This section introduces readers to OpenStack Networking (v2) API, providers guidelines on how to use it, and describes common features available to users throughout all Networking APIs.
The Networking API v2.0 is a ReSTful HTTP service that uses all aspects of the HTTP protocol including methods, URIs, media types, response codes, and so on. Providers can use existing features of the protocol including caching, persistent connections, and content compression. For example, providers who employ a caching layer can respond with a 203 code instead of a 200 code when a request is served from the cache. Additionally, providers can offer support for conditional GET requests by using ETags, or they may send a redirect in response to a GET request. Create clients so that these differences are accounted for.
The Networking API v2.0 uses the OpenStack Identity service as the default authentication service. When Keystone is enabled, users that submit requests to the OpenStack Networking service must provide an authentication token in X-Auth-Token request header. You obtain the token by authenticating to the Keystone endpoint.
When Keystone is enabled, the project_id attribute is not required in create
requests because the project ID is derived from the authentication token.
NOTE: Currently the Networking API accepts the deprecated tenant_id
attribute for the project ID for backward compatibility.
The default authorization settings allow only administrative users to create resources on behalf of a different project.
OpenStack Networking uses information received from Keystone to authorize user requests. OpenStack Networking handles the following types of authorization policies:
The actual authorization policies enforced in OpenStack Networking might vary from deployment to deployment.
The Networking API v2.0 supports JSON data serialization request and response formats only.
The Networking API v2.0 only accepts requests with the JSON data serialization
format. The Content-Type header is ignored.
Starting with the Newton release of the Networking service, the Networking API
accepts the project_id attribute in addition to the tenant_id attribute
in requests. The tenant_id attribute is accepted for backward compatibility.
If both the project_id and the tenant_id attribute are provided in the
same request, their values must be identical.
To determine whether a Networking API v2.0 endpoint supports the project_id
attribute in requests, check that the project-id API extension is enabled
(see Extensions).
The Networking API v2.0 always responds with the JSON data serialization
format. The Accept header is ignored.
A .json extension can be added to the request URI. For example, the
.json extension in the following requests are equivalent:
Starting with the Newton release of the Networking service, the Networking API
returns a project_id attribute in responses, while still returning a
tenant_id attribute for backward compatibility. The values will always be
identical.
To determine whether a Networking API v2.0 endpoint returns the project_id
attribute in responses, check that the project-id API extension is enabled
(see Extensions).
The Networking API v2.0 supports filtering based on all top level attributes of a resource. Filters are applicable to all list requests.
For example, the following request returns all networks named foobar:
GET /v2.0/networks?name=foobar
When you specify multiple filters using different fields, the Networking API v2.0 returns only objects that meet all filtering criteria. The operation applies an AND condition among different filter fields.
OpenStack Networking offers an OR mechanism for filters by repeating the field
with the different OR criteria. For example, to find all networks named
foobar OR bizbaz:
GET /v2.0/networks?name=foobar&name=bizbaz
ORs and ANDs can be combined. For example, if you want all networks with admin_state_up=True and shared=True and named ‘foobar’ or ‘bizbaz’:
GET /v2.0/networks?name=foobar&name=bizbaz&admin_state_up=True&shared=True
By default, OpenStack Networking returns all attributes for any show or list
call. The Networking API v2.0 has a mechanism to limit the set of attributes
returned. For example, return id.
You can use the fields query parameter to control the attributes returned
from the Networking API v2.0.
For example, the following request returns only id and name for each
network:
GET /v2.0/networks.json?fields=id&fields=name
The Networking API v2.0 presents a logical model of network connectivity consisting of networks, ports, and subnets. It is up to the OpenStack Networking plug-in to communicate with the underlying infrastructure to ensure packet forwarding is consistent with the logical model. A plug-in might perform these operations asynchronously.
When an API client modifies the logical model by issuing an HTTP POST, PUT, or DELETE request, the API call might return before the plug-in modifies underlying virtual and physical switching devices. However, an API client is guaranteed that all subsequent API calls properly reflect the changed logical model.
For example, if a client issues an HTTP PUT request to set the attachment for a port, there is no guarantee that packets sent by the interface named in the attachment are forwarded immediately when the HTTP call returns. However, it is guaranteed that a subsequent HTTP GET request to view the attachment on that port returns the new attachment value.
You can use the status attribute with the network and port resources to
determine whether the OpenStack Networking plug-in has successfully completed
the configuration of the resource.
The Networking API v2.0 enables you to create several objects of the same type in the same API request. Bulk create operations use exactly the same API syntax as single create operations except that you specify a list of objects rather than a single object in the request body.
Bulk operations are always performed atomically, meaning that either all or none of the objects in the request body are created. If a particular plug-in does not support atomic operations, the Networking API v2.0 emulates the atomic behavior so that users can expect the same behavior regardless of the particular plug-in running in the background.
OpenStack Networking might be deployed without support for bulk operations and when the client attempts a bulk create operation, a 400 Bad request error is returned.
To reduce load on the service, list operations will return a maximum number of items at a time. To navigate the collection, the parameters limit, marker and page_reverse can be set in the URI. For example:
?limit=100&marker=1234&page_reverse=False
The marker parameter is the ID of the last item in the previous list. The
limit parameter sets the page size. The page_reverse parameter sets
the page direction. These parameters are optional. If the client requests a
limit beyond the maximum limit configured by the deployment, the server returns
the maximum limit number of items.
For convenience, list responses contain atom “next” links and “previous” links. The last page in the list requested with ‘page_reverse=False’ will not contain “next” link, and the last page in the list requested with ‘page_reverse=True’ will not contain “previous” link. The following examples illustrate two pages with three items. The first page was retrieved through:
GET http://127.0.0.1:9696/v2.0/networks.json?limit=2
Pagination is an optional feature of OpenStack Networking API, and it might be disabled. If pagination is disabled, the pagination parameters will be ignored and return all the items.
If a particular plug-in does not support pagination operations, and pagination is enabled, the Networking API v2.0 will emulate the pagination behavior so that users can expect the same behavior regardless of the particular plug-in running in the background.
To determine if pagination is supported, a user can check whether the ‘pagination’ extension API is available.
Example Network collection, first page: JSON request
GET /v2.0/networks.json?limit=2 HTTP/1.1
Host: 127.0.0.1:9696
Content-Type: application/json
Accept: application/json
Example Network collection, first page: JSON response
{
"networks": [
{
"admin_state_up": true,
"id": "396f12f8-521e-4b91-8e21-2e003500433a",
"name": "net3",
"provider:network_type": "vlan",
"provider:physical_network": "physnet1",
"provider:segmentation_id": 1002,
"router:external": false,
"shared": false,
"status": "ACTIVE",
"subnets": [],
"tenant_id": "20bd52ff3e1b40039c312395b04683cf"
"project_id": "20bd52ff3e1b40039c312395b04683cf"
},
{
"admin_state_up": true,
"id": "71c1e68c-171a-4aa2-aca5-50ea153a3718",
"name": "net2",
"provider:network_type": "vlan",
"provider:physical_network": "physnet1",
"provider:segmentation_id": 1001,
"router:external": false,
"shared": false,
"status": "ACTIVE",
"subnets": [],
"tenant_id": "20bd52ff3e1b40039c312395b04683cf"
"project_id": "20bd52ff3e1b40039c312395b04683cf"
}
],
"networks_links": [
{
"href": "http://127.0.0.1:9696/v2.0/networks.json?limit=2&marker=71c1e68c-171a-4aa2-aca5-50ea153a3718",
"rel": "next"
},
{
"href": "http://127.0.0.1:9696/v2.0/networks.json?limit=2&marker=396f12f8-521e-4b91-8e21-2e003500433a&page_reverse=True",
"rel": "previous"
}
]
}
The last page won’t show the “next” links
Example Network collection, last page: JSON request
GET /v2.0/networks.json?limit=2&marker=71c1e68c-171a-4aa2-aca5-50ea153a3718 HTTP/1.1
Host: 127.0.0.1:9696
Content-Type: application/json
Accept: application/json
Example Network collection, last page: JSON response
{
"networks": [
{
"admin_state_up": true,
"id": "b3680498-03da-4691-896f-ef9ee1d856a7",
"name": "net1",
"provider:network_type": "vlan",
"provider:physical_network": "physnet1",
"provider:segmentation_id": 1000,
"router:external": false,
"shared": false,
"status": "ACTIVE",
"subnets": [],
"tenant_id": "c05140b3dc7c4555afff9fab6b58edc2"
"project_id": "c05140b3dc7c4555afff9fab6b58edc2"
}
],
"networks_links": [
{
"href": "http://127.0.0.1:9696/v2.0/networks.json?limit=2&marker=b3680498-03da-4691-896f-ef9ee1d856a7&page_reverse=True",
"rel": "previous"
}
]
}
You can use the sort_key and sort_dir parameters to sort the
results of list operations. Currently sorting does not work with extended
attributes of resource. The sort_key and sort_dir can be repeated,
and the number of sort_key and sort_dir provided must be same. The
sort_dir parameter indicates in which direction to sort. Acceptable
values are asc (ascending) and desc (descending).
Sorting is optional feature of OpenStack Networking API, and it might be disabled. If sorting is disabled, the sorting parameters are ignored.
If a particular plug-in does not support sorting operations and sorting is enabled, the Networking API v2.0 emulates the sorting behavior so that users can expect the same behavior regardless of the particular plug-in that runs in the background.
To determine if sorting is supported, a user can check whether the ‘sorting’ extension API is available.
The Networking API v2.0 is extensible.
The purpose of Networking API v2.0 extensions is to:
To programmatically determine which extensions are available, issue a GET request on the v2.0/extensions URI.
To query extensions individually by unique alias, issue a GET request on
the /v2.0/extensions/*alias_name* URI. Use this method to easily
determine if an extension is available. If the extension is not available, a
404 Not Found response is returned.
You can extend existing core API resources with new actions or extra attributes. Also, you can add new resources as extensions. Extensions usually have tags that prevent conflicts with other extensions that define attributes or resources with the same names, and with core resources and attributes. Because an extension might not be supported by all plug-ins, the availability of an extension varies with deployments and the specific plug-in in use.
The Networking API v2.0 returns an error response if a failure occurs while processing a request. OpenStack Networking uses only standard HTTP error codes. 4nn errors indicate problems in the particular request being sent from the client.
| Error | Description |
|---|---|
| 400 | Bad request Malformed request URI or body requested admin state invalid Invalid values entered Bulk operations disallowed Validation failed Method not allowed for request body (such as trying to update attributes that can be specified at create-time only) |
| 404 | Not Found Non existent URI Resource not found |
| 409 | Conflict Port configured on network IP allocated on subnet Conflicting IP allocation pools for subnet |
| 500 | Internal server error Internal OpenStack Networking error |
| 503 | Service unavailable Failure in Mac address generation |
Users submitting requests to the Networking API v2.0 might also receive the following errors:
The Resource revision numbers extension (standard-attr-revisions) adds
the revision_number attribute to all API resources that support standard
attributes. This includes networks, ports, subnets, subnet pools, floating IPs,
routers, logs, security groups/rules, network segments, QoS policies and trunks.
As you’d expect, the revision_number indicates the number of updates a
particular resource has undergone and is read-only.
In addition, the If-Match constraints based on revision_number extension
(revision-if-match) allows API consumers to leverage the If-Match HTTP
header to conditionally update/delete a resource when the HTTP If-Match
header matches the revision_number of the said resource.
Lists information for all Networking API versions.
Lists information about all Networking API versions.
Normal response codes: 200
| Name | In | Type | Description |
|---|---|---|---|
| versions | body | array | List of versions. |
| status | body | string | Status of the API, which can be CURRENT, STABLE or DEPRECATED. |
| id | body | string | Version of the API. |
| links | body | array | List of version links. Each link is a dict with ‘href’ and ‘rel’. |
| href | body | string | Link to the API. |
| rel | body | string | Relationship of link with the version. |
{
"versions": [
{
"status": "CURRENT",
"id": "v2.0",
"links": [
{
"href": "http://23.253.228.211:9696/v2.0",
"rel": "self"
}
]
}
]
}
Shows details for Networking API v2.0.
Normal response codes: 200
Error response codes: 401
| Name | In | Type | Description |
|---|---|---|---|
| resources | body | array | List of resource objects. |
| name | body | string | Name of the resource. |
| collection | body | string | Collection name of the resource. |
| links | body | array | List of links related to the resource. Each link is a dict with ‘href’ and ‘rel’. |
| href | body | string | Link to the resource. |
| rel | body | string | Relationship between link and the resource. |
{
"resources": [
{
"links": [
{
"href": "http://23.253.228.211:9696/v2.0/subnets",
"rel": "self"
}
],
"name": "subnet",
"collection": "subnets"
},
{
"links": [
{
"href": "http://23.253.228.211:9696/v2.0/networks",
"rel": "self"
}
],
"name": "network",
"collection": "networks"
},
{
"links": [
{
"href": "http://23.253.228.211:9696/v2.0/ports",
"rel": "self"
}
],
"name": "port",
"collection": "ports"
}
]
}
Extensions introduce features and vendor-specific functionality to the API.
Lists available extensions.
Lists available Networking API v2.0 extensions and shows details for an extension.
Normal response codes: 200
Error response codes: 401
| Name | In | Type | Description |
|---|---|---|---|
| extensions | body | array | A list of extension objects. |
| name | body | string | Human-readable name of the resource. |
| links | body | array | List of links related to the extension. |
| alias | body | string | The alias for the extension. For example “quotas” or “security-group”. |
| updated | body | string | The date and timestamp when the extension was last updated. |
| description | body | string | The human-readable description for the resource. |
{
"extensions": [
{
"updated": "2013-01-20T00:00:00-00:00",
"name": "Neutron Service Type Management",
"links": [],
"alias": "service-type",
"description": "API for retrieving service providers for Neutron advanced services"
},
{
"updated": "2012-10-05T10:00:00-00:00",
"name": "security-group",
"links": [],
"alias": "security-group",
"description": "The security groups extension."
},
{
"updated": "2013-02-07T10:00:00-00:00",
"name": "L3 Agent Scheduler",
"links": [],
"alias": "l3_agent_scheduler",
"description": "Schedule routers among l3 agents"
},
{
"updated": "2013-02-07T10:00:00-00:00",
"name": "Loadbalancer Agent Scheduler",
"links": [],
"alias": "lbaas_agent_scheduler",
"description": "Schedule pools among lbaas agents"
},
{
"updated": "2013-03-28T10:00:00-00:00",
"name": "Neutron L3 Configurable external gateway mode",
"links": [],
"alias": "ext-gw-mode",
"description": "Extension of the router abstraction for specifying whether SNAT should occur on the external gateway"
},
{
"updated": "2014-02-03T10:00:00-00:00",
"name": "Port Binding",
"links": [],
"alias": "binding",
"description": "Expose port bindings of a virtual port to external application"
},
{
"updated": "2012-09-07T10:00:00-00:00",
"name": "Provider Network",
"links": [],
"alias": "provider",
"description": "Expose mapping of virtual networks to physical networks"
},
{
"updated": "2013-02-03T10:00:00-00:00",
"name": "agent",
"links": [],
"alias": "agent",
"description": "The agent management extension."
},
{
"updated": "2012-07-29T10:00:00-00:00",
"name": "Quota management support",
"links": [],
"alias": "quotas",
"description": "Expose functions for quotas management per tenant"
},
{
"updated": "2013-02-07T10:00:00-00:00",
"name": "DHCP Agent Scheduler",
"links": [],
"alias": "dhcp_agent_scheduler",
"description": "Schedule networks among dhcp agents"
},
{
"updated": "2013-06-27T10:00:00-00:00",
"name": "Multi Provider Network",
"links": [],
"alias": "multi-provider",
"description": "Expose mapping of virtual networks to multiple physical networks"
},
{
"updated": "2013-01-14T10:00:00-00:00",
"name": "Neutron external network",
"links": [],
"alias": "external-net",
"description": "Adds external network attribute to network resource."
},
{
"updated": "2012-07-20T10:00:00-00:00",
"name": "Neutron L3 Router",
"links": [],
"alias": "router",
"description": "Router abstraction for basic L3 forwarding between L2 Neutron networks and access to external networks via a NAT gateway."
},
{
"updated": "2013-07-23T10:00:00-00:00",
"name": "Allowed Address Pairs",
"links": [],
"alias": "allowed-address-pairs",
"description": "Provides allowed address pairs"
},
{
"updated": "2013-03-17T12:00:00-00:00",
"name": "Neutron Extra DHCP opts",
"links": [],
"alias": "extra_dhcp_opt",
"description": "Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be specified (e.g. tftp-server, server-ip-address, bootfile-name)"
},
{
"updated": "2012-10-07T10:00:00-00:00",
"name": "LoadBalancing service",
"links": [],
"alias": "lbaas",
"description": "Extension for LoadBalancing service"
},
{
"updated": "2013-02-01T10:00:00-00:00",
"name": "Neutron Extra Route",
"links": [],
"alias": "extraroute",
"description": "Extra routes configuration for L3 router"
},
{
"updated": "2016-01-24T10:00:00-00:00",
"name": "Neutron Port Data Plane Status",
"links": [],
"alias": "data-plane-status",
"description": "Status of the underlying data plane."
}
]
}
Shows details for an extension, by alias. The response shows the extension name and its alias. To show details for an extension, you specify the alias.
Normal response codes: 200
Error response codes: 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| alias | path | string | The alias of an extension. |
| Name | In | Type | Description |
|---|---|---|---|
| extension | body | object | An extension object. |
| name | body | string | Human-readable name of the resource. |
| links | body | array | List of links related to the extension. |
| alias | body | string | The alias for the extension. For example “quotas” or “security-group”. |
| updated | body | string | The date and timestamp when the extension was last updated. |
| description | body | string | The human-readable description for the resource. |
{
"extension": {
"updated": "2013-02-03T10:00:00-00:00",
"name": "agent",
"links": [],
"alias": "agent",
"description": "The agent management extension."
}
}
Lists, shows details for, creates, updates, and deletes networks.
The provider extension allows administrative users to define a physical
binding of a logical network. This extension provides three additional
attributes: provider:network_type, provider:physical_network and
provider:segmentation_id. The validation rules for these attributes
vary across provider:network_type. For example, vlan and flat
network types require provider:physical_network attribute, but vxlan
network type does not.
Most Networking plug-ins (e.g. ML2 Plugin) and drivers do not support updating any provider related attributes. Check your plug-in whether it supports updating.
The multi-provider extension allows administrative users to define multiple
physical bindings for a logical network.
To define multiple physical bindings for a network, include a segments list
in the request body of network creation request. Each element in the
segments list has the same structure as the provider network
attributes. These attributes are provider:network_type,
provider:physical_network, and provider:segmentation_id. The same
validation rules are applied to each element in the segments list.
Note that you cannot use the provider extension and the multiple provider extension for a single logical network.
The vlan-transparent extension enables plug-ins that support VLAN
transparency to deliver VLAN transparent trunk networks.
This extension introduces vlan_transparent attribute to control
a VLAN transparecy of the network. If the service does not support VLAN
transparency and a user requests a VLAN transparent network,
the plug-in refuses to create one and returns an appropriate error to the user.
The net-mtu extension allows plug-ins to expose the MTU that is guaranteed
to pass through the data path of the segments in the network. This extension
introduces a read-only mtu attribute.
A newer net-mtu-writable extension enhances net-mtu in that now the
mtu attribute is available for write (both when creating as well as
updating networks).
The dns-integration extension adds the dns_domain attribute to networks.
The dns_domain of a network in conjunction with the dns_name attribute
of its ports will be published in an external DNS service when Neutron is
configured to integrate with such a service.
Shows details for a network.
Use the fields query parameter to control which fields are
returned in the response body. For information, see Filtering and
Column Selection.
Normal response codes: 200
Error response codes: 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| network_id | path | string | The ID of the network. |
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| network | body | object | A network object. |
| admin_state_up | body | boolean | The administrative state of the network, which is
up (true) or down (false). |
| availability_zone_hints | body | array | The availability zone candidate for the network. |
| availability_zones | body | array | The availability zone for the network. |
| created_at | body | string | Time at which the resource has been created (in UTC ISO8601 format). |
| dns_domain | body | string | A valid DNS domain. |
| id | body | string | The ID of the network. |
| mtu | body | integer | The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6. |
| name | body | string | Human-readable name of the network. |
| port_security_enabled | body | boolean | The port security status of the network. Valid values are
enabled (true) and disabled (false).
This value is used as the default value of port_security_enabled
field of a newly created port. |
| project_id | body | string | The ID of the project. |
| provider:network_type | body | string | The type of physical network that this network is mapped to.
For example, flat, vlan, vxlan, or gre.
Valid values depend on a networking back-end. |
| provider:physical_network | body | string | The physical network where this network is implemented. |
| provider:segmentation_id | body | integer | The ID of the isolated segment on the physical network.
The network_type attribute defines the segmentation model.
For example, if the network_type value is vlan, this ID is a vlan
identifier. If the network_type value is gre, this ID is a gre key. |
| qos_policy_id | body | string | The ID of the QoS policy. |
| revision_number | body | integer | The revision number of the resource. |
| router:external | body | boolean | Indicates whether this network can provide floating IPs via a router. |
| segments | body | array | A list of provider segment objects. |
| shared | body | boolean | Indicates whether this network is shared across all tenants. By default, only administrative users can change this value. |
| status | body | string | The network status. Values are ACTIVE, DOWN, BUILD or ERROR. |
| subnets | body | array | The associated subnets. |
| tenant_id | body | string | The ID of the project. |
| updated_at | body | string | Time at which the resource has been updated (in UTC ISO8601 format). |
| vlan_transparent | body | boolean | Indicates the VLAN transparency mode of the network, which is
VLAN transparent (true) or not VLAN transparent (false). |
| description | body | string | A human-readable description for the resource. |
{
"network": {
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"created_at": "2016-03-08T20:19:41",
"dns_domain": "my-domain.org.",
"id": "d32019d3-bc6e-4319-9c1d-6722fc136a22",
"mtu": 1500,
"name": "private-network",
"port_security_enabled": true,
"project_id": "4fd44f30292945e481c7b8a0c8908869",
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
"revision_number": 1,
"router:external": false,
"shared": true,
"status": "ACTIVE",
"subnets": [
"54d6f61d-db07-451c-9ab3-b9609b6b6f0b"
],
"tenant_id": "4fd44f30292945e481c7b8a0c8908869",
"updated_at": "2016-03-08T20:19:41",
"vlan_transparent": false,
"description": ""
}
}
{
"network": {
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"created_at": "2016-03-08T20:19:41",
"dns_domain": "my-domain.org.",
"id": "d32019d3-bc6e-4319-9c1d-6722fc136a22",
"mtu": 1500,
"name": "private-network",
"port_security_enabled": true,
"project_id": "4fd44f30292945e481c7b8a0c8908869",
"provider:network_type": "local",
"provider:physical_network": null,
"provider:segmentation_id": null,
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
"revision_number": 1,
"router:external": false,
"shared": true,
"status": "ACTIVE",
"subnets": [
"54d6f61d-db07-451c-9ab3-b9609b6b6f0b"
],
"tenant_id": "4fd44f30292945e481c7b8a0c8908869",
"updated_at": "2016-03-08T20:19:41",
"vlan_transparent": false,
"description": ""
}
}
{
"network": {
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"created_at": "2016-03-08T20:19:41",
"dns_domain": "my-domain.org.",
"id": "4e8e5957-649f-477b-9e5b-f1f75b21c03c",
"mtu": 1500,
"name": "net1",
"port_security_enabled": true,
"project_id": "9bacb3c5d39d41a79512987f338cf177",
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
"revision_number": 1,
"router:external": false,
"segments": [
{
"provider:network_type": "vlan",
"provider:physical_network": "public",
"provider:segmentation_id": 2
},
{
"provider:network_type": "flat",
"provider:physical_network": "default",
"provider:segmentation_id": 0
}
],
"shared": false,
"status": "ACTIVE",
"subnets": [
"54d6f61d-db07-451c-9ab3-b9609b6b6f0b"
],
"tenant_id": "4fd44f30292945e481c7b8a0c8908869",
"updated_at": "2016-03-08T20:19:41",
"vlan_transparent": false,
"description": ""
}
}
Updates a network.
Normal response codes: 200
Error response codes: 400, 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| network_id | path | string | The ID of the network. |
| network | body | object | A network object. |
| admin_state_up (Optional) | body | boolean | The administrative state of the network, which is
up (true) or down (false). |
| dns_domain (Optional) | body | string | A valid DNS domain. |
| mtu (Optional) | body | integer | The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6. |
| name (Optional) | body | string | Human-readable name of the network. |
| port_security_enabled (Optional) | body | boolean | The port security status of the network. Valid values are
enabled (true) and disabled (false).
This value is used as the default value of port_security_enabled
field of a newly created port. |
| provider:network_type | body | string | The type of physical network that this network is mapped to.
For example, flat, vlan, vxlan, or gre.
Valid values depend on a networking back-end. |
| provider:physical_network | body | string | The physical network where this network is implemented. |
| provider:segmentation_id | body | integer | The ID of the isolated segment on the physical network.
The network_type attribute defines the segmentation model.
For example, if the network_type value is vlan, this ID is a vlan
identifier. If the network_type value is gre, this ID is a gre key. |
| qos_policy_id (Optional) | body | string | The ID of the QoS policy. |
| router:external (Optional) | body | boolean | Indicates whether this network can provide floating IPs via a router. |
| segments | body | array | A list of provider segment objects. |
| shared (Optional) | body | boolean | Indicates whether this network is shared across all tenants. By default, only administrative users can change this value. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
{
"network": {
"dns_domain": "my-domain.org.",
"name": "sample_network_5_updated",
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
"mtu": 1300
}
}
{
"network": {
"provider:network_type": "vlan",
"provider:physical_network": "public",
"provider:segmentation_id": 2
}
}
{
"network": {
"segments": [
{
"provider:segmentation_id": 2,
"provider:physical_network": "public",
"provider:network_type": "vlan"
},
{
"provider:physical_network": "default",
"provider:network_type": "flat"
}
]
}
}
| Name | In | Type | Description |
|---|---|---|---|
| network | body | object | A network object. |
| admin_state_up | body | boolean | The administrative state of the network, which is
up (true) or down (false). |
| availability_zone_hints | body | array | The availability zone candidate for the network. |
| availability_zones | body | array | The availability zone for the network. |
| dns_domain | body | string | A valid DNS domain. |
| id | body | string | The ID of the network. |
| mtu | body | integer | The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6. |
| name | body | string | Human-readable name of the network. |
| port_security_enabled | body | boolean | The port security status of the network. Valid values are
enabled (true) and disabled (false).
This value is used as the default value of port_security_enabled
field of a newly created port. |
| project_id | body | string | The ID of the project. |
| provider:network_type | body | string | The type of physical network that this network is mapped to.
For example, flat, vlan, vxlan, or gre.
Valid values depend on a networking back-end. |
| provider:physical_network | body | string | The physical network where this network is implemented. |
| provider:segmentation_id | body | integer | The ID of the isolated segment on the physical network.
The network_type attribute defines the segmentation model.
For example, if the network_type value is vlan, this ID is a vlan
identifier. If the network_type value is gre, this ID is a gre key. |
| qos_policy_id | body | string | The ID of the QoS policy. |
| revision_number | body | integer | The revision number of the resource. |
| router:external | body | boolean | Indicates whether this network can provide floating IPs via a router. |
| segments | body | array | A list of provider segment objects. |
| shared | body | boolean | Indicates whether this network is shared across all tenants. By default, only administrative users can change this value. |
| status | body | string | The network status. Values are ACTIVE, DOWN, BUILD or ERROR. |
| subnets | body | array | The associated subnets. |
| tenant_id | body | string | The ID of the project. |
| description | body | string | A human-readable description for the resource. |
This is an example when a regular user without administrative roles sends a PUT request. Response examples for administrative users are similar to responses of Show network details and Create network. See them for details.
{
"network": {
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"created_at": "2016-03-08T20:19:41",
"dns_domain": "my-domain.org.",
"id": "1f370095-98f6-4079-be64-6d3d4a6adcc6",
"mtu": 1300,
"name": "sample_network_5_updated",
"port_security_enabled": true,
"project_id": "4fd44f30292945e481c7b8a0c8908869",
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
"revision_number": 2,
"router:external": false,
"shared": false,
"status": "ACTIVE",
"subnets": [
"54d6f61d-db07-451c-9ab3-b9609b6b6f0b"
],
"tenant_id": "4fd44f30292945e481c7b8a0c8908869",
"updated_at": "2016-03-08T20:19:41",
"vlan_transparent": false,
"description": ""
}
}
Deletes a network and its associated resources.
Normal response codes: 204
Error response codes: 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| network_id | path | string | The ID of the network. |
There is no body content for the response of a successful DELETE request.
Lists networks to which the project has access.
Default policy settings return only networks that the project who submits the request owns, unless an administrative user submits the request. In addition, networks shared with the project who submits the request are also returned.
Use the fields query parameter to control which fields are
returned in the response body. Additionally, you can filter results
by using query string parameters. For information, see Filtering
and Column Selection.
You can also use the tags, tags-any, not-tags, not-tags-any
query parameter to filter the response with tags. For information,
see REST API Impact.
Normal response codes: 200
Error response codes: 401
| Name | In | Type | Description |
|---|---|---|---|
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| networks | body | array | A list of network objects. |
| admin_state_up | body | boolean | The administrative state of the network, which is
up (true) or down (false). |
| availability_zone_hints | body | array | The availability zone candidate for the network. |
| availability_zones | body | array | The availability zone for the network. |
| dns_domain | body | string | A valid DNS domain. |
| id | body | string | The ID of the network. |
| mtu | body | integer | The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6. |
| name | body | string | Human-readable name of the network. |
| port_security_enabled | body | boolean | The port security status of the network. Valid values are
enabled (true) and disabled (false).
This value is used as the default value of port_security_enabled
field of a newly created port. |
| project_id | body | string | The ID of the project. |
| provider:network_type | body | string | The type of physical network that this network is mapped to.
For example, flat, vlan, vxlan, or gre.
Valid values depend on a networking back-end. |
| provider:physical_network | body | string | The physical network where this network is implemented. |
| provider:segmentation_id | body | integer | The ID of the isolated segment on the physical network.
The network_type attribute defines the segmentation model.
For example, if the network_type value is vlan, this ID is a vlan
identifier. If the network_type value is gre, this ID is a gre key. |
| qos_policy_id | body | string | The ID of the QoS policy. |
| revision_number | body | integer | The revision number of the resource. |
| router:external | body | boolean | Indicates whether this network can provide floating IPs via a router. |
| segments | body | array | A list of provider segment objects. |
| shared | body | boolean | Indicates whether this network is shared across all tenants. By default, only administrative users can change this value. |
| status | body | string | The network status. Values are ACTIVE, DOWN, BUILD or ERROR. |
| subnets | body | array | The associated subnets. |
| tenant_id | body | string | The ID of the project. |
| vlan_transparent | body | boolean | Indicates the VLAN transparency mode of the network, which is
VLAN transparent (true) or not VLAN transparent (false). |
| description | body | string | A human-readable description for the resource. |
{
"networks": [
{
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"created_at": "2016-03-08T20:19:41",
"dns_domain": "my-domain.org.",
"id": "d32019d3-bc6e-4319-9c1d-6722fc136a22",
"mtu": 1500,
"name": "net1",
"port_security_enabled": true,
"project_id": "4fd44f30292945e481c7b8a0c8908869",
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
"revision_number": 1,
"router:external": false,
"shared": false,
"status": "ACTIVE",
"subnets": [
"54d6f61d-db07-451c-9ab3-b9609b6b6f0b"
],
"tenant_id": "4fd44f30292945e481c7b8a0c8908869",
"updated_at": "2016-03-08T20:19:41",
"vlan_transparent": true,
"description": ""
},
{
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"dns_domain": "my-domain.org.",
"id": "db193ab3-96e3-4cb3-8fc5-05f4296d0324",
"mtu": 1500,
"name": "net2",
"port_security_enabled": true,
"project_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
"qos_policy_id": "bfdb6c39f71e4d44b1dfbda245c50819",
"revision_number": 3,
"router:external": false,
"shared": false,
"status": "ACTIVE",
"subnets": [
"08eae331-0402-425a-923c-34f7cfe39c1b"
],
"tenant_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
"updated_at": "2016-03-08T20:19:41",
"vlan_transparent": false,
"description": ""
}
]
}
When Administrative users request to list networks,
physical segment information bound to the networks are also returned
in a response. In this example, a network net1 is mapped to a single
network segment and a network net2 is mapped to multiple network segments.
