": "db193ab3-96e3-4cb3-8fc5-05f4296d0324",
        "segment_id": null,
        "project_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
        "tenant_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
        "dns_nameservers": [],
        "allocation_pools": [
            {
                "start": "10.0.0.2",
                "end": "10.0.0.254"
            }
        ],
        "host_routes": [],
        "ip_version": 4,
        "gateway_ip": "10.0.0.1",
        "cidr": "10.0.0.0/24",
        "id": "08eae331-0402-425a-923c-34f7cfe39c1b"
    }
}
DELETE
/v2.0/subnets/{subnet_id}

Delete subnet

Deletes a subnet.

The operation fails if subnet IP addresses are still allocated.

Normal response codes: 204

Error response codes: 404, 401

Request

Name In Type Description
subnet_id path string The ID of the subnet.

Response

There is no body content for the response of a successful DELETE request.

Security

FWaaS v1.0 (DEPRECATED) (fw, firewalls, firewall_policies, firewall_rules)

Use the Firewall-as-a-Service (FWaaS) v1.0 extension to deploy firewalls to protect your networks.

The FWaaS extension enables you to:

  • Apply firewall rules on traffic entering and leaving project networks.
  • Apply TCP, UDP, ICMP, or protocol-agnostic rules.
  • Create and share firewall policies that hold an ordered collection of the firewall rules.
  • Audit firewall rules and policies.

This extension introduces these resources:

  • firewall. A logical firewall resource that a project can instantiate and manage. A firewall can have one firewall policy.
  • firewall_policy. An ordered collection of firewall rules. You can share a firewall policy across projects. You can include a firewall policy as part of an audit workflow so that an authorized relevant entity can audit the firewall policy. This entity can differ from the user who created, or the projects that use, the firewall policy.
  • firewall_rule. A collection of attributes, such as ports and IP addresses. These attributes define match criteria and an action to take, such as allow or deny, on matched data traffic.
GET
/v2.0/fw/firewall_policies

List firewall policies

Lists all firewall policies.

Use the fields query parameter to control which fields are returned in the response body. Additionally, you can filter results by using query string parameters. For information, see Filtering and Column Selection.

Normal response codes: 200

Error response codes: 401, 403

Request

Name In Type Description
fields (Optional) query string The fields that you want the server to return. If no fields query parameter is specified, the networking API returns all attributes allowed by the policy settings. By using fields parameter, the API returns only the requested set of attributes. fields parameter can be specified multiple times. For example, if you specify fields=id&fields=name in the request URL, only id and name attributes will be returned.

Response Parameters

Name In Type Description
tenant_id body string The ID of the project.
firewall_policies body array A list of firewall_policy objects.
audited body boolean Each time that the firewall policy or its associated rules are changed, the API sets this attribute to false. To audit the policy, explicitly set this attribute to true.
description body string The human-readable description for the resource.
firewall_rules body array A list of the IDs for firewall rule associated with the firewall policy.
id body string The ID of the policy that is associated with the firewall.
name body string Human-readable name of the resource.
shared body boolean Admin-only. Indicates whether this network is shared across all tenants.
tenant_id body string The ID of the project.

Response Example

{
    "firewall_policies": [
        {
            "audited": false,
            "description": "",
            "firewall_rules": [
                "8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
            ],
            "id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
            "name": "test-policy",
            "shared": false,
            "project_id": "45977fa2dbd7482098dd68d0d8970117",
            "tenant_id": "45977fa2dbd7482098dd68d0d8970117"
        }
    ]
}
POST
/v2.0/fw/firewall_policies

Create firewall policy

Creates a firewall policy.

Normal response codes: 201

Error response codes: 400, 401

Request

Name In Type Description
firewall_policy body object A firewall_policy object.
firewall_rules_id (Optional) body array A list of rules to associate with the firewall policy.
name body string Human-readable name of the resource.
tenant_id body string The ID of the project.
project_id body string The ID of the project.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
audited body boolean Each time that the firewall policy or its associated rules are changed, the API sets this attribute to false. To audit the policy, explicitly set this attribute to true.
description (Optional) body string The human-readable description for the resource.

Request Example

{
    "firewall_policy": {
        "firewall_rules": [
            "8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
        ],
        "name": "test-policy"
    }
}

Response Parameters

Name In Type Description
firewall_policy body object A firewall_policy object.
name body string Human-readable name of the resource.
firewall_rules body array A list of the IDs for firewall rule associated with the firewall policy.
tenant_id body string The ID of the project.
project_id body string The ID of the project.
audited body boolean Each time that the firewall policy or its associated rules are changed, the API sets this attribute to false. To audit the policy, explicitly set this attribute to true.
shared body boolean Admin-only. Indicates whether this network is shared across all tenants.
id body string The ID of the policy that is associated with the firewall.
description body string The human-readable description for the resource.
GET
/v2.0/fw/firewall_policies/{firewall_policy_id}

Show firewall policy details

Shows details for a firewall policy.

If the user is not an administrative user and the firewall policy object does not belong to the project, this call returns the Forbidden (403) response code.

Normal response codes: 200

Error response codes: 401, 403, 404

Request

Name In Type Description
firewall_policy_id path string The ID of the firewall policy.

Response Parameters

Name In Type Description
firewall_policy body object A firewall_policy object.
tenant_id body string The ID of the project.
project_id body string The ID of the project.
audited body boolean Each time that the firewall policy or its associated rules are changed, the API sets this attribute to false. To audit the policy, explicitly set this attribute to true.
description body string The human-readable description for the resource.
firewall_rules body array A list of the IDs for firewall rule associated with the firewall policy.
id body string The ID of the policy that is associated with the firewall.
name body string Human-readable name of the resource.
shared body boolean Admin-only. Indicates whether this network is shared across all tenants.

Response Example

{
    "firewall_policy": {
        "audited": false,
        "description": "",
        "firewall_rules": [
            "8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
        ],
        "id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
        "name": "test-policy",
        "shared": false,
        "project_id": "45977fa2dbd7482098dd68d0d8970117",
        "tenant_id": "45977fa2dbd7482098dd68d0d8970117"
    }
}
PUT
/v2.0/fw/firewall_policies/{firewall_policy_id}

Update firewall policy

Updates a firewall policy.

Normal response codes: 200

Error response codes: 400, 401, 404

Request

Name In Type Description
firewall_policy_id path string The ID of the firewall policy.
firewall_rule body object A firewall_rule object.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
audited body boolean Each time that the firewall policy or its associated rules are changed, the API sets this attribute to false. To audit the policy, explicitly set this attribute to true.
description (Optional) body string The human-readable description for the resource.
name body string Human-readable name of the resource.

Request Example

{
    "firewall_policy": {
        "firewall_rules": [
            "a08ef905-0ff6-4784-8374-175fffe7dade",
            "8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
        ]
    }
}

Response Parameters

Name In Type Description
firewall_policy body object A firewall_policy object.
project_id body string The ID of the project.
audited body boolean Each time that the firewall policy or its associated rules are changed, the API sets this attribute to false. To audit the policy, explicitly set this attribute to true.
description body string The human-readable description for the resource.
firewall_rules body array A list of the IDs for firewall rule associated with the firewall policy.
id body string The ID of the policy that is associated with the firewall.
name body string Human-readable name of the resource.
shared body boolean Admin-only. Indicates whether this network is shared across all tenants.
tenant_id body string The ID of the project.

Response Example

{
    "firewall_policy": {
        "audited": false,
        "description": "",
        "firewall_rules": [
            "a08ef905-0ff6-4784-8374-175fffe7dade",
            "8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
        ],
        "id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
        "name": "test-policy",
        "shared": false,
        "project_id": "45977fa2dbd7482098dd68d0d8970117",
        "tenant_id": "45977fa2dbd7482098dd68d0d8970117"
    }
}
DELETE
/v2.0/fw/firewall_policies/{firewall_policy_id}

Delete firewall policy

Deletes a firewall policy.

Normal response codes: 204

Error response codes: 401, 404, 409

Request

Name In Type Description
firewall_policy_id path string The ID of the firewall policy.

Response

There is no body content for the response of a successful DELETE request.

PUT
/v2.0/fw/firewall_policies/{firewall_policy_id}/insert_rule

Insert rule into a firewall policy

Insert firewall rule into a policy.

A firewall_rule_id is inserted relative to the position of the firewall_rule_id set in insert_before or insert_after. If insert_before is set, insert_after is ignored. If both insert_before and insert_after are not set, the new firewall_rule_id is inserted at the top of the policy.

Normal response codes: 200

Error response codes: 400, 401, 404, 409

Request

Name In Type Description
firewall_policy_id path string The ID of the firewall policy.
firewall_rule_id body string The ID of the firewall rule.
insert_after (Optional) body string The ID of the firewall_rule. A new firewall_rule will be inserted after this firewall_rule.
insert_before (Optional) body string The ID of the firewall_rule. A new firewall_rule will be inserted before this firewall_rule.

Request Example

{
    "firewall_rule_id": "7bc34b8c-8d3b-4ada-a9c8-1f4c11c65692",
    "insert_after": "a08ef905-0ff6-4784-8374-175fffe7dade",
    "insert_before": ""
}

Response Parameters

Name In Type Description
audited body boolean Each time that the firewall policy or its associated rules are changed, the API sets this attribute to false. To audit the policy, explicitly set this attribute to true.
description body string The human-readable description for the resource.
firewall_list body array A list of the IDs for firewall associated with the firewall policy.
firewall_rules body array A list of the IDs for firewall rule associated with the firewall policy.
tenant_id body string The ID of the project.
project_id body string The ID of the project.
id body string The ID of the policy that is associated with the firewall.
name body string Human-readable name of the resource.
shared body boolean Admin-only. Indicates whether this network is shared across all tenants.

Response Example

{
    "audited": false,
    "description": "",
    "firewall_list": [],
    "firewall_rules": [
        "a08ef905-0ff6-4784-8374-175fffe7dade",
        "7bc34b8c-8d3b-4ada-a9c8-1f4c11c65692",
        "8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
    ],
    "id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
    "name": "test-policy",
    "shared": false,
    "project_id": "45977fa2dbd7482098dd68d0d8970117",
    "tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
PUT
/v2.0/fw/firewall_policies/{firewall_policy_id}/remove_rule

Remove rule from firewall policy

Remove firewall rule from a policy.

Normal response codes: 200

Error response codes: 400, 401, 404

Request

Name In Type Description
firewall_policy_id path string The ID of the firewall policy.
firewall_rule_id body string The ID of the firewall rule.

Request Example

{
    "firewall_rule_id": "7bc34b8c-8d3b-4ada-a9c8-1f4c11c65692"
}

Response Parameters

Name In Type Description
tenant_id body string The ID of the project.
project_id body string The ID of the project.
audited body boolean Each time that the firewall policy or its associated rules are changed, the API sets this attribute to false. To audit the policy, explicitly set this attribute to true.
description body string The human-readable description for the resource.
firewall_list body array A list of the IDs for firewall associated with the firewall policy.
firewall_rules body array A list of the IDs for firewall rule associated with the firewall policy.
id body string The ID of the firewall.
name body string Human-readable name of the resource.
shared body boolean Admin-only. Indicates whether this network is shared across all tenants.

Response Example

{
    "audited": false,
    "description": "",
    "firewall_list": [],
    "firewall_rules": [
        "a08ef905-0ff6-4784-8374-175fffe7dade",
        "8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
    ],
    "id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
    "name": "test-policy",
    "shared": false,
    "project_id": "45977fa2dbd7482098dd68d0d8970117",
    "tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
GET
/v2.0/fw/firewall_rules

List firewall rules

Lists all firewall rules.

The list might be empty.

Normal response codes: 200

Error response codes: 401, 403

Request

Response Parameters

Name In Type Description
firewall_rule body object A firewall_rule object.
action body string The action that the API performs on traffic that matches the firewall rule. Valid value is allow, deny or reject. Default is deny.
description body string The human-readable description for the resource.
tenant_id body string The ID of the project.
project_id body string The ID of the project.
destination_ip_address body string The destination IPv4 or IPv6 address or CIDR. No default.
destination_port body string The destination port or port range. A valid value is a port number, as an integer, or a port range, in the format of a : separated range. For a port range, include both ends of the range. For example, 80:90.
enabled body boolean Set to false to disable this rule in the firewall policy. Facilitates selectively turning off rules without having to disassociate the rule from the firewall policy. Valid value is true or false. Default is true.
firewall_policy_id body string The ID of the policy that is associated with the firewall.
id body string The ID of the firewall.
ip_version body integer The IP protocol version. Valid value is 4 or 6. Default is 4.
name body string Human-readable name of the resource.
position body integer Read-only attribute that the API assigns to this rule when it associates it with a firewall policy. This value indicates the position of this rule in that firewall policy. This position number starts at 1. If the firewall rule is not associated with any policy, the position is null.
protocol body string The IP protocol. Valid value is icmp, tcp, udp, or null. No default.
shared body boolean Admin-only. Indicates whether this network is shared across all tenants.
source_ip_address (Optional) body string The source IPv4 or IPv6 address or CIDR.
source_port (Optional) body string The source port or port range. A valid value is a port number, as an integer, or a port range, in the format of a : separated range. For a port range, include both ends of the range. For example, 80:90.

Response Example

{
    "firewall_rules": [
        {
            "action": "allow",
            "description": "",
            "destination_ip_address": null,
            "destination_port": "80",
            "enabled": true,
            "firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
            "id": "8722e0e0-9cc9-4490-9660-8c9a5732fbb0",
            "ip_version": 4,
            "name": "ALLOW_HTTP",
            "position": 1,
            "protocol": "tcp",
            "shared": false,
            "source_ip_address": null,
            "source_port": null,
            "project_id": "45977fa2dbd7482098dd68d0d8970117",
            "tenant_id": "45977fa2dbd7482098dd68d0d8970117"
        }
    ]
}
POST
/v2.0/fw/firewall_rules

Create firewall rule

Creates a firewall rule.

