Hermes Agent Kafka API

--- tags: hermes agent --- [TOC] # Hermes Agent Kafka API - REQ_TOPIC = sdwan.device.req - RES_TOPIC = sdwan.device.res ## IPSec ~~~=json # GET Req: { devices: ["UUID"], type: "ipsec", action: GET options: {} } # POST Req: { devices: ["SDWAN-xx-xx-xx"], type: "ipsec", action: POST options: { "name": "testvpn", "hostname": "SDWAN-xx-xx-xx-xx-xx-xx", "local_wan_ip": "192.168.1.178", "local_lan_cidr": "10.0.0.1/24", "remote_wan_ip": "192.168.1.168", "remote_lan_cidr": "10.0.1.1/24", "secret_psk": "uZuhUhcyPM7Hr6X7gtEZjWvN" } } # DELETE Req: { devices: ["SDWAN-xx-xx-xx"], type: "ipsec", action: DELETE options: { "name": ["ipsec_name"], # list of str } } # ENABLE Req: { devices: ["UUID"], type: "ipsec", action: ENABLE options: { "name": "testvpn" } } # DISABLE Req: { devices: ["UUID"], type: "ipsec", action: DISABLE options: { "name": "testvpn" } } ~~~ ## Tunnel Status - GET Req ~~~=json # GET Req: { devices: ["UUID"], type: "tunnel", action: GET options: {} } ~~~ - GET Res ~~~=json { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "tunnel", action: GET options: { "tunnel_list": [ { name: "wan", public_ip: "210.61.28.239", local_ip: "192.168.1.1", role: "main", igate_name: "", igate_ip: "", status: true / false, }, {...} ] }, status_code: 200, 400, 500, error: "123" } ~~~ ## Syslog - GET Req ~~~=json # GET Req: { devices: ["UUID"], type: "syslog", action: GET options: {} } ~~~ - GET Res ~~~=json { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "syslog", action: GET options: { syslog: "123" }, status_code: 200, error: "123" } ~~~ ## Bandwidth :::danger Note: offline wan can not measure! ::: - GET Req ~~~=json # GET Req: { devices: ["UUID"], type: "bandwidth", action: POST options: { 'name': "wan / wan2 / wan3" } } ~~~ - GET Res ~~~=json { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "bandwidth", action: POST options: { 'name': "wan", 'bandwidth': { 'up': <float>, 'down': <float>, 'unit': "bps" # string } }, status_code: 200, error: "123" } ~~~ ## WAN - GET Req ~~~=json # GET Req: { devices: ["UUID"], type: "wan", action: GET options: { 'name': "wan / wan2 / wan3" } } ~~~ - GET Res ~~~=json { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "wan", action: GET options: { 'name': "wan", 'traffic': { 'download': # Byte 'upload': # Byte }, 'performance': { 'latency': # ms 'jitter': # ms 'packet_loss': # % }, 'bandwidth': { 'download': # Mbps 'upload': # Mbps } 'status': true / false }, status_code: 200, error: "123" } ~~~ - POST Req ~~~=json { devices: ["UUID"], type: "wan", action: ENABLE / DISABLE options: { "wan_list": ["wan", "wan2", "wan3"] } } ~~~ ## Device Resource - GET - GET Req ~~~=json # GET Req: { devices: ["UUID"], type: "device_resource", action: GET options: {} } ~~~ - GET Res ~~~=json { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "device_resource", action: GET options: { local_time: "", uptime: , <int> second cpu: "", mem: "", }, status_code: 200, error: "123" } ~~~ ## Device Diagnostics - Enable Req ~~~=json { devices: ["UUID"], type: "diagnostics", action: ENABLE options: { "tool": "ping / traceroute", "target": "8.8.8.8" } } ~~~ - Enable Res ~~~=json { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "diagnostics", action: ENABLE options: { result: "str" }, status_code: 200, error: "123" } ~~~ ## Physical Port Status - GET Req ~~~=json # GET Req: { devices: ["UUID"], type: "physical_port_status", action: GET options: {} } ~~~ - GET Res ~~~=json { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "physical_port_status", action: GET options: { 'interface_list':[ 'interface': 'eth0', 'host_os_port': 'enp0s20f0' 'front_port': "3", 'status': true / false ] }, status_code: 200, error: "123" } ~~~ ## Device update - POST Req ~~~=json { devices: ["UUID"], type: "update", action: POST options: { "version": "v2.1.0-20220307" } } ~~~ - POST Res ~~~=json { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "update", action: POST options: { "version": "v2.1.0-20220307", "stage": "Fetching package", "progress": 0~100 "complete": True/False }, status_code: 200, error: "123" } ~~~ ## DHA group - GET ~~~=json # GET Req: { devices: ["UUID"], type: "dha", action: GET options: {} } # GET Res: { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "dha", action: GET options: { name: "groupA", role: "master/slave" activate: True/False }, status_code: 200, error: "123" } ~~~ - POST dha data ~~~=json # POST Req { devices: ["SDWAN-xx-xx-xx-xx-xx-xx"], type: "dha", action: POST options: { name: "groupA", role: "master/slave", priority: 0, sync_interval: 10, sync: { interface: "eth4", ip: "10.94.87.5", netmask: "255.255.255.0" } master: { name: "SDWAN-xx", priority: 0, ip: "10.94.87.1" } slave_list: [ { name: "SDWAN-xx-xx-xx" priority: 0, ip: "10.94.87.2" }, { name: "SDWAN-xx-xx-xx" priority: 1, ip: "10.94.87.3" }, ] } } # POST res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "dha", action: POST options: { "name": "groupA", "stage": "setup sync interface", "progress": 0~100 "complete": True/False }, status_code: 200, error: "123" } ~~~ - PUT ~~~=json # PUT Req { devices: ["UUID"], type: "dha", action: PUT options: { name: "groupA" slave_list: [ { name: "SDWAN-xx-xx-xx", ip: "10.94.87.2", priority: 1 }, { name: "SDWAN-xx-xx-xx", ip: "10.94.87.3", priority: 3 }, ] } } # PUT res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "dha", action: PUT options: { name: "groupA", role: "master/slave" activate: True/False }, status_code: 200, error: "123" } ~~~ - DELETE ~~~=json # DELETE Req { devices: ["UUID"], type: "dha", action: DELETE options: { name: "groupA" } } # DELETE res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "dha", action: PUT options: {}, status_code: 200, error: "123" } ~~~ ## Flow Entries - GET Req ~~~=json # GET Req: { devices: ["SDWAN-xx-xx-xx"], type: "ovsflows", action: GET options: {} } ~~~ - GET Res ~~~=json { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "ovsflows", action: GET options: { ovsflows: [ { "lan_name": "lan", "flows": "1233342124123" }, { "lan_name": "lan2", "flows": "fiwuhegiguwgvcwcv" } ] }, status_code: 200, error: "123" } ~~~ ## Live Monitoring - Enable Req ```=json { devices: ["SDWAN-xx-xx-xx"], type: "live_monitoring", action: ENABLE options: {} } ``` - Diable Req ```=json { devices: ["SDWAN-xx-xx-xx"], type: "live_monitoring", action: DISABLE options: {} } ``` ## SSL VPN VTEP - GET ```=json # GET Req { devices: ["SDWAN-xx-xx-xx"], type: "sslvpn_vtep", action: GET options: {} } # GET Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "sslvpn_vtep", action: GET options: { "vtep_configs" : [ { "name": "vtep_name", # str "device_name": "SDWAN-xx-xx-xx-xx-xx-xx", # str, device_name "mode": "L2/L3", # str, L2, L3 "description": "vtep_description", # str "ip": "l3_wan ip", # Only L3, otherwise None "netmask": "255.255.255.0", # Only L3, otherwise None "user": "xxxx", # Device Manager self generate "pass": "xxxx", # Device Mangaer self generate "enable": true, "status": true, },... ], status_code: 200, error: "Error message here" } ``` - POST ```=json # POST Req { devices: ["SDWAN-xx-xx-xx"], type: "sslvpn_vtep", action: POST options: { "name": "vtep_name", # str "device_name": "SDWAN-xx-xx-xx-xx-xx-xx", # str, device_name "mode": "L2/L3", # str, L2, L3 "description": "vtep_description", # str "ip": "l3_wan ip", # Only L3, otherwise None "netmask": "255.255.255.0", # Only L3, otherwise None "user": "xxxx", # Device