{
"networks": [
{
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"created_at": "2016-03-08T20:19:41",
"dns_domain": "my-domain.org.",
"id": "d32019d3-bc6e-4319-9c1d-6722fc136a22",
"mtu": 1500,
"name": "net1",
"port_security_enabled": true,
"project_id": "4fd44f30292945e481c7b8a0c8908869",
"provider:network_type": "vlan",
"provider:physical_network": "public",
"provider:segmentation_id": 3,
"revision_number": 1,
"router:external": false,
"shared": false,
"status": "ACTIVE",
"subnets": [
"54d6f61d-db07-451c-9ab3-b9609b6b6f0b"
],
"tenant_id": "4fd44f30292945e481c7b8a0c8908869",
"updated_at": "2016-03-08T20:19:41",
"vlan_transparent": true,
"description": ""
},
{
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"dns_domain": "my-domain.org.",
"id": "db193ab3-96e3-4cb3-8fc5-05f4296d0324",
"mtu": 1450,
"name": "net2",
"port_security_enabled": true,
"project_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
"provider:network_type": "local",
"provider:physical_network": null,
"provider:segmentation_id": null,
"qos_policy_id": "bfdb6c39f71e4d44b1dfbda245c50819",
"revision_number": 2,
"router:external": false,
"segments": [
{
"provider:network_type": "vlan",
"provider:physical_network": "public",
"provider:segmentation_id": 2
},
{
"provider:network_type": "vxlan",
"provider:physical_network": "default",
"provider:segmentation_id": 1000
}
],
"shared": false,
"status": "ACTIVE",
"subnets": [
"08eae331-0402-425a-923c-34f7cfe39c1b"
],
"tenant_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
"updated_at": "2016-03-08T20:19:41",
"vlan_transparent": false,
"description": ""
}
]
}
Creates a network.
A request body is optional. An administrative user can specify another project ID, which is the project that owns the network, in the request body.
Normal response codes: 201
Error response codes: 400, 401
| Name | In | Type | Description |
|---|---|---|---|
| network | body | object | A network object. |
| admin_state_up (Optional) | body | boolean | The administrative state of the network, which is
up (true) or down (false). |
| dns_domain (Optional) | body | string | A valid DNS domain. |
| mtu (Optional) | body | integer | The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6. |
| name (Optional) | body | string | Human-readable name of the network. |
| port_security_enabled (Optional) | body | boolean | The port security status of the network. Valid values are
enabled (true) and disabled (false).
This value is used as the default value of port_security_enabled
field of a newly created port. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| provider:network_type (Optional) | body | string | The type of physical network that this network should be mapped to.
For example, flat, vlan, vxlan, or gre.
Valid values depend on a networking back-end. |
| provider:physical_network (Optional) | body | string | The physical network where this network should be implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each compute host. |
| provider:segmentation_id (Optional) | body | integer | The ID of the isolated segment on the physical network.
The network_type attribute defines the segmentation model.
For example, if the network_type value is vlan, this ID is a vlan
identifier. If the network_type value is gre, this ID is a gre key. |
| qos_policy_id (Optional) | body | string | The ID of the QoS policy. |
| router:external (Optional) | body | boolean | Indicates whether this network can provide floating IPs via a router. |
| segments (Optional) | body | array | A list of provider segment objects. |
| shared (Optional) | body | boolean | Indicates whether this network is shared across all tenants. By default, only administrative users can change this value. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| vlan_transparent (Optional) | body | boolean | Indicates the VLAN transparency mode of the network, which is
VLAN transparent (true) or not VLAN transparent (false). |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
{
"network": {
"name": "sample_network",
"admin_state_up": true,
"dns_domain": "my-domain.org.",
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
"mtu": 1400
}
}
{
"network": {
"admin_state_up": true,
"name": "net1",
"provider:network_type": "vlan",
"provider:physical_network": "public",
"provider:segmentation_id": 2,
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e"
}
}
{
"network": {
"segments": [
{
"provider:segmentation_id": 2,
"provider:physical_network": "public",
"provider:network_type": "vlan"
},
{
"provider:physical_network": "default",
"provider:network_type": "flat"
}
],
"name": "net1",
"admin_state_up": true,
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| network | body | object | A network object. |
| admin_state_up | body | boolean | The administrative state of the network, which is
up (true) or down (false). |
| availability_zone_hints | body | array | The availability zone candidate for the network. |
| availability_zones | body | array | The availability zone for the network. |
| dns_domain | body | string | A valid DNS domain. |
| id | body | string | The ID of the network. |
| mtu | body | integer | The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6. |
| name | body | string | Human-readable name of the network. |
| port_security_enabled | body | boolean | The port security status of the network. Valid values are
enabled (true) and disabled (false).
This value is used as the default value of port_security_enabled
field of a newly created port. |
| project_id | body | string | The ID of the project. |
| provider:network_type | body | string | The type of physical network that this network is mapped to.
For example, flat, vlan, vxlan, or gre.
Valid values depend on a networking back-end. |
| provider:physical_network | body | string | The physical network where this network is implemented. |
| provider:segmentation_id | body | integer | The ID of the isolated segment on the physical network.
The network_type attribute defines the segmentation model.
For example, if the network_type value is vlan, this ID is a vlan
identifier. If the network_type value is gre, this ID is a gre key. |
| qos_policy_id | body | string | The ID of the QoS policy. |
| revision_number | body | integer | The revision number of the resource. |
| router:external | body | boolean | Indicates whether this network can provide floating IPs via a router. |
| segments | body | array | A list of provider segment objects. |
| shared | body | boolean | Indicates whether this network is shared across all tenants. By default, only administrative users can change this value. |
| status | body | string | The network status. Values are ACTIVE, DOWN, BUILD or ERROR. |
| subnets | body | array | The associated subnets. |
| tenant_id | body | string | The ID of the project. |
| vlan_transparent | body | boolean | Indicates the VLAN transparency mode of the network, which is
VLAN transparent (true) or not VLAN transparent (false). |
| description | body | string | A human-readable description for the resource. |
{
"network": {
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"created_at": "2016-03-08T20:19:41",
"dns_domain": "my-domain.org.",
"id": "4e8e5957-649f-477b-9e5b-f1f75b21c03c",
"mtu": 1400,
"name": "net1",
"port_security_enabled": true,
"project_id": "9bacb3c5d39d41a79512987f338cf177",
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
"revision_number": 1,
"router:external": false,
"shared": false,
"status": "ACTIVE",
"subnets": [],
"tenant_id": "9bacb3c5d39d41a79512987f338cf177",
"updated_at": "2016-03-08T20:19:41",
"vlan_transparent": false,
"description": ""
}
}
{
"network": {
"status": "ACTIVE",
"subnets": [],
"availability_zone_hints": [],
"dns_domain": "",
"name": "net1",
"provider:physical_network": "public",
"admin_state_up": true,
"project_id": "9bacb3c5d39d41a79512987f338cf177",
"tenant_id": "9bacb3c5d39d41a79512987f338cf177",
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
"revision_number": 1,
"router:external": false,
"provider:network_type": "vlan",
"mtu": 1500,
"shared": false,
"id": "4e8e5957-649f-477b-9e5b-f1f75b21c03c",
"provider:segmentation_id": 2,
"description": ""
}
}
{
"network": {
"status": "ACTIVE",
"subnets": [],
"name": "net1",
"admin_state_up": true,
"dns_domain": "",
"mtu": 1500,
"project_id": "9bacb3c5d39d41a79512987f338cf177",
"tenant_id": "9bacb3c5d39d41a79512987f338cf177",
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
"revision_number": 1,
"segments": [
{
"provider:segmentation_id": 2,
"provider:physical_network": "public",
"provider:network_type": "vlan"
},
{
"provider:segmentation_id": null,
"provider:physical_network": "default",
"provider:network_type": "flat"
}
],
"shared": false,
"id": "4e8e5957-649f-477b-9e5b-f1f75b21c03c",
"description": ""
}
}
Creates multiple networks in a single request.
In the request body, specify a list of networks.
The bulk create operation is always atomic. Either all or no networks in the request body are created.
Normal response codes: 201
Error response codes: 400, 401
| Name | In | Type | Description |
|---|---|---|---|
| networks | body | array | A list of network objects. |
| admin_state_up (Optional) | body | boolean | The administrative state of the network, which is
up (true) or down (false). |
| dns_domain (Optional) | body | string | A valid DNS domain. |
| mtu (Optional) | body | integer | The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6. |
| name (Optional) | body | string | Human-readable name of the network. |
| port_security_enabled (Optional) | body | boolean | The port security status of the network. Valid values are
enabled (true) and disabled (false).
This value is used as the default value of port_security_enabled
field of a newly created port. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| provider:network_type (Optional) | body | string | The type of physical network that this network should be mapped to.
For example, flat, vlan, vxlan, or gre.
Valid values depend on a networking back-end. |
| provider:physical_network (Optional) | body | string | The physical network where this network should be implemented. The Networking API v2.0 does not provide a way to list available physical networks. For example, the Open vSwitch plug-in configuration file defines a symbolic name that maps to specific bridges on each compute host. |
| provider:segmentation_id (Optional) | body | integer | The ID of the isolated segment on the physical network.
The network_type attribute defines the segmentation model.
For example, if the network_type value is vlan, this ID is a vlan
identifier. If the network_type value is gre, this ID is a gre key. |
| qos_policy_id (Optional) | body | string | The ID of the QoS policy. |
| router:external (Optional) | body | boolean | Indicates whether this network can provide floating IPs via a router. |
| segments (Optional) | body | array | A list of provider segment objects. |
| shared (Optional) | body | boolean | Indicates whether this network is shared across all tenants. By default, only administrative users can change this value. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| vlan_transparent (Optional) | body | boolean | Indicates the VLAN transparency mode of the network, which is
VLAN transparent (true) or not VLAN transparent (false). |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
{
"networks": [
{
"admin_state_up": true,
"name": "sample_network3",
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e"
},
{
"admin_state_up": true,
"name": "sample_network4",
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e"
}
]
}
| Name | In | Type | Description |
|---|---|---|---|
| networks | body | array | A list of network objects. |
| admin_state_up | body | boolean | The administrative state of the network, which is
up (true) or down (false). |
| availability_zone_hints | body | array | The availability zone candidate for the network. |
| availability_zones | body | array | The availability zone for the network. |
| dns_domain | body | string | A valid DNS domain. |
| id | body | string | The ID of the network. |
| mtu | body | integer | The maximum transmission unit (MTU) value to address fragmentation. Minimum value is 68 for IPv4, and 1280 for IPv6. |
| name | body | string | Human-readable name of the network. |
| port_security_enabled | body | boolean | The port security status of the network. Valid values are
enabled (true) and disabled (false).
This value is used as the default value of port_security_enabled
field of a newly created port. |
| project_id | body | string | The ID of the project. |
| provider:network_type | body | string | The type of physical network that this network is mapped to.
For example, flat, vlan, vxlan, or gre.
Valid values depend on a networking back-end. |
| provider:physical_network | body | string | The physical network where this network is implemented. |
| provider:segmentation_id | body | integer | The ID of the isolated segment on the physical network.
The network_type attribute defines the segmentation model.
For example, if the network_type value is vlan, this ID is a vlan
identifier. If the network_type value is gre, this ID is a gre key. |
| qos_policy_id | body | string | The ID of the QoS policy. |
| revision_number | body | integer | The revision number of the resource. |
| router:external | body | boolean | Indicates whether this network can provide floating IPs via a router. |
| segments | body | array | A list of provider segment objects. |
| shared | body | boolean | Indicates whether this network is shared across all tenants. By default, only administrative users can change this value. |
| status | body | string | The network status. Values are ACTIVE, DOWN, BUILD or ERROR. |
| subnets | body | array | The associated subnets. |
| tenant_id | body | string | The ID of the project. |
| vlan_transparent | body | boolean | Indicates the VLAN transparency mode of the network, which is
VLAN transparent (true) or not VLAN transparent (false). |
| description | body | string | A human-readable description for the resource. |
{
"networks": [
{
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"created_at": "2016-03-08T20:19:41",
"dns_domain": "",
"id": "bc1a76cb-8767-4c3a-bb95-018b822f2130",
"mtu": 1500,
"name": "sample_network3",
"project_id": "4fd44f30292945e481c7b8a0c8908869",
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
"revision_number": 1,
"router:external": false,
"shared": false,
"status": "ACTIVE",
"subnets": [],
"tenant_id": "4fd44f30292945e481c7b8a0c8908869",
"updated_at": "2016-03-08T20:19:41",
"vlan_transparent": false,
"description": ""
},
{
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"created_at": "2016-03-08T20:19:41",
"dns_domain": "",
"id": "af374017-c9ae-4a1d-b799-ab73111476e2",
"mtu": 1500,
"name": "sample_network4",
"project_id": "4fd44f30292945e481c7b8a0c8908869",
"qos_policy_id": "6a8454ade84346f59e8d40665f878b2e",
"revision_number": 1,
"router:external": false,
"shared": false,
"status": "ACTIVE",
"subnets": [],
"tenant_id": "4fd44f30292945e481c7b8a0c8908869",
"updated_at": "2016-03-08T20:19:41",
"vlan_transparent": false,
"description": ""
}
]
}
Lists, shows details for, creates, updates, and deletes ports.
The port binding extension (binding) allows administrative users
to specify and retrieve physical binding information of ports.
The extension defines several attributes whose names have a prefix
binding: including binding:host_id, binding:vnic_type,
binding:vif_type, binding:vif_details, and binding:profile.
The data plane port extension (data-plane-status) adds a new attribute
data_plane_status to represent the status of the underlying data plane.
This attribute is to be managed by entities outside of the Networking service,
while the status attribute is managed by Networking service. Both status
attributes are independent from one another.
Supported data plane status values:
null: no status being reported; default valueACTIVE: the underlying data plane is up and runningDOWN: no traffic can flow from/to the portThe dns-integration extension adds the dns_name and dns_assignment
attributes to port resources. While the dns_name can be set on create and
update operations, the dns_assignment is read-only and shows the
hostname, ip_address and fqdn for the port’s internal DNS
assignment.
To enable the dns_domain on port resources, the dns-domain-ports
extension must be used in conjunction with the dns-integration extension.
When enabled and set, a port level dns_domain take precedence over a
dns_domain specified in the port’s network allowing per-port DNS domains.
Shows details for a port.
Use the fields query parameter to control which fields are
returned in the response body. For information, see Filtering and
Column Selection.
Normal response codes: 200
Error response codes: 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| port_id | path | string | The ID of the port. |
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| port | body | object | A port object. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| allowed_address_pairs | body | array | A set of zero or more allowed address pairs.
An address pair consists of an IP address range and MAC address
with the format of
{"ip_address": "<IP address or CIDR>", "mac_address": "<MAC address>"}.
A server connected to the port can send a packet with source address
which matches one of the specified allowed address pairs. |
| binding:host_id | body | string | The ID of the host where the port resides. |
| binding:profile | body | string | A dictionary that enables the application running on the specific host to pass and receive vif port information specific to the networking back-end. The networking API does not define a specific format of this field. |
| binding:vif_details | body | object | A dictionary which contains additional information on the port.
Currently the following fields are defined: port_filter and
ovs_hybrid_plug.
port_filter is a boolean indicating the networking service
provides port filtering features such as security group and/or
anti MAC/IP spoofing.
ovs_hybrid_plug is a boolean used to inform an API consumer
like nova that the hybrid plugging strategy for OVS should be used. |
| binding:vif_type | body | string | The type of which mechanism is used for the port.
An API consumer like nova can use this to determine an appropriate way to
attach a device (for example an interface of a virtual server) to the port.
Available values currently defined includes
ovs, bridge, macvtap, hw_veb, hostdev_physical,
vhostuser, distributed and other.
There are also special values: unbound and binding_failed.
unbound means the port is
not bound to a networking back-end. binding_failed means an error
that the port failed to be bound to a networking back-end. |
| binding:vnic_type | body | string | The type of vNIC which this port should be attached to. This is used to
determine which mechanism driver(s) to be used to bind the port.
The valid values are normal, macvtap, direct, baremetal,
direct-physical and virtio-forwarder.
What type of vNIC is actually available depends on deployments. |
| created_at | body | string | Time at which port has been created. |
| data_plane_status | body | string | Status of the underlying data plane of a port. |
| description | body | string | A human-readable description for the resource. |
| device_id | body | string | The ID of the device that uses this port. For example, a server instance or a logical router. |
| device_owner | body | string | The entity type that uses this port.
For example, compute:nova (server instance), network:dhcp
(DHCP agent) or network:router_interface (router interface). |
| dns_assignment | body | object | Data assigned to a port by the Networking internal DNS including the
hostname, ip_address and fqdn. |
| dns_domain | body | string | A valid DNS domain. |
| dns_name | body | string | A valid DNS name. |
| extra_dhcp_opts | body | array | A set of zero or more extra DHCP option pairs. An option pair consists of an option value and name. |
| fixed_ips | body | array | The IP addresses for the port. If the port has multiple IP addresses,
this field has multiple entries. Each entry consists of IP address
(ip_address) and the subnet ID from which the IP address
is assigned (subnet_id). |
| id | body | string | The ID of the resource. |
| mac_address | body | string | The MAC address of the port. |
| name | body | string | Human-readable name of the resource. |
| network_id | body | string | The ID of the attached network. |
| port_security_enabled | body | boolean | The port security status. A valid value is
enabled (true) or disabled (false).
If port security is enabled for the port,
security group rules and anti-spoofing rules are applied to
the traffic on the port. If disabled, no such rules are applied. |
| project_id | body | string | The ID of the project. |
| revision_number | body | integer | The revision number of the resource. |
| security_groups | body | array | The IDs of security groups applied to the port. |
| status | body | string | The port status. Values are ACTIVE, DOWN,
BUILD and ERROR. |
| tenant_id | body | string | The ID of the project. |
| updated_at | body | string | Time at which port has been updated. |
{
"port": {
"admin_state_up": true,
"allowed_address_pairs": [],
"created_at": "2016-03-08T20:19:41",
"data_plane_status": "ACTIVE",
"description": "",
"device_id": "5e3898d7-11be-483e-9732-b2f5eccd2b2e",
"device_owner": "network:router_interface",
"dns_assignment": {
"hostname": "myport",
"ip_address": "10.0.0.1",
"fqdn": "myport.my-domain.org"
},
"dns_domain": "my-domain.org.",
"dns_name": "myport",
"extra_dhcp_opts": [],
"fixed_ips": [
{
"ip_address": "10.0.0.1",
"subnet_id": "a0304c3a-4f08-4c43-88af-d796509c97d2"
}
],
"id": "46d4bfb9-b26e-41f3-bd2e-e6dcc1ccedb2",
"mac_address": "fa:16:3e:23:fd:d7",
"name": "",
"network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
"port_security_enabled": false,
"project_id": "7e02058126cc4950b75f9970368ba177",
"revision_number": 1,
"security_groups": [],
"status": "ACTIVE",
"tenant_id": "7e02058126cc4950b75f9970368ba177",
"updated_at": "2016-03-08T20:19:41"
}
}
{
"port": {
"admin_state_up": true,
"allowed_address_pairs": [],
"binding:host_id": "devstack",
"binding:profile": {},
"binding:vif_details": {
"ovs_hybrid_plug": true,
"port_filter": true
},
"binding:vif_type": "ovs",
"binding:vnic_type": "normal",
"created_at": "2016-03-08T20:19:41",
"data_plane_status": "ACTIVE",
"description": "",
"device_id": "5e3898d7-11be-483e-9732-b2f5eccd2b2e",
"device_owner": "network:router_interface",
"dns_assignment": {
"hostname": "myport",
"ip_address": "10.0.0.1",
"fqdn": "myport.my-domain.org"
},
"dns_domain": "my-domain.org.",
"dns_name": "myport",
"extra_dhcp_opts": [],
"fixed_ips": [
{
"ip_address": "10.0.0.1",
"subnet_id": "a0304c3a-4f08-4c43-88af-d796509c97d2"
}
],
"id": "46d4bfb9-b26e-41f3-bd2e-e6dcc1ccedb2",
"mac_address": "fa:16:3e:23:fd:d7",
"name": "",
"network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
"port_security_enabled": false,
"project_id": "7e02058126cc4950b75f9970368ba177",
"revision_number": 1,
"security_groups": [],
"status": "ACTIVE",
"tenant_id": "7e02058126cc4950b75f9970368ba177",
"updated_at": "2016-03-08T20:19:41"
}
}
Updates a port.
You can update information for a port, such as its symbolic name
and associated IPs. When you update IPs for a port, any previously
associated IPs are removed, returned to the respective subnet
allocation pools, and replaced by the IPs in the request body.
Therefore, this operation replaces the fixed_ip attribute when
you specify it in the request body. If the updated IP addresses are
not valid or are already in use, the operation fails and the
existing IP addresses are not removed from the port.
When you update security groups for a port and the operation
succeeds, any associated security groups are removed and replaced
by the security groups in the request body. Therefore, this
operation replaces the security_groups attribute when you
specify it in the request body. If the security groups are not
valid, the operation fails and the existing security groups are not
removed from the port.
Only admins and users with a specific role can update the data plane status
(default role: data_plane_integrator).
Normal response codes: 200
Error response codes: 400, 401, 403, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| port_id | path | string | The ID of the port. |
| port | body | object | A port object. |
| admin_state_up (Optional) | body | boolean | The administrative state of the resource, which is
up (true) or down (false).
Default is true. |
| allowed_address_pairs (Optional) | body | array | A set of zero or more allowed address pairs.
An address pair consists of an IP address range and MAC address
with the format of
{"ip_address": "<IP address or CIDR>", "mac_address": "<MAC address>"}.
A server connected to the port can send a packet with source address
which matches one of the specified allowed address pairs.
The default is an empty list.
For each address pair, ip_address is required and IP address or
CIDR can be specified. mac_address is optional and if unspecified
the MAC address of the port is used as default. |
| binding:host_id (Optional) | body | string | The ID of the host where the port resides. The default is an empty string. |
| binding:profile (Optional) | body | string | A dictionary that enables the application running on the specific host to pass and receive vif port information specific to the networking back-end. The networking API does not define a specific format of this field. The default is an empty dictionary. |
| binding:vnic_type (Optional) | body | string | The type of vNIC which this port should be attached to. This is used to
determine which mechanism driver(s) to be used to bind the port.
The valid values are normal, macvtap, direct, baremetal,
direct-physical and virtio-forwarder.
What type of vNIC is actually available depends on deployments.
The default is normal. |
| data_plane_status (Optional) | body | string | Status of the underlying data plane of a port. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
| device_id (Optional) | body | string | The ID of the device that uses this port. For example, a server instance or a logical router. |
| device_owner (Optional) | body | string | The entity type that uses this port.
For example, compute:nova (server instance), network:dhcp
(DHCP agent) or network:router_interface (router interface). |
| dns_domain (Optional) | body | string | A valid DNS domain. |
| dns_name (Optional) | body | string | A valid DNS name. |
| extra_dhcp_opts (Optional) | body | array | A set of zero or more extra DHCP option pairs. An option pair consists of an option value and name. |
| fixed_ips (Optional) | body | array | The IP addresses for the port.
If you would like to assign multiple IP addresses for the port,
specify multiple entries in this field.
Each entry consists of IP address (
|
| mac_address (Optional) | body | string | The MAC address of the port. By default, only administrative users can change this value. |
| name (Optional) | body | string | Human-readable name of the resource. Default is an empty string. |
| port_security_enabled (Optional) | body | boolean | The port security status. A valid value is
enabled (true) or disabled (false).
If port security is enabled for the port,
security group rules and anti-spoofing rules are applied to
the traffic on the port. If disabled, no such rules are applied. |
| security_groups (Optional) | body | array | The IDs of security groups applied to the port. |
{
"port": {
"admin_state_up": true,
"device_id": "d90a13da-be41-461f-9f99-1dbcf438fdf2",
"device_owner": "compute:nova",
"name": "test-for-port-update"
}
}
{
"port": {
"binding:host_id": "test_for_port_update_host",
"device_id": "d90a13da-be41-461f-9f99-1dbcf438fdf2",
"data_plane_status": "DOWN",
"device_owner": "compute:nova"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| port | body | object | A port object. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| allowed_address_pairs | body | array | A set of zero or more allowed address pairs.
An address pair consists of an IP address range and MAC address
with the format of
{"ip_address": "<IP address or CIDR>", "mac_address": "<MAC address>"}.
A server connected to the port can send a packet with source address
which matches one of the specified allowed address pairs. |
| binding:host_id | body | string | The ID of the host where the port resides. |
| binding:profile | body | string | A dictionary that enables the application running on the specific host to pass and receive vif port information specific to the networking back-end. The networking API does not define a specific format of this field. |
| binding:vif_details | body | object | A dictionary which contains additional information on the port.
Currently the following fields are defined: port_filter and
ovs_hybrid_plug.
port_filter is a boolean indicating the networking service
provides port filtering features such as security group and/or
anti MAC/IP spoofing.
ovs_hybrid_plug is a boolean used to inform an API consumer
like nova that the hybrid plugging strategy for OVS should be used. |
| binding:vif_type | body | string | The type of which mechanism is used for the port.
An API consumer like nova can use this to determine an appropriate way to
attach a device (for example an interface of a virtual server) to the port.
Available values currently defined includes
ovs, bridge, macvtap, hw_veb, hostdev_physical,
vhostuser, distributed and other.
There are also special values: unbound and binding_failed.
unbound means the port is
not bound to a networking back-end. binding_failed means an error
that the port failed to be bound to a networking back-end. |
| binding:vnic_type | body | string | The type of vNIC which this port should be attached to. This is used to
determine which mechanism driver(s) to be used to bind the port.
The valid values are normal, macvtap, direct, baremetal,
direct-physical and virtio-forwarder.
What type of vNIC is actually available depends on deployments. |
| created_at | body | string | Time at which port has been created. |
| data_plane_status | body | string | Status of the underlying data plane of a port. |
| description | body | string | A human-readable description for the resource. |
| device_id | body | string | The ID of the device that uses this port. For example, a server instance or a logical router. |
| device_owner | body | string | The entity type that uses this port.
For example, compute:nova (server instance), network:dhcp
(DHCP agent) or network:router_interface (router interface). |
| dns_assignment | body | object | Data assigned to a port by the Networking internal DNS including the
hostname, ip_address and fqdn. |
| dns_domain | body | string | A valid DNS domain. |
| dns_name | body | string | A valid DNS name. |
| extra_dhcp_opts | body | array | A set of zero or more extra DHCP option pairs. An option pair consists of an option value and name. |
| fixed_ips | body | array | The IP addresses for the port. If the port has multiple IP addresses,
this field has multiple entries. Each entry consists of IP address
(ip_address) and the subnet ID from which the IP address
is assigned (subnet_id). |
| id | body | string | The ID of the resource. |
| mac_address | body | string | The MAC address of the port. |
| name | body | string | Human-readable name of the resource. |
| network_id | body | string | The ID of the attached network. |
| port_security_enabled | body | boolean | The port security status. A valid value is
enabled (true) or disabled (false).
If port security is enabled for the port,
security group rules and anti-spoofing rules are applied to
the traffic on the port. If disabled, no such rules are applied. |
| project_id | body | string | The ID of the project. |
| revision_number | body | integer | The revision number of the resource. |
| security_groups | body | array | The IDs of security groups applied to the port. |
| status | body | string | The port status. Values are ACTIVE, DOWN,
BUILD and ERROR. |
| tenant_id | body | string | The ID of the project. |
| updated_at | body | string | Time at which port has been updated. |
{
"port": {
"admin_state_up": true,
"allowed_address_pairs": [],
"binding:host_id": "test_for_port_update_host",
"binding:profile": {},
"binding:vif_details": {},
"binding:vif_type": "binding_failed",
"binding:vnic_type": "normal",
"data_plane_status": "ACTIVE",
"description": "",
"device_id": "d90a13da-be41-461f-9f99-1dbcf438fdf2",
"device_owner": "compute:nova",
"dns_assignment": {
"hostname": "myport",
"ip_address": "20.20.0.4",
"fqdn": "myport.my-domain.org"
},
"dns_domain": "my-domain.org.",
"dns_name": "myport",
"extra_dhcp_opts": [],
"fixed_ips": [
{
"ip_address": "20.20.0.4",
"subnet_id": "898dec4a-74df-4193-985f-c76721bcc746"
}
],
"id": "43c831e0-19ce-4a76-9a49-57b57e69428b",
"mac_address": "fa:16:3e:11:11:5e",
"name": "test-for-port-update",
"network_id": "883fc383-5ea1-4c8b-8916-e1ddb0a9f365",
"project_id": "522eda8d23124b25bf03fe44f1986b74",
"revision_number": 1,
"security_groups": [
"ce0179d6-8a94-4f7c-91c2-f3038e2acbd0"
],
"status": "DOWN",
"tenant_id": "522eda8d23124b25bf03fe44f1986b74"
}
}
{
"port": {
"admin_state_up": true,
"allowed_address_pairs": [],
"binding:host_id": "test_for_port_update_host",
"binding:profile": {},
"binding:vif_details": {},
"binding:vif_type": "binding_failed",
"binding:vnic_type": "normal",
"data_plane_status": "DOWN",
"description": "",
"device_id": "d90a13da-be41-461f-9f99-1dbcf438fdf2",
"device_owner": "compute:nova",
"dns_assignment": {
"hostname": "myport",
"ip_address": "20.20.0.4",
"fqdn": "myport.my-domain.org"
},
"dns_domain": "my-domain.org.",
"dns_name": "myport",
"extra_dhcp_opts": [],
"fixed_ips": [
{
"ip_address": "20.20.0.4",
"subnet_id": "898dec4a-74df-4193-985f-c76721bcc746"
}
],
"id": "43c831e0-19ce-4a76-9a49-57b57e69428b",
"mac_address": "fa:16:3e:11:11:5e",
"name": "test-for-port-update",
"network_id": "883fc383-5ea1-4c8b-8916-e1ddb0a9f365",
"project_id": "522eda8d23124b25bf03fe44f1986b74",
"revision_number": 2,
"security_groups": [
"ce0179d6-8a94-4f7c-91c2-f3038e2acbd0"
],
"status": "DOWN",
"tenant_id": "522eda8d23124b25bf03fe44f1986b74"
}
}
Deletes a port.
Any IP addresses that are associated with the port are returned to the respective subnets allocation pools.
Normal response codes: 204
Error response codes: 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| port_id | path | string | The ID of the port. |
There is no body content for the response of a successful DELETE request.
Lists ports to which the user has access.
Default policy settings return only those ports that are owned by the project of the user who submits the request, unless the request is submitted by a user with administrative rights.
Use the fields query parameter to control which fields are
returned in the response body. Additionally, you can filter results
by using query string parameters. For information, see Filtering
and Column Selection.
Normal response codes: 200
Error response codes: 401
| Name | In | Type | Description |
|---|---|---|---|
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| ports | body | array | A list of port objects. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| allowed_address_pairs | body | array | A set of zero or more allowed address pairs.
An address pair consists of an IP address range and MAC address
with the format of
{"ip_address": "<IP address or CIDR>", "mac_address": "<MAC address>"}.
A server connected to the port can send a packet with source address
which matches one of the specified allowed address pairs. |
| binding:host_id | body | string | The ID of the host where the port resides. |
| binding:profile | body | string | A dictionary that enables the application running on the specific host to pass and receive vif port information specific to the networking back-end. The networking API does not define a specific format of this field. |
| binding:vif_details | body | object | A dictionary which contains additional information on the port.
