3.1.5.17.4 networkConnections
The networkConnections resource specifies a connection from virtual network to external networks. Multiple connections can exist for a given virtual network and there are different types of connections.
It is invoked through the following URI.
-
https://<url>/networking/v1/VirtualGateways/{parentResourceId}/networkConnections/{resourceId}
url: The address or name of the REST server of the Network Controller.
parentResourceId: the identifier for the specific ancestor resource within the resource type. See section 2.2.3.3 for more details.
resourceId: the identifier for the specific descendant resource within the resource type. See section 2.2.3.4 for more details.
Note The server MAY support additional versions, v1 or later, in the URI.
The following HTTP methods can be performed on this resource.
HTTP method |
Section |
Description |
---|---|---|
PUT |
Create or update a networkConnections resource. |
|
GET |
Get a networkConnections resource. |
|
GET ALL |
List all networkConnections resources in the Network Controller. |
|
DELETE |
Delete a networkConnections resource. |
The following property elements are valid.
Element name |
Type |
Description |
---|---|---|
etag |
Read-only |
Specified in Common JSON Elements, section 2.2.2. |
provisioningState |
Read-only |
Specified in Common JSON Elements, section 2.2.2. |
resourceId |
Required |
Friendly name of the connection. |
connectionType |
Read/write |
Indicates type of connection. Valid values are IPSec, GRE, or L3(Forwarding). |
outboundKiloBitsPerSecond |
Read/write |
Indicates maximum allowed outbound bandwidth in Kbps. |
inboundKiloBitsPerSecond |
Read/write |
Indicates maximum allowed inbound bandwidth in Kbps. |
ipsecConfiguration |
Read/write |
Details of IPsec configuration. |
ipsecConfiguration.authenticationMethod |
Read/write |
Indicates authentication method. PSK is the only valid value. |
ipsecConfiguration.sharedsecret |
Write |
The shared secret used for this NetworkConnection. Note this is write-only property and the value of this field is not shown in the GET of networkConnections. |
ipsecConfiguration.mainMode |
Read/write |
Main mode IPsec configuration details, as specified in [RFC2409]. |
ipsecConfiguration.mainMode.diffieHellmanGroup |
Read/write |
Indicates Diffie Hellman group used during main mode IKE negotiation, as specified in [RFC5996]. Values: Group1, Group2, Group14, ECP256, ECP384, or Group24. |
ipsecConfiguration.mainMode.integrityAlgorithm |
Read/write |
Indicates Integrity algorithm used during main mode IKE negotiation, as specified in [RFC4306]. Values: MD5, SHA196, SHA256, or SHA384. |
ipsecConfiguration.mainMode.encryptionAlgorithm |
Read/write |
Indicates cipher algorithm used during main mode IKE negotiation. Values: DES, DES3, AES128, AES192,or AES256. |
ipsecConfiguration.mainMode.saLifeTimeSeconds |
Read/write |
Indicates life time of security association (SA) in seconds, as specified in [RFC4301]. |
ipsecConfiguration.mainMode.saLifeTimeKilobytes |
Read/write |
Indicates life time of SA in Kilobytes. Ignored by IPsec. |
ipsecConfiguration.quickMode |
Read/write |
Quick mode IPsec configuration. |
ipsecConfiguration.quickMode.perfectForwardSecrecy |
Read/write |
Indicates whether Perfect Forward Secrecy is enabled or not. If enabled specifies the algorithm. Values: None, PFS1, PFS2, PFS2048, PFS14, ECP256, ECP384, PFSMM, or PFS24. |
ipsecConfiguration.quickMode.cipherTransformationConstant |
Read/write |
Indicates the encryption algorithm used for data traffic. Values: None, DES, CBCDES, DES3, CBCDES3, AES128, AES192, AES256, AES128CBC, AES192CBC, AES256, GCMAES128, GCMAES192, or GCMAES256. |
ipsecConfiguration.quickMode.authenticationTranformationConstant |
Read/write |
Indicates the authentication transform used for data traffic. Values: None, MD596, SHA196, SHA256, GCMAES128, GCMAES192, GCMAES256. |
ipsecConfiguration.quickMode.saLifeTimeSeconds |
Read/write |
Indicates life time of SA in seconds. |
ipsecConfiguration.quickMode.saLifeTimeKilobytes |
Read/write |
Indicates life time of SA in Kilobytes. |
ipsecConfiguration.quickMode.idleDisconnectSeconds |
Read/write |
Indicates idle time after which SA is disconnected. |
ipsecConfiguration.localVpnTrafficSelector |
Read/write |
Indicates collection of IPsec TrafficSelectors on the host side. |
ipsecConfiguration.localVpnTrafficSelector.Type |
Read/write |
Indicates whether traffic is IPv4 or IPv6. |
ipsecConfiguration.localVpnTrafficSelector.ProtocolId |
Read/write |
Indicates IP protocol ID (UDP, TCP, or ICMP). |
ipsecConfiguration.localVpnTrafficSelector.PortStart |
Read/write |
Indicates start of port range. |