Normal response codes: 201

Error response codes: 400, 401

Request

Name In Type Description
firewall_rule body object A firewall_rule object.
action (Optional) body string The action that the API performs on traffic that matches the firewall rule. Valid value is allow or deny. Default is deny.
destination_port (Optional) body string The destination port or port range. A valid value is a port number, as an integer, or a port range, in the format of a : separated range. For a port range, include both ends of the range. For example, 80:90.
enabled (Optional) body boolean Set to false to disable this rule in the firewall policy. Facilitates selectively turning off rules without having to disassociate the rule from the firewall policy. Valid value is true or false. Default is true.
description (Optional) body string The human-readable description for the resource.
tenant_id body string The ID of the project.
project_id body string The ID of the project.
enabled (Optional) body boolean Set to false to disable this rule in the firewall policy. Facilitates selectively turning off rules without having to disassociate the rule from the firewall policy. Valid value is true or false. Default is true.
name body string Human-readable name of the resource.
protocol (Optional) body string The IP protocol. Valid value is icmp, tcp, udp, or null. No default.
ip_version (Optional) body integer The IP protocol version. Valid value is 4 or 6. Default is 4.
destination_ip_address (Optional) body string The destination IPv4 or IPv6 address or CIDR. No default.
source_port body string The source port or port range. A valid value is a port number, as an integer, or a port range, in the format of a : separated range. For a port range, include both ends of the range. For example, 80:90.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.

Request Example

{
    "firewall_rule": {
        "action": "allow",
        "destination_port": "80",
        "enabled": true,
        "name": "ALLOW_HTTP",
        "protocol": "tcp"
    }
}

Response Parameters

Name In Type Description
firewall_rule body object A firewall_rule object.
action body string The action that the API performs on traffic that matches the firewall rule. Valid value is allow, deny or reject. Default is deny.
description body string The human-readable description for the resource.
tenant_id body string The ID of the project.
project_id body string The ID of the project.
destination_ip_address body string The destination IPv4 or IPv6 address or CIDR. No default.
destination_port body string The destination port or port range. A valid value is a port number, as an integer, or a port range, in the format of a : separated range. For a port range, include both ends of the range. For example, 80:90.
enabled body boolean Set to false to disable this rule in the firewall policy. Facilitates selectively turning off rules without having to disassociate the rule from the firewall policy. Valid value is true or false. Default is true.
firewall_policy_id body string The ID of the policy that is associated with the firewall.
id body string The ID of the firewall.
ip_version body integer The IP protocol version. Valid value is 4 or 6. Default is 4.
name body string Human-readable name of the resource.
position body integer Read-only attribute that the API assigns to this rule when it associates it with a firewall policy. This value indicates the position of this rule in that firewall policy. This position number starts at 1. If the firewall rule is not associated with any policy, the position is null.
protocol body string The IP protocol. Valid value is icmp, tcp, udp, or null. No default.
shared body boolean Admin-only. Indicates whether this network is shared across all tenants.
source_ip_address (Optional) body string The source IPv4 or IPv6 address or CIDR.
source_port (Optional) body string The source port or port range. A valid value is a port number, as an integer, or a port range, in the format of a : separated range. For a port range, include both ends of the range. For example, 80:90.

Response Example

{
    "firewall_rule": {
        "action": "allow",
        "description": "",
        "destination_ip_address": null,
        "destination_port": "80",
        "enabled": true,
        "firewall_policy_id": null,
        "id": "8722e0e0-9cc9-4490-9660-8c9a5732fbb0",
        "ip_version": 4,
        "name": "ALLOW_HTTP",
        "position": null,
        "protocol": "tcp",
        "shared": false,
        "source_ip_address": null,
        "source_port": null,
        "project_id": "45977fa2dbd7482098dd68d0d8970117",
        "tenant_id": "45977fa2dbd7482098dd68d0d8970117"
    }
}
GET
/v2.0/fw/firewall_rules/{firewall_rule_id}

Show firewall rule details

Shows details for a firewall rule.

If the user is not an administrative user and the firewall rule object does not belong to the project, this call returns the Forbidden (403) response code.

Normal response codes: 200

Error response codes: 401, 403, 404

Request

Name In Type Description
firewall_rule_id path string The ID for the firewall rule.

Response Parameters

Name In Type Description
firewall_rule body object A firewall_rule object.
action body string The action that the API performs on traffic that matches the firewall rule. Valid value is allow, deny or reject. Default is deny.
description body string The human-readable description for the resource.
tenant_id body string The ID of the project.
project_id body string The ID of the project.
destination_ip_address body string The destination IPv4 or IPv6 address or CIDR. No default.
destination_port body string The destination port or port range. A valid value is a port number, as an integer, or a port range, in the format of a : separated range. For a port range, include both ends of the range. For example, 80:90.
enabled body boolean Set to false to disable this rule in the firewall policy. Facilitates selectively turning off rules without having to disassociate the rule from the firewall policy. Valid value is true or false. Default is true.
firewall_policy_id (Optional) body string Read-only attribute that the API populates with the ID of the firewall policy when you associate this firewall rule with a policy. You can associate a firewall rule with one policy at a time. You can update this association can to a different firewall policy. If you do not associate the rule with any policy, this attribute is null.
id body string The ID of the firewall rule.
ip_version body integer The IP protocol version. Valid value is 4 or 6. Default is 4.
name body string Human-readable name of the resource.
position body integer Read-only attribute that the API assigns to this rule when it associates it with a firewall policy. This value indicates the position of this rule in that firewall policy. This position number starts at 1. If the firewall rule is not associated with any policy, the position is null.
protocol body string The IP protocol. Valid value is icmp, tcp, udp, or null. No default.
shared body boolean Admin-only. Indicates whether this network is shared across all tenants.
source_ip_address (Optional) body string The source IPv4 or IPv6 address or CIDR.
source_port (Optional) body string The source port or port range. A valid value is a port number, as an integer, or a port range, in the format of a : separated range. For a port range, include both ends of the range. For example, 80:90.

Response Example

{
    "firewall_rule": {
        "action": "allow",
        "description": "",
        "destination_ip_address": null,
        "destination_port": "80",
        "enabled": true,
        "firewall_policy_id": null,
        "id": "8722e0e0-9cc9-4490-9660-8c9a5732fbb0",
        "ip_version": 4,
        "name": "ALLOW_HTTP",
        "position": null,
        "protocol": "tcp",
        "shared": false,
        "source_ip_address": null,
        "source_port": null,
        "project_id": "45977fa2dbd7482098dd68d0d8970117",
        "tenant_id": "45977fa2dbd7482098dd68d0d8970117"
    }
}
PUT
/v2.0/fw/firewall_rules/{firewall_rule_id}

Update firewall rule

Updates a firewall rule.

Normal response codes: 200

Error response codes: 400, 401, 404

Request

Name In Type Description
firewall_rule_id path string The ID for the firewall rule.
firewall_rule body object A firewall_rule object.
shared (Optional) body boolean Admin-only. Indicates whether this network is shared across all projects.
description (Optional) body string The human-readable description for the resource.
tenant_id body string The ID of the project.
project_id body string The ID of the project.
enabled (Optional) body boolean Set to false to disable this rule in the firewall policy. Facilitates selectively turning off rules without having to disassociate the rule from the firewall policy. Valid value is true or false. Default is true.
ip_version (Optional) body integer The IP protocol version. Valid value is 4 or 6. Default is 4.
destination_ip_address (Optional) body string The destination IPv4 or IPv6 address or CIDR. No default.
source_port body string The source port or port range. A valid value is a port number, as an integer, or a port range, in the format of a : separated range. For a port range, include both ends of the range. For example, 80:90.
action (Optional) body string The action that the API performs on traffic that matches the firewall rule. Valid value is allow or deny. Default is deny.
protocol (Optional) body string The IP protocol. Valid value is icmp, tcp, udp, or null. No default.
destination_port (Optional) body string The destination port or port range. A valid value is a port number, as an integer, or a port range, in the format of a : separated range. For a port range, include both ends of the range. For example, 80:90.
name body string Human-readable name of the resource.

Request Example

{
    "firewall_rule": {
        "shared": "true"
    }
}

Response Parameters

Name In Type Description
firewall_rule body object A firewall_rule object.
action body string The action that the API performs on traffic that matches the firewall rule. Valid value is allow, deny or reject. Default is deny.
description body string The human-readable description for the resource.
source_ip_address (Optional) body string The source IPv4 or IPv6 address or CIDR.
tenant_id body string The ID of the project.
project_id body string The ID of the project.
enabled (Optional) body boolean Set to false to disable this rule in the firewall policy. Facilitates selectively turning off rules without having to disassociate the rule from the firewall policy. Valid value is true or false. Default is true.
protocol (Optional) body string The IP protocol. Valid value is icmp, tcp, udp, or null. No default.
source_port body string The source port or port range. A valid value is a port number, as an integer, or a port range, in the format of a : separated range. For a port range, include both ends of the range. For example, 80:90.
ip_version (Optional) body integer The IP protocol version. Valid value is 4 or 6. Default is 4.
destination_ip_address body string The destination IPv4 or IPv6 address or CIDR. No default.
destination_port body string The destination port or port range. A valid value is a port number, as an integer, or a port range, in the format of a : separated range. For a port range, include both ends of the range. For example, 80:90.
enabled body boolean Set to false to disable this rule in the firewall policy. Facilitates selectively turning off rules without having to disassociate the rule from the firewall policy. Valid value is true or false. Default is true.
firewall_policy_id (Optional) body string Read-only attribute that the API populates with the ID of the firewall policy when you associate this firewall rule with a policy. You can associate a firewall rule with one policy at a time. You can update this association can to a different firewall policy. If you do not associate the rule with any policy, this attribute is null.
id body string The ID of the firewall rule.
ip_version body integer The IP protocol version. Valid value is 4 or 6. Default is 4.
name body string Human-readable name of the resource.
position body integer Read-only attribute that the API assigns to this rule when it associates it with a firewall policy. This value indicates the position of this rule in that firewall policy. This position number starts at 1. If the firewall rule is not associated with any policy, the position is null.
protocol body string The IP protocol. Valid value is icmp, tcp, udp, or null. No default.
shared body boolean Admin-only. Indicates whether this network is shared across all tenants.
source_ip_address (Optional) body string The source IPv4 or IPv6 address or CIDR.
source_port (Optional) body string The source port or port range. A valid value is a port number, as an integer, or a port range, in the format of a : separated range. For a port range, include both ends of the range. For example, 80:90.

Response Example

{
    "firewall_rule": {
        "action": "allow",
        "description": "",
        "destination_ip_address": null,
        "destination_port": "80",
        "enabled": true,
        "firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
        "id": "8722e0e0-9cc9-4490-9660-8c9a5732fbb0",
        "ip_version": 4,
        "name": "ALLOW_HTTP",
        "position": 1,
        "protocol": "tcp",
        "shared": true,
        "source_ip_address": null,
        "source_port": null,
        "project_id": "45977fa2dbd7482098dd68d0d8970117",
        "tenant_id": "45977fa2dbd7482098dd68d0d8970117"
    }
}
DELETE
/v2.0/fw/firewall_rules/{firewall_rule_id}

Delete firewall rule

Deletes a firewall rule.

Normal response codes: 204

Error response codes: 401, 404, 409

Request

Name In Type Description
firewall_rule_id path string The ID for the firewall rule.

Response

There is no body content for the response of a successful DELETE request.

GET
/v2.0/fw/firewalls

List firewalls

Lists all firewalls.

The list might be empty.

Normal response codes: 200

Error response codes: 401, 403

Request

Response Parameters

Name In Type Description
firewalls body array A list of firewall_rule objects.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id body string The ID of the project.
project_id body string The ID of the project.
description body string The human-readable description for the resource.
firewall_policy_id body string The ID of the policy that is associated with the firewall.
id body string The ID of the firewall.
name body string Human-readable name of the resource.
status body string The network status.

Response Example

{
    "firewalls": [
        {
            "admin_state_up": true,
            "description": "",
            "firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
            "id": "3b0ef8f4-82c7-44d4-a4fb-6177f9a21977",
            "name": "",
            "status": "ACTIVE",
            "router_ids": [
                "650bfd2f-7766-4a0d-839f-218f33e16998"
            ],
            "project_id": "45977fa2dbd7482098dd68d0d8970117",
            "tenant_id": "45977fa2dbd7482098dd68d0d8970117"
        }
    ]
}
POST
/v2.0/fw/firewalls

Create firewall

Creates a firewall.

The firewall must be associated with a firewall policy.

If admin_state_up is false, the firewall would block all traffic.

Normal response codes: 201

Error response codes: 400, 401

Request

Name In Type Description
firewall body object A firewall object.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
firewall_policy_id body string The ID of the policy that is associated with the firewall.
description (Optional) body string The human-readable description for the resource.
name body string Human-readable name of the resource.
router_ids (Optional) body array A list of IDs for routers that are associated with the firewall.

Request Example

{
    "firewall": {
        "admin_state_up": true,
        "firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c"
    }
}

Response Parameters

Name In Type Description
firewall body object A firewall object.
tenant_id body string The ID of the project.
project_id body string The ID of the project.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
description body string The human-readable description for the resource.
firewall_policy_id body string The ID of the policy that is associated with the firewall.
id body string The ID of the firewall.
name body string Human-readable name of the resource.
status body string The network status.
router_ids body array A list of IDs for routers that are associated with the firewall.