Manager self generate "pass": "xxxx", # Device Mangaer self generate } } # POST Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "sslvpn_vtep", action: POST options: { }, status_code: 200, error: "Error message here" } ``` - PUT ```=json # PUT Req { devices: ["SDWAN-xx-xx-xx"], type: "sslvpn_vtep", action: PUT options: { "name": "vtep_name", # str "device_name": "SDWAN-xx-xx-xx-xx-xx-xx", # str, device_name "mode": "L2/L3", # str, L2, L3 "description": "vtep_description", # str "ip": "l3_wan ip", # Only L3, otherwise None "netmask": "255.255.255.0", # Only L3, otherwise None "user": "xxxx", # Device Manager self generate "pass": "xxxx", # Device Mangaer self generate } } # PUT Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "sslvpn_vtep", action: PUT options: { }, status_code: 200, e ``` - DELETE ```=json # DELETE Req { devices: ["SDWAN-xx-xx-xx"], type: "sslvpn_vtep", action: DELETE options: { "name": ["vtep_name"], # list of str } } # DELETE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "sslvpn_vtep", action: DELETE options: { }, status_code: 200, error: "" ``` - ENABLE ```=json # ENABLE Req { devices: ["SDWAN-xx-xx-xx"], type: "sslvpn_vtep", action: ENABLE options: { "name": ["vtep_name"], # list of str } } # ENABLE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "sslvpn_vtep", action: ENABLE options: { same as GET result }, status_code: 200, error: "" ``` - DISABLE ```=json # DISABLE Req { devices: ["SDWAN-xx-xx-xx"], type: "sslvpn_vtep", action: ENABLE options: { "name": ["vtep_name"], # list of str } } # DISABLE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "sslvpn_vtep", action: DISABLE options: { same as GET res }, status_code: 200, error: "" ``` ## SSL VPN Connection - GET ```=json # GET Req { devices: ["SDWAN-xx-xx-xx"], type: "sslvpn_connection", action: GET options: {} } # GET Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "sslvpn_connection", action: GET options: { "sslvpn_connections": [ { "name": "connection_name", # str "device_name": "SDWAN-xx-xx-xx-xx-xx-xx", "description": "connection description", # str "src_vtep": { # SSLVPN VTEP Model }, "target_vtep": { "type": "customize/device", "vtep_data": { # SSLVPN VTEP Model }, "wan_data": { "wan_ip_list": [], # If custumize, self define "port": 1194, } } "enable": true, "status": true },... ] } status_code: 200, error: "Error message here" } ``` - POST ```=json # POST Req { devices: ["SDWAN-xx-xx-xx"], type: "sslvpn_connection", action: POST options: { "name": "connection_name", # str "device_name": "SDWAN-xx-xx-xx-xx-xx-xx", # str, source device_name "description": "connection description", # str "src_vtep": { # SSLVPN VTEP Model }, "target_vtep": { "type": "customize/device", # str, Literal "vtep_data": { # SSLVPN VTEP Model }, "wan_data": { "wan_ip_list": [], # If custumize, self define "port": 1194, # Default 1194, if custumize need fill itself } } } } # POST Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "sslvpn_connection", action: POST options: { } status_code: 200, error: "Error message here" } ``` - PUT ```=json # PUT Req { devices: ["SDWAN-xx-xx-xx"], type: "sslvpn_connection", action: PUT options: { "name": "connection_name", # str "device_name": "SDWAN-xx-xx-xx-xx-xx-xx", # str, source device_name "description": "connection description", # str "src_vtep": { # SSLVPN VTEP Model }, "target_vtep": { "type": "customize/device", # str, Literal "vtep_data": { # SSLVPN VTEP Model }, "wan_data": { "wan_ip_list": [], # If custumize, self define "port": 1194, # Default 1194, if custumize need fill itself } } } } # PUT Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "sslvpn_connection", action: PUT options: { } status_code: 200, error: "Error