Currently the following fields are defined: port_filter and
ovs_hybrid_plug.
port_filter is a boolean indicating the networking service
provides port filtering features such as security group and/or
anti MAC/IP spoofing.
ovs_hybrid_plug is a boolean used to inform an API consumer
like nova that the hybrid plugging strategy for OVS should be used. |
| binding:vif_type | body | string | The type of which mechanism is used for the port.
An API consumer like nova can use this to determine an appropriate way to
attach a device (for example an interface of a virtual server) to the port.
Available values currently defined includes
ovs, bridge, macvtap, hw_veb, hostdev_physical,
vhostuser, distributed and other.
There are also special values: unbound and binding_failed.
unbound means the port is
not bound to a networking back-end. binding_failed means an error
that the port failed to be bound to a networking back-end. |
| binding:vnic_type | body | string | The type of vNIC which this port should be attached to. This is used to
determine which mechanism driver(s) to be used to bind the port.
The valid values are normal, macvtap, direct, baremetal,
direct-physical and virtio-forwarder.
What type of vNIC is actually available depends on deployments. |
| created_at | body | string | Time at which port has been created. |
| data_plane_status | body | string | Status of the underlying data plane of a port. |
| description | body | string | A human-readable description for the resource. |
| device_id | body | string | The ID of the device that uses this port. For example, a server instance or a logical router. |
| device_owner | body | string | The entity type that uses this port.
For example, compute:nova (server instance), network:dhcp
(DHCP agent) or network:router_interface (router interface). |
| dns_assignment | body | object | Data assigned to a port by the Networking internal DNS including the
hostname, ip_address and fqdn. |
| dns_domain | body | string | A valid DNS domain. |
| dns_name | body | string | A valid DNS name. |
| extra_dhcp_opts | body | array | A set of zero or more extra DHCP option pairs. An option pair consists of an option value and name. |
| fixed_ips | body | array | The IP addresses for the port. If the port has multiple IP addresses,
this field has multiple entries. Each entry consists of IP address
(ip_address) and the subnet ID from which the IP address
is assigned (subnet_id). |
| id | body | string | The ID of the resource. |
| mac_address | body | string | The MAC address of the port. |
| name | body | string | Human-readable name of the resource. |
| network_id | body | string | The ID of the attached network. |
| port_security_enabled | body | boolean | The port security status. A valid value is
enabled (true) or disabled (false).
If port security is enabled for the port,
security group rules and anti-spoofing rules are applied to
the traffic on the port. If disabled, no such rules are applied. |
| project_id | body | string | The ID of the project. |
| revision_number | body | integer | The revision number of the resource. |
| security_groups | body | array | The IDs of security groups applied to the port. |
| status | body | string | The port status. Values are ACTIVE, DOWN,
BUILD and ERROR. |
| tenant_id | body | string | The ID of the project. |
| updated_at | body | string | Time at which port has been updated. |
{
"ports": [
{
"admin_state_up": true,
"allowed_address_pairs": [],
"data_plane_status": null,
"description": "",
"device_id": "9ae135f4-b6e0-4dad-9e91-3c223e385824",
"device_owner": "network:router_gateway",
"dns_assignment": {
"hostname": "myport",
"ip_address": "172.24.4.2",
"fqdn": "myport.my-domain.org"
},
"dns_domain": "my-domain.org.",
"dns_name": "myport",
"extra_dhcp_opts": [],
"fixed_ips": [
{
"ip_address": "172.24.4.2",
"subnet_id": "008ba151-0b8c-4a67-98b5-0d2b87666062"
}
],
"id": "d80b1a3b-4fc1-49f3-952e-1e2ab7081d8b",
"mac_address": "fa:16:3e:58:42:ed",
"name": "",
"network_id": "70c1db1f-b701-45bd-96e0-a313ee3430b3",
"project_id": "",
"revision_number": 1,
"security_groups": [],
"status": "ACTIVE",
"tenant_id": ""
},
{
"admin_state_up": true,
"allowed_address_pairs": [],
"data_plane_status": null,
"description": "",
"device_id": "9ae135f4-b6e0-4dad-9e91-3c223e385824",
"device_owner": "network:router_interface",
"dns_assignment": {
"hostname": "myport2",
"ip_address": "10.0.0.1",
"fqdn": "myport2.my-domain.org"
},
"dns_domain": "my-domain.org.",
"dns_name": "myport2",
"extra_dhcp_opts": [],
"fixed_ips": [
{
"ip_address": "10.0.0.1",
"subnet_id": "288bf4a1-51ba-43b6-9d0a-520e9005db17"
}
],
"id": "f71a6703-d6de-4be1-a91a-a570ede1d159",
"mac_address": "fa:16:3e:bb:3c:e4",
"name": "",
"network_id": "f27aa545-cbdd-4907-b0c6-c9e8b039dcc2",
"project_id": "d397de8a63f341818f198abb0966f6f3",
"revision_number": 1,
"security_groups": [],
"status": "ACTIVE",
"tenant_id": "d397de8a63f341818f198abb0966f6f3"
}
]
}
{
"ports": [
{
"admin_state_up": true,
"allowed_address_pairs": [],
"binding:host_id": "devstack",
"binding:profile": {},
"binding:vif_details": {
"ovs_hybrid_plug": true,
"port_filter": true
},
"binding:vif_type": "ovs",
"binding:vnic_type": "normal",
"data_plane_status": null,
"description": "",
"device_id": "9ae135f4-b6e0-4dad-9e91-3c223e385824",
"device_owner": "network:router_gateway",
"dns_assignment": {
"hostname": "myport",
"ip_address": "172.24.4.2",
"fqdn": "myport.my-domain.org"
},
"dns_domain": "my-domain.org.",
"dns_name": "myport",
"extra_dhcp_opts": [],
"fixed_ips": [
{
"ip_address": "172.24.4.2",
"subnet_id": "008ba151-0b8c-4a67-98b5-0d2b87666062"
}
],
"id": "d80b1a3b-4fc1-49f3-952e-1e2ab7081d8b",
"mac_address": "fa:16:3e:58:42:ed",
"name": "",
"network_id": "70c1db1f-b701-45bd-96e0-a313ee3430b3",
"port_security_enabled": true,
"project_id": "",
"revision_number": 1,
"security_groups": [],
"status": "ACTIVE",
"tenant_id": ""
},
{
"admin_state_up": true,
"allowed_address_pairs": [],
"binding:host_id": "devstack",
"binding:profile": {},
"binding:vif_details": {
"ovs_hybrid_plug": true,
"port_filter": true
},
"binding:vif_type": "ovs",
"binding:vnic_type": "normal",
"data_plane_status": null,
"description": "",
"device_id": "9ae135f4-b6e0-4dad-9e91-3c223e385824",
"device_owner": "network:router_interface",
"dns_assignment": {
"hostname": "myport2",
"ip_address": "10.0.0.1",
"fqdn": "myport2.my-domain.org"
},
"dns_domain": "my-domain.org.",
"dns_name": "myport2",
"extra_dhcp_opts": [],
"fixed_ips": [
{
"ip_address": "10.0.0.1",
"subnet_id": "288bf4a1-51ba-43b6-9d0a-520e9005db17"
}
],
"id": "f71a6703-d6de-4be1-a91a-a570ede1d159",
"mac_address": "fa:16:3e:bb:3c:e4",
"name": "",
"network_id": "f27aa545-cbdd-4907-b0c6-c9e8b039dcc2",
"port_security_enabled": true,
"project_id": "d397de8a63f341818f198abb0966f6f3",
"revision_number": 2,
"security_groups": [],
"status": "ACTIVE",
"tenant_id": "d397de8a63f341818f198abb0966f6f3"
}
]
}
Creates a port on a network.
To define the network in which to create the port, specify the
network_id attribute in the request body.
Normal response codes: 201
Error response codes: 400, 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| port | body | object | A port object. |
| admin_state_up (Optional) | body | boolean | The administrative state of the resource, which is
up (true) or down (false).
Default is true. |
| allowed_address_pairs (Optional) | body | array | A set of zero or more allowed address pairs.
An address pair consists of an IP address range and MAC address
with the format of
{"ip_address": "<IP address or CIDR>", "mac_address": "<MAC address>"}.
A server connected to the port can send a packet with source address
which matches one of the specified allowed address pairs.
The default is an empty list.
For each address pair, ip_address is required and IP address or
CIDR can be specified. mac_address is optional and if unspecified
the MAC address of the port is used as default. |
| binding:host_id (Optional) | body | string | The ID of the host where the port resides. The default is an empty string. |
| binding:profile (Optional) | body | string | A dictionary that enables the application running on the specific host to pass and receive vif port information specific to the networking back-end. The networking API does not define a specific format of this field. The default is an empty dictionary. |
| binding:vnic_type (Optional) | body | string | The type of vNIC which this port should be attached to. This is used to
determine which mechanism driver(s) to be used to bind the port.
The valid values are normal, macvtap, direct, baremetal,
direct-physical and virtio-forwarder.
What type of vNIC is actually available depends on deployments.
The default is normal. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
| device_id (Optional) | body | string | The ID of the device that uses this port. For example, a server instance or a logical router. |
| device_owner (Optional) | body | string | The entity type that uses this port.
For example, compute:nova (server instance), network:dhcp
(DHCP agent) or network:router_interface (router interface). |
| dns_domain (Optional) | body | string | A valid DNS domain. |
| dns_name (Optional) | body | string | A valid DNS name. |
| extra_dhcp_opts (Optional) | body | array | A set of zero or more extra DHCP option pairs. An option pair consists of an option value and name. |
| fixed_ips (Optional) | body | array | The IP addresses for the port.
If you would like to assign multiple IP addresses for the port,
specify multiple entries in this field.
Each entry consists of IP address (
|
| mac_address (Optional) | body | string | The MAC address of the port. If unspecified, a MAC address is automatically generated. |
| name (Optional) | body | string | Human-readable name of the resource. Default is an empty string. |
| network_id | body | string | The ID of the attached network. |
| port_security_enabled (Optional) | body | boolean | The port security status. A valid value is
enabled (true) or disabled (false).
If port security is enabled for the port,
security group rules and anti-spoofing rules are applied to
the traffic on the port. If disabled, no such rules are applied. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| security_groups (Optional) | body | array | The IDs of security groups applied to the port. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
{
"port": {
"admin_state_up": true,
"dns_domain": "my-domain.org.",
"dns_name": "myport",
"name": "private-port",
"network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7"
}
}
{
"port": {
"binding:host_id": "4df8d9ff-6f6f-438f-90a1-ef660d4586ad",
"binding:profile": {
"local_link_information": [
{
"port_id": "Ethernet3/1",
"switch_id": "0a:1b:2c:3d:4e:5f",
"switch_info": "switch1"
}
]
},
"binding:vnic_type": "baremetal",
"device_id": "d90a13da-be41-461f-9f99-1dbcf438fdf2",
"device_owner": "baremetal:none",
"dns_domain": "my-domain.org.",
"dns_name": "myport"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| port | body | object | A port object. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| allowed_address_pairs | body | array | A set of zero or more allowed address pairs.
An address pair consists of an IP address range and MAC address
with the format of
{"ip_address": "<IP address or CIDR>", "mac_address": "<MAC address>"}.
A server connected to the port can send a packet with source address
which matches one of the specified allowed address pairs. |
| binding:host_id | body | string | The ID of the host where the port resides. |
| binding:profile | body | string | A dictionary that enables the application running on the specific host to pass and receive vif port information specific to the networking back-end. The networking API does not define a specific format of this field. |
| binding:vif_details | body | object | A dictionary which contains additional information on the port.
Currently the following fields are defined: port_filter and
ovs_hybrid_plug.
port_filter is a boolean indicating the networking service
provides port filtering features such as security group and/or
anti MAC/IP spoofing.
ovs_hybrid_plug is a boolean used to inform an API consumer
like nova that the hybrid plugging strategy for OVS should be used. |
| binding:vif_type | body | string | The type of which mechanism is used for the port.
An API consumer like nova can use this to determine an appropriate way to
attach a device (for example an interface of a virtual server) to the port.
Available values currently defined includes
ovs, bridge, macvtap, hw_veb, hostdev_physical,
vhostuser, distributed and other.
There are also special values: unbound and binding_failed.
unbound means the port is
not bound to a networking back-end. binding_failed means an error
that the port failed to be bound to a networking back-end. |
| binding:vnic_type | body | string | The type of vNIC which this port should be attached to. This is used to
determine which mechanism driver(s) to be used to bind the port.
The valid values are normal, macvtap, direct, baremetal,
direct-physical and virtio-forwarder.
What type of vNIC is actually available depends on deployments. |
| created_at | body | string | Time at which port has been created. |
| data_plane_status | body | string | Status of the underlying data plane of a port. |
| description | body | string | A human-readable description for the resource. |
| device_id | body | string | The ID of the device that uses this port. For example, a server instance or a logical router. |
| device_owner | body | string | The entity type that uses this port.
For example, compute:nova (server instance), network:dhcp
(DHCP agent) or network:router_interface (router interface). |
| dns_assignment | body | object | Data assigned to a port by the Networking internal DNS including the
hostname, ip_address and fqdn. |
| dns_domain | body | string | A valid DNS domain. |
| dns_name | body | string | A valid DNS name. |
| extra_dhcp_opts | body | array | A set of zero or more extra DHCP option pairs. An option pair consists of an option value and name. |
| fixed_ips | body | array | The IP addresses for the port. If the port has multiple IP addresses,
this field has multiple entries. Each entry consists of IP address
(ip_address) and the subnet ID from which the IP address
is assigned (subnet_id). |
| id | body | string | The ID of the resource. |
| mac_address | body | string | The MAC address of the port. |
| name | body | string | Human-readable name of the resource. |
| network_id | body | string | The ID of the attached network. |
| port_security_enabled | body | boolean | The port security status. A valid value is
enabled (true) or disabled (false).
If port security is enabled for the port,
security group rules and anti-spoofing rules are applied to
the traffic on the port. If disabled, no such rules are applied. |
| project_id | body | string | The ID of the project. |
| revision_number | body | integer | The revision number of the resource. |
| security_groups | body | array | The IDs of security groups applied to the port. |
| status | body | string | The port status. Values are ACTIVE, DOWN,
BUILD and ERROR. |
| tenant_id | body | string | The ID of the project. |
| updated_at | body | string | Time at which port has been updated. |
{
"port": {
"admin_state_up": true,
"allowed_address_pairs": [],
"created_at": "2016-03-08T20:19:41",
"data_plane_status": null,
"description": "",
"device_id": "",
"device_owner": "",
"dns_assignment": {
"hostname": "myport",
"ip_address": "10.0.0.2",
"fqdn": "myport.my-domain.org"
},
"dns_domain": "my-domain.org.",
"dns_name": "myport",
"extra_dhcp_opts": [],
"fixed_ips": [
{
"ip_address": "10.0.0.2",
"subnet_id": "a0304c3a-4f08-4c43-88af-d796509c97d2"
}
],
"id": "65c0ee9f-d634-4522-8954-51021b570b0d",
"mac_address": "fa:16:3e:c9:cb:f0",
"name": "private-port",
"network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
"port_security_enabled": true,
"project_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
"revision_number": 1,
"security_groups": [
"f0ac4394-7e4a-4409-9701-ba8be283dbc3"
],
"status": "DOWN",
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
"updated_at": "2016-03-08T20:19:41"
}
}
{
"port": {
"admin_state_up": true,
"allowed_address_pairs": [],
"binding:host_id": "4df8d9ff-6f6f-438f-90a1-ef660d4586ad",
"binding:profile": {
"local_link_information": [
{
"port_id": "Ethernet3/1",
"switch_id": "0a:1b:2c:3d:4e:5f",
"switch_info": "switch1"
}
]
},
"binding:vif_details": {},
"binding:vif_type": "unbound",
"binding:vnic_type": "other",
"data_plane_status": null,
"description": "",
"device_id": "d90a13da-be41-461f-9f99-1dbcf438fdf2",
"device_owner": "baremetal:none",
"dns_assignment": {
"hostname": "myport",
"ip_address": "10.0.0.2",
"fqdn": "myport.my-domain.org"
},
"dns_domain": "my-domain.org.",
"dns_name": "myport",
"fixed_ips": [
{
"ip_address": "10.0.0.2",
"subnet_id": "a0304c3a-4f08-4c43-88af-d796509c97d2"
}
],
"id": "65c0ee9f-d634-4522-8954-51021b570b0d",
"mac_address": "fa:16:3e:c9:cb:f0",
"name": "private-port",
"network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
"project_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
"revision_number": 1,
"security_groups": [
"f0ac4394-7e4a-4409-9701-ba8be283dbc3"
],
"status": "DOWN",
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa"
}
}
Creates multiple ports in a single request. Specify a list of ports in the request body.
Guarantees the atomic completion of the bulk operation.
Normal response codes: 201
Error response codes: 400, 401, 403, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| ports | body | array | A list of port objects. |
| admin_state_up (Optional) | body | boolean | The administrative state of the resource, which is
up (true) or down (false).
Default is true. |
| allowed_address_pairs (Optional) | body | array | A set of zero or more allowed address pairs.
An address pair consists of an IP address range and MAC address
with the format of
{"ip_address": "<IP address or CIDR>", "mac_address": "<MAC address>"}.
A server connected to the port can send a packet with source address
which matches one of the specified allowed address pairs.
The default is an empty list.
For each address pair, ip_address is required and IP address or
CIDR can be specified. mac_address is optional and if unspecified
the MAC address of the port is used as default. |
| binding:host_id (Optional) | body | string | The ID of the host where the port resides. The default is an empty string. |
| binding:profile (Optional) | body | string | A dictionary that enables the application running on the specific host to pass and receive vif port information specific to the networking back-end. The networking API does not define a specific format of this field. The default is an empty dictionary. |
| binding:vnic_type (Optional) | body | string | The type of vNIC which this port should be attached to. This is used to
determine which mechanism driver(s) to be used to bind the port.
The valid values are normal, macvtap, direct, baremetal,
direct-physical and virtio-forwarder.
What type of vNIC is actually available depends on deployments.
The default is normal. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
| device_id (Optional) | body | string | The ID of the device that uses this port. For example, a server instance or a logical router. |
| device_owner (Optional) | body | string | The entity type that uses this port.
For example, compute:nova (server instance), network:dhcp
(DHCP agent) or network:router_interface (router interface). |
| dns_domain (Optional) | body | string | A valid DNS domain. |
| dns_name (Optional) | body | string | A valid DNS name. |
| extra_dhcp_opts (Optional) | body | array | A set of zero or more extra DHCP option pairs. An option pair consists of an option value and name. |
| fixed_ips (Optional) | body | array | The IP addresses for the port.
If you would like to assign multiple IP addresses for the port,
specify multiple entries in this field.
Each entry consists of IP address (
|
| mac_address (Optional) | body | string | The MAC address of the port. If unspecified, a MAC address is automatically generated. |
| name (Optional) | body | string | Human-readable name of the resource. Default is an empty string. |
| network_id | body | string | The ID of the attached network. |
| port_security_enabled (Optional) | body | boolean | The port security status. A valid value is
enabled (true) or disabled (false).
If port security is enabled for the port,
security group rules and anti-spoofing rules are applied to
the traffic on the port. If disabled, no such rules are applied. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| security_groups (Optional) | body | array | The IDs of security groups applied to the port. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
{
"ports": [
{
"admin_state_up": false,
"name": "sample_port_1",
"network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7"
},
{
"admin_state_up": false,
"name": "sample_port_2",
"network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7"
}
]
}
| Name | In | Type | Description |
|---|---|---|---|
| ports | body | array | A list of port objects. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| allowed_address_pairs | body | array | A set of zero or more allowed address pairs.
An address pair consists of an IP address range and MAC address
with the format of
{"ip_address": "<IP address or CIDR>", "mac_address": "<MAC address>"}.
A server connected to the port can send a packet with source address
which matches one of the specified allowed address pairs. |
| binding:host_id | body | string | The ID of the host where the port resides. |
| binding:profile | body | string | A dictionary that enables the application running on the specific host to pass and receive vif port information specific to the networking back-end. The networking API does not define a specific format of this field. |
| binding:vif_details | body | object | A dictionary which contains additional information on the port.
Currently the following fields are defined: port_filter and
ovs_hybrid_plug.
port_filter is a boolean indicating the networking service
provides port filtering features such as security group and/or
anti MAC/IP spoofing.
ovs_hybrid_plug is a boolean used to inform an API consumer
like nova that the hybrid plugging strategy for OVS should be used. |
| binding:vif_type | body | string | The type of which mechanism is used for the port.
An API consumer like nova can use this to determine an appropriate way to
attach a device (for example an interface of a virtual server) to the port.
Available values currently defined includes
ovs, bridge, macvtap, hw_veb, hostdev_physical,
vhostuser, distributed and other.
There are also special values: unbound and binding_failed.
unbound means the port is
not bound to a networking back-end. binding_failed means an error
that the port failed to be bound to a networking back-end. |
| binding:vnic_type | body | string | The type of vNIC which this port should be attached to. This is used to
determine which mechanism driver(s) to be used to bind the port.
The valid values are normal, macvtap, direct, baremetal,
direct-physical and virtio-forwarder.
What type of vNIC is actually available depends on deployments. |
| created_at | body | string | Time at which port has been created. |
| data_plane_status | body | string | Status of the underlying data plane of a port. |
| description | body | string | A human-readable description for the resource. |
| device_id | body | string | The ID of the device that uses this port. For example, a server instance or a logical router. |
| device_owner | body | string | The entity type that uses this port.
For example, compute:nova (server instance), network:dhcp
(DHCP agent) or network:router_interface (router interface). |
| dns_assignment | body | object | Data assigned to a port by the Networking internal DNS including the
hostname, ip_address and fqdn. |
| dns_domain | body | string | A valid DNS domain. |
| dns_name | body | string | A valid DNS name. |
| extra_dhcp_opts | body | array | A set of zero or more extra DHCP option pairs. An option pair consists of an option value and name. |
| fixed_ips | body | array | The IP addresses for the port. If the port has multiple IP addresses,
this field has multiple entries. Each entry consists of IP address
(ip_address) and the subnet ID from which the IP address
is assigned (subnet_id). |
| id | body | string | The ID of the resource. |
| mac_address | body | string | The MAC address of the port. |
| name | body | string | Human-readable name of the resource. |
| network_id | body | string | The ID of the attached network. |
| port_security_enabled | body | boolean | The port security status. A valid value is
enabled (true) or disabled (false).
If port security is enabled for the port,
security group rules and anti-spoofing rules are applied to
the traffic on the port. If disabled, no such rules are applied. |
| project_id | body | string | The ID of the project. |
| revision_number | body | integer | The revision number of the resource. |
| security_groups | body | array | The IDs of security groups applied to the port. |
| status | body | string | The port status. Values are ACTIVE, DOWN,
BUILD and ERROR. |
| tenant_id | body | string | The ID of the project. |
| updated_at | body | string | Time at which port has been updated. |
{
"ports": [
{
"admin_state_up": false,
"allowed_address_pairs": [],
"data_plane_status": null,
"description": "",
"device_id": "",
"device_owner": "",
"dns_domain": "",
"dns_name": "",
"fixed_ips": [
{
"ip_address": "10.0.0.5",
"subnet_id": "a0304c3a-4f08-4c43-88af-d796509c97d2"
}
],
"id": "94225baa-9d3f-4b93-bf12-b41e7ce49cdb",
"mac_address": "fa:16:3e:48:b8:9f",
"name": "sample_port_1",
"network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
"project_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
"revision_number": 1,
"security_groups": [
"f0ac4394-7e4a-4409-9701-ba8be283dbc3"
],
"status": "DOWN",
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa"
},
{
"admin_state_up": false,
"allowed_address_pairs": [],
"data_plane_status": null,
"description": "",
"device_id": "",
"device_owner": "",
"dns_assignment": {},
"dns_domain": "",
"dns_name": "",
"fixed_ips": [
{
"ip_address": "10.0.0.6",
"subnet_id": "a0304c3a-4f08-4c43-88af-d796509c97d2"
}
],
"id": "235b09e0-63c4-47f1-b221-66ba54c21760",
"mac_address": "fa:16:3e:f4:73:df",
"name": "sample_port_2",
"network_id": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
"project_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa",
"revision_number": 1,
"security_groups": [
"f0ac4394-7e4a-4409-9701-ba8be283dbc3"
],
"status": "DOWN",
"tenant_id": "d6700c0c9ffa4f1cb322cd4a1f3906fa"
}
]
}
Lists, shows details for, creates, updates, and deletes segments. The segments API is admin-only.
Shows details for a segment.
You can control which response parameters are returned by using the fields query parameter. For information, see Filtering and column selection.
Normal response codes: 200
Error response codes: 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| segment_id | path | string | The UUID of the segment. |
| Name | In | Type | Description |
|---|---|---|---|
| id | body | string | The UUID of the segment. |
| network_id | body | string | The ID of the attached network. |
| physical_network | body | string | The physical network where this network is implemented. |
| network_type | body | string | The type of physical network that maps to this
network resource. For example, flat, vlan, vxlan, or
gre. |
| revision_number | body | integer | The revision number of the resource. |
| segmentation_id | body | integer | The ID of the isolated segment on the physical network.
The network_type attribute defines the segmentation model.
For example, if the network_type value is vlan, this ID is a vlan
identifier. If the network_type value is gre, this ID is a gre key. |
| name | body | string | Human-readable name of the resource. |
| description | body | string | A human-readable description for the resource. |
{
"segment": {
"name": null,
"network_id": "5c0cb560-4089-41dd-be29-469907a23b49",
"segmentation_id": 2000,
"network_type": "vlan",
"physical_network": "segment-1",
"revision_number": 1,
"id": "57fe85e4-ca2f-4192-b3cd-d5c249d7a21f",
"description": null
}
}
Updates a segment.
Normal response codes: 200
Error response codes: 400, 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| segment_id | path | string | The UUID of the segment. |
| name (Optional) | body | string | Human-readable name of the segment. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
{
"segment": {
"name": "1",
"description": "Segment One"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| id | body | string | The UUID of the segment. |
| network_id | body | string | The ID of the attached network. |
| physical_network | body | string | The physical network where this network is implemented. |
| network_type | body | string | The type of physical network that maps to this
network resource. For example, flat, vlan, vxlan, or
gre. |
| revision_number | body | integer | The revision number of the resource. |
| segmentation_id | body | integer | The ID of the isolated segment on the physical network.
The network_type attribute defines the segmentation model.
For example, if the network_type value is vlan, this ID is a vlan
identifier. If the network_type value is gre, this ID is a gre key. |
| name | body | string | Human-readable name of the resource. |
| description | body | string | A human-readable description for the resource. |
{
"segment": {
"name": "1",
"network_id": "5c0cb560-4089-41dd-be29-469907a23b49",
"segmentation_id": 2000,
"network_type": "vlan",
"physical_network": "segment-1",
"revision_number": 4,
"id": "57fe85e4-ca2f-4192-b3cd-d5c249d7a21f",
"description": "Segment One"
}
}
Deletes a segment and its associated resources.
Normal response codes: 204
Error response codes: 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| segment_id | path | string | The UUID of the segment. |
There is no body content for the response of a successful DELETE request.
Lists segments to which the project has access.
Use the fields query parameter to filter the response. For
information, see Filtering and Column Selection.
Normal response codes: 200
Error response codes: 401
| Name | In | Type | Description |
|---|---|---|---|
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| id | body | string | The UUID of the segment. |
| network_id | body | string | The ID of the attached network. |
| physical_network | body | string | The physical network where this network is implemented. |
| network_type | body | string | The type of physical network that maps to this
network resource. For example, flat, vlan, vxlan, or
gre. |
| revision_number | body | integer | The revision number of the resource. |
| segmentation_id | body | integer | The ID of the isolated segment on the physical network.
The network_type attribute defines the segmentation model.
For example, if the network_type value is vlan, this ID is a vlan
identifier. If the network_type value is gre, this ID is a gre key. |
| name | body | string | Human-readable name of the resource. |
| description | body | string | A human-readable description for the resource. |
{
"segments": [
{
"name": null,
"network_id": "5c0cb560-4089-41dd-be29-469907a23b49",
"segmentation_id": 2000,
"network_type": "vlan",
"physical_network": "segment-1",
"revision_number": 1,
"id": "57fe85e4-ca2f-4192-b3cd-d5c249d7a21f",
"description": null
},
{
"name": null,
"network_id": "5c0cb560-4089-41dd-be29-469907a23b49",
"segmentation_id": 2000,
"network_type": "vlan",
"physical_network": "segment-2",
"revision_number": 3,
"id": "f1364c3a-4fc1-4206-b2dc-3254bc25cbfc",
"description": null
}
]
}
Creates a segment.
Normal response codes: 201
Error response codes: 400, 401
| Name | In | Type | Description |
|---|---|---|---|
| network_id | body | string | The ID of the attached network. |
| physical_network | body | string | The physical network where this network is implemented. |
| network_type | body | string | The type of physical network that maps to this
network resource. For example, flat, vlan, vxlan, or
gre. |
| segmentation_id | body | integer | The ID of the isolated segment on the physical network.
The network_type attribute defines the segmentation model.
For example, if the network_type value is vlan, this ID is a vlan
identifier. If the network_type value is gre, this ID is a gre key. |
| name (Optional) | body | string | Human-readable name of the segment. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
{
"segment": {
"network_id": "5c0cb560-4089-41dd-be29-469907a23b49",
"segmentation_id": 2000,
"network_type": "vlan",
"physical_network": "segment-1"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| id | body | string | The UUID of the segment. |
| network_id | body | string | The ID of the attached network. |
| physical_network | body | string | The physical network where this network is implemented. |
| network_type | body | string | The type of physical network that maps to this
network resource. For example, flat, vlan, vxlan, or
gre. |
| revision_number | body | integer | The revision number of the resource. |
| segmentation_id | body | integer | The ID of the isolated segment on the physical network.
The network_type attribute defines the segmentation model.
For example, if the network_type value is vlan, this ID is a vlan
identifier. If the network_type value is gre, this ID is a gre key. |
| name | body | string | Human-readable name of the resource. |
| description | body | string | A human-readable description for the resource. |
{
"segment": {
"name": null,
"network_id": "5c0cb560-4089-41dd-be29-469907a23b49",
"segmentation_id": 2000,
"network_type": "vlan",
"physical_network": "segment-1",
"revision_number": 1,
"id": "57fe85e4-ca2f-4192-b3cd-d5c249d7a21f",
"description": null
}
}
The trunk extension can be used to multiplex packets coming from and going to multiple neutron logical networks using a single neutron logical port. A trunk is modeled in neutron as a collection of neutron logical ports. One port, called parent port, must be associated to a trunk and it is the port to be used to connect instances with neutron. A sequence of subports (or sub_ports) each typically belonging to distinct neutron networks, is also associated to a trunk, and each subport may have a segmentation type and ID used to mux/demux the traffic coming in and out of the parent port.
In more details, the extension introduces the following resources:
Lists trunks that are accessible to the user who submits the request.
Default policy settings return only those trunks that are owned by the user who submits the request, unless an admin user submits the request.
Use the fields query parameter to control which fields are
returned in the response body. Additionally, you can filter results
by using query string parameters. For information, see the Filtering
section for more details.