Response Example

{
    "firewall": {
        "admin_state_up": true,
        "description": "",
        "firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
        "id": "3b0ef8f4-82c7-44d4-a4fb-6177f9a21977",
        "name": "",
        "status": "PENDING_CREATE",
        "router_ids": [
            "650bfd2f-7766-4a0d-839f-218f33e16998"
        ],
        "project_id": "45977fa2dbd7482098dd68d0d8970117",
        "tenant_id": "45977fa2dbd7482098dd68d0d8970117"
    }
}
GET
/v2.0/fw/firewalls/{firewall_id}

Show firewall details

Shows details for a firewall.

If the user is not an administrative user and the firewall object does not belong to the project, this call returns the Forbidden (403) response code.

Normal response codes: 200

Error response codes: 401, 403, 404

Request

Name In Type Description
firewall_id path string The ID of the firewall.

Response Parameters

Name In Type Description
firewall body object A firewall object.
tenant_id body string The ID of the project.
project_id body string The ID of the project.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
description body string The human-readable description for the resource.
status body string The network status.
firewall_policy_id (Optional) body string Read-only attribute that the API populates with the ID of the firewall policy when you associate this firewall rule with a policy. You can associate a firewall rule with one policy at a time. You can update this association can to a different firewall policy. If you do not associate the rule with any policy, this attribute is null.
id body string The ID of the firewall rule.
name body string Human-readable name of the resource.
status body string The network status.
router_ids body array A list of IDs for routers that are associated with the firewall.

Response Example

{
    "firewall": {
        "admin_state_up": true,
        "description": "",
        "firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
        "id": "3b0ef8f4-82c7-44d4-a4fb-6177f9a21977",
        "name": "",
        "status": "ACTIVE",
        "router_ids": [
            "650bfd2f-7766-4a0d-839f-218f33e16998"
        ],
        "project_id": "45977fa2dbd7482098dd68d0d8970117",
        "tenant_id": "45977fa2dbd7482098dd68d0d8970117"
    }
}
PUT
/v2.0/fw/firewalls/{firewall_id}

Update firewall

Updates a firewall.

To update a service, the service status cannot be a PENDING_* status.

Normal response codes: 200

Error response codes: 400, 401, 404

Request

Name In Type Description
firewall_id path string The ID of the firewall.
firewall body object A firewall object.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
description (Optional) body string The human-readable description for the resource.
firewall_policy_id body string The ID of the policy that is associated with the firewall.
name body string Human-readable name of the resource.
router_ids (Optional) body array A list of IDs for routers that are associated with the firewall.

Request Example

{
    "firewall": {
        "admin_state_up": "false"
    }
}

Response Parameters

Name In Type Description
firewall body object A firewall object.
tenant_id body string The ID of the project.
project_id body string The ID of the project.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
description body string The human-readable description for the resource.
status body string The network status.
firewall_policy_id body string The ID of the policy that is associated with the firewall.
id body string The ID of the firewall.
name body string Human-readable name of the resource.
status body string The network status.
router_ids body array A list of IDs for routers that are associated with the firewall.

Response Example

{
    "firewall": {
        "admin_state_up": false,
        "description": "",
        "firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
        "id": "3b0ef8f4-82c7-44d4-a4fb-6177f9a21977",
        "name": "",
        "status": "PENDING_UPDATE",
        "router_ids": [
            "650bfd2f-7766-4a0d-839f-218f33e16998"
        ],
        "project_id": "45977fa2dbd7482098dd68d0d8970117",
        "tenant_id": "45977fa2dbd7482098dd68d0d8970117"
    }
}
DELETE
/v2.0/fw/firewalls/{firewall_id}

Delete firewall

Deletes a firewall.

Normal response codes: 204

Error response codes: 401, 404, 409

Request

Name In Type Description
firewall_id path string The ID of the firewall.

Response

There is no body content for the response of a successful DELETE request.

Security group rules (security-group-rules)

Lists, creates, shows information for, and deletes security group rules.

GET
/v2.0/security-group-rules/{security-group-rules-id}

Show security group rule

Shows detailed information for a security group rule.

The response body contains the following information about the security group rule:

Normal response codes: 200

Error response codes: 404,401

Request

Response Parameters

Name In Type Description
remote_group_id (Optional) body string The remote group UUID to associate with this security group rule. You can specify either the remote_group_id or remote_ip_prefix attribute in the request body.
direction body string Ingress or egress, which is the direction in which the metering rule is applied.
protocol (Optional) body string The IP protocol. Valid value is icmp, tcp, udp, or null. No default.
ethertype (Optional) body string Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules.
port_range_max (Optional) body integer The maximum port number in the range that is matched by the security group rule. The port_range_min attribute constrains the port_range_max attribute. If the protocol is ICMP, this value must be an ICMP type.
security_group_id body string The security group UUID to associate with this security group rule.
security_group_rule body object A security_group_rule object.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
port_range_min (Optional) body integer The minimum port number in the range that is matched by the security group rule. If the protocol is TCP or UDP, this value must be less than or equal to the port_range_max attribute value. If the protocol is ICMP, this value must be an ICMP type.
remote_ip_prefix body string The remote IP prefix to associate with this metering rule packet.
id body string The UUID of the network.

Response Example

{
    "security_group_rule": {
        "direction": "egress",
        "ethertype": "IPv6",
        "id": "3c0e45ff-adaf-4124-b083-bf390e5482ff",
        "port_range_max": null,
        "port_range_min": null,
        "protocol": null,
        "remote_group_id": null,
        "remote_ip_prefix": null,
        "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
        "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
        "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
    }
}
DELETE
/v2.0/security-group-rules/{security-group-rules-id}

Delete security group rule

Deletes a rule from an OpenStack Networking security group.

Error response codes: 404,204,401

Request

GET
/v2.0/security-group-rules

List security group rules

Lists a summary of all OpenStack Networking security group rules that the project has access to.

The list provides the UUID for each security group rule.

Normal response codes: 200

Error response codes: 401

Request

Response Parameters

Name In Type Description
remote_group_id (Optional) body string The remote group UUID to associate with this security group rule. You can specify either the remote_group_id or remote_ip_prefix attribute in the request body.
direction body string Ingress or egress, which is the direction in which the metering rule is applied.
protocol (Optional) body string The IP protocol. Valid value is icmp, tcp, udp, or null. No default.
ethertype (Optional) body string Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules.
port_range_max (Optional) body integer The maximum port number in the range that is matched by the security group rule. The port_range_min attribute constrains the port_range_max attribute. If the protocol is ICMP, this value must be an ICMP type.
security_group_rules body array A list of security_group_rule objects.
security_group_id body string The security group UUID to associate with this security group rule.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
port_range_min (Optional) body integer The minimum port number in the range that is matched by the security group rule. If the protocol is TCP or UDP, this value must be less than or equal to the port_range_max attribute value. If the protocol is ICMP, this value must be an ICMP type.
remote_ip_prefix body string The remote IP prefix to associate with this metering rule packet.
id body string The UUID of the network.

Response Example

{
    "security_group_rules": [
        {
            "direction": "egress",
            "ethertype": "IPv6",
            "id": "3c0e45ff-adaf-4124-b083-bf390e5482ff",
            "port_range_max": null,
            "port_range_min": null,
            "protocol": null,
            "remote_group_id": null,
            "remote_ip_prefix": null,
            "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
            "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
            "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
        },
        {
            "direction": "egress",
            "ethertype": "IPv4",
            "id": "93aa42e5-80db-4581-9391-3a608bd0e448",
            "port_range_max": null,
            "port_range_min": null,
            "protocol": null,
            "remote_group_id": null,
            "remote_ip_prefix": null,
            "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
            "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
            "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
        },
        {
            "direction": "ingress",
            "ethertype": "IPv6",
            "id": "c0b09f00-1d49-4e64-a0a7-8a186d928138",
            "port_range_max": null,
            "port_range_min": null,
            "protocol": null,
            "remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
            "remote_ip_prefix": null,
            "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
            "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
            "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
        },
        {
            "direction": "ingress",
            "ethertype": "IPv4",
            "id": "f7d45c89-008e-4bab-88ad-d6811724c51c",
            "port_range_max": null,
            "port_range_min": null,
            "protocol": null,
            "remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
            "remote_ip_prefix": null,
            "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
            "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
            "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
        }
    ]
}
POST
/v2.0/security-group-rules

Create security group rule

Creates an OpenStack Networking security group rule.

Error response codes: 201,404,409,401,400

Request

Name In Type Description
remote_group_id (Optional) body string The remote group UUID to associate with this security group rule. You can specify either the remote_group_id or remote_ip_prefix attribute in the request body.
direction body string Ingress or egress, which is the direction in which the metering rule is applied.
protocol (Optional) body string The IP protocol. Valid value is icmp, tcp, udp, or null. No default.
ethertype (Optional) body string Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules.
port_range_max (Optional) body integer The maximum port number in the range that is matched by the security group rule. The port_range_min attribute constrains the port_range_max attribute. If the protocol is ICMP, this value must be an ICMP type.
security_group_id body string The security group UUID to associate with this security group rule.
security_group_rule body object A security_group_rule object.
port_range_min (Optional) body integer The minimum port number in the range that is matched by the security group rule. If the protocol is TCP or UDP, this value must be less than or equal to the port_range_max attribute value. If the protocol is ICMP, this value must be an ICMP type.
remote_ip_prefix body string The remote IP prefix to associate with this metering rule packet.

Request Example

{
    "security_group_rule": {
        "direction": "ingress",
        "port_range_min": "80",
        "ethertype": "IPv4",
        "port_range_max": "80",
        "protocol": "tcp",
        "remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
        "security_group_id": "a7734e61-b545-452d-a3cd-0189cbd9747a"
    }
}

Response Parameters

Name In Type Description
remote_group_id (Optional) body string The remote group UUID to associate with this security group rule. You can specify either the remote_group_id or remote_ip_prefix attribute in the request body.
direction body string Ingress or egress, which is the direction in which the metering rule is applied.
protocol (Optional) body string The IP protocol. Valid value is icmp, tcp, udp, or null. No default.
ethertype (Optional) body string Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules.
port_range_max (Optional) body integer The maximum port number in the range that is matched by the security group rule. The port_range_min attribute constrains the port_range_max attribute. If the protocol is ICMP, this value must be an ICMP type.
security_group_id body string The security group UUID to associate with this security group rule.
security_group_rule body object A security_group_rule object.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
port_range_min (Optional) body integer The minimum port number in the range that is matched by the security group rule. If the protocol is TCP or UDP, this value must be less than or equal to the port_range_max attribute value. If the protocol is ICMP, this value must be an ICMP type.
remote_ip_prefix body string The remote IP prefix to associate with this metering rule packet.
id body string The UUID of the network.

Security groups (security-groups)

Lists, creates, shows information for, updates, and deletes security groups.

GET
/v2.0/security-groups/{security_group_id}

Show security group

Shows details for a security group.

The response contains the description, name, UUID, and security group rules that are associated with the security group and project.

Normal response codes: 200

Error response codes: 404,401

Request

Name In Type Description
security_group_id body string The security group UUID to associate with this security group rule.
verbose (Optional) query boolean Show detailed information.
fields (Optional) query string The fields that you want the server to return. If no fields query parameter is specified, the networking API returns all attributes allowed by the policy settings. By using fields parameter, the API returns only the requested set of attributes. fields parameter can be specified multiple times. For example, if you specify fields=id&fields=name in the request URL, only id and name attributes will be returned.

Response Parameters

Name In Type Description
remote_group_id (Optional) body string The remote group UUID to associate with this security group rule. You can specify either the remote_group_id or remote_ip_prefix attribute in the request body.
direction body string Ingress or egress, which is the direction in which the metering rule is applied.
protocol (Optional) body string The IP protocol. Valid value is icmp, tcp, udp, or null. No default.
description body string The human-readable description for the resource.
ethertype (Optional) body string Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules.
port_range_max (Optional) body integer The maximum port number in the range that is matched by the security group rule. The port_range_min attribute constrains the port_range_max attribute. If the protocol is ICMP, this value must be an ICMP type.
security_group_rules body array A list of security_group_rule objects.
security_group_id body string The security group UUID to associate with this security group rule.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
port_range_min (Optional) body integer The minimum port number in the range that is matched by the security group rule. If the protocol is TCP or UDP, this value must be less than or equal to the port_range_max attribute value. If the protocol is ICMP, this value must be an ICMP type.
remote_ip_prefix body string The remote IP prefix to associate with this metering rule packet.
security_group body object A security_group object.
id body string The UUID of the network.
name body string Human-readable name of the resource.

Response Example

{
    "security_group": {
        "description": "default",
        "id": "85cc3048-abc3-43cc-89b3-377341426ac5",
        "name": "default",
        "security_group_rules": [
            {
                "direction": "egress",
                "ethertype": "IPv6",
                "id": "3c0e45ff-adaf-4124-b083-bf390e5482ff",
                "port_range_max": null,
                "port_range_min": null,
                "protocol": null,
                "remote_group_id": null,
                "remote_ip_prefix": null,
                "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
                "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
            },
            {
                "direction": "egress",
                "ethertype": "IPv4",
                "id": "93aa42e5-80db-4581-9391-3a608bd0e448",
                "port_range_max": null,
                "port_range_min": null,
                "protocol": null,
                "remote_group_id": null,
                "remote_ip_prefix": null,
                "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
                "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
            },
            {
                "direction": "ingress",
                "ethertype": "IPv6",
                "id": "c0b09f00-1d49-4e64-a0a7-8a186d928138",
                "port_range_max": null,
                "port_range_min": null,
                "protocol": null,
                "remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
                "remote_ip_prefix": null,
                "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
                "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
            },
            {
                "direction": "ingress",
                "ethertype": "IPv4",
                "id": "f7d45c89-008e-4bab-88ad-d6811724c51c",
                "port_range_max": null,
                "port_range_min": null,
                "protocol": null,
                "remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
                "remote_ip_prefix": null,
                "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
                "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
            }
        ],
        "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
        "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
    }
}
PUT
/v2.0/security-groups/{security_group_id}

Update security group

Updates a security group.