ipsecConfiguration.localVpnTrafficSelector.PortEnd |
Read/write |
Indicates end of port range. |
ipsecConfiguration.localVpnTrafficSelectorIpAddressStart |
Read/write |
Indicates start of IP addresses. |
ipsecConfiguration.localVpnTrafficSelector.IpAddressEnd |
Read/write |
Indicates end of IP addresses. |
ipsecConfiguration.localVpnTrafficSelector.tsPayloadId |
Read/write |
Indicates the ID of theTrafficSelector payload. |
ipsecConfiguration.remoteVpnTrafficSelector |
Read/write |
Indicates collection of IPsec TrafficSelectors on the tenant side. |
ipsecConfiguration.remoteVpnTrafficSelector.Type |
Read/write |
Indicates whether traffic is IPv4 or IPv6. |
ipsecConfiguration.remoteVpnTrafficSelector.ProtocolId |
Read/write |
Indicates IP protocol ID (UDP, TCP, or ICMP). |
ipsecConfiguration.remoteVpnTrafficSelector.PortStart |
Read/write |
Indicates start of port range. |
ipsecConfiguration.remoteVpnTrafficSelector.PortEnd |
Read/write |
Indicates end of port range. |
ipsecConfiguration.remoteVpnTrafficSelector.IpAddressStart |
Read/write |
Indicates start of IP addresses. |
ipsecConfiguration.remoteVpnTrafficSelector.IpAddressEnd |
Read/write |
Indicates end of IP addresses. |
IpAddress |
Read/write |
Indicates ConnecTo Address to which peers connect to and which is the source IP address in egress direction. This would be the VIP. |
ipAddresses |
Read/write |
IP assigned in the tenant compartment for L3 interface. |
ipAddresses.ipAddress |
Read/write |
IP address for L3 interface in tenant compartment. |
ipAddress.prefixLength |
Read/write |
Prefix length of the IP address. |
PeerIpAddress |
Read/write |
Indicates peer IP address to which connection is made. Used by L3 interface. |
SourceIPAddress |
Read/write |
Indicates sourceIPAddress used by the tunnel. Applicable to IKEv2 and GRE. |
destinationIpAddress |
Read/write |
Indicates destination ip address of the tunnel. Applicable to IKEv2 and GRE. |
routes |
Read/write |
An array that lists of all the routes (static and those learned via BGP) on the network Interface. Traffic matching the routes is transmitted on the network Interface. |
routes.destinationPrefix |
Required |
Prefix with subnet of the routes. |
routes.nextHop |
Optional |
Next Hop of the routes. Is significant only for L3 connections. Has no significance for point to point connections such as IPsec and GRE. |
routes.metric |
Optional |
Indicates Metric of the route. |
routes.protocol |
Read-only |
Indicates how the route is learnt/added (static |
ConnectionStatus |
Read/write |
Indicates administrative status of connection. Values: Enabled or Disabled. |
ConnectionState |
Read/write |
Indicates operational status of connection. Values: Connected or Disconnected. |
statistics |
Read-only |
Statistics of the connection. |
statistics.outboundBytes |
Read-only |
Indicates number of bytes transmitted. |
statistics.inboundBytes |
Read-only |
Indicates number of bytes received. |
statistics.rxTotalPacketdDropped |
Read-only |
Indicates number of packets dropped in ingress (receiving (Rx)) direction. |
statistics.txTotalPacketsDropped |
Read-only |
Indicates number of packets dropped in egress (transmitting (Tx)) direction. |
statistics.txRateKbps |
Read-only |
Indicates rate at which traffic is going out in Kbps. |
statistics.rxRateKbps |
Read-only |
Indicates rate at which traffic is coming in Kbps. |
statistics.txRateLimitedPacketsDropped |
Read-only |
Indicates number of packets dropped in egress direction due to rate limiting. |
statistics.rxRateLimitedPacketsDropped |
Read-only |
Indicates number of packets dropped in ingress direction due to rate limiting. |
statistics.lastUpdated |
Read-only |
Indicates the time the statistics were last updated. |
ConnectionUpTime |
Read-only |
Indicates operations up time of the connection in seconds. |
ConnectionErrorReason |
Read-only |
Indicates the reason for not being able to connect after dialling in the previous attempt. |
unreachabilityReason |
Read-only |
Indicates the reason for not being able to connect/dial in the previous attempt. |
greConfiguration |
Read/write |
Indicates details of GRE configuration. |
greConfiguration.greKey |
Read/write |
Indicates GRE key. |
l3Configuration |
Read/write |
Indicates details of L3 configuration. |
l3Configuration.vlanSubnet |
Read/write |
Reference to a logical subnet of L3 connection. |
gateway |
ResourceRef |
Reference of the gateway on which the connection exists. |
configurationState |
Optional Read-only |
Indicates the last known running state of this connection. See specification in section 2.2.4. More details are given in the section for the GET operation section 3.1.5.17.4.1.2. |