message here" } ``` - DELETE ```=json # DELETE Req { devices: ["SDWAN-xx-xx-xx"], type: "sslvpn_connection", action: DELETE options: { "name": ["connection_name"], # list of str } } # DELETE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "sslvpn_connection", action: DELETE options: { } status_code: 200, error: "Error message here" } ``` - ENABLE ```=json # ENABLE Req { devices: ["SDWAN-xx-xx-xx"], type: "sslvpn_connection", action: ENABLE options: { "name": ["connection_name"], # list of str } } # ENABLE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "sslvpn_connection", action: ENABLE options: { same as GET res } status_code: 200, error: "Error message here" } ``` - DISABLE ```=json # DISABLE Req { devices: ["SDWAN-xx-xx-xx"], type: "sslvpn_connection", action: DISABLE options: { "name": ["connection_name"], # list of str } } # DISABLE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "sslvpn_connection", action: DISABLE options: { same as GET res } status_code: 200, error: "Error message here" } ``` ## Load Balancing - GET ```=json # GET Req { devices: ["SDWAN-xx-xx-xx"], type: "lb", action: GET options: {} } # POST Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "lb", action: GET options: { "member": [ { "name": "wan_p1w2", "interface": "wan", (wan name) "priority": 1, "weight": 2 }, { "name": "wan2_p1w1", "interface": "wan2", (wan name) "priority": 1, "weight": 1 } ], "policy": [ { "name": "wan_only", "member_list": ["wan_p1w2"], }, { "name": "lb_wan_wan2", "member_list": ["wan_p1w2", "wan2_p1w1"] } ], "rule": [ { "name": "For SD-Branch", "mode": "local/sdbranch/L7", "type": "src_ip_hash", "policy": "lb_wan_wan2" } ] } status_code: 200, error: "Error message here" } ``` - POST ```=json # POST Req { devices: ["SDWAN-xx-xx-xx"], type: "lb", action: POST options: { "member": [ { "name": "wan_p1w2", "interface": "wan", (wan name) "priority": 1, "weight": 2 }, { "name": "wan2_p1w1", "interface": "wan2", (wan name) "priority": 1, "weight": 1 } ], "policy": [ { "name": "wan_only", "member_list": ["wan_p1w2"], "mode": "active_active / active_backup", # default: active_active "sla": { jitter: latency: packet_loss: } }, { "name": "lb_wan_wan2", "member_list": ["wan_p1w2", "wan2_p1w1"], "mode": "active_active / active_backup", "sla": { jitter: latency: packet_loss: } } ], "rule": [ { "name": "For SD-Branch", "mode": "local/sdbranch/L7", "type": "src_ip_hash", "policy": "lb_wan_wan2", "dst_subnet": "0.0.0.0/0" # option 若沒填則default 0.0.0.0/0 "dst_port": "443", # option 若沒填則default 不設定 "group_id_list": [1, 2], # option, "all_group": true # option, default False } ] } } # POST Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "lb", action: POST options: { "member": [ { "name": "wan_p1w2", "interface": "wan", (wan name) "priority": 1, "weight": 2 }, { "name": "wan2_p1w1", "interface": "wan2", (wan name) "priority": 1, "weight": 1 } ], "policy": [ { "name": "wan_only", "member_list": ["wan_p1w2"], }, { "name": "lb_wan_wan2", "member_list": ["wan_p1w2", "wan2_p1w1"] } ], "rule": [ { "name": "For SD-Branch", "mode": "local/sdbranch/L7", "type": "src_ip_hash", "policy": "lb_wan_wan2" "enable": true } ] } status_code: 200, error: "Error message here" } ``` - DELETE ```=json # DELETE Req { devices: ["SDWAN-xx-xx-xx"], type: "lb", action: DELETE options: { "member": ["member_name"], # list of str "policy": ["policy_name"], "rule": ["rule_name"] } } # DELETE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "lb", action: DELETE options: { "member": [ { "name": "wan_p1w2", "interface": "wan", (wan name) "priority": 1, "weight": 2 }, { "name": "wan2_p1w1", "interface": "wan2", (wan name) "priority": 1, "weight": 1 } ], "policy": [ { "name": "wan_only", "member_list": ["wan_p1w2"], }, { "name": "lb_wan_wan2", "member_list": ["wan_p1w2", "wan2_p1w1"] } ], "rule": [ { "name": "For SD-Branch", "mode": "local/sdbranch/L7", "type": "src_ip_hash", "policy": "lb_wan_wan2" "enable": true } ] } status_code: 200, error: "Error message here" } ``` - ENABLE ```=json # ENABLE Req { devices: ["SDWAN-xx-xx-xx"], type: "lb", action: ENABLE options: { "rule": ["rule_name"], # list of str } } # ENABLE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "lb", action: ENABLE options: { same as GET res } status_code: 200, error: "Error message here" } ``` - ENABLE ```=json # DISABLE Req { devices: ["SDWAN-xx-xx-xx"], type: "lb", action: DISABLE options: { "rule": ["rule_name"], # list of str } } # DISABLE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "lb", action: DISABLE options: { same as GET res } status_code: 200, error: "Error message here" } ``` ## iGate Connection ```=json # GET Req { devices: ["SDWAN-xx-xx-xx"], type: "igate_connection", action: GET options: {} } # GET Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "igate_connection", action: GET options: { igate_list: [ { name: "KYUSHU_gateway", wan_pair: [ { wan_name: "wan", #(device wan name) pair_ip: "209.21.66.196" #(igate ip) }, { wan_name: "wan2", #(device wan name) pair_ip: "209.21.88.196" #(igate ip) } ], enable: true, status: -1, 0, 1 (-1: red, 0: orange, 1: green) } ] } status_code: 200, error: "Error message here" } ``` ```=json # POST Req { devices: ["SDWAN-xx-xx-xx"], type: "igate_connection", action: POST options: { igate_list: [ { name: "KYUSHU_gateway", wan_pair: [ { wan_name: "wan", #(device wan name) pair_ip: "209.21.66.196" #(igate ip) }, { wan_name: "wan2", #(device wan name) pair_ip: "209.21.88.196" #(igate ip) } ] } ] } } # POST Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "igate_connection", action: POST options: { igate_list: [ { name: "KYUSHU_gateway", wan_pair: [ { wan_name: "wan", #(device wan name) pair_ip: "209.21.66.196" #(igate ip) }, { wan_name: "wan2", #(device wan name) pair_ip: "209.21.88.196" #(igate ip) } ], enable: true, status: -1, 0, 1 (-1: red, 0: orange, 1: green) } ] } status_code: 200, error: "Error message here" } ``` ## QoS - GET ```=json # GET Req { devices: ["SDWAN-xx-xx-xx"], type: "qos", action: GET options: {} } # GET Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "qos", action: GET options: { "rate_limit": [ { "name": "XXX", #string "id": 1, #int, generated by device_manager "rate": 1000, #int,kbits "burst": 1000, #int,kbits },... ], "queue": [ { "interface": "eth0", #string "setup": [ { "id": 0, #int "priority": 0, #int, default value is -1 "min_rate": 10000 #int, bits/sec, default value is 0 },... ] },... ], "rule": [ { "name": "test_rule", #string "lans": ["ovs-br",...], #string list, can have more than one lan to apply rule "target": "X.X.X.X/X", #string, for any ip/32 or subnet/X "rate_limit": "X", #string, meter name, module will get meter_id by name, default value is "" "queue": X, #int, queue id, default value is 0 "enable": true/false, #boolean, Apply rule or not "direction": "upstream/downstream" #(optional) string, we will only apply donwstream in this version },... ] } status_code: 200, error: "Error message here" } ``` - POST ```=json # POST Req { devices: ["SDWAN-xx-xx-xx"], type: "qos", action: POST options: { "rate_limit": [ { "name": "XXX", #string "id": 1, #int, generated by device_manager "rate": 1000, #int,kbits "burst": 1000, #int,kbits },... ], "queue": [ { "interface": "eth0", #string "setup": [ { "id": 0, #int "priority": 0, #int, default value is -1 "min_rate": 10000 #int, bits/sec, default value is 0 },... ] },... ], "rule": [ { "name": "test_rule", #string "lans": ["ovs-br",...], #string list, can have more than one lan to apply rule "target": "X.X.X.X/X", #string, for any ip/32 or subnet/X "rate_limit": "X", #string, meter name, module will get meter_id by name, default value is "" "queue": X, #int, queue id, default value is 0 "enable": true/false, #boolean, Apply rule or not "direction": "upstream/downstream" #(optional) string, we will only apply donwstream in this version },... ] } } # POST Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "lb", action: POST options: { "rate_limit": [ { "name": "XXX", #string "id": 1, #int, generated by device_manager "rate": 1000, #int,kbits "burst": 1000, #int,kbits },... ], "queue": [ { "interface": "eth0", #string "setup": [ { "id": 0, #int "priority": 0, #int, default value is -1 "min_rate": 10000 #int, bits/sec, default value is 0 },... ] },... ], "rule": [ { "name": "test_rule", #string "lans": ["ovs-br",...], #string list, can have more than one lan to apply rule "target": "X.X.X.X/X", #string, for any ip/32 or subnet/X "rate_limit": "X", #string, meter name, module will get meter_id by name, default value is "" "queue": X, #int, queue id, default value is 0 "enable": true/false, #boolean, Apply rule or not "direction": "upstream/downstream" #(optional) string, we will only apply donwstream in this version },... ] } status_code: 200, error: "Error message here" } ``` - DELETE ```=json # DELETE Req { devices: ["SDWAN-xx-xx-xx"], type: "qos", action: DELETE options: { "member": [], # list of str "policy": [], "rule": [] } } # DELETE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "qos", action: DELETE options: { "rate_limit": [ { "name": "XXX", #string "id": 1, #int, generated by device_manager "rate": 1000, #int,kbits "burst": 1000, #int,kbits },... ], "queue": [ { "interface": "eth0", #string "setup": [ { "id": 0, #int "priority": 0, #int, default value is -1 "min_rate": 10000 #int, bits/sec, default value is 0 },... ] },... ], "rule": [ { "name": "test_rule", #string "lans": ["ovs-br",...], #string list, can have more than one lan to apply rule "target": "X.X.X.X/X", #string, for any ip/32 or subnet/X "rate_limit": "X", #string, meter name, module will get meter_id by name, default value is "" "queue": X, #int, queue id, default value is 0 "enable": true/false, #boolean, Apply rule or not "direction": "upstream/downstream" #(optional) string, we will only apply donwstream in this version },... ] } status_code: 200, error: "Error message here" } ``` - ENABLE ```=json # ENABLE Req { devices: ["SDWAN-xx-xx-xx"], type: "lb", action: ENABLE options: { "rule": ["rule_name"], # list of str } } # ENABLE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "lb", action: ENABLE options: { same as GET res } status_code: 200, error: "Error message here" } ``` - ENABLE ```=json # DISABLE Req { devices: ["SDWAN-xx-xx-xx"], type: "lb", action: DISABLE options: { "rule": ["rule_name"], # list of str } } # DISABLE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "lb", action: DISABLE options: { same as GET res } status_code: 200, error: "Error message here" } ``` ## NGFW - GET ```=json # GET Req { devices: ["SDWAN-xx-xx-xx"], type: "ngfw", action: GET options: {} } # GET Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "ngfw", action: GET options: options: { "ngfw_list": [ { "name": "vtep1", "app_id": "youtube", "action": "drop", "customize": false, "customize_info": { "url": "", "ip": "", "port": 0, "proto": "" } "enable": true, "match_packets": 2048 } ] } status_code: 200, error: "Error message here" } ``` - POST ```=json # POST Req { devices: ["SDWAN-xx-xx-xx"], type: "ngfw", action: POST options: { "name": "vtep1", "filter_type": "application, protocol" "category_name": "games", "application_name": "youtube", "protocol_name": "SIP" "action": "drop", "customize": false, "customize_info": { "url": "", "ip": "", "port": 0, "proto": "" } } } # POST Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "ngfw", action: POST options: { "name": "vtep1", "category": "", "app_id": "youtube", "action": "drop", "customize": false, "customize_info": { "url": "", "ip": "", "port": 0, "proto": "" } } status_code: 200, error: "Error message here" } ``` - DELETE ```=json # DELETE Req { devices: ["SDWAN-xx-xx-xx"], type: "ngfw", action: DELETE options: { "name": ["connection_name"], # list of str } } # DELETE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "ngfw", action: DELETE options: { } status_code: 200, error: "Error message here" } ``` - ENABLE ```=json # ENABLE Req { devices: ["SDWAN-xx-xx-xx"], type: "ngfw", action: ENABLE options: { "name": ["ngfw_name"], # list of str } } # ENABLE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "ngfw", action: ENABLE options: { same as GET result }, status_code: 200, error: "" } ``` - DISABLE ```=json # DISABLE Req { devices: ["SDWAN-xx-xx-xx"], type: "ngfw", action: DISABLE options: { "name": ["ngfw_name"], # list of str } } # DISABLE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "ngfw", action: DISABLE options: { same as GET result }, status_code: 200, error: "" } ``` ## IDS/IPS ### IDS/IPS installation - GET ```=json # GET Req { devices: ["SDWAN-xx-xx-xx"], type: "idsips", action: GET options: {} } # GET Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "idsips", action: GET options: { status: True/False } status_code: 200, error: "Error message here" } ``` - ENABLE ```=json # ENABLE Req { devices: ["SDWAN-xx-xx-xx"], type: "idsips", action: ENABLE options: {} } # ENABLE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "idsips", action: ENABLE options: { "stage": "Install Package...", "progress": 10, "complete": True/False }, status_code: 200, error: "" } ``` - DISABEL ```=json # DISABLE Req { devices: ["SDWAN-xx-xx-xx"], type: "idsips", action: DISABLE options: {} } # DISABLE Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "idsips", action: DISABLE options: { "stage": "Remove IDS/IPS packages...", "progress": 50, "complete": False }, status_code: 200, error: "" } ``` ### IDS/IPS Interfaces (follow SSL VTEP type) :::info Search Method List ![](https://hackmd.io/_uploads/Sy3zU9w_o.png) ["AC-BNFA", "AC-SPLIT", "LOWMEM", "AC-STD", "AC", "AC-NQ", "AC-BNFA-NQ", "LOWMEM-NQ", "AC-BANDED", "ACS", "AC-SPARSEBANDS"] ::: :::success Rule List ["DDos", "Malware", "ToR", "Worm", "P2P", "SPAM"] ::: - POST ```=json # POST Req { devices: ["SDWAN-xx-xx-xx"], type: "idsips_interface", action: POST options: { "name": "wan2", "interface": "eth2", "mode": "tap / inline", "search_method": "AC-BNFA", # Check list as following "rule_set": ["". ""], # Check list here: "description": "" } } # POST Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "ngfw", action: POST options: { "name": "wan2", "interface": "eth2", "mode": "tap / inline", "search_method": "AC-BNFA", # Check list as following "rule_set": ["". ""], # Check list here: "description": "" } status_code: 200, error: "Error message here" } ``` ### IDS/IPS Alert - GET ```=json ``` ### IDS/IPS Blocked - GET ```=json ``` - POST ```=json # POST Req { devices: ["SDWAN-xx-xx-xx"], type: "idsips_block", action: POST options: { "name": "blocked_test", "ip": "", "port": "", "alert_description": "", } } # POST Res { device_id: "UUID", device: "SDWAN-xx-xx-xx-xx-xx-xx", type: "idsips_block", action: POST options: { "name": "blocked_test", "ip": "", "port": "", "alert_description": "", } status_code: 200, error: "Error message here" } ```