Normal response codes: 200

Error response codes: 413,405,404,403,401,400,503

Request

Name In Type Description
description body string The human-readable description for the resource.
name body string Human-readable name of the resource.
security_group_id body string The security group UUID to associate with this security group rule.

Request Example

{
    "security_group": {
        "name": "mysecgroup",
        "description": "my security group"
    }
}

Response Parameters

Name In Type Description
security_group body object A security_group object.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
description body string The human-readable description for the resource.
name body string Human-readable name of the resource.
id body string The UUID of the network.

Response Example

{
    "security_group": {
        "rules": [],
        "project_id": "a52cdb9cc7854a39a23d3af73a40899e",
        "tenant_id": "a52cdb9cc7854a39a23d3af73a40899e",
        "id": "01fbade5-b664-42f6-83ae-4e214f4263fa",
        "name": "mysecgroup",
        "description": "my security group"
    }
}
DELETE
/v2.0/security-groups/{security_group_id}

Delete security group

Deletes an OpenStack Networking security group.

This operation deletes an OpenStack Networking security group and its associated security group rules, provided that a port is not associated with the security group.

This operation does not require a request body. This operation does not return a response body.

Error response codes: 409,404,204,401

Request

Name In Type Description
security_group_id body string The security group UUID to associate with this security group rule.
GET
/v2.0/security-groups

List security groups

Lists OpenStack Networking security groups that the project has access to.

The list shows the UUID for and the rules that are associated with each security group.

Normal response codes: 200

Error response codes: 401

Request

Response Parameters

Name In Type Description
remote_group_id (Optional) body string The remote group UUID to associate with this security group rule. You can specify either the remote_group_id or remote_ip_prefix attribute in the request body.
direction body string Ingress or egress, which is the direction in which the metering rule is applied.
protocol (Optional) body string The IP protocol. Valid value is icmp, tcp, udp, or null. No default.
description body string The human-readable description for the resource.
ethertype (Optional) body string Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules.
port_range_max (Optional) body integer The maximum port number in the range that is matched by the security group rule. The port_range_min attribute constrains the port_range_max attribute. If the protocol is ICMP, this value must be an ICMP type.
security_group_rules body array A list of security_group_rule objects.
security_group_id body string The security group UUID to associate with this security group rule.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
port_range_min (Optional) body integer The minimum port number in the range that is matched by the security group rule. If the protocol is TCP or UDP, this value must be less than or equal to the port_range_max attribute value. If the protocol is ICMP, this value must be an ICMP type.
remote_ip_prefix body string The remote IP prefix to associate with this metering rule packet.
id body string The UUID of the network.
security_groups (Optional) body array One or more security group UUIDs.
name body string Human-readable name of the resource.

Response Example

{
    "security_groups": [
        {
            "description": "default",
            "id": "85cc3048-abc3-43cc-89b3-377341426ac5",
            "name": "default",
            "security_group_rules": [
                {
                    "direction": "egress",
                    "ethertype": "IPv6",
                    "id": "3c0e45ff-adaf-4124-b083-bf390e5482ff",
                    "port_range_max": null,
                    "port_range_min": null,
                    "protocol": null,
                    "remote_group_id": null,
                    "remote_ip_prefix": null,
                    "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
                    "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                    "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
                },
                {
                    "direction": "egress",
                    "ethertype": "IPv4",
                    "id": "93aa42e5-80db-4581-9391-3a608bd0e448",
                    "port_range_max": null,
                    "port_range_min": null,
                    "protocol": null,
                    "remote_group_id": null,
                    "remote_ip_prefix": null,
                    "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
                    "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                    "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
                },
                {
                    "direction": "ingress",
                    "ethertype": "IPv6",
                    "id": "c0b09f00-1d49-4e64-a0a7-8a186d928138",
                    "port_range_max": null,
                    "port_range_min": null,
                    "protocol": null,
                    "remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
                    "remote_ip_prefix": null,
                    "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
                    "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                    "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
                },
                {
                    "direction": "ingress",
                    "ethertype": "IPv4",
                    "id": "f7d45c89-008e-4bab-88ad-d6811724c51c",
                    "port_range_max": null,
                    "port_range_min": null,
                    "protocol": null,
                    "remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
                    "remote_ip_prefix": null,
                    "security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
                    "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
                    "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
                }
            ],
            "project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
            "tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
        }
    ]
}
POST
/v2.0/security-groups

Create security group

Creates an OpenStack Networking security group.

This operation creates a security group with default security group rules for the IPv4 and IPv6 ether types.

Error response codes: 201,401,400

Request

Name In Type Description
security_group body object A security_group object.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
description body string The human-readable description for the resource.
name body string Human-readable name of the resource.

Request Example

{
    "security_group": {
        "name": "new-webservers",
        "description": "security group for webservers"
    }
}

Response Parameters

Name In Type Description
remote_group_id (Optional) body string The remote group UUID to associate with this security group rule. You can specify either the remote_group_id or remote_ip_prefix attribute in the request body.
direction body string Ingress or egress, which is the direction in which the metering rule is applied.
protocol (Optional) body string The IP protocol. Valid value is icmp, tcp, udp, or null. No default.
description body string The human-readable description for the resource.
ethertype (Optional) body string Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules.
port_range_max (Optional) body integer The maximum port number in the range that is matched by the security group rule. The port_range_min attribute constrains the port_range_max attribute. If the protocol is ICMP, this value must be an ICMP type.
security_group_rules body array A list of security_group_rule objects.
security_group_id body string The security group UUID to associate with this security group rule.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
port_range_min (Optional) body integer The minimum port number in the range that is matched by the security group rule. If the protocol is TCP or UDP, this value must be less than or equal to the port_range_max attribute value. If the protocol is ICMP, this value must be an ICMP type.
remote_ip_prefix body string The remote IP prefix to associate with this metering rule packet.
security_group body object A security_group object.
id body string The UUID of the network.
name body string Human-readable name of the resource.

VPNaaS 2.0 (UNMAINTAINED) (vpn, vpnservices, ikepolicies, ipsecpolicies, endpoint-groups, ipsec-site-connections)

The Virtual-Private-Network-as-a-Service (VPNaaS) extension enables OpenStack projects to extend private networks across the public telecommunication infrastructure.

This initial implementation of the VPNaaS extension provides:

  • Site-to-site VPN that connects two private networks.
  • Multiple VPN connections per project.
  • IKEv1 policy support with 3des, aes-128, aes-256, or aes-192 encryption.
  • IPSec policy support with 3des, aes-128, aes-192, or aes-256 encryption, sha1 authentication, ESP, AH, or AH-ESP transform protocol, and tunnel or transport mode encapsulation.
  • Dead Peer Detection (DPD) with hold, clear, restart, disabled, or restart-by-peer actions.

This extension introduces these resources:

  • service. A parent object that associates VPN with a specific subnet and router.
  • ikepolicy. The Internet Key Exchange (IKE) policy that identifies the authentication and encryption algorithm to use during phase one and two negotiation of a VPN connection.
  • ipsecpolicy. The IP security policy that specifies the authentication and encryption algorithm and encapsulation mode to use for the established VPN connection.
  • ipsec-site-connection. Details for the site-to-site IPsec connection, including the peer CIDRs, MTU, authentication mode, peer address, DPD settings, and status.
POST
/v2.0/vpn/ikepolicies

Create IKE policy

Creates an IKE policy.

The IKE policy is used for phases one and two negotiation of the VPN connection. You can specify both the authentication and encryption algorithms for connections.

Error response codes: 201,401,400

Request

Name In Type Description
ikepolicy body object An ikepolicy object.
description body string The human-readable description for the resource.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
auth_algorithm (Optional) body string The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. The default is sha1.
name body string Human-readable name of the resource.
encryption_algorithm (Optional) body string The encryption algorithm. A valid value is 3des, aes-128, aes-192, aes-256, and so on. Default is aes-128.
pfs (Optional) body string Perfect forward secrecy (PFS). A valid value is Group2, Group5, Group14, and so on. Default is Group5.
value (Optional) body integer The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
phase1_negotiation_mode (Optional) body string The IKE mode. A valid value is main, which is the default.
units (Optional) body string The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
lifetime (Optional) body object The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
ike_version (Optional) body string The IKE version. A valid value is v1 or v2. Default is v1.

Request Example

{
    "ikepolicy": {
        "phase1_negotiation_mode": "main",
        "auth_algorithm": "sha1",
        "encryption_algorithm": "aes-128",
        "pfs": "group5",
        "lifetime": {
            "units": "seconds",
            "value": 7200
        },
        "ike_version": "v1",
        "name": "ikepolicy1"
    }
}

Response Parameters

Name In Type Description
ikepolicy body object An ikepolicy object.
ikepolicies body array A list of IKE policy objects.
description body string The human-readable description for the resource.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
auth_algorithm (Optional) body string The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. The default is sha1.
name body string Human-readable name of the resource.
encryption_algorithm (Optional) body string The encryption algorithm. A valid value is 3des, aes-128, aes-192, aes-256, and so on. Default is aes-128.
pfs (Optional) body string Perfect forward secrecy (PFS). A valid value is Group2, Group5, Group14, and so on. Default is Group5.
value (Optional) body integer The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
phase1_negotiation_mode (Optional) body string The IKE mode. A valid value is main, which is the default.
units (Optional) body string The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
lifetime (Optional) body object The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
id body string The UUID of the network.
ike_version (Optional) body string The IKE version. A valid value is v1 or v2. Default is v1.
GET
/v2.0/vpn/ikepolicies

List IKE policies

Lists IKE policies.

Normal response codes: 200

Error response codes: 403,401

Request

Response Parameters

Name In Type Description
ikepolicies body array A list of IKE policy objects.
description body string The human-readable description for the resource.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
auth_algorithm (Optional) body string The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. The default is sha1.
name body string Human-readable name of the resource.
encryption_algorithm (Optional) body string The encryption algorithm. A valid value is 3des, aes-128, aes-192, aes-256, and so on. Default is aes-128.
pfs (Optional) body string Perfect forward secrecy (PFS). A valid value is Group2, Group5, Group14, and so on. Default is Group5.
value (Optional) body integer The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
phase1_negotiation_mode (Optional) body string The IKE mode. A valid value is main, which is the default.
units (Optional) body string The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
lifetime (Optional) body object The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
id body string The UUID of the network.
ike_version (Optional) body string The IKE version. A valid value is v1 or v2. Default is v1.

Response Example

{
    "ikepolicies": [
        {
            "name": "ikepolicy1",
            "project_id": "ccb81365fe36411a9011e90491fe1330",
            "tenant_id": "ccb81365fe36411a9011e90491fe1330",
            "auth_algorithm": "sha1",
            "encryption_algorithm": "aes-256",
            "pfs": "group5",
            "phase1_negotiation_mode": "main",
            "lifetime": {
                "units": "seconds",
                "value": 3600
            },
            "ike_version": "v1",
            "id": "5522aff7-1b3c-48dd-9c3c-b50f016b73db",
            "description": ""
        }
    ]
}
POST
/v2.0/vpn/ipsec-site-connections

Create IPSec connection

Creates a site-to-site IPSec connection for a service.

Error response codes: 201,401,400

Request

Name In Type Description
auth_mode (Optional) body string The authentication mode. A valid value is psk, which is the default.
ikepolicy_id body string The UUID of the IKE policy.
vpnservice_id body string The UUID of the VPN service.
local_ep_group_id (Optional) body string The UUID for the endpoint group that contains private subnets for the local side of the connection. Yo must specify this parameter with the peer_ep_group_id parameter unless in backward- compatible mode where peer_cidrs is provided with a subnet_id for the VPN service.
peer_address body string The peer gateway public IPv4 or IPv6 address or FQDN.
ipsec_site_connection body object An ipsec_site_connection object.
route_mode (Optional) body string The route mode. A valid value is static, which is the default.
ipsecpolicy_id body string The UUID of the IPSec policy.
peer_id body string The peer router identity for authentication. A valid value is an IPv4 address, IPv6 address, e-mail address, key ID, or FQDN. Typically, this value matches the peer_address value.
status body string The network status.
psk body string The pre-shared key. A valid value is any string.
description body string The human-readable description for the resource.
initiator (Optional) body string Indicates whether this VPN can only respond to connections or both respond to and initiate connections. A valid value is response- only or bi-directional. Default is bi-directional.
peer_cidrs (Optional) body array (Deprecated) Unique list of valid peer private CIDRs in the form < net_address > / < prefix > .
name body string Human-readable name of the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
interval (Optional) body integer The dead peer detection (DPD) interval, in seconds. A valid value is a positive integer. Default is 30.
mtu body integer The MTU of a network resource.
peer_ep_group_id (Optional) body string The UUID for the endpoint group that contains private CIDRs in the form < net_address > / < prefix > for the peer side of the connection. You must specify this parameter with the local_ep_group_id parameter unless in backward-compatible mode where peer_cidrs is provided with a subnet_id for the VPN service.
dpd (Optional) body object A dictionary with dead peer detection (DPD) protocol controls.
timeout body integer The maximum time, in seconds, that a monitor waits to connect before it times out. This value must be less than the delay value.
action (Optional) body string The action that the API performs on traffic that matches the firewall rule. Valid value is allow or deny. Default is deny.
local_id (Optional) body string An ID to be used instead of the external IP address for a virtual router used in traffic between instances on different networks in east-west traffic. Most often, local ID would be domain name, email address, etc. If this is not configured then the external IP address will be used as the ID.