Normal response codes: 200
Error response codes: 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| admin_state_up (Optional) | body | boolean | The administrative state of the trunk, which
is up (true) or down (false). |
| created_at | body | string | Time at which the resource has been created (in UTC ISO8601 format). |
| description | body | string | The description for the resource. |
| id | body | string | The ID for the resource. |
| name (Optional) | body | string | The name of the resource. |
| port_id | body | string | The ID of the parent port. |
| revision_number | body | integer | The revision number of the resource. |
| status | body | string | The status for the trunk. Possible values are ACTIVE,
DOWN, BUILD, DEGRADED, and ERROR. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| sub_ports | body | array | A list of ports associated with the trunk. |
| updated_at | body | string | Time at which the resource has been updated (in UTC ISO8601 format). |
{
"trunks": [
{
"status": "DOWN",
"sub_ports": [],
"name": "test",
"admin_state_up": true,
"project_id": "313be01bd0744cea86643c711c57012b",
"tenant_id": "313be01bd0744cea86643c711c57012b",
"created_at": "2016-10-05T20:11:16Z",
"updated_at": "2016-10-05T20:11:16Z",
"revision_number": 1,
"port_id": "8027c4da-772f-4e43-bfbf-023b4a4e63de",
"id": "ee98bdb4-a817-43af-943f-4318bff98f51",
"description": ""
}
]
}
Error codes:
400 The operation returns this error code if the request is malformed,
e.g. there are missing or invalid parameters in the request.401 The operation is not authorized.404 If the extension is not available or the port UUID of any of the
specified ports is not found.409 The operation returns this error code for one of these
reasons:Normal response codes: 201
Error response codes: 400, 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| port_id | body | string | The ID of the parent port. |
| name (Optional) | body | string | The name of the resource. |
| description | body | string | The description for the resource. |
| admin_state_up (Optional) | body | boolean | The administrative state of the trunk, which
is up (true) or down (false). |
| sub_ports | body | array | A list of ports associated with the trunk. |
{
"trunk": {
"port_id": "8027c4da-772f-4e43-bfbf-023b4a4e63de",
"name": "test",
"admin_state_up": true
}
}
| Name | In | Type | Description |
|---|---|---|---|
| admin_state_up (Optional) | body | boolean | The administrative state of the trunk, which
is up (true) or down (false). |
| created_at | body | string | Time at which the resource has been created (in UTC ISO8601 format). |
| description | body | string | The description for the resource. |
| id | body | string | The ID for the resource. |
| name (Optional) | body | string | The name of the resource. |
| port_id | body | string | The ID of the parent port. |
| revision_number | body | integer | The revision number of the resource. |
| status | body | string | The status for the trunk. Possible values are ACTIVE,
DOWN, BUILD, DEGRADED, and ERROR. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| sub_ports | body | array | A list of ports associated with the trunk. |
| updated_at | body | string | Time at which the resource has been updated (in UTC ISO8601 format). |
{
"trunk": {
"status": "DOWN",
"sub_ports": [],
"name": "test",
"admin_state_up": true,
"project_id": "145a14e4a64b49bf98baad8945dbd4f1",
"tenant_id": "145a14e4a64b49bf98baad8945dbd4f1",
"created_at": "2016-10-05T22:31:37Z",
"updated_at": "2016-10-05T22:31:37Z",
"revision_number": 1,
"port_id": "8027c4da-772f-4e43-bfbf-023b4a4e63de",
"id": "114a26b1-d124-4835-bb4f-021d3d886023",
"description": ""
}
}
Normal response codes: 200
Error response codes: 400, 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| trunk_id | path | string | The ID of the trunk. |
| segmentation_id (Optional) | body | integer | The segmentation ID for the subport. |
| segmentation_type (Optional) | body | string | The segmentation type for the subport. Possible values include vlan
and inherit. When inherit is specified, a port gets its
segmentation type from the network its connected to. |
| port_id | body | string | The ID of the subport. |
{
"sub_ports": [
{
"segmentation_id": 44,
"port_id": "4b4c691b-086d-43d2-8a65-5487e9434155",
"segmentation_type": "vlan"
}
]
}
| Name | In | Type | Description |
|---|---|---|---|
| admin_state_up (Optional) | body | boolean | The administrative state of the trunk, which
is up (true) or down (false). |
| created_at | body | string | Time at which the resource has been created (in UTC ISO8601 format). |
| description | body | string | The description for the resource. |
| id | body | string | The ID for the resource. |
| name (Optional) | body | string | The name of the resource. |
| port_id | body | string | The ID of the parent port. |
| revision_number | body | integer | The revision number of the resource. |
| status | body | string | The status for the trunk. Possible values are ACTIVE,
DOWN, BUILD, DEGRADED, and ERROR. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| sub_ports | body | array | A list of ports associated with the trunk. |
| updated_at | body | string | Time at which the resource has been updated (in UTC ISO8601 format). |
{
"status": "DOWN",
"sub_ports": [
{
"segmentation_type": "vlan",
"port_id": "4b4c691b-086d-43d2-8a65-5487e9434155",
"segmentation_id": 44
}
],
"name": "test",
"admin_state_up": true,
"project_id": "145a14e4a64b49bf98baad8945dbd4f1",
"tenant_id": "145a14e4a64b49bf98baad8945dbd4f1",
"created_at": "2016-10-05T22:31:37Z",
"updated_at": "2016-10-05T22:52:04Z",
"revision_number": 2,
"port_id": "8027c4da-772f-4e43-bfbf-023b4a4e63de",
"id": "114a26b1-d124-4835-bb4f-021d3d886023",
"description": ""
}
Normal response codes: 200
Error response codes: 400, 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| trunk_id | path | string | The ID of the trunk. |
| port_id | body | string | The ID of the port. |
{
"sub_ports": [
{
"port_id": "4b4c691b-086d-43d2-8a65-5487e9434155"
}
]
}
| Name | In | Type | Description |
|---|---|---|---|
| admin_state_up (Optional) | body | boolean | The administrative state of the trunk, which
is up (true) or down (false). |
| created_at | body | string | Time at which the resource has been created (in UTC ISO8601 format). |
| description | body | string | The description for the resource. |
| id | body | string | The ID for the resource. |
| name (Optional) | body | string | The name of the resource. |
| port_id | body | string | The ID of the parent port. |
| revision_number | body | integer | The revision number of the resource. |
| status | body | string | The status for the trunk. Possible values are ACTIVE,
DOWN, BUILD, DEGRADED, and ERROR. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| sub_ports | body | array | A list of ports associated with the trunk. |
| updated_at | body | string | Time at which the resource has been updated (in UTC ISO8601 format). |
{
"status": "DOWN",
"sub_ports": [],
"name": "test",
"admin_state_up": true,
"project_id": "145a14e4a64b49bf98baad8945dbd4f1",
"tenant_id": "145a14e4a64b49bf98baad8945dbd4f1",
"created_at": "2016-10-05T22:31:37Z",
"updated_at": "2016-10-05T22:57:44Z",
"revision_number": 3,
"port_id": "8027c4da-772f-4e43-bfbf-023b4a4e63de",
"id": "114a26b1-d124-4835-bb4f-021d3d886023",
"description": ""
}
Normal response codes: 200
Error response codes: 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| trunk_id | path | string | The ID of the trunk. |
| Name | In | Type | Description |
|---|---|---|---|
| port_id | body | string | The ID of the subport. |
| segmentation_type | body | string | The segmentation type for the subport. Possible values include vlan
and inherit. When inherit is specified, a port gets its
segmentation type from the network its connected to. |
| segmentation_id (Optional) | body | integer | The segmentation ID for the subport. |
{
"sub_ports": [
{
"segmentation_type": "vlan",
"port_id": "4b4c691b-086d-43d2-8a65-5487e9434155",
"segmentation_id": 44
}
]
}
The update request is only for changing fields like name, description or admin_state_up. Setting the admin_state_up to False locks the trunk in that it prevents operations such as as adding/removing subports.
Normal response codes: 200
Error response codes: 400, 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| name_resource (Optional) | body | string | The name of the resource. |
| admin_state_up_trunk | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| description_resource | body | string | The description for the resource. |
| trunk_id | path | string | The ID of the trunk. |
{
"trunk": {
"name": "foo",
"admin_state_up": true
}
}
| Name | In | Type | Description |
|---|---|---|---|
| admin_state_up (Optional) | body | boolean | The administrative state of the trunk, which
is up (true) or down (false). |
| created_at | body | string | Time at which the resource has been created (in UTC ISO8601 format). |
| description | body | string | The description for the resource. |
| id | body | string | The ID for the resource. |
| name (Optional) | body | string | The name of the resource. |
| port_id | body | string | The ID of the parent port. |
| revision_number | body | integer | The revision number of the resource. |
| status | body | string | The status for the trunk. Possible values are ACTIVE,
DOWN, BUILD, DEGRADED, and ERROR. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| sub_ports | body | array | A list of ports associated with the trunk. |
| updated_at | body | string | Time at which the resource has been updated (in UTC ISO8601 format). |
{
"trunk": {
"status": "DOWN",
"sub_ports": [
{
"segmentation_type": "vlan",
"port_id": "4b4c691b-086d-43d2-8a65-5487e9434155",
"segmentation_id": 44
}
],
"name": "foo",
"admin_state_up": true,
"project_id": "145a14e4a64b49bf98baad8945dbd4f1",
"tenant_id": "145a14e4a64b49bf98baad8945dbd4f1",
"created_at": "2016-10-05T22:31:37Z",
"updated_at": "2016-10-05T23:28:17Z",
"revision_number": 9,
"port_id": "8027c4da-772f-4e43-bfbf-023b4a4e63de",
"id": "114a26b1-d124-4835-bb4f-021d3d886023",
"description": ""
}
}
Shows details for a trunk.
Use the fields query parameter to control which fields are
returned in the response body. For information, see Filtering and
Column Selection.
Normal response codes: 200
Error response codes: 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| trunk_id | path | string | The ID of the trunk. |
| Name | In | Type | Description |
|---|---|---|---|
| admin_state_up (Optional) | body | boolean | The administrative state of the trunk, which
is up (true) or down (false). |
| created_at | body | string | Time at which the resource has been created (in UTC ISO8601 format). |
| description | body | string | The description for the resource. |
| id | body | string | The ID for the resource. |
| name (Optional) | body | string | The name of the resource. |
| port_id | body | string | The ID of the parent port. |
| revision_number | body | integer | The revision number of the resource. |
| status | body | string | The status for the trunk. Possible values are ACTIVE,
DOWN, BUILD, DEGRADED, and ERROR. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| sub_ports | body | array | A list of ports associated with the trunk. |
| updated_at | body | string | Time at which the resource has been updated (in UTC ISO8601 format). |
{
"trunk": {
"status": "DOWN",
"sub_ports": [
{
"segmentation_type": "vlan",
"port_id": "4b4c691b-086d-43d2-8a65-5487e9434155",
"segmentation_id": 44
}
],
"name": "foo",
"admin_state_up": true,
"project_id": "145a14e4a64b49bf98baad8945dbd4f1",
"tenant_id": "145a14e4a64b49bf98baad8945dbd4f1",
"created_at": "2016-10-05T22:31:37Z",
"updated_at": "2016-10-05T23:28:17Z",
"revision_number": 9,
"port_id": "8027c4da-772f-4e43-bfbf-023b4a4e63de",
"id": "114a26b1-d124-4835-bb4f-021d3d886023",
"description": ""
}
}
Deletes a trunk, if its state allows it.
Normal response codes: 204
Error response codes: 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| trunk_id | path | string | The ID of the trunk. |
The trunk_details extension attribute is available when showing a port resource that participates in a trunk as parent. The extension is useful for REST clients that may want to access trunk details when getting the parent port, and it allows them to avoid extra lookups.
Shows details for a port. The details available in the trunk_details attribute contain the trunk ID and the array showing information about the subports that belong to the trunk: the port UUID, the segmentation type, the segmentation ID, and the MAC address.
Normal response codes: 200
| Name | In | Type | Description |
|---|---|---|---|
| port_id | path | string | The ID of the port. |
| Name | In | Type | Description |
|---|---|---|---|
| trunk_details (Optional) | body | dict | The details about the trunk. |
{
"port": {
"status": "DOWN",
"created_at": "2016-10-05T20:05:14Z",
"description": "",
"admin_state_up": true,
"network_id": "1cf9e069-365f-4a78-8784-616bc12c4c5a",
"project_id": "313be01bd0744cea86643c711c57012b",
"tenant_id": "313be01bd0744cea86643c711c57012b",
"extra_dhcp_opts": [],
"updated_at": "2016-10-05T20:05:14Z",
"name": "test",
"device_owner": "",
"trunk_details": {
"trunk_id": "8905d084-010c-46e8-a863-f21cb4441ab1",
"sub_ports": [
{
"segmentation_id": 33,
"port_id": "70df9f3e-b409-4761-8304-ce029b2079f5",
"segmentation_type": "vlan",
"mac_address": "fa:16:3e:86:9b:dc"
},
{
"segmentation_id": 44,
"port_id": "4b4c691b-086d-43d2-8a65-5487e9434155",
"segmentation_type": "vlan",
"mac_address": "fa:16:3e:fe:29:97"
}
]
},
"revision_number": 5,
"mac_address": "fa:16:3e:5c:e9:a3",
"fixed_ips": [
{
"subnet_id": "76a059c0-b189-479f-882c-5e8bd464ea49",
"ip_address": "40.0.0.3"
}
],
"id": "8027c4da-772f-4e43-bfbf-023b4a4e63de",
"security_groups": ["da88a249-12ac-4221-9565-c406b6feeb48"],
"device_id": ""
}
}
The dns-integration extension adds the dns_name and dns_domain
attributes to floating IPs allowing them to be specified at creation time.
The data in these attributes will be published in an external DNS service
when Neutron is configured to integrate with such a service.
Lists floating IPs visible to the user.
Default policy settings return only the floating IPs owned by the user’s project, unless the user has admin role.
This example request lists floating IPs in JSON format:
GET /v2.0/floatingips
Accept: application/json
Use the fields query parameter to control which fields are
returned in the response body. Additionally, you can filter results
by using query string parameters. For information, see Filtering
and Column Selection.
Normal response codes: 200
Error response codes: 401
| Name | In | Type | Description |
|---|---|---|---|
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| floatingips | body | array | A list of floatingip objects. |
| id | body | string | The ID of the floating IP address. |
| router_id | body | string | The ID of the router for the floating IP. |
| status | body | string | The status of the floating IP. Values are
ACTIVE, DOWN and ERROR. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| created_at | body | string | Time at which the resource has been created (in UTC ISO8601 format). |
| updated_at | body | string | Time at which the resource has been updated (in UTC ISO8601 format). |
| revision_number | body | integer | The revision number of the resource. |
| description | body | string | A human-readable description for the resource. |
| dns_domain | body | string | A valid DNS domain. |
| dns_name | body | string | A valid DNS name. |
| floating_network_id | body | string | The ID of the network associated with the floating IP. |
| fixed_ip_address | body | string | The fixed IP address that is associated with the floating IP address. |
| floating_ip_address | body | string | The floating IP address. |
| port_id | body | string | The ID of a port associated with the floating IP. |
| revision_number | body | integer | The revision number of the resource. |
{
"floatingips": [
{
"router_id": "d23abc8d-2991-4a55-ba98-2aaea84cc72f",
"description": "for test",
"dns_domain": "my-domain.org.",
"dns_name": "myfip",
"created_at": "2016-12-21T10:55:50Z",
"updated_at": "2016-12-21T10:55:53Z",
"revision_number": 1,
"project_id": "4969c491a3c74ee4af974e6d800c62de",
"tenant_id": "4969c491a3c74ee4af974e6d800c62de",
"floating_network_id": "376da547-b977-4cfe-9cba-275c80debf57",
"fixed_ip_address": "10.0.0.3",
"floating_ip_address": "172.24.4.228",
"port_id": "ce705c24-c1ef-408a-bda3-7bbd946164ab",
"id": "2f245a7b-796b-4f26-9cf9-9e82d248fda7",
"revision_number": 1,
"status": "ACTIVE"
},
{
"router_id": null,
"description": "for test",
"dns_domain": "my-domain.org.",
"dns_name": "myfip2",
"created_at": "2016-12-21T11:55:50Z",
"updated_at": "2016-12-21T11:55:53Z",
"revision_number": 2,
"project_id": "4969c491a3c74ee4af974e6d800c62de",
"tenant_id": "4969c491a3c74ee4af974e6d800c62de",
"floating_network_id": "376da547-b977-4cfe-9cba-275c80debf57",
"fixed_ip_address": null,
"floating_ip_address": "172.24.4.227",
"port_id": null,
"id": "61cea855-49cb-4846-997d-801b70c71bdd",
"revision_number": 1,
"status": "DOWN"
}
]
}
Creates a floating IP, and, if you specify port information, associates the floating IP with an internal port.
To associate the floating IP with an internal port, specify the port ID attribute in the request body. If you do not specify a port ID in the request, you can issue a PUT request instead of a POST request.
Default policy settings enable only administrative users to set floating IP addresses and some non-administrative users might require a floating IP address. If you do not specify a floating IP address in the request, the operation automatically allocates one.
By default, this operation associates the floating IP address with
a single fixed IP address that is configured on an OpenStack
Networking port. If a port has multiple IP addresses, you must
specify the fixed_ip_address attribute in the request body to
associate a fixed IP address with the floating IP address.
You can create floating IPs on only external networks. When you create a floating IP, you must specify the ID of the network on which you want to create the floating IP. Alternatively, you can create a floating IP on a subnet in the external network, based on the costs and quality of that subnet.
You must configure an IP address with the internal OpenStack Networking port that is associated with the floating IP address.
The operation returns the Bad Request (400) response code for one of
reasons:
- The network is not external, such as
router:external=False.- The internal OpenStack Networking port is not associated with the floating IP address.
- The requested floating IP address does not fall in the subnet range for the external network.
- The fixed IP address is not valid.
If the port ID is not valid, this operation returns 404 response code.
The operation returns the Conflict (409) response code for one of
reasons:
- The requested floating IP address is already in use.
- The internal OpenStack Networking port and fixed IP address are already associated with another floating IP.
Normal response codes: 201
Error response codes: 400, 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| floatingip | body | object | A floatingip object. When you associate a
floating IP address with a VM, the instance has the same public IP
address each time that it boots, basically to maintain a
consistent IP address for maintaining DNS assignment. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| floating_network_id | body | string | The ID of the network associated with the floating IP. |
| fixed_ip_address (Optional) | body | string | The fixed IP address that is associated with the floating IP.
If an internal port has multiple associated IP addresses,
the service chooses the first IP address unless you explicitly
define a fixed IP address in the fixed_ip_address parameter. |
| floating_ip_address (Optional) | body | string | The floating IP address. |
| port_id (Optional) | body | string | The ID of a port associated with the floating IP. To associate the floating IP with a fixed IP at creation time, you must specify the identifier of the internal port. |
| subnet_id (Optional) | body | string | The subnet ID on which you want to create the floating IP. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
| dns_domain (Optional) | body | string | A valid DNS domain. |
| dns_name (Optional) | body | string | A valid DNS name. |
{
"floatingip": {
"floating_network_id": "376da547-b977-4cfe-9cba-275c80debf57",
"port_id": "ce705c24-c1ef-408a-bda3-7bbd946164ab",
"subnet_id": "278d9507-36e7-403c-bb80-1d7093318fe6",
"fixed_ip_address": "10.0.0.3",
"floating_ip_address": "172.24.4.228",
"description": "floating ip for testing",
"dns_domain": "my-domain.org.",
"dns_name": "myfip"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| floatingip | body | object | A floatingip object. When you associate a
floating IP address with a VM, the instance has the same public IP
address each time that it boots, basically to maintain a
consistent IP address for maintaining DNS assignment. |
| router_id | body | string | The ID of the router for the floating IP. |
| status | body | string | The status of the floating IP. Values are
ACTIVE, DOWN and ERROR. |
| description | body | string | A human-readable description for the resource. |
| dns_domain | body | string | A valid DNS domain. |
| dns_name | body | string | A valid DNS name. |
| tenant_id | body | string | The ID of the project. |
| created_at | body | string | Time at which the resource has been created (in UTC ISO8601 format). |
| updated_at | body | string | Time at which the resource has been updated (in UTC ISO8601 format). |
| revision_number | body | integer | The revision number of the resource. |
| project_id | body | string | The ID of the project. |
| floating_network_id | body | string | The ID of the network associated with the floating IP. |
| fixed_ip_address | body | string | The fixed IP address that is associated with the floating IP address. |
| floating_ip_address | body | string | The floating IP address. |
| port_id | body | string | The ID of a port associated with the floating IP. |
| id | body | string | The ID of the floating IP address. |
{
"floatingip": {
"fixed_ip_address": "10.0.0.3",
"floating_ip_address": "172.24.4.228",
"floating_network_id": "376da547-b977-4cfe-9cba-275c80debf57",
"id": "2f245a7b-796b-4f26-9cf9-9e82d248fda7",
"port_id": "ce705c24-c1ef-408a-bda3-7bbd946164ab",
"router_id": "d23abc8d-2991-4a55-ba98-2aaea84cc72f",
"status": "ACTIVE",
"project_id": "4969c491a3c74ee4af974e6d800c62de",
"tenant_id": "4969c491a3c74ee4af974e6d800c62de",
"description": "floating ip for testing",
"dns_domain": "my-domain.org.",
"dns_name": "myfip",
"created_at": "2016-12-21T01:36:04Z",
"updated_at": "2016-12-21T01:36:04Z",
"revision_number": 1
}
}
Shows details for a floating IP.
Use the fields query parameter to control which fields are
returned in the response body. For information, see Filtering and
Column Selection.
This example request shows details for a floating IP in JSON
format. This example also filters the result by the
fixed_ip_address and floating_ip_address fields.
GET /v2.0/floatingips/{floatingip_id}?fields=fixed_ip_address
&
fields=floating_ip_address
Accept: application/json
Normal response codes: 200
Error response codes: 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| floatingip_id | path | string | The ID of the floating IP address. |
| Name | In | Type | Description |
|---|---|---|---|
| floatingip | body | object | A floatingip object. When you associate a
floating IP address with a VM, the instance has the same public IP
address each time that it boots, basically to maintain a
consistent IP address for maintaining DNS assignment. |
| router_id | body | string | The ID of the router for the floating IP. |
| status | body | string | The status of the floating IP. Values are
ACTIVE, DOWN and ERROR. |
| description | body | string | A human-readable description for the resource. |
| dns_domain | body | string | A valid DNS domain. |
| dns_name | body | string | A valid DNS name. |
| tenant_id | body | string | The ID of the project. |
| created_at | body | string | Time at which the resource has been created (in UTC ISO8601 format). |
| updated_at | body | string | Time at which the resource has been updated (in UTC ISO8601 format). |
| revision_number | body | integer | The revision number of the resource. |
| project_id | body | string | The ID of the project. |
| floating_network_id | body | string | The ID of the network associated with the floating IP. |
| fixed_ip_address | body | string | The fixed IP address that is associated with the floating IP address. |
| floating_ip_address | body | string | The floating IP address. |
| port_id | body | string | The ID of a port associated with the floating IP. |
| id | body | string | The ID of the floating IP address. |
{
"floatingip": {
"floating_network_id": "376da547-b977-4cfe-9cba-275c80debf57",
"router_id": "d23abc8d-2991-4a55-ba98-2aaea84cc72f",
"fixed_ip_address": "10.0.0.3",
"floating_ip_address": "172.24.4.228",
"project_id": "4969c491a3c74ee4af974e6d800c62de",
"tenant_id": "4969c491a3c74ee4af974e6d800c62de",
"status": "ACTIVE",
"port_id": "ce705c24-c1ef-408a-bda3-7bbd946164ab",
"id": "2f245a7b-796b-4f26-9cf9-9e82d248fda7",
"description": "floating ip for testing",
"dns_domain": "my-domain.org.",
"dns_name": "myfip",
"created_at": "2016-12-21T01:36:04Z",
"updated_at": "2016-12-21T01:36:04Z",
"revision_number": 1
}
}
Updates a floating IP and its association with an internal port.
The association process is the same as the process for the create floating IP operation.
To disassociate a floating IP from a port, set the port_id
attribute to null or omit it from the request body.
This example updates a floating IP:
PUT /v2.0/floatingips/{floatingip_id} Accept: application/json
Depending on the request body that you submit, this request associates a port with or disassociates a port from a floating IP.
Normal response codes: 200
Error response codes: 400, 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| floatingip | body | object | A floatingip object. When you associate a
floating IP address with a VM, the instance has the same public IP
address each time that it boots, basically to maintain a
consistent IP address for maintaining DNS assignment. |
| floatingip_id | path | string | The ID of the floating IP address. |
| port_id | body | string | The ID of a port associated with the floating IP.
To associate the floating IP with a fixed IP,
you must specify the ID of the internal port.
To disassociate the floating IP, null should be specified. |
| fixed_ip_address (Optional) | body | string | The fixed IP address that is associated with the floating IP.
If an internal port has multiple associated IP addresses,
the service chooses the first IP address unless you explicitly
define a fixed IP address in the fixed_ip_address parameter. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
{
"floatingip": {
"port_id": "fc861431-0e6c-4842-a0ed-e2363f9bc3a8"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| floatingip | body | object | A floatingip object. When you associate a
floating IP address with a VM, the instance has the same public IP
address each time that it boots, basically to maintain a
consistent IP address for maintaining DNS assignment. |
| router_id | body | string | The ID of the router for the floating IP. |
| status | body | string | The status of the floating IP. Values are
ACTIVE, DOWN and ERROR. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| floating_network_id | body | string | The ID of the network associated with the floating IP. |
| fixed_ip_address | body | string | The fixed IP address that is associated with the floating IP address. |
| floating_ip_address | body | string | The floating IP address. |
| port_id | body | string | The ID of a port associated with the floating IP. |
| id | body | string | The ID of the floating IP address. |
| created_at | body | string | Time at which the resource has been created (in UTC ISO8601 format). |
| updated_at | body | string | Time at which the resource has been updated (in UTC ISO8601 format). |
| revision_number | body | integer | The revision number of the resource. |
| description | body | string | A human-readable description for the resource. |
| dns_domain | body | string | A valid DNS domain. |
| dns_name | body | string | A valid DNS name. |
{
"floatingip": {
"created_at": "2016-12-21T10:55:50Z",
"description": "floating ip for testing",
"dns_domain": "my-domain.org.",
"dns_name": "myfip",
"fixed_ip_address": "10.0.0.4",
"floating_ip_address": "172.24.4.228",
"floating_network_id": "376da547-b977-4cfe-9cba-275c80debf57",
"id": "2f245a7b-796b-4f26-9cf9-9e82d248fda7",
"port_id": "fc861431-0e6c-4842-a0ed-e2363f9bc3a8",
"project_id": "4969c491a3c74ee4af974e6d800c62de",
"revision_number": 3,
"router_id": "d23abc8d-2991-4a55-ba98-2aaea84cc72f",
"status": "ACTIVE",
"tenant_id": "4969c491a3c74ee4af974e6d800c62de",
"updated_at": "2016-12-22T03:13:49Z"
}
}
Deletes a floating IP and, if present, its associated port.
This example deletes a floating IP:
DELETE /v2.0/floatingips/{floatingip_id} Accept: application/json
Normal response codes: 204
Error response codes: 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| floatingip_id | path | string | The ID of the floating IP address. |
There is no body content for the response of a successful DELETE request.
A router is a logical entity for forwarding packets across
internal subnets and NATting them on external networks through an
appropriate external gateway.
This resource is provided when router extension is enabled.
extraroute)¶The extra route extension (extraroute) extends router resources adding
a routes attribute that contains an array of route objects. Each route
object has a destination and nexthop attribute representing the route.
Lists logical routers that the project who submits the request can access.
Default policy settings return only those routers that the project who submits the request owns, unless an administrative user submits the request.
Use the fields query parameter to control which fields are
returned in the response body. Additionally, you can filter results
by using query string parameters. For information, see Filtering
and Column Selection.
Normal response codes: 200
Error response codes: 401
| Name | In | Type | Description |
|---|---|---|---|
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| routers | body | array | A list of router objects. |
| id | body | string | The ID of the router. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| name | body | string | Human-readable name of the resource. |
| description | body | string | A human-readable description for the resource. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| status | body | string | The router status. |
| external_gateway_info | body | object | The external gateway information of the router.
If the router has an external gateway, this would be a dict with
network_id, enable_snat and external_fixed_ips.
Otherwise, this would be null. |
| network_id | body | string | Network ID which the router gateway is connected to. |
| enable_snat | body | boolean | Enable Source NAT (SNAT) attribute.
true means Network Address Translation (NAT) is enabled
for traffic generated by subnets attached to the router
when the traffic is sent to/received from the external network.
false means no NAT is applied for traffic from/to the external network.
It is available when ext-gw-mode extension is enabled. |
| external_fixed_ips | body | array | IP address(es) of the external gateway of the router.
It is a list of IP addresses. Each element of the list
is a dictionary of ip_address and subnet_id. |
| revision_number | body | integer | The revision number of the resource. |
| routes | body | array | The extra routes configuration for L3 router.
A list of dictionaries with destination and nexthop parameters.
It is available when extraroute extension is enabled. |
| destination | body | string | The destination CIDR. |
| nexthop | body | string | The IP address of the next hop for the corresponding destination. The next hop IP address must be a part of one of the subnets to which the router interfaces are connected. |
| distributed | body | boolean | true indicates a distributed router.
It is available when dvr extension is enabled. |
| ha | body | boolean | true indicates a highly-available router.
It is available when l3-ha extension is enabled. |
| availability_zone_hints | body | array | The availability zone candidates for the router.
It is available when router_availability_zone extension is enabled. |
| availability_zones | body | array | The availability zone(s) for the router.
It is available when router_availability_zone extension is enabled. |
{
"routers": [
{
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"description": "",
"distributed": false,
"external_gateway_info": {
"enable_snat": true,
"external_fixed_ips": [
{
"ip_address": "172.24.4.3",
"subnet_id": "b930d7f6-ceb7-40a0-8b81-a425dd994ccf"
},
{
"ip_address": "2001:db8::c",
"subnet_id": "0c56df5d-ace5-46c8-8f4c-45fa4e334d18"
}
],
"network_id": "ae34051f-aa6c-4c75-abf5-50dc9ac99ef3"
},
"ha": false,
"id": "915a14a6-867b-4af7-83d1-70efceb146f9",
"name": "router2",
"revision_number": 1,
"routes": [
{
"destination": "179.24.1.0/24",
"nexthop": "172.24.3.99"
}
],
"status": "ACTIVE",
"project_id": "0bd18306d801447bb457a46252d82d13",
"tenant_id": "0bd18306d801447bb457a46252d82d13"
},
{
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"description": "",
"distributed": false,
"external_gateway_info": {
"enable_snat": true,
"external_fixed_ips": [
{
"ip_address": "172.24.4.6",
"subnet_id": "b930d7f6-ceb7-40a0-8b81-a425dd994ccf"
},
{
"ip_address": "2001:db8::9",
"subnet_id": "0c56df5d-ace5-46c8-8f4c-45fa4e334d18"
}
],
"network_id": "ae34051f-aa6c-4c75-abf5-50dc9ac99ef3"
},
"ha": false,
"id": "f8a44de0-fc8e-45df-93c7-f79bf3b01c95",
"name": "router1",
"revision_number": 1,
"routes": [],
"status": "ACTIVE",
"project_id": "0bd18306d801447bb457a46252d82d13",
"tenant_id": "0bd18306d801447bb457a46252d82d13"
}
]
}
Creates a logical router.
This operation creates a logical router. The logical router does
not have any internal interface and it is not associated with any
subnet. You can optionally specify an external gateway for a router
at create time. The external gateway for the router must be plugged
into an external network. An external network has its
router:external extended field set to true. To specify an
external gateway, the ID of the external network must be passed
in the network_id parameter of the external_gateway_info
attribute in the request body.
Normal response codes: 201
Error response codes: 400, 401
| Name | In | Type | Description |
|---|---|---|---|
| router | body | object | A router object. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| name (Optional) | body | string | Human-readable name of the resource. Default is an empty string. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
| admin_state_up (Optional) | body | boolean | The administrative state of the resource, which is
up (true) or down (false).
Default is true. |
| external_gateway_info (Optional) | body | object | The external gateway information of the router.
If the router has an external gateway, this would be a dict with
network_id, enable_snat and external_fixed_ips.
Otherwise, this would be null. |
| network_id | body | string | Network ID which the router gateway is connected to. |
| enable_snat (Optional) | body | boolean | Enable Source NAT (SNAT) attribute. Default is
true. To persist this attribute value, set the
enable_snat_by_default option in the neutron.conf file.