Request Example

{
    "ipsec_site_connection": {
        "psk": "secret",
        "initiator": "bi-directional",
        "ipsecpolicy_id": "e6e23d0c-9519-4d52-8ea4-5b1f96d857b1",
        "admin_state_up": true,
        "mtu": "1500",
        "peer_ep_group_id": "9ad5a7e0-6dac-41b4-b20d-a7b8645fddf1",
        "ikepolicy_id": "9b00d6b0-6c93-4ca5-9747-b8ade7bb514f",
        "vpnservice_id": "5c561d9d-eaea-45f6-ae3e-08d1a7080828",
        "local_ep_group_id": "3e1815dd-e212-43d0-8f13-b494fa553e68",
        "peer_address": "172.24.4.233",
        "peer_id": "172.24.4.233",
        "name": "vpnconnection1"
    }
}

Response Parameters

Name In Type Description
auth_mode (Optional) body string The authentication mode. A valid value is psk, which is the default.
ikepolicy_id body string The UUID of the IKE policy.
vpnservice_id body string The UUID of the VPN service.
local_ep_group_id (Optional) body string The UUID for the endpoint group that contains private subnets for the local side of the connection. Yo must specify this parameter with the peer_ep_group_id parameter unless in backward- compatible mode where peer_cidrs is provided with a subnet_id for the VPN service.
peer_address body string The peer gateway public IPv4 or IPv6 address or FQDN.
id body string The UUID of the network.
ipsec_site_connection body object An ipsec_site_connection object.
route_mode (Optional) body string The route mode. A valid value is static, which is the default.
ipsecpolicy_id body string The UUID of the IPSec policy.
peer_id body string The peer router identity for authentication. A valid value is an IPv4 address, IPv6 address, e-mail address, key ID, or FQDN. Typically, this value matches the peer_address value.
status body string The network status.
psk body string The pre-shared key. A valid value is any string.
description body string The human-readable description for the resource.
initiator (Optional) body string Indicates whether this VPN can only respond to connections or both respond to and initiate connections. A valid value is response- only or bi-directional. Default is bi-directional.
peer_cidrs (Optional) body array (Deprecated) Unique list of valid peer private CIDRs in the form < net_address > / < prefix > .
name body string Human-readable name of the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
interval (Optional) body integer The dead peer detection (DPD) interval, in seconds. A valid value is a positive integer. Default is 30.
mtu body integer The MTU of a network resource.
peer_ep_group_id (Optional) body string The UUID for the endpoint group that contains private CIDRs in the form < net_address > / < prefix > for the peer side of the connection. You must specify this parameter with the local_ep_group_id parameter unless in backward-compatible mode where peer_cidrs is provided with a subnet_id for the VPN service.
dpd (Optional) body object A dictionary with dead peer detection (DPD) protocol controls.
timeout body integer The maximum time, in seconds, that a monitor waits to connect before it times out. This value must be less than the delay value.
action (Optional) body string The action that the API performs on traffic that matches the firewall rule. Valid value is allow or deny. Default is deny.
local_id (Optional) body string An ID to be used instead of the external IP address for a virtual router used in traffic between instances on different networks in east-west traffic. Most often, local ID would be domain name, email address, etc. If this is not configured then the external IP address will be used as the ID.
GET
/v2.0/vpn/ipsec-site-connections

List IPSec connections

Lists all IPSec connections.

Normal response codes: 200

Error response codes: 403,401

Request

Response Parameters

Name In Type Description
auth_mode (Optional) body string The authentication mode. A valid value is psk, which is the default.
ikepolicy_id body string The UUID of the IKE policy.
vpnservice_id body string The UUID of the VPN service.
local_ep_group_id (Optional) body string The UUID for the endpoint group that contains private subnets for the local side of the connection. Yo must specify this parameter with the peer_ep_group_id parameter unless in backward- compatible mode where peer_cidrs is provided with a subnet_id for the VPN service.
peer_address body string The peer gateway public IPv4 or IPv6 address or FQDN.
id body string The UUID of the network.
route_mode (Optional) body string The route mode. A valid value is static, which is the default.
ipsecpolicy_id body string The UUID of the IPSec policy.
peer_id body string The peer router identity for authentication. A valid value is an IPv4 address, IPv6 address, e-mail address, key ID, or FQDN. Typically, this value matches the peer_address value.
status body string The network status.
psk body string The pre-shared key. A valid value is any string.
description body string The human-readable description for the resource.
initiator (Optional) body string Indicates whether this VPN can only respond to connections or both respond to and initiate connections. A valid value is response- only or bi-directional. Default is bi-directional.
peer_cidrs (Optional) body array (Deprecated) Unique list of valid peer private CIDRs in the form < net_address > / < prefix > .
name body string Human-readable name of the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
interval (Optional) body integer The dead peer detection (DPD) interval, in seconds. A valid value is a positive integer. Default is 30.
mtu body integer The MTU of a network resource.
peer_ep_group_id (Optional) body string The UUID for the endpoint group that contains private CIDRs in the form < net_address > / < prefix > for the peer side of the connection. You must specify this parameter with the local_ep_group_id parameter unless in backward-compatible mode where peer_cidrs is provided with a subnet_id for the VPN service.
dpd (Optional) body object A dictionary with dead peer detection (DPD) protocol controls.
timeout body integer The maximum time, in seconds, that a monitor waits to connect before it times out. This value must be less than the delay value.
action (Optional) body string The action that the API performs on traffic that matches the firewall rule. Valid value is allow or deny. Default is deny.
local_id (Optional) body string An ID to be used instead of the external IP address for a virtual router used in traffic between instances on different networks in east-west traffic. Most often, local ID would be domain name, email address, etc. If this is not configured then the external IP address will be used as the ID.

Response Example

{
    "ipsec_site_connections": [
        {
            "status": "PENDING CREATE",
            "psk": "secret",
            "initiator": "bi-directional",
            "name": "vpnconnection1",
            "admin_state_up": true,
            "project_id": "10039663455a446d8ba2cbb058b0f578",
            "tenant_id": "10039663455a446d8ba2cbb058b0f578",
            "auth_mode": "psk",
            "peer_cidrs": [],
            "mtu": 1500,
            "peer_ep_group_id": "9ad5a7e0-6dac-41b4-b20d-a7b8645fddf1",
            "ikepolicy_id": "9b00d6b0-6c93-4ca5-9747-b8ade7bb514f",
            "vpnservice_id": "5c561d9d-eaea-45f6-ae3e-08d1a7080828",
            "dpd": {
                "action": "hold",
                "interval": 30,
                "timeout": 120
            },
            "route_mode": "static",
            "ipsecpolicy_id": "e6e23d0c-9519-4d52-8ea4-5b1f96d857b1",
            "local_ep_group_id": "3e1815dd-e212-43d0-8f13-b494fa553e68",
            "peer_address": "172.24.4.226",
            "peer_id": "172.24.4.226",
            "id": "851f280f-5639-4ea3-81aa-e298525ab74b",
            "description": ""
        }
    ]
}
GET
/v2.0/vpn/ipsec-site-connections/{connection_id}

Show IPSec connection

Shows details for an IPSec connection.

Normal response codes: 200

Error response codes: 404,403,401

Request

Name In Type Description
connection_id (Optional) path string The UUID of the IPSec site-to-site connection.

Response Parameters

Name In Type Description
auth_mode (Optional) body string The authentication mode. A valid value is psk, which is the default.
ikepolicy_id body string The UUID of the IKE policy.
vpnservice_id body string The UUID of the VPN service.
local_ep_group_id (Optional) body string The UUID for the endpoint group that contains private subnets for the local side of the connection. Yo must specify this parameter with the peer_ep_group_id parameter unless in backward- compatible mode where peer_cidrs is provided with a subnet_id for the VPN service.
peer_address body string The peer gateway public IPv4 or IPv6 address or FQDN.
id body string The UUID of the network.
ipsec_site_connection body object An ipsec_site_connection object.
route_mode (Optional) body string The route mode. A valid value is static, which is the default.
ipsecpolicy_id body string The UUID of the IPSec policy.
peer_id body string The peer router identity for authentication. A valid value is an IPv4 address, IPv6 address, e-mail address, key ID, or FQDN. Typically, this value matches the peer_address value.
status body string The network status.
psk body string The pre-shared key. A valid value is any string.
description body string The human-readable description for the resource.
initiator (Optional) body string Indicates whether this VPN can only respond to connections or both respond to and initiate connections. A valid value is response- only or bi-directional. Default is bi-directional.
peer_cidrs (Optional) body array (Deprecated) Unique list of valid peer private CIDRs in the form < net_address > / < prefix > .
name body string Human-readable name of the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
interval (Optional) body integer The dead peer detection (DPD) interval, in seconds. A valid value is a positive integer. Default is 30.
mtu body integer The MTU of a network resource.
peer_ep_group_id (Optional) body string The UUID for the endpoint group that contains private CIDRs in the form < net_address > / < prefix > for the peer side of the connection. You must specify this parameter with the local_ep_group_id parameter unless in backward-compatible mode where peer_cidrs is provided with a subnet_id for the VPN service.
dpd (Optional) body object A dictionary with dead peer detection (DPD) protocol controls.
timeout body integer The maximum time, in seconds, that a monitor waits to connect before it times out. This value must be less than the delay value.
action (Optional) body string The action that the API performs on traffic that matches the firewall rule. Valid value is allow or deny. Default is deny.
local_id (Optional) body string An ID to be used instead of the external IP address for a virtual router used in traffic between instances on different networks in east-west traffic. Most often, local ID would be domain name, email address, etc. If this is not configured then the external IP address will be used as the ID.

Response Example

{
    "ipsec_site_connection": {
        "status": "DOWN",
        "psk": "secret",
        "initiator": "bi-directional",
        "name": "vpnconnection1",
        "admin_state_up": true,
        "project_id": "10039663455a446d8ba2cbb058b0f578",
        "tenant_id": "10039663455a446d8ba2cbb058b0f578",
        "auth_mode": "psk",
        "peer_cidrs": [],
        "mtu": 1500,
        "peer_ep_group_id": "9ad5a7e0-6dac-41b4-b20d-a7b8645fddf1",
        "ikepolicy_id": "9b00d6b0-6c93-4ca5-9747-b8ade7bb514f",
        "vpnservice_id": "5c561d9d-eaea-45f6-ae3e-08d1a7080828",
        "dpd": {
            "action": "hold",
            "interval": 30,
            "timeout": 120
        },
        "route_mode": "static",
        "ipsecpolicy_id": "e6e23d0c-9519-4d52-8ea4-5b1f96d857b1",
        "local_ep_group_id": "3e1815dd-e212-43d0-8f13-b494fa553e68",
        "peer_address": "172.24.4.226",
        "peer_id": "172.24.4.226",
        "id": "851f280f-5639-4ea3-81aa-e298525ab74b",
        "description": ""
    }
}
PUT
/v2.0/vpn/ipsec-site-connections/{connection_id}

Update IPSec connection

Updates connection settings for an IPSec connection.

Normal response codes: 200

Error response codes: 404,401,400

Request

Name In Type Description
psk body string The pre-shared key. A valid value is any string.
initiator (Optional) body string Indicates whether this VPN can only respond to connections or both respond to and initiate connections. A valid value is response- only or bi-directional. Default is bi-directional.
description body string The human-readable description for the resource.
ipsec_site_connection body object An ipsec_site_connection object.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
interval (Optional) body integer The dead peer detection (DPD) interval, in seconds. A valid value is a positive integer. Default is 30.
peer_cidrs (Optional) body array (Deprecated) Unique list of valid peer private CIDRs in the form < net_address > / < prefix > .
mtu body integer The MTU of a network resource.
peer_ep_group_id (Optional) body string The UUID for the endpoint group that contains private CIDRs in the form < net_address > / < prefix > for the peer side of the connection. You must specify this parameter with the local_ep_group_id parameter unless in backward-compatible mode where peer_cidrs is provided with a subnet_id for the VPN service.
local_ep_group_id (Optional) body string The UUID for the endpoint group that contains private subnets for the local side of the connection. Yo must specify this parameter with the peer_ep_group_id parameter unless in backward- compatible mode where peer_cidrs is provided with a subnet_id for the VPN service.
dpd (Optional) body object A dictionary with dead peer detection (DPD) protocol controls.
timeout body integer The maximum time, in seconds, that a monitor waits to connect before it times out. This value must be less than the delay value.
action (Optional) body string The action that the API performs on traffic that matches the firewall rule. Valid value is allow or deny. Default is deny.
peer_address body string The peer gateway public IPv4 or IPv6 address or FQDN.
peer_id body string The peer router identity for authentication. A valid value is an IPv4 address, IPv6 address, e-mail address, key ID, or FQDN. Typically, this value matches the peer_address value.
name body string Human-readable name of the resource.
connection_id (Optional) path string The UUID of the IPSec site-to-site connection.
local_id (Optional) body string An ID to be used instead of the external IP address for a virtual router used in traffic between instances on different networks in east-west traffic. Most often, local ID would be domain name, email address, etc. If this is not configured then the external IP address will be used as the ID.