It is available when ext-gw-mode extension is enabled. |
| external_fixed_ips (Optional) | body | array | IP address(es) of the external gateway interface of the router.
It is a list of IP addresses you would like to assign to the
external gateway interface. Each element of ths list is
a dictionary of ip_address and subnet_id. |
| distributed (Optional) | body | boolean | true indicates a distributed router.
It is available when dvr extension is enabled. |
| ha (Optional) | body | boolean | true indicates a highly-available router.
It is available when l3-ha extension is enabled. |
| availability_zone_hints (Optional) | body | array | The availability zone candidates for the router.
It is available when router_availability_zone extension is enabled. |
{
"router": {
"name": "router1",
"external_gateway_info": {
"network_id": "ae34051f-aa6c-4c75-abf5-50dc9ac99ef3",
"enable_snat": true,
"external_fixed_ips": [
{
"ip_address": "172.24.4.6",
"subnet_id": "b930d7f6-ceb7-40a0-8b81-a425dd994ccf"
}
]
},
"admin_state_up": true
}
}
| Name | In | Type | Description |
|---|---|---|---|
| router | body | object | A router object. |
| id | body | string | The ID of the router. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| name | body | string | Human-readable name of the resource. |
| description | body | string | A human-readable description for the resource. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| status | body | string | The router status. |
| external_gateway_info | body | object | The external gateway information of the router.
If the router has an external gateway, this would be a dict with
network_id, enable_snat and external_fixed_ips.
Otherwise, this would be null. |
| network_id | body | string | Network ID which the router gateway is connected to. |
| enable_snat | body | boolean | Enable Source NAT (SNAT) attribute.
true means Network Address Translation (NAT) is enabled
for traffic generated by subnets attached to the router
when the traffic is sent to/received from the external network.
false means no NAT is applied for traffic from/to the external network.
It is available when ext-gw-mode extension is enabled. |
| external_fixed_ips | body | array | IP address(es) of the external gateway of the router.
It is a list of IP addresses. Each element of the list
is a dictionary of ip_address and subnet_id. |
| revision_number | body | integer | The revision number of the resource. |
| routes | body | array | The extra routes configuration for L3 router.
A list of dictionaries with destination and nexthop parameters.
It is available when extraroute extension is enabled. |
| destination | body | string | The destination CIDR. |
| nexthop | body | string | The IP address of the next hop for the corresponding destination. The next hop IP address must be a part of one of the subnets to which the router interfaces are connected. |
| distributed | body | boolean | true indicates a distributed router.
It is available when dvr extension is enabled. |
| ha | body | boolean | true indicates a highly-available router.
It is available when l3-ha extension is enabled. |
| availability_zone_hints | body | array | The availability zone candidates for the router.
It is available when router_availability_zone extension is enabled. |
| availability_zones | body | array | The availability zone(s) for the router.
It is available when router_availability_zone extension is enabled. |
{
"router": {
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"description": "",
"distributed": false,
"external_gateway_info": {
"enable_snat": true,
"external_fixed_ips": [
{
"ip_address": "172.24.4.6",
"subnet_id": "b930d7f6-ceb7-40a0-8b81-a425dd994ccf"
}
],
"network_id": "ae34051f-aa6c-4c75-abf5-50dc9ac99ef3"
},
"ha": false,
"id": "f8a44de0-fc8e-45df-93c7-f79bf3b01c95",
"name": "router1",
"routes": [],
"revision_number": 1,
"status": "ACTIVE",
"project_id": "0bd18306d801447bb457a46252d82d13",
"tenant_id": "0bd18306d801447bb457a46252d82d13"
}
}
Shows details for a router.
Use the fields query parameter to control which fields are
returned in the response body. For information, see Filtering and
Column Selection.
Normal response codes: 200
Error response codes: 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| router_id | path | string | The ID of the router. |
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| router | body | object | A router object. |
| id | body | string | The ID of the router. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| name | body | string | Human-readable name of the resource. |
| description | body | string | A human-readable description for the resource. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| status | body | string | The router status. |
| external_gateway_info | body | object | The external gateway information of the router.
If the router has an external gateway, this would be a dict with
network_id, enable_snat and external_fixed_ips.
Otherwise, this would be null. |
| network_id | body | string | Network ID which the router gateway is connected to. |
| enable_snat | body | boolean | Enable Source NAT (SNAT) attribute.
true means Network Address Translation (NAT) is enabled
for traffic generated by subnets attached to the router
when the traffic is sent to/received from the external network.
false means no NAT is applied for traffic from/to the external network.
It is available when ext-gw-mode extension is enabled. |
| external_fixed_ips | body | array | IP address(es) of the external gateway of the router.
It is a list of IP addresses. Each element of the list
is a dictionary of ip_address and subnet_id. |
| revision_number | body | integer | The revision number of the resource. |
| routes | body | array | The extra routes configuration for L3 router.
A list of dictionaries with destination and nexthop parameters.
It is available when extraroute extension is enabled. |
| destination | body | string | The destination CIDR. |
| nexthop | body | string | The IP address of the next hop for the corresponding destination. The next hop IP address must be a part of one of the subnets to which the router interfaces are connected. |
| distributed | body | boolean | true indicates a distributed router.
It is available when dvr extension is enabled. |
| ha | body | boolean | true indicates a highly-available router.
It is available when l3-ha extension is enabled. |
| availability_zone_hints | body | array | The availability zone candidates for the router.
It is available when router_availability_zone extension is enabled. |
| availability_zones | body | array | The availability zone(s) for the router.
It is available when router_availability_zone extension is enabled. |
{
"router": {
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"description": "",
"distributed": false,
"external_gateway_info": {
"enable_snat": true,
"external_fixed_ips": [
{
"ip_address": "172.24.4.6",
"subnet_id": "b930d7f6-ceb7-40a0-8b81-a425dd994ccf"
},
{
"ip_address": "2001:db8::9",
"subnet_id": "0c56df5d-ace5-46c8-8f4c-45fa4e334d18"
}
],
"network_id": "ae34051f-aa6c-4c75-abf5-50dc9ac99ef3"
},
"ha": false,
"id": "f8a44de0-fc8e-45df-93c7-f79bf3b01c95",
"name": "router1",
"revision_number": 1,
"routes": [
{
"destination": "179.24.1.0/24",
"nexthop": "172.24.3.99"
}
],
"status": "ACTIVE",
"project_id": "0bd18306d801447bb457a46252d82d13",
"tenant_id": "0bd18306d801447bb457a46252d82d13"
}
}
Updates a logical router.
This operation does not enable the update of router interfaces. To update a router intreface, use the add router interface and remove router interface operations.
Normal response codes: 200
Error response codes: 400, 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| router | body | object | A router object. |
| external_gateway_info | body | object | The external gateway information of the router.
If the router has an external gateway, this would be a dict with
network_id, enable_snat and external_fixed_ips.
Otherwise, this would be null. |
| enable_snat | body | boolean | Enable Source NAT (SNAT) attribute.
true means Network Address Translation (NAT) is enabled
for traffic generated by subnets attached to the router
when the traffic is sent to/received from the external network.
false means no NAT is applied for traffic from/to the external network.
It is available when ext-gw-mode extension is enabled. |
| name | body | string | Human-readable name of the resource. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| external_fixed_ips | body | array | IP address(es) of the external gateway of the router.
It is a list of IP addresses. Each element of the list
is a dictionary of ip_address and subnet_id. |
| router_id | path | string | The ID of the router. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
| routes (Optional) | body | array | The extra routes configuration for L3 router.
A list of dictionaries with destination and nexthop parameters.
It is available when extraroute extension is enabled.
Default is an empty list ([]). |
{
"router": {
"external_gateway_info": {
"network_id": "ae34051f-aa6c-4c75-abf5-50dc9ac99ef3",
"enable_snat": true,
"external_fixed_ips": [
{
"ip_address": "172.24.4.6",
"subnet_id": "b930d7f6-ceb7-40a0-8b81-a425dd994ccf"
}
],
"routes": [
{
"destination": "179.24.1.0/24",
"nexthop": "172.24.3.99"
}
]
}
}
}
| Name | In | Type | Description |
|---|---|---|---|
| router | body | object | A router object. |
| id | body | string | The ID of the router. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| name | body | string | Human-readable name of the resource. |
| description | body | string | A human-readable description for the resource. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| status | body | string | The router status. |
| external_gateway_info | body | object | The external gateway information of the router.
If the router has an external gateway, this would be a dict with
network_id, enable_snat and external_fixed_ips.
Otherwise, this would be null. |
| network_id | body | string | Network ID which the router gateway is connected to. |
| enable_snat | body | boolean | Enable Source NAT (SNAT) attribute.
true means Network Address Translation (NAT) is enabled
for traffic generated by subnets attached to the router
when the traffic is sent to/received from the external network.
false means no NAT is applied for traffic from/to the external network.
It is available when ext-gw-mode extension is enabled. |
| external_fixed_ips | body | array | IP address(es) of the external gateway of the router.
It is a list of IP addresses. Each element of the list
is a dictionary of ip_address and subnet_id. |
| revision_number | body | integer | The revision number of the resource. |
| routes | body | array | The extra routes configuration for L3 router.
A list of dictionaries with destination and nexthop parameters.
It is available when extraroute extension is enabled. |
| destination | body | string | The destination CIDR. |
| nexthop | body | string | The IP address of the next hop for the corresponding destination. The next hop IP address must be a part of one of the subnets to which the router interfaces are connected. |
| distributed | body | boolean | true indicates a distributed router.
It is available when dvr extension is enabled. |
| ha | body | boolean | true indicates a highly-available router.
It is available when l3-ha extension is enabled. |
| availability_zone_hints | body | array | The availability zone candidates for the router.
It is available when router_availability_zone extension is enabled. |
| availability_zones | body | array | The availability zone(s) for the router.
It is available when router_availability_zone extension is enabled. |
{
"router": {
"admin_state_up": true,
"availability_zone_hints": [],
"availability_zones": [
"nova"
],
"description": "",
"distributed": false,
"external_gateway_info": {
"enable_snat": true,
"external_fixed_ips": [
{
"ip_address": "172.24.4.6",
"subnet_id": "b930d7f6-ceb7-40a0-8b81-a425dd994ccf"
}
],
"network_id": "ae34051f-aa6c-4c75-abf5-50dc9ac99ef3"
},
"ha": false,
"id": "f8a44de0-fc8e-45df-93c7-f79bf3b01c95",
"name": "router1",
"revision_number": 3,
"routes": [
{
"destination": "179.24.1.0/24",
"nexthop": "172.24.3.99"
}
],
"status": "ACTIVE",
"project_id": "0bd18306d801447bb457a46252d82d13",
"tenant_id": "0bd18306d801447bb457a46252d82d13"
}
}
Deletes a logical router and, if present, its external gateway interface.
This operation fails if the router has attached interfaces. Use the remove router interface operation to remove all router interfaces before you delete the router.
Normal response codes: 204
Error response codes: 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| router_id | path | string | The ID of the router. |
There is no body content for the response of a successful DELETE request.
Adds an internal interface to a logical router. This means a specified subnet is attached to a router as an internal router interface.
Specify the ID of a subnet or port in the request body:
When you specify an IPv6 subnet, this operation adds the subnet to an existing internal port with same network ID, on the router. If a port with the same network ID does not exist, this operation creates a port on the router for that subnet.
The limitation of one IPv4 subnet per router port remains, though a port can contain any number of IPv6 subnets that belong to the same network ID.
When you use the port-create command to add a port and then
call router-interface-add with this port ID, this operation
adds the port to the router if the following conditions are met:
If you specify both subnet ID and port ID,
this operation returns the Bad Request (400) response code.
If the port is already in use, this operation returns the
Conflict (409) response code.
This operation returns a port ID that is either:
After you run this operation, the operation sets:
device_id attribute of this port to the router IDdevice_owner attribute to network:router_interfaceNormal response codes: 200
Error response codes: 400, 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| router_id | path | string | The ID of the router. |
| subnet_id (Optional) | body | string | The ID of the subnet.
One of subnet_id or port_id must be specified. |
| port_id (Optional) | body | string | The ID of the port.
One of subnet_id or port_id must be specified. |
{
"subnet_id": "a2f1f29d-571b-4533-907f-5803ab96ead1"
}
or
{
"port_id": "2dc46bcc-d1f2-4077-b99e-91ee28afaff0"
}
| Name | In | Type | Description |
|---|---|---|---|
| id | body | string | The ID of the router. |
| subnet_id | body | string | The ID of the subnet which the router interface belongs to. |
| subnet_ids | body | array | A list of the ID of the subnet which the router interface belongs to. The list contains only one member. |
| tenant_id | body | string | The ID of the project who owns the router interface. |
| project_id | body | string | The ID of the project who owns the router interface. |
| port_id | body | string | The ID of the port which represents the router interface. |
| network_id | body | string | Network ID which the router interface is connected to. |
{
"id": "915a14a6-867b-4af7-83d1-70efceb146f9",
"network_id": "91c013e2-d65a-474e-9177-c3e1799ca726",
"port_id": "2dc46bcc-d1f2-4077-b99e-91ee28afaff0",
"subnet_id": "a2f1f29d-571b-4533-907f-5803ab96ead1",
"subnet_ids": [
"a2f1f29d-571b-4533-907f-5803ab96ead1"
],
"project_id": "0bd18306d801447bb457a46252d82d13",
"tenant_id": "0bd18306d801447bb457a46252d82d13"
}
Deletes an internal interface from a logical router.
This operation deletes an internal router interface, which detaches a subnet from the router. If this subnet ID is the last subnet on the port, this operation deletes the port itself. You must specify either a subnet ID or port ID in the request body; the operation uses this value to identify which router interface to deletes.
You can also specify both a subnet ID and port ID. If you
specify both IDs, the subnet ID must correspond to the subnet
ID of the first IP address on the port. Otherwise, this operation
returns the Conflict (409) response code with information about
the affected router and interface.
If you try to delete the router interface for subnets that are used
by one or more routes, this operation returns the Conflict (409)
response. In this case, you first need to delete such routes from
the router.
If the router or the subnet and port do not exist or are not
visible to you, this operation returns the Not Found (404)
response code. As a consequence of this operation, the operation
removes the port connecting the router with the subnet from the
subnet for the network.
Normal response codes: 200
Error response codes: 400, 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| router_id | path | string | The ID of the router. |
| subnet_id (Optional) | body | string | The ID of the subnet.
One of subnet_id or port_id must be specified. |
| port_id (Optional) | body | string | The ID of the port.
One of subnet_id or port_id must be specified. |
{
"subnet_id": "a2f1f29d-571b-4533-907f-5803ab96ead1"
}
or
{
"port_id": "2dc46bcc-d1f2-4077-b99e-91ee28afaff0"
}
| Name | In | Type | Description |
|---|---|---|---|
| id | body | string | The ID of the router. |
| subnet_id | body | string | The ID of the subnet which the router interface belongs to. |
| subnet_ids | body | array | A list of the ID of the subnet which the router interface belongs to. The list contains only one member. |
| tenant_id | body | string | The ID of the project who owns the router interface. |
| project_id | body | string | The ID of the project who owns the router interface. |
| port_id | body | string | The ID of the port which represents the router interface. |
| network_id | body | string | Network ID which the router interface is connected to. |
{
"id": "915a14a6-867b-4af7-83d1-70efceb146f9",
"network_id": "91c013e2-d65a-474e-9177-c3e1799ca726",
"port_id": "a5b7d209-dc02-4c46-a51f-805eadd3de64",
"subnet_id": "4e5fe97c-82bc-432e-87d8-06d7e157dffa",
"subnet_ids": [
"4e5fe97c-82bc-432e-87d8-06d7e157dffa"
],
"project_id": "0bd18306d801447bb457a46252d82d13",
"tenant_id": "0bd18306d801447bb457a46252d82d13"
}
Lists, creates, shows details for, updates, and deletes subnet pools.
Shows information for a subnet pool.
Use the fields query parameter to control which fields are returned in the response body.
Additionally, you can filter results by using query string parameters.
For information, see Filtering and Column Selection.
Normal response codes: 200
Error response codes: 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| subnetpool_id | path | string | The UUID of the subnet pool. |
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| subnetpool | body | object | A subnetpool object. |
| id | body | string | The ID of the subnet. |
| name | body | string | Human-readable name of the resource. |
| default_quota (Optional) | body | integer | A per-project quota on the prefix space that can
be allocated from the subnet pool for project subnets. Default is
no quota is enforced on allocations from the subnet pool. For IPv4
subnet pools, default_quota is measured in units of /32. For
IPv6 subnet pools, default_quota is measured units of /64. All
projects that use the subnet pool have the same prefix quota
applied. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| created_at | body | string | Time at which port has been created. |
| updated_at | body | string | Time at which port has been updated. |
| prefixes | body | array | A list of subnet prefixes to assign to the subnet pool. The API merges adjacent prefixes and treats them as a single prefix. Each subnet prefix must be unique among all subnet prefixes in all subnet pools that are associated with the address scope. |
| min_prefixlen (Optional) | body | integer | The smallest prefix that can be allocated from a
subnet pool. For IPv4 subnet pools, default is 8. For IPv6
subnet pools, default is 64. |
| address_scope_id (Optional) | body | string | An address scope to assign to the subnet pool. |
| ip_version (Optional) | body | integer | The IP protocol version. Valid value is 4 or
6. Default is 4. |
| shared (Optional) | body | boolean | Admin-only. Indicates whether this network is shared across all projects. |
| default_prefixlen (Optional) | body | integer | The size of the prefix to allocate when the
cidr or prefixlen attributes are omitted when you create
the subnet. Default is min_prefixlen. |
| max_prefixlen (Optional) | body | integer | The maximum prefix size that can be allocated
from the subnet pool. For IPv4 subnet pools, default is 32.
For IPv6 subnet pools, default is 128. |
| description | body | string | A human-readable description for the resource. |
| is_default | body | boolean | The subnetpool is default pool or not. |
| revision_number | body | integer | The revision number of the resource. |
{
"subnetpool": {
"min_prefixlen": "64",
"address_scope_id": null,
"default_prefixlen": "64",
"id": "03f761e6-eee0-43fc-a921-8acf64c14988",
"max_prefixlen": "64",
"name": "my-subnet-pool",
"default_quota": null,
"is_default": false,
"project_id": "9fadcee8aa7c40cdb2114fff7d569c08",
"tenant_id": "9fadcee8aa7c40cdb2114fff7d569c08",
"created_at": "2016-03-08T20:19:41",
"prefixes": [
"2001:db8:0:2::/64",
"2001:db8::/63"
],
"updated_at": "2016-03-08T20:19:41",
"ip_version": 6,
"shared": false,
"description": "",
"revision_number": 2
}
}
Updates a subnet pool.
Normal response codes: 200
Error response codes: 400, 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| subnetpool_id | path | string | The UUID of the subnet pool. |
| subnetpool | body | object | A subnetpool object. |
| name | body | string | Human-readable name of the resource. |
| default_quota (Optional) | body | integer | A per-project quota on the prefix space that can
be allocated from the subnet pool for project subnets. Default is
no quota is enforced on allocations from the subnet pool. For IPv4
subnet pools, default_quota is measured in units of /32. For
IPv6 subnet pools, default_quota is measured units of /64. All
projects that use the subnet pool have the same prefix quota
applied. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| prefixes | body | array | A list of subnet prefixes to assign to the subnet pool. The API merges adjacent prefixes and treats them as a single prefix. Each subnet prefix must be unique among all subnet prefixes in all subnet pools that are associated with the address scope. |
| min_prefixlen (Optional) | body | integer | The smallest prefix that can be allocated from a
subnet pool. For IPv4 subnet pools, default is 8. For IPv6
subnet pools, default is 64. |
| address_scope_id (Optional) | body | string | An address scope to assign to the subnet pool. |
| default_prefixlen (Optional) | body | integer | The size of the prefix to allocate when the
cidr or prefixlen attributes are omitted when you create
the subnet. Default is min_prefixlen. |
| max_prefixlen (Optional) | body | integer | The maximum prefix size that can be allocated
from the subnet pool. For IPv4 subnet pools, default is 32.
For IPv6 subnet pools, default is 128. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
{
"subnetpool": {
"name": "my-new-subnetpool-name",
"prefixes": [
"2001:db8::/64",
"2001:db8:0:1::/64",
"2001:db8:0:2::/64"
],
"min_prefixlen": 64,
"default_prefixlen": 64,
"max_prefixlen": 64
}
}
| Name | In | Type | Description |
|---|---|---|---|
| subnetpool | body | object | A subnetpool object. |
| id | body | string | The ID of the subnet. |
| name | body | string | Human-readable name of the resource. |
| default_quota (Optional) | body | integer | A per-project quota on the prefix space that can
be allocated from the subnet pool for project subnets. Default is
no quota is enforced on allocations from the subnet pool. For IPv4
subnet pools, default_quota is measured in units of /32. For
IPv6 subnet pools, default_quota is measured units of /64. All
projects that use the subnet pool have the same prefix quota
applied. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| created_at | body | string | Time at which port has been created. |
| updated_at | body | string | Time at which port has been updated. |
| prefixes | body | array | A list of subnet prefixes to assign to the subnet pool. The API merges adjacent prefixes and treats them as a single prefix. Each subnet prefix must be unique among all subnet prefixes in all subnet pools that are associated with the address scope. |
| min_prefixlen (Optional) | body | integer | The smallest prefix that can be allocated from a
subnet pool. For IPv4 subnet pools, default is 8. For IPv6
subnet pools, default is 64. |
| address_scope_id (Optional) | body | string | An address scope to assign to the subnet pool. |
| ip_version (Optional) | body | integer | The IP protocol version. Valid value is 4 or
6. Default is 4. |
| shared (Optional) | body | boolean | Admin-only. Indicates whether this network is shared across all projects. |
| default_prefixlen (Optional) | body | integer | The size of the prefix to allocate when the
cidr or prefixlen attributes are omitted when you create
the subnet. Default is min_prefixlen. |
| max_prefixlen (Optional) | body | integer | The maximum prefix size that can be allocated
from the subnet pool. For IPv4 subnet pools, default is 32.
For IPv6 subnet pools, default is 128. |
| description | body | string | A human-readable description for the resource. |
| is_default | body | boolean | The subnetpool is default pool or not. |
| revision_number | body | integer | The revision number of the resource. |
{
"subnetpool": {
"name": "my-new-subnetpool-name",
"default_quota": null,
"is_default": false,
"project_id": "9fadcee8aa7c40cdb2114fff7d569c08",
"tenant_id": "9fadcee8aa7c40cdb2114fff7d569c08",
"prefixes": [
"2001:db8::/63",
"2001:db8:0:2::/64"
],
"min_prefixlen": 64,
"address_scope_id": null,
"ip_version": 6,
"shared": false,
"default_prefixlen": 64,
"id": "03f761e6-eee0-43fc-a921-8acf64c14988",
"max_prefixlen": 64,
"description": "",
"revision_number": 2
}
}
Deletes a subnet pool.
The operation fails if any subnets allocated from the subnet pool are still in use.
Normal response codes: 204
Error response codes: 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| subnetpool_id | path | string | The UUID of the subnet pool. |
There is no body content for the response of a successful DELETE request.
Lists subnet pools that the project has access to.
Default policy settings return only the subnet pools owned by the project of the user submitting the request, unless the user has administrative role.
Use the fields query parameter to control which fields are returned in the response body.
Additionally, you can filter results by using query string parameters.
For information, see Filtering and Column Selection.
Normal response codes: 200
Error response codes: 401
| Name | In | Type | Description |
|---|---|---|---|
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| subnetpools | body | array | A list of subnetpool objects. |
| id | body | string | The ID of the subnet. |
| name | body | string | Human-readable name of the resource. |
| default_quota (Optional) | body | integer | A per-project quota on the prefix space that can
be allocated from the subnet pool for project subnets. Default is
no quota is enforced on allocations from the subnet pool. For IPv4
subnet pools, default_quota is measured in units of /32. For
IPv6 subnet pools, default_quota is measured units of /64. All
projects that use the subnet pool have the same prefix quota
applied. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| created_at | body | string | Time at which port has been created. |
| updated_at | body | string | Time at which port has been updated. |
| prefixes | body | array | A list of subnet prefixes to assign to the subnet pool. The API merges adjacent prefixes and treats them as a single prefix. Each subnet prefix must be unique among all subnet prefixes in all subnet pools that are associated with the address scope. |
| min_prefixlen (Optional) | body | integer | The smallest prefix that can be allocated from a
subnet pool. For IPv4 subnet pools, default is 8. For IPv6
subnet pools, default is 64. |
| address_scope_id (Optional) | body | string | An address scope to assign to the subnet pool. |
| ip_version (Optional) | body | integer | The IP protocol version. Valid value is 4 or
6. Default is 4. |
| shared (Optional) | body | boolean | Admin-only. Indicates whether this network is shared across all projects. |
| default_prefixlen (Optional) | body | integer | The size of the prefix to allocate when the
cidr or prefixlen attributes are omitted when you create
the subnet. Default is min_prefixlen. |
| max_prefixlen (Optional) | body | integer | The maximum prefix size that can be allocated
from the subnet pool. For IPv4 subnet pools, default is 32.
For IPv6 subnet pools, default is 128. |
| description | body | string | A human-readable description for the resource. |
| is_default | body | boolean | The subnetpool is default pool or not. |
| revision_number | body | integer | The revision number of the resource. |
{
"subnetpools": [
{
"min_prefixlen": "64",
"address_scope_id": null,
"default_prefixlen": "64",
"id": "03f761e6-eee0-43fc-a921-8acf64c14988",
"max_prefixlen": "64",
"name": "my-subnet-pool-ipv6",
"default_quota": null,
"is_default": false,
"project_id": "9fadcee8aa7c40cdb2114fff7d569c08",
"tenant_id": "9fadcee8aa7c40cdb2114fff7d569c08",
"prefixes": [
"2001:db8:0:2::/64",
"2001:db8::/63"
],
"ip_version": 6,
"shared": false,
"description": "",
"revision_number": 2
},
{
"min_prefixlen": "24",
"address_scope_id": null,
"default_prefixlen": "25",
"id": "f49a1319-423a-4ee6-ba54-1d95a4f6cc68",
"max_prefixlen": "30",
"name": "my-subnet-pool-ipv4",
"default_quota": null,
"is_default": false,
"project_id": "9fadcee8aa7c40cdb2114fff7d569c08",
"tenant_id": "9fadcee8aa7c40cdb2114fff7d569c08",
"prefixes": [
"10.10.0.0/21",
"192.168.0.0/16"
],
"ip_version": 4,
"shared": false,
"description": "",
"revision_number": 2
}
]
}
Creates a subnet pool.
Normal response codes: 201
Error response codes: 400, 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| subnetpool | body | object | A subnetpool object. |
| name | body | string | Human-readable name of the resource. |
| default_quota (Optional) | body | integer | A per-project quota on the prefix space that can
be allocated from the subnet pool for project subnets. Default is
no quota is enforced on allocations from the subnet pool. For IPv4
subnet pools, default_quota is measured in units of /32. For
IPv6 subnet pools, default_quota is measured units of /64. All
projects that use the subnet pool have the same prefix quota
applied. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| prefixes | body | array | A list of subnet prefixes to assign to the subnet pool. The API merges adjacent prefixes and treats them as a single prefix. Each subnet prefix must be unique among all subnet prefixes in all subnet pools that are associated with the address scope. |
| min_prefixlen (Optional) | body | integer | The smallest prefix that can be allocated from a
subnet pool. For IPv4 subnet pools, default is 8. For IPv6
subnet pools, default is 64. |
| address_scope_id (Optional) | body | string | An address scope to assign to the subnet pool. |
| shared (Optional) | body | boolean | Admin-only. Indicates whether this network is shared across all projects. |
| default_prefixlen (Optional) | body | integer | The size of the prefix to allocate when the
cidr or prefixlen attributes are omitted when you create
the subnet. Default is min_prefixlen. |
| max_prefixlen (Optional) | body | integer | The maximum prefix size that can be allocated
from the subnet pool. For IPv4 subnet pools, default is 32.
For IPv6 subnet pools, default is 128. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
{
"subnetpool": {
"name": "my-subnet-pool",
"prefixes": [
"192.168.0.0/16",
"10.10.0.0/21"
],
"default_prefixlen": 25,
"min_prefixlen": 24,
"max_prefixlen": 30,
"shared": "false"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| subnetpool | body | object | A subnetpool object. |
| id | body | string | The ID of the subnet. |
| name | body | string | Human-readable name of the resource. |
| default_quota (Optional) | body | integer | A per-project quota on the prefix space that can
be allocated from the subnet pool for project subnets. Default is
no quota is enforced on allocations from the subnet pool. For IPv4
subnet pools, default_quota is measured in units of /32. For
IPv6 subnet pools, default_quota is measured units of /64. All
projects that use the subnet pool have the same prefix quota
applied. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| created_at | body | string | Time at which port has been created. |
| updated_at | body | string | Time at which port has been updated. |
| prefixes | body | array | A list of subnet prefixes to assign to the subnet pool. The API merges adjacent prefixes and treats them as a single prefix. Each subnet prefix must be unique among all subnet prefixes in all subnet pools that are associated with the address scope. |
| min_prefixlen (Optional) | body | integer | The smallest prefix that can be allocated from a
subnet pool. For IPv4 subnet pools, default is 8. For IPv6
subnet pools, default is 64. |
| address_scope_id (Optional) | body | string | An address scope to assign to the subnet pool. |
| ip_version (Optional) | body | integer | The IP protocol version. Valid value is 4 or
6. Default is 4. |
| shared (Optional) | body | boolean | Admin-only. Indicates whether this network is shared across all projects. |
| default_prefixlen (Optional) | body | integer | The size of the prefix to allocate when the
cidr or prefixlen attributes are omitted when you create
the subnet. Default is min_prefixlen. |
| max_prefixlen (Optional) | body | integer | The maximum prefix size that can be allocated
from the subnet pool. For IPv4 subnet pools, default is 32.
For IPv6 subnet pools, default is 128. |
| description | body | string | A human-readable description for the resource. |
| is_default | body | boolean | The subnetpool is default pool or not. |
| revision_number | body | integer | The revision number of the resource. |
{
"subnetpool": {
"address_scope_id": null,
"default_prefixlen": 25,
"default_quota": null,
"description": "",
"id": "f49a1319-423a-4ee6-ba54-1d95a4f6cc68",
"ip_version": 4,
"is_default": false,
"max_prefixlen": 30,
"min_prefixlen": 24,
"name": "my-subnet-pool",
"prefixes": [
"10.10.0.0/21",
"192.168.0.0/16"
],
"project_id": "9fadcee8aa7c40cdb2114fff7d569c08",
"revision_number": 1,
"shared": false,
"tenant_id": "9fadcee8aa7c40cdb2114fff7d569c08"
}
}
Lists, shows details for, creates, updates, and deletes subnet resources.
Lists subnets that the project has access to.
Default policy settings return only subnets owned by the project of the user submitting the request, unless the user has administrative role. You can control which attributes are returned by using the fields query parameter. You can filter results by using query string parameters.
Use the fields query parameter to control which fields are
returned in the response body. Additionally, you can filter results
by using query string parameters. For information, see Filtering
and Column Selection.
Normal response codes: 200
Error response codes: 401
| Name | In | Type | Description |
|---|---|---|---|
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| subnets | body | array | A list of subnet objects. |
| id | body | string | The ID of the subnet. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| name | body | string | Human-readable name of the resource. |
| enable_dhcp | body | boolean | Indicates whether dhcp is enabled or disabled for the subnet. |
| network_id | body | string | The ID of the network to which the subnet belongs. |
| dns_nameservers | body | array | List of dns name servers associated with the subnet. |
| allocation_pools | body | array | Allocation pools with start and end IP addresses
for this subnet. |
| host_routes | body | array | Additional routes for the subnet. A list of dictionaries with
destination and nexthop parameters. |
| ip_version | body | integer | The IP protocol version. Value is 4 or 6. |
| gateway_ip | body | string | Gateway IP of this subnet. If the value is null that implies no
gateway is associated with the subnet. |
| cidr | body | string | The CIDR of the subnet. |
| created_at | body | string | Time at which the subnet has been created. |
| description | body | string | A human-readable description for the resource. |
| ipv6_address_mode | body | string | The IPv6 address modes specifies mechanisms for assigning IP addresses.
Value is slaac, dhcpv6-stateful, dhcpv6-stateless or null. |
| ipv6_ra_mode | body | string | The IPv6 router advertisement specifies whether the networking service
should transmit ICMPv6 packets, for a subnet. Value is slaac,
dhcpv6-stateful, dhcpv6-stateless or null. |
| revision_number | body | integer | The revision number of the resource. |
| segment_id | body | string | The ID of a network segment the subnet is associated with.
It is available when segment extension is enabled. |
| service_types | body | string | The service types associated with the subnet. |
| subnetpool_id | body | string | The ID of the subnet pool associated with the subnet. |
| updated_at | body | string | Time at which the subnet has been updated. |
{
"subnets": [
{
"name": "private-subnet",
"enable_dhcp": true,
"network_id": "db193ab3-96e3-4cb3-8fc5-05f4296d0324",
"segment_id": null,
"project_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
"tenant_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
"dns_nameservers": [],
"allocation_pools": [
{
"start": "10.0.0.2",
"end": "10.0.0.254"
}
],
"host_routes": [],
"ip_version": 4,
"gateway_ip": "10.0.0.1",
"cidr": "10.0.0.0/24",
"id": "08eae331-0402-425a-923c-34f7cfe39c1b",
"created_at": "2016-10-10T14:35:34Z",
"description": "",
"ipv6_address_mode": null,
"ipv6_ra_mode": null,
"revision_number": 2,
"service_types": [],
"subnetpool_id": null,
"updated_at": "2016-10-10T14:35:34Z"
},
{
"name": "my_subnet",
"enable_dhcp": true,
"network_id": "d32019d3-bc6e-4319-9c1d-6722fc136a22",
"segment_id": null,
"project_id": "4fd44f30292945e481c7b8a0c8908869",
"tenant_id": "4fd44f30292945e481c7b8a0c8908869",
"dns_nameservers": [],
"allocation_pools": [
{
"start": "192.0.0.2",
"end": "192.255.255.254"
}
],
"host_routes": [],
"ip_version": 4,
"gateway_ip": "192.0.0.1",
"cidr": "192.0.0.0/8",
"id": "54d6f61d-db07-451c-9ab3-b9609b6b6f0b",
"created_at": "2016-10-10T14:35:47Z",
"description": "",
"ipv6_address_mode": null,
"ipv6_ra_mode": null,
"revision_number": 2,
"service_types": [],
"subnetpool_id": null,
"updated_at": "2016-10-10T14:35:47Z"
}
]
}
Creates a subnet on a network.
OpenStack Networking does not try to derive the correct IP version
from the CIDR. If you do not specify the gateway_ip attribute,
OpenStack Networking allocates an address from the CIDR for the
gateway for the subnet.
To specify a subnet without a gateway, set the gateway_ip
attribute to null in the request body. If you do not specify
the allocation_pools attribute, OpenStack Networking
automatically allocates pools for covering all IP addresses in the
CIDR, excluding the address reserved for the subnet gateway.
Otherwise, you can explicitly specify allocation pools as shown in
the following example.
When you specify both the allocation_pools and gateway_ip
attributes, you must ensure that the gateway IP does not overlap
with the allocation pools; otherwise, the call returns the
Conflict (409) response code.
A subnet can have one or more name servers and host routes. Hosts in this subnet use the name servers. Devices with IP addresses from this subnet, not including the local subnet route, use the host routes.
Specify the ipv6_ra_mode and ipv6_address_mode attributes
to create subnets that support IPv6 configurations, such as
stateless address autoconfiguration (SLAAC), DHCPv6 stateful, and
DHCPv6 stateless configurations.
A subnet can optionally be associated with a network segment when
it is created by specifying the segment_id of a valid segment
on the specified network. A network with subnets associated in this
way is called a routed network. On any given network, all of the
subnets must be associated with segments or none of them can be.
Neutron enforces this invariant. Currently, routed networks are
only supported for provider networks.
Normal response codes: 201
Error response codes: 400, 401, 403, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| subnet | body | string | A subnet object. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| name (Optional) | body | string | Human-readable name of the resource. Default is an empty string. |
| enable_dhcp (Optional) | body | boolean | Indicates whether dhcp is enabled or disabled
for the subnet. Default is true. |
| network_id | body | string | The ID of the network to which the subnet belongs. |
| dns_nameservers (Optional) | body | array | List of dns name servers associated with the subnet. Default is an empty list. |
| allocation_pools (Optional) | body | array | Allocation pools with start and end IP addresses
for this subnet. If allocation_pools are not specified, OpenStack
Networking automatically allocates pools for covering all IP addresses
in the CIDR, excluding the address reserved for the subnet gateway by
default. |
| host_routes (Optional) | body | array | Additional routes for the subnet. A list of dictionaries with
destination and nexthop parameters. Default value is
an empty list. |
| ip_version | body | integer | The IP protocol version. Value is 4 or 6. |
| gateway_ip (Optional) | body | string | Gateway IP of this subnet. If the value is null that implies no
gateway is associated with the subnet. If the gateway_ip is not
specified, OpenStack Networking allocates an address from the CIDR
for the gateway for the subnet by default. |
| cidr | body | string | The CIDR of the subnet. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
| ipv6_address_mode (Optional) | body | string | The IPv6 address modes specifies mechanisms for assigning IP addresses.
Value is slaac, dhcpv6-stateful, dhcpv6-stateless. |
| ipv6_ra_mode (Optional) | body | string | The IPv6 router advertisement specifies whether the networking service
should transmit ICMPv6 packets, for a subnet. Value is slaac,
dhcpv6-stateful, dhcpv6-stateless. |
| segment_id (Optional) | body | string | The ID of a network segment the subnet is associated with.
It is available when segment extension is enabled. |
| subnetpool_id (Optional) | body | string | The ID of the subnet pool associated with the subnet. |
{
"subnet": {
"network_id": "d32019d3-bc6e-4319-9c1d-6722fc136a22",
"ip_version": 4,
"cidr": "192.168.199.0/24"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| subnet | body | string | A subnet object. |
| id | body | string | The ID of the subnet. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| name | body | string | Human-readable name of the resource. |
| enable_dhcp | body | boolean | Indicates whether dhcp is enabled or disabled for the subnet. |
| network_id | body | string | The ID of the network to which the subnet belongs. |
| dns_nameservers | body | array | List of dns name servers associated with the subnet. |
| allocation_pools | body | array | Allocation pools with start and end IP addresses
for this subnet. |
| host_routes | body | array | Additional routes for the subnet. A list of dictionaries with
destination and nexthop parameters. |
| ip_version | body | integer | The IP protocol version. Value is 4 or 6. |
| gateway_ip | body | string | Gateway IP of this subnet. If the value is null that implies no
gateway is associated with the subnet. |
| cidr | body | string | The CIDR of the subnet. |
| created_at | body | string | Time at which the subnet has been created. |
| description | body | string | A human-readable description for the resource. |
| ipv6_address_mode | body | string | The IPv6 address modes specifies mechanisms for assigning IP addresses.
Value is slaac, dhcpv6-stateful, dhcpv6-stateless or null. |
| ipv6_ra_mode | body | string | The IPv6 router advertisement specifies whether the networking service
should transmit ICMPv6 packets, for a subnet. Value is slaac,
dhcpv6-stateful, dhcpv6-stateless or null. |
| revision_number | body | integer | The revision number of the resource. |
| service_types | body | string | The service types associated with the subnet. |
| subnetpool_id | body | string | The ID of the subnet pool associated with the subnet. |
| segment_id | body | string | The ID of a network segment the subnet is associated with.
It is available when segment extension is enabled. |
| updated_at | body | string | Time at which the subnet has been updated. |
{
"subnet": {
"name": "",
"enable_dhcp": true,
"network_id": "d32019d3-bc6e-4319-9c1d-6722fc136a22",
"segment_id": null,
"project_id": "4fd44f30292945e481c7b8a0c8908869",
"tenant_id": "4fd44f30292945e481c7b8a0c8908869",
"dns_nameservers": [],
"allocation_pools": [
{
"start": "192.168.199.2",
"end": "192.168.199.254"
}
],
"host_routes": [],
"ip_version": 4,
"gateway_ip": "192.168.199.1",
"cidr": "192.168.199.0/24",
"id": "3b80198d-4f7b-4f77-9ef5-774d54e17126",
"created_at": "2016-10-10T14:35:47Z",
"description": "",
"ipv6_address_mode": null,
"ipv6_ra_mode": null,
"revision_number": 1,
"service_types": [],
"subnetpool_id": null,
"updated_at": "2016-10-10T14:35:47Z"
}
}
Creates multiple subnets in a single request. Specify a list of subnets in the request body.
The bulk create operation is always atomic. Either all or no subnets in the request body are created.
Normal response codes: 201
Error response codes: 400, 401, 403, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| subnets | body | array | A list of subnet objects. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| name (Optional) | body | string | Human-readable name of the resource. Default is an empty string. |
| enable_dhcp (Optional) | body | boolean | Indicates whether dhcp is enabled or disabled
for the subnet. Default is true. |
| network_id | body | string | The ID of the network to which the subnet belongs. |
| dns_nameservers (Optional) | body | array | List of dns name servers associated with the subnet. Default is an empty list. |
| allocation_pools (Optional) | body | array | Allocation pools with start and end IP addresses
for this subnet. If allocation_pools are not specified, OpenStack
Networking automatically allocates pools for covering all IP addresses
in the CIDR, excluding the address reserved for the subnet gateway by
default. |
| host_routes (Optional) | body | array | Additional routes for the subnet. A list of dictionaries with
destination and nexthop parameters. Default value is
an empty list. |
| ip_version | body | integer | The IP protocol version. Value is 4 or 6. |
| gateway_ip (Optional) | body | string | Gateway IP of this subnet. If the value is null that implies no
gateway is associated with the subnet. If the gateway_ip is not
specified, OpenStack Networking allocates an address from the CIDR
for the gateway for the subnet by default. |
| cidr | body | string | The CIDR of the subnet. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
| ipv6_address_mode (Optional) | body | string | The IPv6 address modes specifies mechanisms for assigning IP addresses.
Value is slaac, dhcpv6-stateful, dhcpv6-stateless. |
| ipv6_ra_mode (Optional) | body | string | The IPv6 router advertisement specifies whether the networking service
should transmit ICMPv6 packets, for a subnet. Value is slaac,
dhcpv6-stateful, dhcpv6-stateless. |
| segment_id (Optional) | body | string | The ID of a network segment the subnet is associated with.
It is available when segment extension is enabled. |
| subnetpool_id (Optional) | body | string | The ID of the subnet pool associated with the subnet. |
{
"subnets": [
{
"cidr": "192.168.199.0/24",
"ip_version": 4,
"network_id": "e6031bc2-901a-4c66-82da-f4c32ed89406"
},
{
"cidr": "10.56.4.0/22",
"ip_version": 4,
"network_id": "64239a54-dcc4-4b39-920b-b37c2144effa"
}
]
}
| Name | In | Type | Description |
|---|---|---|---|
| subnets | body | array | A list of subnet objects. |
| id | body | string | The ID of the subnet. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| name | body | string | Human-readable name of the resource. |
| enable_dhcp | body | boolean | Indicates whether dhcp is enabled or disabled for the subnet. |
| network_id | body | string | The ID of the network to which the subnet belongs. |
| dns_nameservers | body | array | List of dns name servers associated with the subnet. |
| allocation_pools | body | array | Allocation pools with start and end IP addresses
for this subnet. |
| host_routes | body | array | Additional routes for the subnet. A list of dictionaries with
destination and nexthop parameters. |
| ip_version | body | integer | The IP protocol version. Value is 4 or 6. |
| gateway_ip | body | string | Gateway IP of this subnet. If the value is null that implies no
gateway is associated with the subnet. |
| cidr | body | string | The CIDR of the subnet. |
| created_at | body | string | Time at which the subnet has been created. |
| description | body | string | A human-readable description for the resource. |
| ipv6_address_mode | body | string | The IPv6 address modes specifies mechanisms for assigning IP addresses.
Value is slaac, dhcpv6-stateful, dhcpv6-stateless or null. |
| ipv6_ra_mode | body | string | The IPv6 router advertisement specifies whether the networking service
should transmit ICMPv6 packets, for a subnet. Value is slaac,
dhcpv6-stateful, dhcpv6-stateless or null. |
| revision_number | body | integer | The revision number of the resource. |
| segment_id | body | string | The ID of a network segment the subnet is associated with.
It is available when segment extension is enabled. |
| service_types | body | string | The service types associated with the subnet. |
| subnetpool_id | body | string | The ID of the subnet pool associated with the subnet. |
| updated_at | body | string | Time at which the subnet has been updated. |
{
"subnets": [
{
"allocation_pools": [
{
"end": "192.168.199.254",
"start": "192.168.199.2"
}
],
"cidr": "192.168.199.0/24",
"dns_nameservers": [],
"enable_dhcp": true,
"gateway_ip": "192.168.199.1",
"host_routes": [],
"id": "0468a7a7-290d-4127-aedd-6c9449775a24",
"ip_version": 4,
"name": "",
"network_id": "e6031bc2-901a-4c66-82da-f4c32ed89406",
"segment_id": null,
"project_id": "d19231fc08ec4bc4829b668040d34512",
"tenant_id": "d19231fc08ec4bc4829b668040d34512",
"created_at": "2016-10-10T14:35:47Z",
"description": "",
"ipv6_address_mode": null,
"ipv6_ra_mode": null,
"revision_number": 1,
"service_types": [],
"subnetpool_id": null,
"updated_at": "2016-10-10T14:35:47Z"
},
{
"allocation_pools": [
{
"end": "10.56.7.254",
"start": "10.56.4.2"
}
],
"cidr": "10.56.4.0/22",
"dns_nameservers": [],
"enable_dhcp": true,
"gateway_ip": "10.56.4.1",
"host_routes": [],
"id": "b0e7435c-1512-45fb-aa9e-9a7c5932fb30",
"ip_version": 4,
"name": "",
"network_id": "64239a54-dcc4-4b39-920b-b37c2144effa",
"segment_id": null,
"project_id": "d19231fc08ec4bc4829b668040d34512",
"tenant_id": "d19231fc08ec4bc4829b668040d34512",
"created_at": "2016-10-10T14:35:34Z",
"description": "",
"ipv6_address_mode": null,
"ipv6_ra_mode": null,
"revision_number": 1,
"service_types": [],
"subnetpool_id": null,
"updated_at": "2016-10-10T14:35:34Z"
}
]
}
Shows details for a subnet.
Use the fields query parameter to filter the results.
Normal response codes: 200
Error response codes: 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| subnet_id | path | string | The ID of the subnet. |
| Name | In | Type | Description |
|---|---|---|---|
| subnet | body | string | A subnet object. |
| id | body | string | The ID of the subnet. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| created_at | body | string | Time at which the subnet has been created. |
| name | body | string | Human-readable name of the resource. |
| enable_dhcp | body | boolean | Indicates whether dhcp is enabled or disabled for the subnet. |
| network_id | body | string | The ID of the network to which the subnet belongs. |
| dns_nameservers | body | array | List of dns name servers associated with the subnet. |
| allocation_pools | body | array | Allocation pools with start and end IP addresses
for this subnet. |
| host_routes | body | array | Additional routes for the subnet. A list of dictionaries with
destination and nexthop parameters. |
| ip_version | body | integer | The IP protocol version. Value is 4 or 6. |
| gateway_ip | body | string | Gateway IP of this subnet. If the value is null that implies no
gateway is associated with the subnet. |
| cidr | body | string | The CIDR of the subnet. |
| updated_at | body | string | Time at which the subnet has been updated. |
| description | body | string | A human-readable description for the resource. |
| ipv6_address_mode | body | string | The IPv6 address modes specifies mechanisms for assigning IP addresses.
Value is slaac, dhcpv6-stateful, dhcpv6-stateless or null. |
| ipv6_ra_mode | body | string | The IPv6 router advertisement specifies whether the networking service
should transmit ICMPv6 packets, for a subnet. Value is slaac,
dhcpv6-stateful, dhcpv6-stateless or null. |
| revision_number | body | integer | The revision number of the resource. |
| segment_id | body | string | The ID of a network segment the subnet is associated with.
It is available when segment extension is enabled. |
| service_types | body | string | The service types associated with the subnet. |
| subnetpool_id | body | string | The ID of the subnet pool associated with the subnet. |
{
"subnet": {
"name": "my_subnet",
"enable_dhcp": true,
"network_id": "d32019d3-bc6e-4319-9c1d-6722fc136a22",
"segment_id": null,
"project_id": "4fd44f30292945e481c7b8a0c8908869",
"tenant_id": "4fd44f30292945e481c7b8a0c8908869",
"created_at": "2016-03-08T20:19:41",
"dns_nameservers": [],
"allocation_pools": [
{
"start": "192.0.0.2",
"end": "192.255.255.254"
}
],
"host_routes": [],
"ip_version": 4,
"gateway_ip": "192.0.0.1",
"cidr": "192.0.0.0/8",
"updated_at": "2016-03-08T20:19:41",
"id": "54d6f61d-db07-451c-9ab3-b9609b6b6f0b",
"description": "",
"ipv6_address_mode": null,
"ipv6_ra_mode": null,
"revision_number": 2,
"service_types": [],
"subnetpool_id": null
}
}
Updates a subnet.
Some attributes, such as IP version (ip_version), CIDR (cidr), and
segment (segment_id) cannot be updated. Attempting to update these
attributes results in a 400 Bad Request error.
Normal response codes: 200
Error response codes: 400, 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| subnet_id | path | string | The ID of the subnet. |
| name (Optional) | body | string | Human-readable name of the resource. |
| enable_dhcp (Optional) | body | boolean | Indicates whether dhcp is enabled or disabled
for the subnet. Default is true. |
| dns_nameservers (Optional) | body | array | List of dns name servers associated with the subnet. Default is an empty list. |
| allocation_pools (Optional) | body | array | Allocation pools with start and end IP addresses
for this subnet. If allocation_pools are not specified, OpenStack
Networking automatically allocates pools for covering all IP addresses
in the CIDR, excluding the address reserved for the subnet gateway by
default. |
| host_routes (Optional) | body | array | Additional routes for the subnet. A list of dictionaries with
destination and nexthop parameters. Default value is
an empty list. |
| gateway_ip (Optional) | body | string | Gateway IP of this subnet. If the value is null that implies no
gateway is associated with the subnet. If the gateway_ip is not
specified, OpenStack Networking allocates an address from the CIDR
for the gateway for the subnet by default. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
{
"subnet": {
"name": "my_subnet"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| subnet | body | string | A subnet object. |
| id | body | string | The ID of the subnet. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| name | body | string | Human-readable name of the resource. |
| enable_dhcp | body | boolean | Indicates whether dhcp is enabled or disabled for the subnet. |
| network_id | body | string | The ID of the network to which the subnet belongs. |
| dns_nameservers | body | array | List of dns name servers associated with the subnet. |
| allocation_pools | body | array | Allocation pools with start and end IP addresses
for this subnet. |
| host_routes | body | array | Additional routes for the subnet. A list of dictionaries with
destination and nexthop parameters. |
| ip_version | body | integer | The IP protocol version. Value is 4 or 6. |
| gateway_ip | body | string | Gateway IP of this subnet. If the value is null that implies no
gateway is associated with the subnet. |
| cidr | body | string | The CIDR of the subnet. |
| created_at | body | string | Time at which the subnet has been created. |
| description | body | string | A human-readable description for the resource. |
| ipv6_address_mode | body | string | The IPv6 address modes specifies mechanisms for assigning IP addresses.
Value is slaac, dhcpv6-stateful, dhcpv6-stateless or null. |
| ipv6_ra_mode | body | string | The IPv6 router advertisement specifies whether the networking service
should transmit ICMPv6 packets, for a subnet. Value is slaac,
dhcpv6-stateful, dhcpv6-stateless or null. |
| revision_number | body | integer | The revision number of the resource. |
| segment_id | body | string | The ID of a network segment the subnet is associated with.
It is available when segment extension is enabled. |
| service_types | body | string | The service types associated with the subnet. |
| subnetpool_id | body | string | The ID of the subnet pool associated with the subnet. |
| updated_at | body | string | Time at which the subnet has been updated. |
{
"subnet": {
"name": "my_subnet",
"enable_dhcp": true,
"network_id": "db193ab3-96e3-4cb3-8fc5-05f4296d0324",
"revision_number": 1,
"segment_id": null,
"project_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
"tenant_id": "26a7980765d0414dbc1fc1f88cdb7e6e",
"dns_nameservers": [],
"allocation_pools": [
{
"start": "10.0.0.2",
"end": "10.0.0.254"
}
],
"host_routes": [],
"ip_version": 4,
"gateway_ip": "10.0.0.1",
"cidr": "10.0.0.0/24",
"id": "08eae331-0402-425a-923c-34f7cfe39c1b",
"description": ""
}
}
Deletes a subnet.
The operation fails if subnet IP addresses are still allocated.
Normal response codes: 204
Error response codes: 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| subnet_id | path | string | The ID of the subnet. |
There is no body content for the response of a successful DELETE request.
Note
While FWaaS v1.0 is still maintained, new features will be implemented in FWaaS v2.0 API.
Use the Firewall-as-a-Service (FWaaS) v1.0 extension to deploy firewalls to protect your networks.
The FWaaS extension enables you to:
This extension introduces these resources:
firewall. A logical firewall resource that a project can
instantiate and manage. A firewall can have one firewall policy.firewall_policy. An ordered collection of firewall rules. You
can share a firewall policy across projects. You can include a
firewall policy as part of an audit workflow so that an
authorized relevant entity can audit the firewall policy. This
entity can differ from the user who created, or the projects
that use, the firewall policy.firewall_rule. A collection of attributes, such as ports and
IP addresses. These attributes define match criteria and an
action to take, such as allow or deny, on matched data traffic.Lists all firewall policies.
Use the fields query parameter to control which fields are
returned in the response body. Additionally, you can filter results
by using query string parameters. For information, see Filtering
and Column Selection.
Normal response codes: 200
Error response codes: 401, 403
| Name | In | Type | Description |
|---|---|---|---|
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| tenant_id | body | string | The ID of the project. |
| firewall_policies | body | array | A list of firewall_policy objects. |
| audited | body | boolean | Each time that the firewall policy or its
associated rules are changed, the API sets this attribute to
false. To audit the policy, explicitly set this attribute to
true. |
| description | body | string | A human-readable description for the resource. |
| firewall_rules | body | array | A list of the IDs for firewall rule associated with the firewall policy. |
| id | body | string | The ID of the policy that is associated with the firewall. |
| name | body | string | Human-readable name of the resource. |
| shared | body | boolean | Admin-only. Indicates whether this network is shared across all tenants. |
| project_id | body | string | The ID of the project. |
{
"firewall_policies": [
{
"audited": false,
"description": "",
"firewall_rules": [
"8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
],
"id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"name": "test-policy",
"shared": false,
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
]
}
Creates a firewall policy.
Normal response codes: 201
Error response codes: 400, 401
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy | body | object | A firewall_policy object. |
| firewall_rules_id (Optional) | body | array | A list of rules to associate with the firewall policy. |
| name | body | string | Human-readable name of the resource. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| shared (Optional) | body | boolean | Admin-only. Indicates whether this network is shared across all projects. |
| audited | body | boolean | Each time that the firewall policy or its
associated rules are changed, the API sets this attribute to
false. To audit the policy, explicitly set this attribute to
true. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
{
"firewall_policy": {
"firewall_rules": [
"8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
],
"name": "test-policy"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy | body | object | A firewall_policy object. |
| name | body | string | Human-readable name of the resource. |
| firewall_rules | body | array | A list of the IDs for firewall rule associated with the firewall policy. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| audited | body | boolean | Each time that the firewall policy or its
associated rules are changed, the API sets this attribute to
false. To audit the policy, explicitly set this attribute to
true. |
| shared | body | boolean | Admin-only. Indicates whether this network is shared across all tenants. |
| id | body | string | The ID of the policy that is associated with the firewall. |
| description | body | string | A human-readable description for the resource. |
Shows details for a firewall policy.
If the user is not an administrative user and the firewall policy
object does not belong to the project, this call returns the
Forbidden (403) response code.
Normal response codes: 200
Error response codes: 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy_id | path | string | The ID of the firewall policy. |
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy | body | object | A firewall_policy object. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| audited | body | boolean | Each time that the firewall policy or its
associated rules are changed, the API sets this attribute to
false. To audit the policy, explicitly set this attribute to
true. |
| description | body | string | A human-readable description for the resource. |
| firewall_rules | body | array | A list of the IDs for firewall rule associated with the firewall policy. |
| id | body | string | The ID of the policy that is associated with the firewall. |
| name | body | string | Human-readable name of the resource. |
| shared | body | boolean | Admin-only. Indicates whether this network is shared across all tenants. |
{
"firewall_policy": {
"audited": false,
"description": "",
"firewall_rules": [
"8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
],
"id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"name": "test-policy",
"shared": false,
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
}
Updates a firewall policy.
Normal response codes: 200
Error response codes: 400, 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy_id | path | string | The ID of the firewall policy. |
| firewall_rule | body | object | A firewall_rule object. |
| shared (Optional) | body | boolean | Admin-only. Indicates whether this network is shared across all projects. |
| audited | body | boolean | Each time that the firewall policy or its
associated rules are changed, the API sets this attribute to
false. To audit the policy, explicitly set this attribute to
true. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
| name | body | string | Human-readable name of the resource. |
{
"firewall_policy": {
"firewall_rules": [
"a08ef905-0ff6-4784-8374-175fffe7dade",
"8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
]
}
}
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy | body | object | A firewall_policy object. |
| project_id | body | string | The ID of the project. |
| audited | body | boolean | Each time that the firewall policy or its
associated rules are changed, the API sets this attribute to
false. To audit the policy, explicitly set this attribute to
true. |
| description | body | string | A human-readable description for the resource. |
| firewall_rules | body | array | A list of the IDs for firewall rule associated with the firewall policy. |
| id | body | string | The ID of the policy that is associated with the firewall. |
| name | body | string | Human-readable name of the resource. |
| shared | body | boolean | Admin-only. Indicates whether this network is shared across all tenants. |
| tenant_id | body | string | The ID of the project. |
{
"firewall_policy": {
"audited": false,
"description": "",
"firewall_rules": [
"a08ef905-0ff6-4784-8374-175fffe7dade",
"8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
],
"id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"name": "test-policy",
"shared": false,
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
}
Deletes a firewall policy.
Normal response codes: 204
Error response codes: 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy_id | path | string | The ID of the firewall policy. |
There is no body content for the response of a successful DELETE request.
Insert firewall rule into a policy.
A firewall_rule_id is inserted relative to the position of the
firewall_rule_id set in insert_before or insert_after. If
insert_before is set, insert_after is ignored. If both
insert_before and insert_after are not set, the new
firewall_rule_id is inserted at the top of the policy.
Normal response codes: 200
Error response codes: 400, 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy_id | path | string | The ID of the firewall policy. |
| firewall_rule_id | body | string | The ID of the firewall rule. |
| insert_after (Optional) | body | string | The ID of the firewall_rule. A new firewall_rule will be inserted after this firewall_rule. |
| insert_before (Optional) | body | string | The ID of the firewall_rule. A new firewall_rule will be inserted before this firewall_rule. |
{
"firewall_rule_id": "7bc34b8c-8d3b-4ada-a9c8-1f4c11c65692",
"insert_after": "a08ef905-0ff6-4784-8374-175fffe7dade",
"insert_before": ""
}
| Name | In | Type | Description |
|---|---|---|---|
| audited | body | boolean | Each time that the firewall policy or its
associated rules are changed, the API sets this attribute to
false. To audit the policy, explicitly set this attribute to
true. |
| description | body | string | A human-readable description for the resource. |
| firewall_list | body | array | A list of the IDs of firewalls associated with the firewall policy. |
| firewall_rules | body | array | A list of the IDs for firewall rule associated with the firewall policy. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| id | body | string | The ID of the policy that is associated with the firewall. |
| name | body | string | Human-readable name of the resource. |
| shared | body | boolean | Admin-only. Indicates whether this network is shared across all tenants. |
{
"audited": false,
"description": "",
"firewall_list": [],
"firewall_rules": [
"a08ef905-0ff6-4784-8374-175fffe7dade",
"7bc34b8c-8d3b-4ada-a9c8-1f4c11c65692",
"8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
],
"id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"name": "test-policy",
"shared": false,
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
Remove firewall rule from a policy.
Normal response codes: 200
Error response codes: 400, 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy_id | path | string | The ID of the firewall policy. |
| firewall_rule_id | body | string | The ID of the firewall rule. |
{
"firewall_rule_id": "7bc34b8c-8d3b-4ada-a9c8-1f4c11c65692"
}
| Name | In | Type | Description |
|---|---|---|---|
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| audited | body | boolean | Each time that the firewall policy or its
associated rules are changed, the API sets this attribute to
false. To audit the policy, explicitly set this attribute to
true. |
| description | body | string | A human-readable description for the resource. |
| firewall_list | body | array | A list of the IDs of firewalls associated with the firewall policy. |
| firewall_rules | body | array | A list of the IDs for firewall rule associated with the firewall policy. |
| id | body | string | The ID of the FWaaS v1 firewall. |
| name | body | string | Human-readable name of the resource. |
| shared | body | boolean | Admin-only. Indicates whether this network is shared across all tenants. |
{
"audited": false,
"description": "",
"firewall_list": [],
"firewall_rules": [
"a08ef905-0ff6-4784-8374-175fffe7dade",
"8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
],
"id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"name": "test-policy",
"shared": false,
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
Lists all firewall rules.
The list might be empty.
Normal response codes: 200
Error response codes: 401, 403
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rule | body | object | A firewall_rule object. |
| action | body | string | The action that the API performs on traffic that
matches the firewall rule. Valid value is allow, deny or reject.
Default is deny. |
| description | body | string | A human-readable description for the resource. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| destination_ip_address | body | string | The destination IPv4 or IPv6 address or CIDR. No default. |
| destination_port | body | string | The destination port or port range. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| enabled | body | boolean | Set to false to disable this rule in the
firewall policy. Facilitates selectively turning off rules without
having to disassociate the rule from the firewall policy. Valid
value is true or false. Default is true. |
| firewall_policy_id | body | string | The ID of the policy that is associated with the firewall. |
| id | body | string | The ID of the FWaaS v1 firewall. |
| ip_version | body | integer | The IP protocol version. Valid value is 4 or
6. Default is 4. |
| name | body | string | Human-readable name of the resource. |
| position | body | integer | Read-only attribute that the API assigns to this
rule when it associates it with a firewall policy. This value
indicates the position of this rule in that firewall policy. This
position number starts at 1. If the firewall rule is not
associated with any policy, the position is null. |
| protocol | body | string | The IP protocol. Valid value is icmp,
tcp, udp, or null. No default. |
| shared | body | boolean | Admin-only. Indicates whether this network is shared across all tenants. |
| source_ip_address (Optional) | body | string | The source IPv4 or IPv6 address or CIDR. |
| source_port (Optional) | body | string | The source port or port range. A valid value is
a port number, as an integer, or a port range, in the format of a
: separated range. For a port range, include both ends of the
range. For example, 80:90. |
{
"firewall_rules": [
{
"action": "allow",
"description": "",
"destination_ip_address": null,
"destination_port": "80",
"enabled": true,
"firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"id": "8722e0e0-9cc9-4490-9660-8c9a5732fbb0",
"ip_version": 4,
"name": "ALLOW_HTTP",
"position": 1,
"protocol": "tcp",
"shared": false,
"source_ip_address": null,
"source_port": null,
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
]
}
Creates a firewall rule.