Request Example

{
    "ipsec_site_connection": {
        "mtu": "2000"
    }
}

Response Parameters

Name In Type Description
auth_mode (Optional) body string The authentication mode. A valid value is psk, which is the default.
ikepolicy_id body string The UUID of the IKE policy.
vpnservice_id body string The UUID of the VPN service.
local_ep_group_id (Optional) body string The UUID for the endpoint group that contains private subnets for the local side of the connection. Yo must specify this parameter with the peer_ep_group_id parameter unless in backward- compatible mode where peer_cidrs is provided with a subnet_id for the VPN service.
peer_address body string The peer gateway public IPv4 or IPv6 address or FQDN.
id body string The UUID of the network.
ipsec_site_connection body object An ipsec_site_connection object.
route_mode (Optional) body string The route mode. A valid value is static, which is the default.
ipsecpolicy_id body string The UUID of the IPSec policy.
peer_id body string The peer router identity for authentication. A valid value is an IPv4 address, IPv6 address, e-mail address, key ID, or FQDN. Typically, this value matches the peer_address value.
status body string The network status.
psk body string The pre-shared key. A valid value is any string.
description body string The human-readable description for the resource.
initiator (Optional) body string Indicates whether this VPN can only respond to connections or both respond to and initiate connections. A valid value is response- only or bi-directional. Default is bi-directional.
peer_cidrs (Optional) body array (Deprecated) Unique list of valid peer private CIDRs in the form < net_address > / < prefix > .
name body string Human-readable name of the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
tenant_id path string The ID of the project.
project_id path string The ID of the project.
interval (Optional) body integer The dead peer detection (DPD) interval, in seconds. A valid value is a positive integer. Default is 30.
mtu body integer The MTU of a network resource.
peer_ep_group_id (Optional) body string The UUID for the endpoint group that contains private CIDRs in the form < net_address > / < prefix > for the peer side of the connection. You must specify this parameter with the local_ep_group_id parameter unless in backward-compatible mode where peer_cidrs is provided with a subnet_id for the VPN service.
dpd (Optional) body object A dictionary with dead peer detection (DPD) protocol controls.
timeout body integer The maximum time, in seconds, that a monitor waits to connect before it times out. This value must be less than the delay value.
action (Optional) body string The action that the API performs on traffic that matches the firewall rule. Valid value is allow or deny. Default is deny.
local_id (Optional) body string An ID to be used instead of the external IP address for a virtual router used in traffic between instances on different networks in east-west traffic. Most often, local ID would be domain name, email address, etc. If this is not configured then the external IP address will be used as the ID.

Response Example

{
    "ipsec_site_connection": {
        "status": "DOWN",
        "psk": "secret",
        "initiator": "bi-directional",
        "name": "vpnconnection1",
        "admin_state_up": true,
        "project_id": "10039663455a446d8ba2cbb058b0f578",
        "tenant_id": "10039663455a446d8ba2cbb058b0f578",
        "auth_mode": "psk",
        "peer_cidrs": [],
        "mtu": 2000,
        "peer_ep_group_id": "9ad5a7e0-6dac-41b4-b20d-a7b8645fddf1",
        "ikepolicy_id": "9b00d6b0-6c93-4ca5-9747-b8ade7bb514f",
        "vpnservice_id": "5c561d9d-eaea-45f6-ae3e-08d1a7080828",
        "dpd": {
            "action": "hold",
            "interval": 30,
            "timeout": 120
        },
        "route_mode": "static",
        "ipsecpolicy_id": "e6e23d0c-9519-4d52-8ea4-5b1f96d857b1",
        "local_ep_group_id": "3e1815dd-e212-43d0-8f13-b494fa553e68",
        "peer_address": "172.24.4.233",
        "peer_id": "172.24.4.233",
        "id": "851f280f-5639-4ea3-81aa-e298525ab74b",
        "description": "New description"
    }
}
DELETE
/v2.0/vpn/ipsec-site-connections/{connection_id}

Remove IPSec connection

Removes an IPSec connection.

Error response codes: 409,404,204,401

Request

Name In Type Description
connection_id (Optional) path string The UUID of the IPSec site-to-site connection.
POST
/v2.0/vpn/endpoint-groups

Create VPN endpoint group

Creates a VPN endpoint group.

The endpoint group contains one or more endpoints of a specific type that you can use to create a VPN connections.

Error response codes: 201,401,400

Request

Name In Type Description
tenant_id path string The ID of the project.
project_id path string The ID of the project.
endpoints body array List of endpoints of the same type, for the endpoint group. The values will depend on type.
type body string The type of probe sent by the load balancer to verify the member state. A valid value is PING, TCP, HTTP, or HTTPS.
description body string The human-readable description for the resource.
name body string Human-readable name of the resource.

Request Example

{
    "endpoint_group": {
        "endpoints": [
            "10.2.0.0/24",
            "10.3.0.0/24"
        ],
        "type": "cidr",
        "name": "peers"
    }
}

Response Parameters

Name In Type Description
description body string The human-readable description for the resource.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
endpoints body array List of endpoints of the same type, for the endpoint group. The values will depend on type.
type body string The type of probe sent by the load balancer to verify the member state. A valid value is PING, TCP, HTTP, or HTTPS.
id body string The UUID of the network.
name body string Human-readable name of the resource.
GET
/v2.0/vpn/endpoint-groups

List VPN endpoint groups

Lists VPN endpoint groups.

Normal response codes: 200

Error response codes: 403,401

Request

Response Parameters

Name In Type Description
description body string The human-readable description for the resource.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
endpoints body array List of endpoints of the same type, for the endpoint group. The values will depend on type.
type body string The type of probe sent by the load balancer to verify the member state. A valid value is PING, TCP, HTTP, or HTTPS.
id body string The UUID of the network.
name body string Human-readable name of the resource.

Response Example

{
    "endpoint_groups": [
        {
            "description": "",
            "project_id": "4ad57e7ce0b24fca8f12b9834d91079d",
            "tenant_id": "4ad57e7ce0b24fca8f12b9834d91079d",
            "endpoints": [
                "a3da778c-adfb-46db-88b3-d2ce53290a89"
            ],
            "type": "subnet",
            "id": "6bf34c7c-864c-4948-a6d4-db791669f9d4",
            "name": "locals"
        },
        {
            "description": "",
            "project_id": "4ad57e7ce0b24fca8f12b9834d91079d",
            "tenant_id": "4ad57e7ce0b24fca8f12b9834d91079d",
            "endpoints": [
                "10.2.0.0/24",
                "10.3.0.0/24"
            ],
            "type": "cidr",
            "id": "6ecd9cf3-ca64-46c7-863f-f2eb1b9e838a",
            "name": "peers"
        }
    ]
}
GET
/v2.0/vpn/vpnservices

List VPN services

Lists all VPN services.

The list might be empty.

Normal response codes: 200

Error response codes: 403,401

Request

Response Parameters

Name In Type Description
router_id path string The ID of the router.
status body string The network status.
name body string Human-readable name of the resource.
external_v6_ip body string Read-only external (public) IPv6 address that is used for the VPN service. The VPN plugin sets this address if an IPv6 interface is available.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
subnet_id (Optional) body string If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
external_v4_ip body string Read-only external (public) IPv4 address that is used for the VPN service. The VPN plugin sets this address if an IPv4 interface is available.
vpnservices body array A list of VPN service objects.
id body string The UUID of the network.
description body string The human-readable description for the resource.

Response Example

{
    "vpnservices": [
        {
            "router_id": "66e3b16c-8ce5-40fb-bb49-ab6d8dc3f2aa",
            "status": "PENDING_CREATE",
            "name": "myservice",
            "external_v6_ip": "2001:db8::1",
            "admin_state_up": true,
            "subnet_id": null,
            "project_id": "10039663455a446d8ba2cbb058b0f578",
            "tenant_id": "10039663455a446d8ba2cbb058b0f578",
            "external_v4_ip": "172.32.1.11",
            "id": "5c561d9d-eaea-45f6-ae3e-08d1a7080828",
            "description": ""
        }
    ]
}
POST
/v2.0/vpn/vpnservices

Create VPN service

Creates a VPN service.

The service is associated with a router. After you create the service, it can contain multiple VPN connections.

Error response codes: 201,401,400

Request

Name In Type Description
router_id path string The ID of the router.
description body string The human-readable description for the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
subnet_id (Optional) body string If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
vpnservice body object A vpnservice object.
name body string Human-readable name of the resource.

Request Example

{
    "vpnservice": {
        "subnet_id": null,
        "router_id": "66e3b16c-8ce5-40fb-bb49-ab6d8dc3f2aa",
        "name": "myservice",
        "admin_state_up": true
    }
}

Response Parameters

Name In Type Description
router_id path string The ID of the router.
status body string The network status.
name body string Human-readable name of the resource.
external_v6_ip body string Read-only external (public) IPv6 address that is used for the VPN service. The VPN plugin sets this address if an IPv6 interface is available.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
subnet_id (Optional) body string If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
external_v4_ip body string Read-only external (public) IPv4 address that is used for the VPN service. The VPN plugin sets this address if an IPv4 interface is available.
vpnservice body object A vpnservice object.
id body string The UUID of the network.
description body string The human-readable description for the resource.
GET
/v2.0/vpn/vpnservices/{service_id}

Show VPN service details

Shows details for a VPN service.

If the user does not have administrative role and the VPN service object does not belong to the user’s project, the operation returns the Forbidden (403) response code.

Normal response codes: 200

Error response codes: 404,403,401

Request

Name In Type Description
service_id (Optional) path string The UUID of the VPN service.

Response Parameters

Name In Type Description
router_id path string The ID of the router.
status body string The network status.
name body string Human-readable name of the resource.
external_v6_ip body string Read-only external (public) IPv6 address that is used for the VPN service. The VPN plugin sets this address if an IPv6 interface is available.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
subnet_id (Optional) body string If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
external_v4_ip body string Read-only external (public) IPv4 address that is used for the VPN service. The VPN plugin sets this address if an IPv4 interface is available.
vpnservice body object A vpnservice object.
id body string The UUID of the network.
description body string The human-readable description for the resource.

Response Example

{
    "vpnservice": {
        "router_id": "66e3b16c-8ce5-40fb-bb49-ab6d8dc3f2aa",
        "status": "PENDING_CREATE",
        "name": "myservice",
        "external_v6_ip": "2001:db8::1",
        "admin_state_up": true,
        "subnet_id": null,
        "project_id": "10039663455a446d8ba2cbb058b0f578",
        "tenant_id": "10039663455a446d8ba2cbb058b0f578",
        "external_v4_ip": "172.32.1.11",
        "id": "5c561d9d-eaea-45f6-ae3e-08d1a7080828",
        "description": ""
    }
}
PUT
/v2.0/vpn/vpnservices/{service_id}

Update VPN service

Updates a VPN service.

Updates the attributes of a VPN service. You cannot update a service with a PENDING_* status.

Normal response codes: 200

Error response codes: 404,401,400

Request

Name In Type Description
vpnservice body object A vpnservice object.
description body string The human-readable description for the resource.
name body string Human-readable name of the resource.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
service_id (Optional) path string The UUID of the VPN service.

Request Example

{
    "vpnservice": {
        "description": "Updated description"
    }
}

Response Parameters

Name In Type Description
router_id path string The ID of the router.
status body string The network status.
name body string Human-readable name of the resource.
external_v6_ip body string Read-only external (public) IPv6 address that is used for the VPN service. The VPN plugin sets this address if an IPv6 interface is available.
admin_state_up body boolean The administrative state of the resource, which is up (true) or down (false).
subnet_id (Optional) body string If you specify only a subnet UUID, OpenStack Networking allocates an available IP from that subnet to the port. If you specify both a subnet UUID and an IP address, OpenStack Networking tries to allocate the address to the port.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
external_v4_ip body string Read-only external (public) IPv4 address that is used for the VPN service. The VPN plugin sets this address if an IPv4 interface is available.
vpnservice body object A vpnservice object.
id body string The UUID of the network.
description body string The human-readable description for the resource.

Response Example

{
    "vpnservice": {
        "router_id": "881b7b30-4efb-407e-a162-5630a7af3595",
        "status": "ACTIVE",
        "name": "myvpn",
        "admin_state_up": true,
        "subnet_id": null,
        "project_id": "26de9cd6cae94c8cb9f79d660d628e1f",
        "tenant_id": "26de9cd6cae94c8cb9f79d660d628e1f",
        "id": "41bfef97-af4e-4f6b-a5d3-4678859d2485",
        "description": "Updated description"
    }
}
DELETE
/v2.0/vpn/vpnservices/{service_id}

Remove VPN service

Removes a VPN service.

If the service has connections, the request is rejected.

Error response codes: 409,404,204,401

Request

Name In Type Description
service_id (Optional) path string The UUID of the VPN service.
GET
/v2.0/vpn/ikepolicies/{ikepolicy_id}

Show IKE policy details

Shows details for an IKE policy.

Normal response codes: 200

Error response codes: 404,403,401

Request

Name In Type Description
ikepolicy_id body string The UUID of the IKE policy.

Response Parameters

Name In Type Description
ikepolicy body object An ikepolicy object.
ikepolicies body array A list of IKE policy objects.
description body string The human-readable description for the resource.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
auth_algorithm (Optional) body string The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. The default is sha1.
name body string Human-readable name of the resource.
encryption_algorithm (Optional) body string The encryption algorithm. A valid value is 3des, aes-128, aes-192, aes-256, and so on. Default is aes-128.
pfs (Optional) body string Perfect forward secrecy (PFS). A valid value is Group2, Group5, Group14, and so on. Default is Group5.
value (Optional) body integer The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
phase1_negotiation_mode (Optional) body string The IKE mode. A valid value is main, which is the default.
units (Optional) body string The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
lifetime (Optional) body object The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
id body string The UUID of the network.
ike_version (Optional) body string The IKE version. A valid value is v1 or v2. Default is v1.