Normal response codes: 201
Error response codes: 400, 401
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rule | body | object | A firewall_rule object. |
| action (Optional) | body | string | The action that the API performs on traffic that
matches the firewall rule. Valid value is allow or deny.
Default is deny. |
| destination_port (Optional) | body | string | The destination port or port range. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| enabled (Optional) | body | boolean | Set to false to disable this rule in the
firewall policy. Facilitates selectively turning off rules without
having to disassociate the rule from the firewall policy. Valid
value is true or false. Default is true. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| enabled (Optional) | body | boolean | Set to false to disable this rule in the
firewall policy. Facilitates selectively turning off rules without
having to disassociate the rule from the firewall policy. Valid
value is true or false. Default is true. |
| name | body | string | Human-readable name of the resource. |
| protocol | body | string | The IP protocol can be represented by a string, an integer, or null.
Valid string or integer values are ah or 51, dccp or 33,
egp or 8, esp or 50, gre or 47, icmp or 1,
icmpv6 or 58, igmp or 2, ipv6-encap or 41,
ipv6-frag or 44, ipv6-icmp or 58, ipv6-nonxt or 59,
ipv6-opts or 60, ipv6-route or 43, ospf or 89,
pgm or 113, rsvp or 46, sctp or 132,
tcp or 6, udp or 17, udplite or 136,
vrrp or 112. |
| ip_version (Optional) | body | integer | The IP protocol version. Valid value is 4 or
6. Default is 4. |
| destination_ip_address (Optional) | body | string | The destination IPv4 or IPv6 address or CIDR. No default. |
| source_port | body | string | The source port or port range. A valid value is
a port number, as an integer, or a port range, in the format of a
: separated range. For a port range, include both ends of the
range. For example, 80:90. |
| shared (Optional) | body | boolean | Admin-only. Indicates whether this network is shared across all projects. |
{
"firewall_rule": {
"action": "allow",
"destination_port": "80",
"enabled": true,
"name": "ALLOW_HTTP",
"protocol": "tcp"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rule | body | object | A firewall_rule object. |
| action | body | string | The action that the API performs on traffic that
matches the firewall rule. Valid value is allow, deny or reject.
Default is deny. |
| description | body | string | A human-readable description for the resource. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| destination_ip_address | body | string | The destination IPv4 or IPv6 address or CIDR. No default. |
| destination_port | body | string | The destination port or port range. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| enabled | body | boolean | Set to false to disable this rule in the
firewall policy. Facilitates selectively turning off rules without
having to disassociate the rule from the firewall policy. Valid
value is true or false. Default is true. |
| firewall_policy_id | body | string | The ID of the policy that is associated with the firewall. |
| id | body | string | The ID of the FWaaS v1 firewall. |
| ip_version | body | integer | The IP protocol version. Valid value is 4 or
6. Default is 4. |
| name | body | string | Human-readable name of the resource. |
| position | body | integer | Read-only attribute that the API assigns to this
rule when it associates it with a firewall policy. This value
indicates the position of this rule in that firewall policy. This
position number starts at 1. If the firewall rule is not
associated with any policy, the position is null. |
| protocol | body | string | The IP protocol. Valid value is icmp,
tcp, udp, or null. No default. |
| shared | body | boolean | Admin-only. Indicates whether this network is shared across all tenants. |
| source_ip_address (Optional) | body | string | The source IPv4 or IPv6 address or CIDR. |
| source_port (Optional) | body | string | The source port or port range. A valid value is
a port number, as an integer, or a port range, in the format of a
: separated range. For a port range, include both ends of the
range. For example, 80:90. |
{
"firewall_rule": {
"action": "allow",
"description": "",
"destination_ip_address": null,
"destination_port": "80",
"enabled": true,
"firewall_policy_id": null,
"id": "8722e0e0-9cc9-4490-9660-8c9a5732fbb0",
"ip_version": 4,
"name": "ALLOW_HTTP",
"position": null,
"protocol": "tcp",
"shared": false,
"source_ip_address": null,
"source_port": null,
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
}
Shows details for a firewall rule.
If the user is not an administrative user and the firewall rule
object does not belong to the project, this call returns the
Forbidden (403) response code.
Normal response codes: 200
Error response codes: 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rule_id | path | string | The ID for the firewall rule. |
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rule | body | object | A firewall_rule object. |
| action | body | string | The action that the API performs on traffic that
matches the firewall rule. Valid value is allow, deny or reject.
Default is deny. |
| description | body | string | A human-readable description for the resource. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| destination_ip_address | body | string | The destination IPv4 or IPv6 address or CIDR. No default. |
| destination_port | body | string | The destination port or port range. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| enabled | body | boolean | Set to false to disable this rule in the
firewall policy. Facilitates selectively turning off rules without
having to disassociate the rule from the firewall policy. Valid
value is true or false. Default is true. |
| firewall_policy_id (Optional) | body | string | Read-only attribute that the API populates with
the ID of the firewall policy when you associate this firewall
rule with a policy. You can associate a firewall rule with one
policy at a time. You can update this association can to a
different firewall policy. If you do not associate the rule with
any policy, this attribute is null. |
| id | body | string | The ID of the firewall rule. |
| ip_version | body | integer | The IP protocol version. Valid value is 4 or
6. Default is 4. |
| name | body | string | Human-readable name of the resource. |
| position | body | integer | Read-only attribute that the API assigns to this
rule when it associates it with a firewall policy. This value
indicates the position of this rule in that firewall policy. This
position number starts at 1. If the firewall rule is not
associated with any policy, the position is null. |
| protocol | body | string | The IP protocol. Valid value is icmp,
tcp, udp, or null. No default. |
| shared | body | boolean | Admin-only. Indicates whether this network is shared across all tenants. |
| source_ip_address (Optional) | body | string | The source IPv4 or IPv6 address or CIDR. |
| source_port (Optional) | body | string | The source port or port range. A valid value is
a port number, as an integer, or a port range, in the format of a
: separated range. For a port range, include both ends of the
range. For example, 80:90. |
{
"firewall_rule": {
"action": "allow",
"description": "",
"destination_ip_address": null,
"destination_port": "80",
"enabled": true,
"firewall_policy_id": null,
"id": "8722e0e0-9cc9-4490-9660-8c9a5732fbb0",
"ip_version": 4,
"name": "ALLOW_HTTP",
"position": null,
"protocol": "tcp",
"shared": false,
"source_ip_address": null,
"source_port": null,
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
}
Updates a firewall rule.
Normal response codes: 200
Error response codes: 400, 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rule_id | path | string | The ID for the firewall rule. |
| firewall_rule | body | object | A firewall_rule object. |
| shared (Optional) | body | boolean | Admin-only. Indicates whether this network is shared across all projects. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. Only administrative users can specify a project ID other than their own. You cannot change this value through authorization policies. |
| enabled (Optional) | body | boolean | Set to false to disable this rule in the
firewall policy. Facilitates selectively turning off rules without
having to disassociate the rule from the firewall policy. Valid
value is true or false. Default is true. |
| ip_version (Optional) | body | integer | The IP protocol version. Valid value is 4 or
6. Default is 4. |
| destination_ip_address (Optional) | body | string | The destination IPv4 or IPv6 address or CIDR. No default. |
| source_port | body | string | The source port or port range. A valid value is
a port number, as an integer, or a port range, in the format of a
: separated range. For a port range, include both ends of the
range. For example, 80:90. |
| action (Optional) | body | string | The action that the API performs on traffic that
matches the firewall rule. Valid value is allow or deny.
Default is deny. |
| protocol | body | string | The IP protocol can be represented by a string, an integer, or null.
Valid string or integer values are ah or 51, dccp or 33,
egp or 8, esp or 50, gre or 47, icmp or 1,
icmpv6 or 58, igmp or 2, ipv6-encap or 41,
ipv6-frag or 44, ipv6-icmp or 58, ipv6-nonxt or 59,
ipv6-opts or 60, ipv6-route or 43, ospf or 89,
pgm or 113, rsvp or 46, sctp or 132,
tcp or 6, udp or 17, udplite or 136,
vrrp or 112. |
| destination_port (Optional) | body | string | The destination port or port range. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| name | body | string | Human-readable name of the resource. |
{
"firewall_rule": {
"shared": "true"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rule | body | object | A firewall_rule object. |
| action | body | string | The action that the API performs on traffic that
matches the firewall rule. Valid value is allow, deny or reject.
Default is deny. |
| description | body | string | A human-readable description for the resource. |
| source_ip_address (Optional) | body | string | The source IPv4 or IPv6 address or CIDR. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| enabled (Optional) | body | boolean | Set to false to disable this rule in the
firewall policy. Facilitates selectively turning off rules without
having to disassociate the rule from the firewall policy. Valid
value is true or false. Default is true. |
| protocol | body | string | The IP protocol can be represented by a string, an integer, or null.
Valid string or integer values are ah or 51, dccp or 33,
egp or 8, esp or 50, gre or 47, icmp or 1,
icmpv6 or 58, igmp or 2, ipv6-encap or 41,
ipv6-frag or 44, ipv6-icmp or 58, ipv6-nonxt or 59,
ipv6-opts or 60, ipv6-route or 43, ospf or 89,
pgm or 113, rsvp or 46, sctp or 132,
tcp or 6, udp or 17, udplite or 136,
vrrp or 112. |
| source_port | body | string | The source port or port range. A valid value is
a port number, as an integer, or a port range, in the format of a
: separated range. For a port range, include both ends of the
range. For example, 80:90. |
| ip_version (Optional) | body | integer | The IP protocol version. Valid value is 4 or
6. Default is 4. |
| destination_ip_address | body | string | The destination IPv4 or IPv6 address or CIDR. No default. |
| destination_port | body | string | The destination port or port range. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| enabled | body | boolean | Set to false to disable this rule in the
firewall policy. Facilitates selectively turning off rules without
having to disassociate the rule from the firewall policy. Valid
value is true or false. Default is true. |
| firewall_policy_id (Optional) | body | string | Read-only attribute that the API populates with
the ID of the firewall policy when you associate this firewall
rule with a policy. You can associate a firewall rule with one
policy at a time. You can update this association can to a
different firewall policy. If you do not associate the rule with
any policy, this attribute is null. |
| id | body | string | The ID of the firewall rule. |
| ip_version | body | integer | The IP protocol version. Valid value is 4 or
6. Default is 4. |
| name | body | string | Human-readable name of the resource. |
| position | body | integer | Read-only attribute that the API assigns to this
rule when it associates it with a firewall policy. This value
indicates the position of this rule in that firewall policy. This
position number starts at 1. If the firewall rule is not
associated with any policy, the position is null. |
| protocol | body | string | The IP protocol. Valid value is icmp,
tcp, udp, or null. No default. |
| shared | body | boolean | Admin-only. Indicates whether this network is shared across all tenants. |
| source_ip_address (Optional) | body | string | The source IPv4 or IPv6 address or CIDR. |
| source_port (Optional) | body | string | The source port or port range. A valid value is
a port number, as an integer, or a port range, in the format of a
: separated range. For a port range, include both ends of the
range. For example, 80:90. |
{
"firewall_rule": {
"action": "allow",
"description": "",
"destination_ip_address": null,
"destination_port": "80",
"enabled": true,
"firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"id": "8722e0e0-9cc9-4490-9660-8c9a5732fbb0",
"ip_version": 4,
"name": "ALLOW_HTTP",
"position": 1,
"protocol": "tcp",
"shared": true,
"source_ip_address": null,
"source_port": null,
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
}
Deletes a firewall rule.
Normal response codes: 204
Error response codes: 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rule_id | path | string | The ID for the firewall rule. |
There is no body content for the response of a successful DELETE request.
Lists all firewalls.
The list might be empty.
Normal response codes: 200
Error response codes: 401, 403
| Name | In | Type | Description |
|---|---|---|---|
| firewalls | body | array | A list of firewall_rule objects. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| description | body | string | A human-readable description for the resource. |
| firewall_policy_id | body | string | The ID of the policy that is associated with the firewall. |
| id | body | string | The ID of the FWaaS v1 firewall. |
| name | body | string | Human-readable name of the resource. |
| status | body | string | The status of the firewall service. Values are
ACTIVE, INACTIVE, ERROR, DOWN,
PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE. |
{
"firewalls": [
{
"admin_state_up": true,
"description": "",
"firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"id": "3b0ef8f4-82c7-44d4-a4fb-6177f9a21977",
"name": "",
"status": "ACTIVE",
"router_ids": [
"650bfd2f-7766-4a0d-839f-218f33e16998"
],
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
]
}
Creates a firewall.
The firewall must be associated with a firewall policy.
If admin_state_up is false, the firewall would block all
traffic.
Normal response codes: 201
Error response codes: 400, 401
| Name | In | Type | Description |
|---|---|---|---|
| firewall | body | object | A firewall object. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| firewall_policy_id | body | string | The ID of the policy that is associated with the firewall. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
| name | body | string | Human-readable name of the resource. |
| router_ids (Optional) | body | array | A list of IDs for routers that are associated with the firewall. |
{
"firewall": {
"admin_state_up": true,
"firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| firewall | body | object | A firewall object. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| description | body | string | A human-readable description for the resource. |
| firewall_policy_id | body | string | The ID of the policy that is associated with the firewall. |
| id | body | string | The ID of the FWaaS v1 firewall. |
| name | body | string | Human-readable name of the resource. |
| status | body | string | The status of the firewall service. Values are
ACTIVE, INACTIVE, ERROR, DOWN,
PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE. |
| router_ids | body | array | A list of IDs for routers that are associated with the firewall. |
{
"firewall": {
"admin_state_up": true,
"description": "",
"firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"id": "3b0ef8f4-82c7-44d4-a4fb-6177f9a21977",
"name": "",
"status": "PENDING_CREATE",
"router_ids": [
"650bfd2f-7766-4a0d-839f-218f33e16998"
],
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
}
Shows details for a firewall.
If the user is not an administrative user and the firewall object
does not belong to the project, this call returns the
Forbidden (403) response code.
Normal response codes: 200
Error response codes: 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| firewall_id | path | string | The ID of the firewall. |
| Name | In | Type | Description |
|---|---|---|---|
| firewall | body | object | A firewall object. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| description | body | string | A human-readable description for the resource. |
| status | body | string | The status of the firewall service. Values are
ACTIVE, INACTIVE, ERROR, DOWN,
PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE. |
| firewall_policy_id (Optional) | body | string | Read-only attribute that the API populates with
the ID of the firewall policy when you associate this firewall
rule with a policy. You can associate a firewall rule with one
policy at a time. You can update this association can to a
different firewall policy. If you do not associate the rule with
any policy, this attribute is null. |
| id | body | string | The ID of the firewall rule. |
| name | body | string | Human-readable name of the resource. |
| router_ids | body | array | A list of IDs for routers that are associated with the firewall. |
{
"firewall": {
"admin_state_up": true,
"description": "",
"firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"id": "3b0ef8f4-82c7-44d4-a4fb-6177f9a21977",
"name": "",
"status": "ACTIVE",
"router_ids": [
"650bfd2f-7766-4a0d-839f-218f33e16998"
],
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
}
Updates a firewall.
To update a service, the service status cannot be a PENDING_*
status.
Normal response codes: 200
Error response codes: 400, 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| firewall_id | path | string | The ID of the firewall. |
| firewall | body | object | A firewall object. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
| firewall_policy_id | body | string | The ID of the policy that is associated with the firewall. |
| name | body | string | Human-readable name of the resource. |
| router_ids (Optional) | body | array | A list of IDs for routers that are associated with the firewall. |
{
"firewall": {
"admin_state_up": "false"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| firewall | body | object | A firewall object. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| admin_state_up | body | boolean | The administrative state of the resource, which is
up (true) or down (false). |
| description | body | string | A human-readable description for the resource. |
| status | body | string | The status of the firewall service. Values are
ACTIVE, INACTIVE, ERROR, DOWN,
PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE. |
| firewall_policy_id | body | string | The ID of the policy that is associated with the firewall. |
| id | body | string | The ID of the FWaaS v1 firewall. |
| name | body | string | Human-readable name of the resource. |
| router_ids | body | array | A list of IDs for routers that are associated with the firewall. |
{
"firewall": {
"admin_state_up": false,
"description": "",
"firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"id": "3b0ef8f4-82c7-44d4-a4fb-6177f9a21977",
"name": "",
"status": "PENDING_UPDATE",
"router_ids": [
"650bfd2f-7766-4a0d-839f-218f33e16998"
],
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
}
Use the Firewall-as-a-Service (FWaaS) v2.0 extension to deploy firewall groups to protect your networks.
The FWaaS extension enables you to:
This extension introduces the following resources:
firewall_group. A logical firewall resource that a project can
create and manage. A firewall group can have a firewall policy for
ingress traffic and/or a firewall policy for egress traffic.firewall_policy. An ordered collection of firewall rules. You
can share a firewall policy across projects. You can include a
firewall policy as part of an audit workflow so that an
authorized relevant entity can audit the firewall policy. This
entity can differ from the user who created, or the projects
that use, the firewall policy.firewall_rule. A collection of attributes, such as source and
destination ports, source and destination IP addresses, protocol,
and IP version. These attributes define match criteria and an
action to take, such as allow, reject, or deny, on matched data
traffic.Lists all firewall groups.
The list might be empty.
Use the fields query parameter to control which fields are
returned in the response body. Additionally, you can filter results
by using query string parameters. For information, see Filtering
and Column Selection.
Normal response codes: 200
Error response codes: 401, 403
| Name | In | Type | Description |
|---|---|---|---|
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| firewall_groups | body | array | A list of firewall_group objects. |
| admin_state_up | body | boolean | The administrative state of the firewall group, which
is up (true) or down (false). Default is true. |
| description | body | object | A human-readable description of the firewall group. |
| egress_firewall_policy_id | body | string | The ID of the egress firewall policy for the firewall group. |
| id | body | string | The ID of the firewall group. |
| ingress_firewall_policy_id | body | string | The ID of the ingress firewall policy for the firewall group. |
| name | body | string | A human-readable name for the firewall group. |
| ports | body | array | A list of the IDs of the ports associated with the firewall group. |
| project_id | body | string | The ID of the project that owns the resource. |
| shared | body | boolean | Indicates whether this firewall group is shared across all projects. |
| status | body | string | The status of the firewall group. Valid values are ACTIVE,
INACTIVE, ERROR, PENDING_UPDATE, or
PENDING_DELETE. |
| tenant_id | body | string | The ID of the project that owns the resource. |
{
"firewall_groups": [
{
"admin_state_up": true,
"description": "",
"egress_firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"id": "3b0ef8f4-82c7-44d4-a4fb-6177f9a21977",
"ingress_firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"name": "",
"ports": [
"650bfd2f-7766-4a0d-839f-218f33e16998"
],
"shared": true,
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"status": "ACTIVE",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
]
}
Shows details for a firewall group.
If the user is not an administrative user and the firewall group
object does not belong to the project, this call returns the
FirewallGroupNotFound (404) response code.
Normal response codes: 200
Error response codes: 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| firewall_group_id | path | string | The ID of the firewall group. |
| Name | In | Type | Description |
|---|---|---|---|
| firewall_group | body | object | A firewall_group object. |
| admin_state_up | body | boolean | The administrative state of the firewall group, which
is up (true) or down (false). Default is true. |
| description | body | object | A human-readable description of the firewall group. |
| egress_firewall_policy_id | body | string | The ID of the egress firewall policy for the firewall group. |
| id | body | string | The ID of the firewall group. |
| ingress_firewall_policy_id | body | string | The ID of the ingress firewall policy for the firewall group. |
| name | body | string | A human-readable name for the firewall group. |
| ports | body | array | A list of the IDs of the ports associated with the firewall group. |
| project_id | body | string | The ID of the project that owns the resource. |
| shared | body | boolean | Indicates whether this firewall group is shared across all projects. |
| status | body | string | The status of the firewall group. Valid values are ACTIVE,
INACTIVE, ERROR, PENDING_UPDATE, or
PENDING_DELETE. |
| tenant_id | body | string | The ID of the project that owns the resource. |
{
"firewall_group": {
"admin_state_up": true,
"description": "",
"egress_firewall_policy_id": null,
"id": "07411bda-0147-418b-af05-c8665630d937",
"ingress_firewall_policy_id": null,
"name": "",
"project_id": "96108b04417b416e9b9bc788c11c42c9",
"shared": false,
"status": "INACTIVE",
"tenant_id": "96108b04417b416e9b9bc788c11c42c9"
}
}
Creates a firewall group.
The firewall group may be associated with an ingress firewall policy and/or an egress firewall policy.
If admin_state_up is false, the firewall group will block all
traffic.
Normal response codes: 201
Error response codes: 400, 401
| Name | In | Type | Description |
|---|---|---|---|
| firewall_group | body | object | A firewall_group object. |
| admin_state_up (Optional) | body | boolean | The administrative state of the firewall group, which
is up (true) or down (false). Default is true. |
| description (Optional) | body | object | A human-readable description of the firewall group. |
| egress_firewall_policy_id (Optional) | body | string | The ID of the egress firewall policy for the firewall group. |
| ingress_firewall_policy_id (Optional) | body | string | The ID of the ingress firewall policy for the firewall group. |
| name (Optional) | body | string | A human-readable name for the firewall group. |
| ports (Optional) | body | array | A list of the IDs of the ports associated with the firewall group. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. |
| shared (Optional) | body | boolean | Indicates whether this firewall group is shared across all projects. |
| status (Optional) | body | string | The status of the firewall group. Valid values are ACTIVE,
INACTIVE, ERROR, PENDING_UPDATE, or
PENDING_DELETE. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. |
{
"firewall_group": {
"admin_state_up": false,
"egress_firewall_policy_id": "14c9d3c1-b472-44f9-8226-30dc4ffd454c",
"ingress_firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| firewall_group | body | object | A firewall_group object. |
| admin_state_up | body | boolean | The administrative state of the firewall group, which
is up (true) or down (false). Default is true. |
| description | body | object | A human-readable description of the firewall group. |
| egress_firewall_policy_id | body | string | The ID of the egress firewall policy for the firewall group. |
| id | body | string | The ID of the firewall group. |
| ingress_firewall_policy_id | body | string | The ID of the ingress firewall policy for the firewall group. |
| name | body | string | A human-readable name for the firewall group. |
| ports | body | array | A list of the IDs of the ports associated with the firewall group. |
| project_id | body | string | The ID of the project that owns the resource. |
| shared | body | boolean | Indicates whether this firewall group is shared across all projects. |
| status | body | string | The status of the firewall group. Valid values are ACTIVE,
INACTIVE, ERROR, PENDING_UPDATE, or
PENDING_DELETE. |
| tenant_id | body | string | The ID of the project that owns the resource. |
{
"firewall_group": {
"admin_state_up": true,
"description": "",
"egress_firewall_policy_id": "1244ed87-b472-44f9-8226-30dc4ffd454c",
"ingress_firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"id": "3b0ef8f4-82c7-44d4-a4fb-6177f9a21977",
"name": "",
"ports": [
"650bfd2f-7766-4a0d-839f-218f33e16998"
],
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"shared": true,
"status": "PENDING_CREATE",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
}
Updates a firewall group.
The firewall group cannot be updated if its status is a PENDING_* status.
Normal response codes: 200
Error response codes: 400, 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| firewall_group_id | path | string | The ID of the firewall group. |
| firewall_group | body | object | A firewall_group object. |
| admin_state_up (Optional) | body | boolean | The administrative state of the firewall group, which
is up (true) or down (false). Default is true. |
| description (Optional) | body | object | A human-readable description of the firewall group. |
| egress_firewall_policy_id (Optional) | body | string | The ID of the egress firewall policy for the firewall group. |
| ingress_firewall_policy_id (Optional) | body | string | The ID of the ingress firewall policy for the firewall group. |
| name (Optional) | body | string | A human-readable name for the firewall group. |
| ports (Optional) | body | array | A list of the IDs of the ports associated with the firewall group. |
| shared (Optional) | body | boolean | Indicates whether this firewall group is shared across all projects. |
| status (Optional) | body | string | The status of the firewall group. Valid values are ACTIVE,
INACTIVE, ERROR, PENDING_UPDATE, or
PENDING_DELETE. |
{
"firewall_group": {
"admin_state_up": "false"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| firewall_group | body | object | A firewall_group object. |
| admin_state_up | body | boolean | The administrative state of the firewall group, which
is up (true) or down (false). Default is true. |
| description | body | object | A human-readable description of the firewall group. |
| egress_firewall_policy_id | body | string | The ID of the egress firewall policy for the firewall group. |
| id | body | string | The ID of the firewall group. |
| ingress_firewall_policy_id | body | string | The ID of the ingress firewall policy for the firewall group. |
| name | body | string | A human-readable name for the firewall group. |
| ports | body | array | A list of the IDs of the ports associated with the firewall group. |
| project_id | body | string | The ID of the project that owns the resource. |
| shared | body | boolean | Indicates whether this firewall group is shared across all projects. |
| status | body | string | The status of the firewall group. Valid values are ACTIVE,
INACTIVE, ERROR, PENDING_UPDATE, or
PENDING_DELETE. |
| tenant_id | body | string | The ID of the project that owns the resource. |
{
"firewall_group": {
"admin_state_up": false,
"description": "",
"egress_firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"ingress_firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"id": "3b0ef8f4-82c7-44d4-a4fb-6177f9a21977",
"name": "",
"ports": [
"650bfd2f-7766-4a0d-839f-218f33e16998"
],
"shared": true,
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"status": "PENDING_UPDATE",
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
}
Deletes a firewall group.
Normal response codes: 204
Error response codes: 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| firewall_group_id | path | string | The ID of the firewall group. |
There is no body content for the response of a successful DELETE request.
Lists all firewall policies.
The list might be empty.
Use the fields query parameter to control which fields are
returned in the response body. Additionally, you can filter results
by using query string parameters. For information, see Filtering
and Column Selection.
Normal response codes: 200
Error response codes: 401, 403
| Name | In | Type | Description |
|---|---|---|---|
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policies | body | array | A list of firewall_policy objects. |
| audited | body | boolean | Each time that the firewall policy or its associated rules are
changed, the API sets this attribute to false. To audit the
policy, explicitly set this attribute to true. |
| description | body | string | A human-readable name of the firewall policy. |
| id | body | string | The ID of the firewall policy. |
| firewall_rules | body | array | A list of the IDs of the firewall rules associated with the firewall policy. |
| name | body | string | A human-readable name of the firewall policy. |
| project_id | body | string | The ID of the project that owns the resource. |
| shared | body | boolean | Set to true to make this firewall policy
visible to other projects. Default is false. |
| tenant_id | body | string | The ID of the project that owns the resource. |
{
"firewall_policies": [
{
"audited": false,
"description": "",
"firewall_rules": [
"8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
],
"id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"name": "test-policy",
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"shared": false,
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
]
}
Shows details of a firewall policy.
Normal response codes: 200
Error response codes: 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy_id | path | string | The ID of the firewall policy. |
| Name | In | Type | Description |
|---|---|---|---|
| audited | body | boolean | Each time that the firewall policy or its associated rules are
changed, the API sets this attribute to false. To audit the
policy, explicitly set this attribute to true. |
| description | body | string | A human-readable name of the firewall policy. |
| firewall_rules | body | array | A list of the IDs of the firewall rules associated with the firewall policy. |
| id | body | string | The ID of the firewall policy. |
| name | body | string | A human-readable name of the firewall policy. |
| project_id | body | string | The ID of the project that owns the resource. |
| shared | body | boolean | Set to true to make this firewall policy
visible to other projects. Default is false. |
| tenant_id | body | string | The ID of the project that owns the resource. |
{
"firewall_policy": {
"audited": false,
"description": "",
"firewall_rules": [
"8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
],
"id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"name": "test-policy",
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"shared": false,
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
}
Creates a firewall policy.
Normal response codes: 201
Error response codes: 400, 401
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy | body | object | A firewall_policy object. |
| audited (Optional) | body | boolean | Each time that the firewall policy or its associated rules are
changed, the API sets this attribute to false. To audit the
policy, explicitly set this attribute to true. |
| description (Optional) | body | string | A human-readable name of the firewall policy. |
| firewall_rules (Optional) | body | array | A list of the IDs of the firewall rules associated with the firewall policy. |
| name (Optional) | body | string | A human-readable name of the firewall policy. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. |
| shared (Optional) | body | boolean | Set to true to make this firewall policy
visible to other projects. Default is false. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. |
{
"firewall_policy": {
"name": "test-policy",
"firewall_rules": [
"8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
]
}
}
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy | body | object | A firewall_policy object. |
| audited | body | boolean | Each time that the firewall policy or its associated rules are
changed, the API sets this attribute to false. To audit the
policy, explicitly set this attribute to true. |
| description | body | string | A human-readable name of the firewall policy. |
| firewall_rules | body | array | A list of the IDs of the firewall rules associated with the firewall policy. |
| id | body | string | The ID of the firewall policy. |
| name | body | string | A human-readable name of the firewall policy. |
| project_id | body | string | The ID of the project that owns the resource. |
| shared | body | boolean | Set to true to make this firewall policy
visible to other projects. Default is false. |
| tenant_id | body | string | The ID of the project that owns the resource. |
{
"firewall_policy": {
"audited": false,
"description": "",
"firewall_rules": [
"8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
],
"id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"name": "test-policy",
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"shared": false,
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
}
Updates a firewall policy.
Normal response codes: 200
Error response codes: 400, 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy_id | path | string | The ID of the firewall policy. |
| firewall_policy | body | object | A firewall_policy object. |
| audited (Optional) | body | boolean | Each time that the firewall policy or its associated rules are
changed, the API sets this attribute to false. To audit the
policy, explicitly set this attribute to true. |
| description (Optional) | body | string | A human-readable name of the firewall policy. |
| firewall_rules (Optional) | body | array | A list of the IDs of the firewall rules associated with the firewall policy. |
| name (Optional) | body | string | A human-readable name of the firewall policy. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. |
| shared (Optional) | body | boolean | Set to true to make this firewall policy
visible to other projects. Default is false. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. |
{
"firewall_policy": {
"firewall_rules": [
"a08ef905-0ff6-4784-8374-175fffe7dade",
"8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
]
}
}
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy | body | object | A firewall_policy object. |
| audited | body | boolean | Each time that the firewall policy or its associated rules are
changed, the API sets this attribute to false. To audit the
policy, explicitly set this attribute to true. |
| description | body | string | A human-readable name of the firewall policy. |
| firewall_rules | body | array | A list of the IDs of the firewall rules associated with the firewall policy. |
| id | body | string | The ID of the firewall policy. |
| name | body | string | A human-readable name of the firewall policy. |
| shared | body | boolean | Set to true to make this firewall policy
visible to other projects. Default is false. |
| project_id | body | string | The ID of the project that owns the resource. |
| tenant_id | body | string | The ID of the project that owns the resource. |
{
"firewall_policy": {
"audited": false,
"description": "",
"firewall_rules": [
"a08ef905-0ff6-4784-8374-175fffe7dade",
"8722e0e0-9cc9-4490-9660-8c9a5732fbb0"
],
"id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"name": "test-policy",
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"shared": false,
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
}
Deletes a firewall policy.
Normal response codes: 204
Error response codes: 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy_id | path | string | The ID of the firewall policy. |
There is no body content for the response of a successful DELETE request.
Lists all firewall rules.
The list might be empty.
Use the fields query parameter to control which fields are
returned in the response body. Additionally, you can filter results
by using query string parameters. For information, see Filtering
and Column Selection.
Normal response codes: 200
Error response codes: 401, 403
| Name | In | Type | Description |
|---|---|---|---|
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rules | body | object | A list of firewall_rule objects. |
| action | body | string | The action that the API performs on traffic that
matches the firewall rule. Valid values are allow or deny.
Default is deny. |
| description | body | string | A human-readable description of the firewall rule. |
| destination_ip_address | body | string | The destination IPv4 or IPv6 address or CIDR for the firewall rule. No default. |
| destination_port | body | string | The destination port or port range for the firewall rule. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| enabled | body | boolean | Set to false to disable this rule in the firewall policy.
Facilitates selectively turning off rules without having to
disassociate the rule from the firewall policy. Valid values are
true or false. Default is true. |
| firewall_policy_id | body | string | The ID of the firewall policy. |
| id | body | string | The ID of the firewall rule. |
| ip_version | body | integer | The IP protocol version for the firewall rule. Valid values
are 4 or 6. Default is 4. |
| name | body | string | A human-readable name of the firewall rule. |
| project_id | body | string | The ID of the project that owns the resource. |
| protocol | body | string | The IP protocol for the firewall rule. Possible values are icmp, tcp,
udp, or null. |
| shared | body | boolean | Indicates whether this firewall rule is shared across all projects. |
| source_ip_address | body | string | The source IPv4 or IPv6 address or CIDR for the firewall rule. No default. |
| source_port | body | string | The source port or port range for the firewall rule. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| tenant_id | body | string | The ID of the project that owns the resource. |
{
"firewall_rules": [
{
"action": "allow",
"description": "",
"destination_ip_address": null,
"destination_port": "80",
"enabled": true,
"firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"id": "8722e0e0-9cc9-4490-9660-8c9a5732fbb0",
"ip_version": 4,
"name": "ALLOW_HTTP",
"position": 1,
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"protocol": "tcp",
"shared": false,
"source_ip_address": null,
"source_port": null,
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
]
}
Shows details for a firewall rule.
If the user is not an administrative user and the firewall rule
object does not belong to the project, this call returns the
Forbidden (403) response code.
Normal response codes: 200
Error response codes: 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rule_id | path | string | The ID for the firewall rule. |
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rule | body | object | A firewall_rule object. |
| action | body | string | The action that the API performs on traffic that
matches the firewall rule. Valid values are allow or deny.
Default is deny. |
| description | body | string | A human-readable description of the firewall rule. |
| destination_ip_address | body | string | The destination IPv4 or IPv6 address or CIDR for the firewall rule. No default. |
| destination_port | body | string | The destination port or port range for the firewall rule. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| enabled | body | boolean | Set to false to disable this rule in the firewall policy.
Facilitates selectively turning off rules without having to
disassociate the rule from the firewall policy. Valid values are
true or false. Default is true. |
| firewall_policy_id | body | string | The ID of the firewall policy. |
| id | body | string | The ID of the firewall rule. |
| ip_version | body | integer | The IP protocol version for the firewall rule. Valid values
are 4 or 6. Default is 4. |
| name | body | string | A human-readable name of the firewall rule. |
| project_id | body | string | The ID of the project that owns the resource. |
| protocol | body | string | The IP protocol for the firewall rule. Possible values are icmp, tcp,
udp, or null. |
| shared | body | boolean | Indicates whether this firewall rule is shared across all projects. |
| source_ip_address | body | string | The source IPv4 or IPv6 address or CIDR for the firewall rule. No default. |
| source_port | body | string | The source port or port range for the firewall rule. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| tenant_id | body | string | The ID of the project that owns the resource. |
{
"firewall_rule": {
"action": "allow",
"description": "",
"destination_ip_address": null,
"destination_port": "80",
"enabled": true,
"firewall_policy_id": null,
"id": "8722e0e0-9cc9-4490-9660-8c9a5732fbb0",
"ip_version": 4,
"name": "ALLOW_HTTP",
"position": null,
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"protocol": "tcp",
"shared": false,
"source_ip_address": null,
"source_port": null,
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
}
Creates a firewall rule.
Normal response codes: 201
Error response codes: 400, 401
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rule | body | object | A firewall_rule object. |
| action (Optional) | body | string | The action that the API performs on traffic that
matches the firewall rule. Valid values are allow or deny.
Default is deny. |
| description (Optional) | body | string | A human-readable description of the firewall rule. |
| destination_ip_address (Optional) | body | string | The destination IPv4 or IPv6 address or CIDR for the firewall rule. No default. |
| destination_port (Optional) | body | string | The destination port or port range for the firewall rule. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| enabled (Optional) | body | boolean | Set to false to disable this rule in the firewall policy.
Facilitates selectively turning off rules without having to
disassociate the rule from the firewall policy. Valid values are
true or false. Default is true. |
| ip_version (Optional) | body | integer | The IP protocol version for the firewall rule. Valid values are
4 or 6. Default is 4. |
| name (Optional) | body | string | A human-readable name of the firewall rule. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. |
| protocol (Optional) | body | string | The IP protocol for the firewall rule. Possible values are icmp, tcp,
udp, or null. |
| shared (Optional) | body | boolean | Indicates whether this firewall rule is shared across all projects. |
| source_ip_address (Optional) | body | string | The source IPv4 or IPv6 address or CIDR for the firewall rule. No default. |
| source_port (Optional) | body | string | The source port or port range for the firewall rule. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. |
{
"firewall_rule": {
"action": "allow",
"destination_port": "80",
"enabled": true,
"name": "ALLOW_HTTP",
"protocol": "tcp"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rule | body | object | A firewall_rule object. |
| action | body | string | The action that the API performs on traffic that
matches the firewall rule. Valid values are allow or deny.
Default is deny. |
| description | body | string | A human-readable description of the firewall rule. |
| destination_ip_address | body | string | The destination IPv4 or IPv6 address or CIDR for the firewall rule. No default. |
| destination_port | body | string | The destination port or port range for the firewall rule. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| enabled | body | boolean | Set to false to disable this rule in the firewall policy.
Facilitates selectively turning off rules without having to
disassociate the rule from the firewall policy. Valid values are
true or false. Default is true. |
| firewall_policy_id | body | string | The ID of the firewall policy. |
| id | body | string | The ID of the firewall rule. |
| ip_version | body | integer | The IP protocol version for the firewall rule. Valid values
are 4 or 6. Default is 4. |
| name | body | string | A human-readable name of the firewall rule. |
| project_id | body | string | The ID of the project that owns the resource. |
| protocol | body | string | The IP protocol for the firewall rule. Possible values are icmp, tcp,
udp, or null. |
| shared | body | boolean | Indicates whether this firewall rule is shared across all projects. |
| source_ip_address | body | string | The source IPv4 or IPv6 address or CIDR for the firewall rule. No default. |
| source_port | body | string | The source port or port range for the firewall rule. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| tenant_id | body | string | The ID of the project that owns the resource. |
{
"firewall_rule": {
"action": "deny",
"description": "",
"destination_ip_address": null,
"destination_port": null,
"enabled": true,
"id": "1fd59b2f-cc87-435f-a244-1df2c0cc3f70",
"ip_version": 4,
"name": "rule3",
"project_id": "95573613ec554b4b8df9f2679c64557b",
"protocol": null,
"shared": false,
"source_ip_address": null,
"source_port": null,
"tenant_id": "95573613ec554b4b8df9f2679c64557b"
}
}
Updates a firewall rule.
Normal response codes: 200
Error response codes: 400, 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rule_id | path | string | The ID for the firewall rule. |
| firewall_rule | body | object | A firewall_rule object. |
| action (Optional) | body | string | The action that the API performs on traffic that
matches the firewall rule. Valid values are allow or deny.
Default is deny. |
| description (Optional) | body | string | A human-readable description of the firewall rule. |
| destination_ip_address (Optional) | body | string | The destination IPv4 or IPv6 address or CIDR for the firewall rule. No default. |
| destination_port (Optional) | body | string | The destination port or port range for the firewall rule. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| enabled (Optional) | body | boolean | Set to false to disable this rule in the firewall policy.
Facilitates selectively turning off rules without having to
disassociate the rule from the firewall policy. Valid values are
true or false. Default is true. |
| firewall_policy_id | body | string | The ID of the firewall policy. |
| ip_version (Optional) | body | integer | The IP protocol version for the firewall rule. Valid values are
4 or 6. Default is 4. |
| name (Optional) | body | string | A human-readable name of the firewall rule. |
| project_id (Optional) | body | string | The ID of the project that owns the resource. |
| protocol (Optional) | body | string | The IP protocol for the firewall rule. Possible values are icmp, tcp,
udp, or null. |
| shared (Optional) | body | boolean | Indicates whether this firewall rule is shared across all projects. |
| source_ip_address (Optional) | body | string | The source IPv4 or IPv6 address or CIDR for the firewall rule. No default. |
| source_port (Optional) | body | string | The source port or port range for the firewall rule. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. |
{
"firewall_rule": {
"shared": true
}
}
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rule | body | object | A firewall_rule object. |
| action | body | string | The action that the API performs on traffic that
matches the firewall rule. Valid values are allow or deny.
Default is deny. |
| description | body | string | A human-readable description of the firewall rule. |
| destination_ip_address | body | string | The destination IPv4 or IPv6 address or CIDR for the firewall rule. No default. |
| destination_port | body | string | The destination port or port range for the firewall rule. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| enabled | body | boolean | Set to false to disable this rule in the firewall policy.
Facilitates selectively turning off rules without having to
disassociate the rule from the firewall policy. Valid values are
true or false. Default is true. |
| firewall_policy_id | body | string | The ID of the firewall policy. |
| id | body | string | The ID of the firewall rule. |
| ip_version | body | integer | The IP protocol version for the firewall rule. Valid values
are 4 or 6. Default is 4. |
| name | body | string | A human-readable name of the firewall rule. |
| project_id | body | string | The ID of the project that owns the resource. |
| protocol | body | string | The IP protocol for the firewall rule. Possible values are icmp, tcp,
udp, or null. |
| shared | body | boolean | Indicates whether this firewall rule is shared across all projects. |
| source_ip_address | body | string | The source IPv4 or IPv6 address or CIDR for the firewall rule. No default. |
| source_port | body | string | The source port or port range for the firewall rule. A valid
value is a port number, as an integer, or a port range, in the
format of a : separated range. For a port range, include both
ends of the range. For example, 80:90. |
| tenant_id | body | string | The ID of the project that owns the resource. |
{
"firewall_rule": {
"action": "allow",
"description": "",
"destination_ip_address": null,
"destination_port": "80",
"enabled": true,
"firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"id": "8722e0e0-9cc9-4490-9660-8c9a5732fbb0",
"ip_version": 4,
"name": "ALLOW_HTTP",
"position": 1,
"project_id": "45977fa2dbd7482098dd68d0d8970117",
"protocol": "tcp",
"shared": true,
"source_ip_address": null,
"source_port": null,
"tenant_id": "45977fa2dbd7482098dd68d0d8970117"
}
}
Deletes a firewall rule. samples/firewall-v2/firewall-policy-create-response.json
Normal response codes: 204
Error response codes: 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| firewall_rule_id | path | string | The ID for the firewall rule. |
Insert firewall rule into a policy.
A firewall_rule_id is inserted relative to the position of the
firewall_rule_id set in insert_before or insert_after. If
insert_before is set, insert_after is ignored. If both
insert_before and insert_after are not set, the new
firewall_rule_id is inserted as the first rule of the policy.
Normal response codes: 200
Error response codes: 400, 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy_id | path | string | The ID of the firewall policy. |
| firewall_rule_id | body | string | The ID of the firewall rule. |
| insert_after | body | string | The ID of the firewall_rule to insert the new rule after. The new
rule will be inserted immediately after the specified firewall_rule.
If both before and after values are supplied, the after value
will be ignored. To insert a rule into a policy with no rules yet,
the both the before and the after values must be “”. |
| insert_before | body | string | The ID of the firewall_rule to insert the new rule before. The new
rule will be inserted immediately before the specified firewall_rule.
If both before and after values are supplied, the after value
will be ignored. To insert a rule into a policy with no rules yet,
the both the before and the after values must be “”. |
{
"firewall_rule_id": "7bc34b8c-8d3b-4ada-a9c8-1f4c11c65692",
"insert_after": "a08ef905-0ff6-4784-8374-175fffe7dade",
"insert_before": ""
}
| Name | In | Type | Description |
|---|---|---|---|
| audited | body | boolean | Each time that the firewall policy or its associated rules are
changed, the API sets this attribute to false. To audit the
policy, explicitly set this attribute to true. |
| description | body | string | A human-readable name of the firewall policy. |
| firewall_rules | body | array | A list of the IDs of the firewall rules associated with the firewall policy. |
| id | body | string | The ID of the firewall policy. |
| name | body | string | A human-readable name of the firewall policy. |
| project_id | body | string | The ID of the project that owns the resource. |
| shared | body | boolean | Set to true to make this firewall policy
visible to other projects. Default is false. |
| tenant_id | body | string | The ID of the project that owns the resource. |
{
"audited": false,
"description": "",
"firewall_rules": [
"acbdfead-eca2-4456-838c-8b531e47b9c7"
],
"id": "c9e15d6e-b6ba-4ef4-8715-985d1f100467",
"name": "policy2",
"shared": false,
"project_id": "95573613ec554b4b8df9f2679c64557b",
"tenant_id": "95573613ec554b4b8df9f2679c64557b"
}
Remove firewall rule from a policy.
Normal response codes: 200
Error response codes: 400, 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| firewall_policy_id | path | string | The ID of the firewall policy. |
| firewall_rule_id | body | string | The ID of the firewall rule. |
{
"firewall_rule_id": "7bc34b8c-8d3b-4ada-a9c8-1f4c11c65692"
}
| Name | In | Type | Description |
|---|---|---|---|
| audited | body | boolean | Each time that the firewall policy or its associated rules are
changed, the API sets this attribute to false. To audit the
policy, explicitly set this attribute to true. |
| description | body | string | A human-readable name of the firewall policy. |
| firewall_rules | body | array | A list of the IDs of the firewall rules associated with the firewall policy. |
| id | body | string | The ID of the firewall policy. |
| name | body | string | A human-readable name of the firewall policy. |
| project_id | body | string | The ID of the project that owns the resource. |
| shared | body | boolean | Set to true to make this firewall policy
visible to other projects. Default is false. |
| tenant_id | body | string | The ID of the project that owns the resource. |
{
"audited": false,
"description": "",
"firewall_rules": [],
"id": "c9e15d6e-b6ba-4ef4-8715-985d1f100467",
"name": "policy2",
"project_id": "95573613ec554b4b8df9f2679c64557b",
"shared": false,
"tenant_id": "95573613ec554b4b8df9f2679c64557b"
}
Lists, shows details for, creates, updates, and deletes RBAC policies.
Show details for a given RBAC policy.
You can control which response parameters are returned by using the fields query parameter. For information, see Filtering and column selection.
Normal response codes: 200
Error response codes: 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| rbac_policy_id | path | integer | The ID of the RBAC policy. |
| Name | In | Type | Description |
|---|---|---|---|
| target_tenant | body | string | The ID of the tenant to which the RBAC policy will be enforced. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. |
| object_type | body | integer | The type of the object that the RBAC policy affects. Types include
qos-policy or network. |
| object_id | body | integer | The ID of the object_type resource. An object_type of network
returns a network ID and an object_type of qos-policy returns
a QoS ID. |
| action | body | string | Action for the RBAC policy which is access_as_external or
access_as_shared. |
| project_id | body | string | The ID of the project. |
| id | body | integer | The ID of the RBAC policy. |
{
"rbac_policy": {
"target_tenant": "*",
"tenant_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
"object_type": "network",
"object_id": "1f32f072-4d17-4811-b619-3623d018bd40",
"action": "access_as_external",
"project_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
"id": "6d4c666e-1aad-465e-b670-4d112b760137"
}
}
Update RBAC policy for given tenant.
Normal response codes: 200
Error response codes: 400, 401, 403, 404
| Name | In | Type | Description |
|---|---|---|---|
| rbac_policy_id | path | integer | The ID of the RBAC policy. |
| target_tenant | body | string | The ID of the tenant to which the RBAC policy will be enforced. |
{
"rbac_policy": {
"target_tenant": "*"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| target_tenant | body | string | The ID of the tenant to which the RBAC policy will be enforced. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. |
| object_type | body | integer | The type of the object that the RBAC policy affects. Types include
qos-policy or network. |
| object_id | body | integer | The ID of the object_type resource. An object_type of network
returns a network ID and an object_type of qos-policy returns
a QoS ID. |
| action | body | string | Action for the RBAC policy which is access_as_external or
access_as_shared. |
| project_id | body | string | The ID of the project. |
| id | body | integer | The ID of the RBAC policy. |
{
"rbac_policy": {
"target_tenant": "*",
"tenant_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
"object_type": "network",
"object_id": "1f32f072-4d17-4811-b619-3623d018bd40",
"action": "access_as_external",
"project_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
"id": "6d4c666e-1aad-465e-b670-4d112b760137"
}
}
Delete an RBAC policy.
Normal response codes: 204
Error response codes: 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| rbac_policy_id | path | integer | The ID of the RBAC policy. |
There is no body content for the response of a successful DELETE request.
List RBAC policies that belong to a given tenant.
Use the fields query parameter to filter the response. For
information, see Filtering and Column Selection.
Normal response codes: 200
Error response codes: 401
| Name | In | Type | Description |
|---|---|---|---|
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| target_tenant | body | string | The ID of the tenant to which the RBAC policy will be enforced. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. |
| object_type | body | integer | The type of the object that the RBAC policy affects. Types include
qos-policy or network. |
| object_id | body | integer | The ID of the object_type resource. An object_type of network
returns a network ID and an object_type of qos-policy returns
a QoS ID. |
| action | body | string | Action for the RBAC policy which is access_as_external or
access_as_shared. |
| project_id | body | string | The ID of the project. |
| id | body | integer | The ID of the RBAC policy. |
{
"rbac_policies": [
{
"target_tenant": "*",
"tenant_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
"object_type": "network",
"object_id": "1f32f072-4d17-4811-b619-3623d018bd40",
"action": "access_as_external",
"project_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
"id":"6d4c666e-1aad-465e-b670-4d112b760137"
}
]
}
Create RBAC policy for given tenant.
Normal response codes: 201
Error response codes: 400, 401
| Name | In | Type | Description |
|---|---|---|---|
| rbac_policy_id | path | integer | The ID of the RBAC policy. |
| target_tenant | body | string | The ID of the tenant to which the RBAC policy will be enforced. |
| object_type | body | integer | The type of the object that the RBAC policy affects. Types include
qos-policy or network. |
| object_id | body | integer | The ID of the object_type resource. An object_type of network
returns a network ID and an object_type of qos-policy returns
a QoS ID. |
| action | body | string | Action for the RBAC policy which is access_as_external or
access_as_shared. |
{
"rbac_policy": {
"action": "access_as_shared",
"object_type": "network",
"target_tenant": "0670b690f27e47a58b6a479d26004715",
"object_id": "1f32f072-4d17-4811-b619-3623d018bd40"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| target_tenant | body | string | The ID of the tenant to which the RBAC policy will be enforced. |
| tenant_id (Optional) | body | string | The ID of the project that owns the resource. |
| object_type | body | integer | The type of the object that the RBAC policy affects. Types include
qos-policy or network. |
| object_id | body | integer | The ID of the object_type resource. An object_type of network
returns a network ID and an object_type of qos-policy returns
a QoS ID. |
| action | body | string | Action for the RBAC policy which is access_as_external or
access_as_shared. |
| project_id | body | string | The ID of the project. |
| id | body | integer | The ID of the RBAC policy. |
{
"rbac_policy": {
"target_tenant": "0670b690f27e47a58b6a479d26004715",
"tenant_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
"object_type": "network",
"object_id": "1f32f072-4d17-4811-b619-3623d018bd40",
"action": "access_as_shared",
"project_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
"id": "2cf7523a-93b5-4e69-9360-6c6bf986bb7c"
}
}
Lists, creates, shows information for, and deletes security group rules.
Lists a summary of all OpenStack Networking security group rules that the project can access.
The list provides the ID for each security group rule.
Use the fields query parameter to control which fields are
returned in the response body. Additionally, you can filter results
by using query string parameters. For information, see Filtering
and Column Selection.
Normal response codes: 200
Error response codes: 401
| Name | In | Type | Description |
|---|---|---|---|
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| security_group_rules | body | array | A list of security_group_rule objects.
Refer to Security group rules for details. |
| remote_group_id (Optional) | body | string | The remote group UUID to associate with this
security group rule. You can specify either the
remote_group_id or remote_ip_prefix attribute in the
request body. |
| direction | body | string | Ingress or egress, which is the direction in which the metering rule is applied. |
| protocol | body | string | The IP protocol can be represented by a string, an integer, or null.
Valid string or integer values are ah or 51, dccp or 33,
egp or 8, esp or 50, gre or 47, icmp or 1,
icmpv6 or 58, igmp or 2, ipv6-encap or 41,
ipv6-frag or 44, ipv6-icmp or 58, ipv6-nonxt or 59,
ipv6-opts or 60, ipv6-route or 43, ospf or 89,
pgm or 113, rsvp or 46, sctp or 132,
tcp or 6, udp or 17, udplite or 136,
vrrp or 112. |
| ethertype (Optional) | body | string | Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules. |
| port_range_max (Optional) | body | integer | The maximum port number in the range that is
matched by the security group rule. The port_range_min
attribute constrains the port_range_max attribute. If the
protocol is ICMP, this value must be an ICMP type. |
| security_group_id | body | string | The security group ID to associate with this security group rule. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| port_range_min (Optional) | body | integer | The minimum port number in the range that is
matched by the security group rule. If the protocol is TCP or UDP,
this value must be less than or equal to the port_range_max
attribute value. If the protocol is ICMP, this value must be an
ICMP type. |
| remote_ip_prefix | body | string | The remote IP prefix to associate with this metering rule packet. |
| revision_number | body | integer | The revision number of the resource. |
| id | body | string | The ID of the security group rule. |
| description | body | string | A human-readable description for the resource. |
{
"security_group_rules": [
{
"direction": "egress",
"ethertype": "IPv6",
"id": "3c0e45ff-adaf-4124-b083-bf390e5482ff",
"port_range_max": null,
"port_range_min": null,
"protocol": null,
"remote_group_id": null,
"remote_ip_prefix": null,
"security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"revision_number": 1,
"tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"description": ""
},
{
"direction": "egress",
"ethertype": "IPv4",
"id": "93aa42e5-80db-4581-9391-3a608bd0e448",
"port_range_max": null,
"port_range_min": null,
"protocol": null,
"remote_group_id": null,
"remote_ip_prefix": null,
"security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"revision_number": 1,
"tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"description": ""
},
{
"direction": "ingress",
"ethertype": "IPv6",
"id": "c0b09f00-1d49-4e64-a0a7-8a186d928138",
"port_range_max": null,
"port_range_min": null,
"protocol": null,
"remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"remote_ip_prefix": null,
"security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"revision_number": 2,
"tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"description": ""
},
{
"direction": "ingress",
"ethertype": "IPv4",
"id": "f7d45c89-008e-4bab-88ad-d6811724c51c",
"port_range_max": null,
"port_range_min": null,
"protocol": null,
"remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"remote_ip_prefix": null,
"security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"revision_number": 1,
"tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"description": ""
}
]
}
Creates an OpenStack Networking security group rule.
Normal response codes: 201
Error response codes: 400, 401, 404, 409
| Name | In | Type | Description |
|---|---|---|---|
| security_group_rule | body | object | A security_group_rule object. |
| remote_group_id (Optional) | body | string | The remote group UUID to associate with this
security group rule. You can specify either the
remote_group_id or remote_ip_prefix attribute in the
request body. |
| direction | body | string | Ingress or egress, which is the direction in which the metering rule is applied. |
| protocol | body | string | The IP protocol can be represented by a string, an integer, or null.
Valid string or integer values are ah or 51, dccp or 33,
egp or 8, esp or 50, gre or 47, icmp or 1,
icmpv6 or 58, igmp or 2, ipv6-encap or 41,
ipv6-frag or 44, ipv6-icmp or 58, ipv6-nonxt or 59,
ipv6-opts or 60, ipv6-route or 43, ospf or 89,
pgm or 113, rsvp or 46, sctp or 132,
tcp or 6, udp or 17, udplite or 136,
vrrp or 112. |
| ethertype (Optional) | body | string | Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules. |
| port_range_max (Optional) | body | integer | The maximum port number in the range that is
matched by the security group rule. The port_range_min
attribute constrains the port_range_max attribute. If the
protocol is ICMP, this value must be an ICMP type. |
| security_group_id | body | string | The security group ID to associate with this security group rule. |
| port_range_min (Optional) | body | integer | The minimum port number in the range that is
matched by the security group rule. If the protocol is TCP or UDP,
this value must be less than or equal to the port_range_max
attribute value. If the protocol is ICMP, this value must be an
ICMP type. |
| remote_ip_prefix | body | string | The remote IP prefix to associate with this metering rule packet. |
| description (Optional) | body | string | A human-readable description for the resource. Default is an empty string. |
{
"security_group_rule": {
"direction": "ingress",
"port_range_min": "80",
"ethertype": "IPv4",
"port_range_max": "80",
"protocol": "tcp",
"remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"security_group_id": "a7734e61-b545-452d-a3cd-0189cbd9747a"
}
}
| Name | In | Type | Description |
|---|---|---|---|
| security_group_rule | body | object | A security_group_rule object. |
| remote_group_id (Optional) | body | string | The remote group UUID to associate with this
security group rule. You can specify either the
remote_group_id or remote_ip_prefix attribute in the
request body. |
| direction | body | string | Ingress or egress, which is the direction in which the metering rule is applied. |
| protocol | body | string | The IP protocol can be represented by a string, an integer, or null.
Valid string or integer values are ah or 51, dccp or 33,
egp or 8, esp or 50, gre or 47, icmp or 1,
icmpv6 or 58, igmp or 2, ipv6-encap or 41,
ipv6-frag or 44, ipv6-icmp or 58, ipv6-nonxt or 59,
ipv6-opts or 60, ipv6-route or 43, ospf or 89,
pgm or 113, rsvp or 46, sctp or 132,
tcp or 6, udp or 17, udplite or 136,
vrrp or 112. |
| ethertype (Optional) | body | string | Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules. |
| port_range_max (Optional) | body | integer | The maximum port number in the range that is
matched by the security group rule. The port_range_min
attribute constrains the port_range_max attribute. If the
protocol is ICMP, this value must be an ICMP type. |
| security_group_id | body | string | The security group ID to associate with this security group rule. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| port_range_min (Optional) | body | integer | The minimum port number in the range that is
matched by the security group rule. If the protocol is TCP or UDP,
this value must be less than or equal to the port_range_max
attribute value. If the protocol is ICMP, this value must be an
ICMP type. |
| remote_ip_prefix | body | string | The remote IP prefix to associate with this metering rule packet. |
| revision_number | body | integer | The revision number of the resource. |
| id | body | string | The ID of the security group rule. |
| description | body | string | A human-readable description for the resource. |
{
"security_group_rule": {
"direction": "ingress",
"ethertype": "IPv4",
"id": "2bc0accf-312e-429a-956e-e4407625eb62",
"port_range_max": 80,
"port_range_min": 80,
"protocol": "tcp",
"remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"remote_ip_prefix": null,
"security_group_id": "a7734e61-b545-452d-a3cd-0189cbd9747a",
"project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"revision_number": 1,
"tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"description": ""
}
}
Shows detailed information for a security group rule.
The response body contains the following information about the security group rule:
Normal response codes: 200
Error response codes: 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| security_group_rule_id | path | string | The ID of the security group rule. |
| verbose (Optional) | query | boolean | Show detailed information. |
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| security_group_rule | body | object | A security_group_rule object. |
| remote_group_id (Optional) | body | string | The remote group UUID to associate with this
security group rule. You can specify either the
remote_group_id or remote_ip_prefix attribute in the
request body. |
| direction | body | string | Ingress or egress, which is the direction in which the metering rule is applied. |
| protocol | body | string | The IP protocol can be represented by a string, an integer, or null.
Valid string or integer values are ah or 51, dccp or 33,
egp or 8, esp or 50, gre or 47, icmp or 1,
icmpv6 or 58, igmp or 2, ipv6-encap or 41,
ipv6-frag or 44, ipv6-icmp or 58, ipv6-nonxt or 59,
ipv6-opts or 60, ipv6-route or 43, ospf or 89,
pgm or 113, rsvp or 46, sctp or 132,
tcp or 6, udp or 17, udplite or 136,
vrrp or 112. |
| ethertype (Optional) | body | string | Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules. |
| port_range_max (Optional) | body | integer | The maximum port number in the range that is
matched by the security group rule. The port_range_min
attribute constrains the port_range_max attribute. If the
protocol is ICMP, this value must be an ICMP type. |
| security_group_id | body | string | The security group ID to associate with this security group rule. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| port_range_min (Optional) | body | integer | The minimum port number in the range that is
matched by the security group rule. If the protocol is TCP or UDP,
this value must be less than or equal to the port_range_max
attribute value. If the protocol is ICMP, this value must be an
ICMP type. |
| remote_ip_prefix | body | string | The remote IP prefix to associate with this metering rule packet. |
| revision_number | body | integer | The revision number of the resource. |
| id | body | string | The ID of the security group rule. |
| description | body | string | A human-readable description for the resource. |
{
"security_group_rule": {
"direction": "egress",
"ethertype": "IPv6",
"id": "3c0e45ff-adaf-4124-b083-bf390e5482ff",
"port_range_max": null,
"port_range_min": null,
"protocol": null,
"remote_group_id": null,
"remote_ip_prefix": null,
"revision_number": 1,
"security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
}
}
Deletes a rule from an OpenStack Networking security group.
Normal response codes: 204
Error response codes: 401, 404
| Name | In | Type | Description |
|---|---|---|---|
| security_group_rule_id | path | string | The ID of the security group rule. |
There is no body content is returned on a successful DELETE request.
Lists, creates, shows information for, updates, and deletes security groups.
Lists OpenStack Networking security groups to which the project has access.
The response is an array of security_group objects which contains a list of
security_group_rules objects.
Use the fields query parameter to control which fields are
returned in the response body. Additionally, you can filter results
by using query string parameters. For information, see Filtering
and Column Selection.
Normal response codes: 200
Error response codes: 401
| Name | In | Type | Description |
|---|---|---|---|
| fields (Optional) | query | string | The fields that you want the server to return.
If no fields query parameter is specified,
the networking API returns all attributes allowed by the policy settings.
By using fields parameter, the API returns only the requested set of
attributes. fields parameter can be specified multiple times.
For example, if you specify fields=id&fields=name in the request URL,
only id and name attributes will be returned. |
| Name | In | Type | Description |
|---|---|---|---|
| security_groups | body | array | A list of security_group objects. |
| id | body | string | The ID of the security group. |
| tenant_id | body | string | The ID of the project. |
| project_id | body | string | The ID of the project. |
| revision_number | body | integer | The revision number of the resource. |
| name | body | string | Human-readable name of the resource. |
| description | body | string | A human-readable description for the resource. |
| security_group_rules | body | array | A list of security_group_rule objects.
Refer to Security group rules for details. |
{
"security_groups": [
{
"description": "default",
"id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"name": "default",
"security_group_rules": [
{
"direction": "egress",
"ethertype": "IPv6",
"id": "3c0e45ff-adaf-4124-b083-bf390e5482ff",
"port_range_max": null,
"port_range_min": null,
"protocol": null,
"remote_group_id": null,
"remote_ip_prefix": null,
"security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"revision_number": 1,
"tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"description": ""
},
{
"direction": "egress",
"ethertype": "IPv4",
"id": "93aa42e5-80db-4581-9391-3a608bd0e448",
"port_range_max": null,
"port_range_min": null,
"protocol": null,
"remote_group_id": null,
"remote_ip_prefix": null,
"security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"revision_number": 2,
"tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"description": ""
},
{
"direction": "ingress",
"ethertype": "IPv6",
"id": "c0b09f00-1d49-4e64-a0a7-8a186d928138",
"port_range_max": null,
"port_range_min": null,
"protocol": null,
"remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"remote_ip_prefix": null,
"security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"project_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"revision_number": 1,
"tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550",
"description": ""
},
{
"direction": "ingress",
"ethertype": "IPv4",
"id": "f7d45c89-008e-4bab-88ad-d6811724c51c",
"port_range_max":</