Response Example

{
    "ikepolicy": {
        "name": "ikepolicy1",
        "project_id": "ccb81365fe36411a9011e90491fe1330",
        "tenant_id": "ccb81365fe36411a9011e90491fe1330",
        "auth_algorithm": "sha1",
        "encryption_algorithm": "aes-256",
        "pfs": "group5",
        "phase1_negotiation_mode": "main",
        "lifetime": {
            "units": "seconds",
            "value": 3600
        },
        "ike_version": "v1",
        "id": "5522aff7-1b3c-48dd-9c3c-b50f016b73db",
        "description": ""
    }
}
PUT
/v2.0/vpn/ikepolicies/{ikepolicy_id}

Update IKE policy

Updates policy settings in an IKE policy.

Normal response codes: 200

Error response codes: 404,401,400

Request

Name In Type Description
ikepolicy body object An ikepolicy object.
description body string The human-readable description for the resource.
auth_algorithm (Optional) body string The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. The default is sha1.
name body string Human-readable name of the resource.
encryption_algorithm (Optional) body string The encryption algorithm. A valid value is 3des, aes-128, aes-192, aes-256, and so on. Default is aes-128.
pfs (Optional) body string Perfect forward secrecy (PFS). A valid value is Group2, Group5, Group14, and so on. Default is Group5.
value (Optional) body integer The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
phase1_negotiation_mode (Optional) body string The IKE mode. A valid value is main, which is the default.
units (Optional) body string The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
lifetime (Optional) body object The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
ike_version (Optional) body string The IKE version. A valid value is v1 or v2. Default is v1.
ikepolicy_id body string The UUID of the IKE policy.

Request Example

{
    "ikepolicy": {
        "encryption_algorithm": "aes-256"
    }
}

Response Parameters

Name In Type Description
ikepolicy body object An ikepolicy object.
ikepolicies body array A list of IKE policy objects.
description body string The human-readable description for the resource.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
auth_algorithm (Optional) body string The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. The default is sha1.
name body string Human-readable name of the resource.
encryption_algorithm (Optional) body string The encryption algorithm. A valid value is 3des, aes-128, aes-192, aes-256, and so on. Default is aes-128.
pfs (Optional) body string Perfect forward secrecy (PFS). A valid value is Group2, Group5, Group14, and so on. Default is Group5.
value (Optional) body integer The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
phase1_negotiation_mode (Optional) body string The IKE mode. A valid value is main, which is the default.
units (Optional) body string The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
lifetime (Optional) body object The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
id body string The UUID of the network.
ike_version (Optional) body string The IKE version. A valid value is v1 or v2. Default is v1.

Response Example

{
    "ikepolicy": {
        "name": "ikepolicy1",
        "project_id": "ccb81365fe36411a9011e90491fe1330",
        "tenant_id": "ccb81365fe36411a9011e90491fe1330",
        "auth_algorithm": "sha1",
        "encryption_algorithm": "aes-256",
        "pfs": "group5",
        "phase1_negotiation_mode": "main",
        "lifetime": {
            "units": "seconds",
            "value": 3600
        },
        "ike_version": "v1",
        "id": "5522aff7-1b3c-48dd-9c3c-b50f016b73db",
        "description": ""
    }
}
DELETE
/v2.0/vpn/ikepolicies/{ikepolicy_id}

Remove IKE policy

Removes an IKE policy.

Error response codes: 409,404,204,401

Request

Name In Type Description
ikepolicy_id body string The UUID of the IKE policy.
GET
/v2.0/vpn/ipsecpolicies/{ipsecpolicy_id}

Show IPSec policy

Shows details for an IPSec policy.

Normal response codes: 200

Error response codes: 404,403,401

Request

Name In Type Description
ipsecpolicy_id body string The UUID of the IPSec policy.

Response Parameters

Name In Type Description
ipsecpolicies body array A list of IPSec policy objects.
description body string The human-readable description for the resource.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
ipsecpolicy body object An ipsecpolicy object.
auth_algorithm (Optional) body string The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. The default is sha1.
encapsulation_mode (Optional) body string The encapsulation mode. A valid value is tunnel or transport. Default is tunnel.
encryption_algorithm (Optional) body string The encryption algorithm. A valid value is 3des, aes-128, aes-192, aes-256, and so on. Default is aes-128.
pfs (Optional) body string Perfect forward secrecy (PFS). A valid value is Group2, Group5, Group14, and so on. Default is Group5.
value (Optional) body integer The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
transform_protocol (Optional) body string The transform protocol. A valid value is ESP, AH, or AH- ESP. Default is ESP.
units (Optional) body string The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
lifetime (Optional) body object The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
id body string The UUID of the network.
name body string Human-readable name of the resource.

Response Example

{
    "ipsecpolicy": {
        "name": "ipsecpolicy1",
        "transform_protocol": "esp",
        "auth_algorithm": "sha1",
        "encapsulation_mode": "tunnel",
        "encryption_algorithm": "aes-128",
        "pfs": "group14",
        "project_id": "ccb81365fe36411a9011e90491fe1330",
        "tenant_id": "ccb81365fe36411a9011e90491fe1330",
        "lifetime": {
            "units": "seconds",
            "value": 3600
        },
        "id": "5291b189-fd84-46e5-84bd-78f40c05d69c",
        "description": ""
    }
}
PUT
/v2.0/vpn/ipsecpolicies/{ipsecpolicy_id}

Update IPSec policy

Updates policy settings in an IPSec policy.

Normal response codes: 200

Error response codes: 404,401,400

Request

Name In Type Description
description body string The human-readable description for the resource.
transform_protocol (Optional) body string The transform protocol. A valid value is ESP, AH, or AH- ESP. Default is ESP.
ipsecpolicy body object An ipsecpolicy object.
auth_algorithm (Optional) body string The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. The default is sha1.
encapsulation_mode (Optional) body string The encapsulation mode. A valid value is tunnel or transport. Default is tunnel.
encryption_algorithm (Optional) body string The encryption algorithm. A valid value is 3des, aes-128, aes-192, aes-256, and so on. Default is aes-128.
pfs (Optional) body string Perfect forward secrecy (PFS). A valid value is Group2, Group5, Group14, and so on. Default is Group5.
value (Optional) body integer The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
units (Optional) body string The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
lifetime (Optional) body object The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
name body string Human-readable name of the resource.
ipsecpolicy_id body string The UUID of the IPSec policy.

Request Example

{
    "ipsecpolicy": {
        "pfs": "group14"
    }
}

Response Parameters

Name In Type Description
ipsecpolicies body array A list of IPSec policy objects.
description body string The human-readable description for the resource.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
ipsecpolicy body object An ipsecpolicy object.
auth_algorithm (Optional) body string The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. The default is sha1.
encapsulation_mode (Optional) body string The encapsulation mode. A valid value is tunnel or transport. Default is tunnel.
encryption_algorithm (Optional) body string The encryption algorithm. A valid value is 3des, aes-128, aes-192, aes-256, and so on. Default is aes-128.
pfs (Optional) body string Perfect forward secrecy (PFS). A valid value is Group2, Group5, Group14, and so on. Default is Group5.
value (Optional) body integer The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
transform_protocol (Optional) body string The transform protocol. A valid value is ESP, AH, or AH- ESP. Default is ESP.
units (Optional) body string The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
lifetime (Optional) body object The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
id body string The UUID of the network.
name body string Human-readable name of the resource.

Response Example

{
    "ipsecpolicy": {
        "name": "ipsecpolicy1",
        "transform_protocol": "esp",
        "auth_algorithm": "sha1",
        "encapsulation_mode": "tunnel",
        "encryption_algorithm": "aes-128",
        "pfs": "group14",
        "project_id": "ccb81365fe36411a9011e90491fe1330",
        "tenant_id": "ccb81365fe36411a9011e90491fe1330",
        "lifetime": {
            "units": "seconds",
            "value": 3600
        },
        "id": "5291b189-fd84-46e5-84bd-78f40c05d69c",
        "description": ""
    }
}
DELETE
/v2.0/vpn/ipsecpolicies/{ipsecpolicy_id}

Remove IPSec policy

Removes an IPSec policy.

Error response codes: 409,404,204,401

Request

Name In Type Description
ipsecpolicy_id body string The UUID of the IPSec policy.
GET
/v2.0/vpn/endpoint-groups/{endpoint_group_id}

Show VPN endpoint group

Shows details for a VPN endpoint group.

Normal response codes: 200

Error response codes: 404,403,401

Request

Name In Type Description
endpoint_group_id (Optional) path string The UUID of the VPN endpoint group.

Response Parameters

Name In Type Description
description body string The human-readable description for the resource.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
endpoints body array List of endpoints of the same type, for the endpoint group. The values will depend on type.
type body string The type of probe sent by the load balancer to verify the member state. A valid value is PING, TCP, HTTP, or HTTPS.
id body string The UUID of the network.
name body string Human-readable name of the resource.

Response Example

{
    "endpoint_group": {
        "description": "",
        "project_id": "4ad57e7ce0b24fca8f12b9834d91079d",
        "tenant_id": "4ad57e7ce0b24fca8f12b9834d91079d",
        "endpoints": [
            "10.2.0.0/24",
            "10.3.0.0/24"
        ],
        "type": "cidr",
        "id": "6ecd9cf3-ca64-46c7-863f-f2eb1b9e838a",
        "name": "peers"
    }
}
PUT
/v2.0/vpn/endpoint-groups/{endpoint_group_id}

Update VPN endpoint group

Updates settings for a VPN endpoint group.

Normal response codes: 200

Error response codes: 404,401,400

Request

Name In Type Description
description body string The human-readable description for the resource.
name body string Human-readable name of the resource.
endpoint_group_id (Optional) path string The UUID of the VPN endpoint group.

Request Example

{
    "endpoint_group": {
        "description": "New description"
    }
}

Response Parameters

Name In Type Description
description body string The human-readable description for the resource.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
endpoints body array List of endpoints of the same type, for the endpoint group. The values will depend on type.
type body string The type of probe sent by the load balancer to verify the member state. A valid value is PING, TCP, HTTP, or HTTPS.
id body string The UUID of the network.
name body string Human-readable name of the resource.

Response Example

{
    "endpoint_group": {
        "description": "New description",
        "project_id": "4ad57e7ce0b24fca8f12b9834d91079d",
        "tenant_id": "4ad57e7ce0b24fca8f12b9834d91079d",
        "endpoints": [
            "10.2.0.0/24",
            "10.3.0.0/24"
        ],
        "type": "cidr",
        "id": "6ecd9cf3-ca64-46c7-863f-f2eb1b9e838a",
        "name": "peers"
    }
}
DELETE
/v2.0/vpn/endpoint-groups/{endpoint_group_id}

Remove VPN endpoint group

Removes a VPN endpoint group.

Error response codes: 409,404,204,401

Request

Name In Type Description
endpoint_group_id (Optional) path string The UUID of the VPN endpoint group.
POST
/v2.0/vpn/ipsecpolicies

Create IPSec policy

Creates an IP security (IPSec) policy.

The IPsec policy specifies the authentication and encryption algorithms and encapsulation mode to use for the established VPN connection.

Error response codes: 201,401,400

Request

Name In Type Description
description body string The human-readable description for the resource.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
ipsecpolicy body object An ipsecpolicy object.
auth_algorithm (Optional) body string The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. The default is sha1.
encapsulation_mode (Optional) body string The encapsulation mode. A valid value is tunnel or transport. Default is tunnel.
encryption_algorithm (Optional) body string The encryption algorithm. A valid value is 3des, aes-128, aes-192, aes-256, and so on. Default is aes-128.
pfs (Optional) body string Perfect forward secrecy (PFS). A valid value is Group2, Group5, Group14, and so on. Default is Group5.
value (Optional) body integer The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
transform_protocol (Optional) body string The transform protocol. A valid value is ESP, AH, or AH- ESP. Default is ESP.
units (Optional) body string The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
lifetime (Optional) body object The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
name body string Human-readable name of the resource.

Request Example

{
    "ipsecpolicy": {
        "name": "ipsecpolicy1",
        "transform_protocol": "esp",
        "auth_algorithm": "sha1",
        "encapsulation_mode": "tunnel",
        "encryption_algorithm": "aes-128",
        "pfs": "group5",
        "lifetime": {
            "units": "seconds",
            "value": 7200
        }
    }
}

Response Parameters

Name In Type Description
ipsecpolicies body array A list of IPSec policy objects.
description body string The human-readable description for the resource.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
ipsecpolicy body object An ipsecpolicy object.
auth_algorithm (Optional) body string The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. The default is sha1.
encapsulation_mode (Optional) body string The encapsulation mode. A valid value is tunnel or transport. Default is tunnel.
encryption_algorithm (Optional) body string The encryption algorithm. A valid value is 3des, aes-128, aes-192, aes-256, and so on. Default is aes-128.
pfs (Optional) body string Perfect forward secrecy (PFS). A valid value is Group2, Group5, Group14, and so on. Default is Group5.
value (Optional) body integer The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
transform_protocol (Optional) body string The transform protocol. A valid value is ESP, AH, or AH- ESP. Default is ESP.
units (Optional) body string The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
lifetime (Optional) body object The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
id body string The UUID of the network.
name body string Human-readable name of the resource.
GET
/v2.0/vpn/ipsecpolicies

List IPSec policies

Lists all IPSec policies.

Normal response codes: 200

Error response codes: 403,401

Request

Response Parameters

Name In Type Description
ipsecpolicies body array A list of IPSec policy objects.
description body string The human-readable description for the resource.
tenant_id path string The ID of the project.
project_id path string The ID of the project.
auth_algorithm (Optional) body string The authentication hash algorithm. Valid values are sha1, sha256, sha384, sha512. The default is sha1.
encapsulation_mode (Optional) body string The encapsulation mode. A valid value is tunnel or transport. Default is tunnel.
encryption_algorithm (Optional) body string The encryption algorithm. A valid value is 3des, aes-128, aes-192, aes-256, and so on. Default is aes-128.
pfs (Optional) body string Perfect forward secrecy (PFS). A valid value is Group2, Group5, Group14, and so on. Default is Group5.
value (Optional) body integer The lifetime value, as a positive integer. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
transform_protocol (Optional) body string The transform protocol. A valid value is ESP, AH, or AH- ESP. Default is ESP.
units (Optional) body string The units for the lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
lifetime (Optional) body object The lifetime of the security association. The lifetime consists of a unit and integer value. You can omit either the unit or value portion of the lifetime. Default unit is seconds and default value is 3600.
id body string The UUID of the network.
name body string Human-readable name of the resource.

Response Example

{
    "ipsecpolicies": [
        {
            "name": "ipsecpolicy1",
            "transform_protocol": "esp",
            "auth_algorithm": "sha1",
            "encapsulation_mode": "tunnel",
            "encryption_algorithm": "aes-128",
            "pfs": "group14",
            "project_id": "ccb81365fe36411a9011e90491fe1330",
            "tenant_id": "ccb81365fe36411a9011e90491fe1330",
            "lifetime": {
                "units": "seconds",
                "value": 3600
            },
            "id": "5291b189-fd84-46e5-84bd-78f40c05d69c",
            "description": ""
        }
    ]
}

Resource Management

Networking Flavors Framework v2.0 (CURRENT) (flavor, service_profile)

Extension that allows user selection of operator-curated flavors during resource creation.

Users can check if flavor available by performing a GET on the /v2.0/extensions/flavors. If it is unavailable,there is an 404 error response (itemNotFound). Refer Networking extensions for more details. for more information

GET
/v2.0/flavors

List flavors

Lists all flavors visible to the project.

The list can be empty.

Standard query parameters are supported on the URI. Use the fields query parameter to control which fields are returned in the response body. Additionally, you can filter results by using query string parameters. For information, see Filtering and Column Selection. If Neutron configuration supports pagination by overriding allow_pagination = false, the marker query parameter can set the last element id the client has seen and limit set the maximum number of items to return. if Neutron configuration has allow_sorting = true, sort_key and sort_dir pairs can be used where sort direction is ‘asc’ or ‘desc’.

Normal response codes: 200

Error response codes: 401

Request

Name In Type Description
fields (Optional) query string The fields that you want the server to return. If no fields query parameter is specified, the networking API returns all attributes allowed by the policy settings. By using fields parameter, the API returns only the requested set of attributes. fields parameter can be specified multiple times. For example, if you specify fields=id&fields=name in the request URL, only id and name attributes will be returned.

Response Parameters

Name In Type Description
flavors body array A list of flavor objects.
id body string The ID of the flavor.
service_type body string Service type for the flavor. Example: LOADBALANCERV2.
name body string Name of the flavor.
description body string The human-readable description for the flavor.
enabled body boolean Indicates whether the flavor is enabled or not. Default is true.
service_profiles body array Service profile UUIDs associated with this flavor.

Response Example

{
    "flavors": [
        {
            "description": "",
            "enabled": true,
            "service_profiles": [],
            "service_type": "LOADBALANCERV2",
            "id": "f7b14d9a-b0dc-4fbe-bb14-a0f4970a69e0",
            "name": "dummy"
        }
    ]
}
POST
/v2.0/flavors

Create flavor

Creates a flavor.

This operation establishes a new flavor.

The service_type to which the flavor applies is a required parameter. The corresponding service plugin must have been activated as part of the configuration. See Service providers for how to see currently loaded service types. Additionally the service plugin needs to support the use of flavors. For example, the LOADBALANCERV2 service type using the LBaaSv2 API currently supports Neutron service flavors.

Creation currently limited to administrators. Other users will receive a Forbidden 403 response code with a response body NeutronError message expressing that creation is disallowed by policy.

Until one or more service profiles are associated with the flavor by the operator, attempts to use the flavor during resource creations will currently return a Not Found 404 with a response body that indicates no service profile could be found.

If the API cannot fulfill the request due to insufficient data or data that is not valid, the service returns the HTTP Bad Request (400) response code with information about the failure in the response body. Validation errors require that you correct the error and submit the request again.

Normal response codes: 201

Error response codes: 404, 403, 401, 400

Request

Name In Type Description
flavor body object A flavor object.
service_type body string Service type for the flavor. Example: LOADBALANCERV2.
enabled (Optional) body boolean Indicates whether the flavor is enabled or not. Default is true.
description (Optional) body string The human-readable description for the flavor.
name (Optional) body string Name of the flavor.

Request Example

{
    "flavor": {
        "service_type": "LOADBALANCERV2",
        "enabled": true,
        "name": "dummy",
        "description": "Dummy flavor"
    }
}

Response Parameters

Name In Type Description
flavor body object A flavor object.
id body string The ID of the flavor.
service_type body string Service type for the flavor. Example: LOADBALANCERV2.
name body string Name of the flavor.
description body string The human-readable description for the flavor.
enabled body boolean Indicates whether the flavor is enabled or not. Default is true.
service_profiles body array Service profile UUIDs associated with this flavor.
GET
/v2.0/flavors/{flavor_id}

Show flavor details

Shows details for a flavor.

This operation returns a flavor object by ID. If you are not an administrative user and the flavor object is not visible to your project account, the service returns the HTTP Forbidden (403) response code.

Normal response codes: 200

Error response codes: 404,403,401

Request

Name In Type Description
flavor_id path string The UUID of the flavor.

Response Parameters

Name In Type Description
flavor body object A flavor object.
id body string The ID of the flavor.
service_type body string Service type for the flavor. Example: LOADBALANCERV2.
name body string Name of the flavor.
description body string The human-readable description for the flavor.
enabled body boolean Indicates whether the flavor is enabled or not. Default is true.
service_profiles body array Service profile UUIDs associated with this flavor.

Response Example

{
    "flavor": {
        "description": "",
        "enabled": true,
        "service_profiles": [],
        "service_type": "LOADBALANCERV2",
        "id": "f7b14d9a-b0dc-4fbe-bb14-a0f4970a69e0",
        "name": "dummy"
    }
}
PUT
/v2.0/flavors/{flavor_id}

Update flavor

Updates a flavor.

The service_type cannot be updated as there may be associated service profiles and consumers depending on the value.

Normal response codes: 200

Error response codes: 404,403,401,400

Request

Name In Type Description
flavor_id path string The UUID of the flavor.
flavor body object A flavor object.
name (Optional) body string Name of the flavor.
description (Optional) body string The human-readable description for the flavor.
enabled (Optional) body boolean Indicates whether the flavor is enabled or not. Default is true.

Request Example

{
    "flavor": {
        "enabled": false,
        "name": "newname",
        "description": "New description"
    }
}

Response Parameters

Name In Type Description
flavor body object A flavor object.
id body string The ID of the flavor.
service_type body string Service type for the flavor. Example: LOADBALANCERV2.
name body string Name of the flavor.
description body string The human-readable description for the flavor.
enabled body boolean Indicates whether the flavor is enabled or not. Default is true.
service_profiles body array Service profile UUIDs associated with this flavor.

Response Example

{
    "flavor": {
        "description": "New description",
        "enabled": false,
        "service_profiles": [],
        "service_type": "LOADBALANCERV2",
        "id": "7fc0581b-4509-49e1-90eb-c953c877fa4c",
        "name": "newname"
    }
}
DELETE
/v2.0/flavors/{flavor_id}

Delete flavor

Deletes a flavor.

Normal response codes: 204

Error response codes: 404,403,401

Request

Name In Type Description
flavor_id path string The UUID of the flavor.

Response

No body content is returned on a successful DELETE.

POST
/v2.0/flavors/{flavor_id}/service_profiles

Associate flavor with a service profile

Associate a flavor with a service profile.

A flavor can be associated with more than one profile.

Will return 409 Conflict if association already exists.

Normal response codes: 201

Error response codes: 404,403,401,400,409

Request

Name In Type Description
flavor_id path string The UUID of the flavor.
service_profile body object A service_profile object.
id body string The UUID of the service profile.

Request Example

{
    "service_profile": {
        "id": "4e5b9191-ffbe-4f7a-b112-2db98232fd32"
    }
}

Response Parameters

Name In Type Description
service_profile body object A service_profile object.
id body string The UUID of the network.
DELETE
/v2.0/flavors/{flavor_id}/service_profiles/{profile_id}

Disassociate a flavor.

Disassociate a flavor from a service profile.

Normal response codes: 204

Error response codes: 404,403,401

Request

Name In Type Description
profile_id path string The UUID of the service profile.
flavor_id path string The UUID of the flavor.

Response

No body content is returned on a successful disassociation.

GET
/v2.0/service_profiles

List service profiles

Lists all service profiles visible for the tenant account.

The list can be empty.

Standard query parameters are supported on the URI.

Normal response codes: 200

Error response codes: 401

Request

Response Parameters

Name In Type Description
service_profiles body array Service profile UUIDs associated with this flavor.
id body string The UUID of the service profile.
enabled body boolean Indicates whether this service profile is enabled or not. Default is true.
driver body string Provider driver to use for this profile. Example: neutron_lbaas.drivers.octavia.driver.OctaviaDriver
description body string The human-readable description for the service profile.
metainfo body string JSON-formatted meta information of the service profile.

Response Example

{
    "service_profiles": [
        {
            "id": "4e5b9191-ffbe-4f7a-b112-2db98232fd32",
            "enabled": true,
            "driver": "neutron_lbaas.drivers.octavia.driver.OctaviaDriver",
            "description": "",
            "metainfo": "{}"
        },
        {
            "id": "684322c5-703a-48a2-8138-34b99942a7ef",
            "enabled": true,
            "driver": "neutron_lbaas.drivers.octavia.driver.OctaviaDriver",
            "description": "",
            "metainfo": "{}"
        }
    ]
}
POST
/v2.0/service_profiles

Create service profile

Creates a service profile.

This operation establishes a new service profile that can be associated with one or more flavors.

Either metadata or a driver is required.

If a driver is specified but does not exist, call will return a Not found 404 error with the response body explaining that the driver could not be found.

Creation currently limited to administrators. Other users will receive a Forbidden 403 response code with a response body NeutronError message expressing that creation is disallowed by policy.

If the API cannot fulfill the request due to insufficient data or data that is not valid, the service returns the HTTP Bad Request (400) response code with information about the failure in the response body. Validation errors require that you correct the error and submit the request again.

Normal response codes: 201

Error response codes: 404, 403, 401, 400

Request

Name In Type Description
service_profile body object A service_profile object.
description (Optional) body string The human-readable description for the service profile.
metainfo (Optional) body string JSON-formatted meta information of the service profile.
enabled (Optional) body boolean Indicates whether this service profile is enabled or not. Default is true.
driver (Optional) body string Provider driver to use for this profile. Example: neutron_lbaas.drivers.octavia.driver.OctaviaDriver

Request Example

{
    "service_profile": {
        "enabled": "true",
        "driver": "neutron_lbaas.drivers.octavia.driver.OctaviaDriver",
        "description": "Dummy profile",
        "metainfo": "{'foo': 'bar'}"
    }
}

Response Parameters

Name In Type Description
service_profile body object A service_profile object.
id body string The UUID of the service profile.
enabled body boolean Indicates whether this service profile is enabled or not. Default is true.
driver body string Provider driver to use for this profile. Example: neutron_lbaas.drivers.octavia.driver.OctaviaDriver
description body string The human-readable description for the service profile.
metainfo body string JSON-formatted meta information of the service profile.

Response Example

{
    "service_profile": {
        "enabled": true,
        "metainfo": "{'foo': 'bar'}",
        "driver": "neutron_lbaas.drivers.octavia.driver.OctaviaDriver",
        "id": "7c793e5f-9b64-44e0-8b1f-902e59c85a01",
        "description": "Dummy profile"
    }
}
GET
/v2.0/service_profiles/{profile_id}

Show service profile details

Shows details for a service profile.

This operation returns a service profile object by ID. If you are not an administrative user and the object is not visible to your tenant account, the service returns the HTTP Forbidden (403) response code.

Normal response codes: 200

Error response codes: 404, 403, 401

Request

Name In Type Description
profile_id path string The UUID of the service profile.

Response Parameters

Name In Type Description
service_profile body object A service_profile object.
id body string The UUID of the service profile.
enabled body boolean Indicates whether this service profile is enabled or not. Default is true.
driver body string Provider driver to use for this profile. Example: neutron_lbaas.drivers.octavia.driver.OctaviaDriver
description body string The human-readable description for the service profile.
metainfo body string JSON-formatted meta information of the service profile.

Response Example

{
    "service_profile": {
        "enabled": true,
        "metainfo": "{'foo': 'bar'}",
        "driver": "neutron_lbaas.drivers.octavia.driver.OctaviaDriver",
        "id": "7c793e5f-9b64-44e0-8b1f-902e59c85a01",
        "description": "Dummy profile"
    }
}
PUT