neutron

bgp dragent add speaker

Add a BGP speaker to a dynamic routing agent

openstack bgp dragent add speaker <agent-id> <bgp-speaker>
agent-id

ID of the dynamic routing agent

bgp-speaker

ID or name of the BGP speaker

This command is provided by the python-neutronclient plugin.

bgp dragent remove speaker

Removes a BGP speaker from a dynamic routing agent

openstack bgp dragent remove speaker <agent-id> <bgp-speaker>
agent-id

ID of the dynamic routing agent

bgp-speaker

ID or name of the BGP speaker

This command is provided by the python-neutronclient plugin.

bgp peer create

Create a BGP peer

openstack bgp peer create
    --peer-ip <peer-ip-address>
    --remote-as <peer-remote-as>
    [--auth-type <peer-auth-type>]
    [--password <auth-password>]
    [--project <project>]
    [--project-domain <project-domain>]
    <name>
--peer-ip <peer-ip-address>

Peer IP address

--remote-as <peer-remote-as>

Peer AS number. (Integer in [1, 65535] is allowed)

--auth-type <peer-auth-type>

Authentication algorithm. Supported algorithms: none (default), md5

--password <auth-password>

Authentication password

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

name

Name of the BGP peer to create

This command is provided by the python-neutronclient plugin.

bgp peer delete

Delete a BGP peer

openstack bgp peer delete <bgp-peer>
bgp-peer

BGP peer to delete (name or ID)

This command is provided by the python-neutronclient plugin.

bgp peer list

List BGP peers

openstack bgp peer list [--sort-column SORT_COLUMN]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

This command is provided by the python-neutronclient plugin.

bgp peer set

Update a BGP peer

openstack bgp peer set
    [--name NAME]
    [--password <auth-password>]
    <bgp-peer>
--name <NAME>

Updated name of the BGP peer

--password <auth-password>

Updated authentication password

bgp-peer

BGP peer to update (name or ID)

This command is provided by the python-neutronclient plugin.

bgp peer show

Show information for a BGP peer

openstack bgp peer show <bgp-peer>
bgp-peer

BGP peer to display (name or ID)

This command is provided by the python-neutronclient plugin.

bgp speaker add network

Add a network to a BGP speaker

openstack bgp speaker add network <bgp-speaker> <network>
bgp-speaker

BGP speaker (name or ID)

network

Network to add (name or ID)

This command is provided by the python-neutronclient plugin.

bgp speaker add peer

Add a peer to a BGP speaker

openstack bgp speaker add peer <bgp-speaker> <bgp-peer>
bgp-speaker

BGP speaker (name or ID)

bgp-peer

BGP Peer to add (name or ID)

This command is provided by the python-neutronclient plugin.

bgp speaker create

Create a BGP speaker

openstack bgp speaker create
    --local-as <local-as>
    [--ip-version {4,6}]
    [--advertise-floating-ip-host-routes]
    [--no-advertise-floating-ip-host-routes]
    [--advertise-tenant-networks]
    [--no-advertise-tenant-networks]
    [--project <project>]
    [--project-domain <project-domain>]
    <name>
--local-as <local-as>

Local AS number. (Integer in [1, 65535] is allowed.)

--ip-version <IP_VERSION>

IP version for the BGP speaker (default is 4)

--advertise-floating-ip-host-routes

Enable the advertisement of floating IP host routes by the BGP speaker. (default)

--no-advertise-floating-ip-host-routes

Disable the advertisement of floating IP host routes by the BGP speaker.

--advertise-tenant-networks

Enable the advertisement of tenant network routes by the BGP speaker. (default)

--no-advertise-tenant-networks

Disable the advertisement of tenant network routes by the BGP speaker.

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

name

Name of the BGP speaker to create

This command is provided by the python-neutronclient plugin.

bgp speaker delete

Delete a BGP speaker

openstack bgp speaker delete <bgp-speaker>
bgp-speaker

BGP speaker to delete (name or ID)

This command is provided by the python-neutronclient plugin.

bgp speaker list

List BGP speakers

openstack bgp speaker list
    [--sort-column SORT_COLUMN]
    [--agent <agent-id>]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--agent <agent-id>

List BGP speakers hosted by an agent (ID only)

This command is provided by the python-neutronclient plugin.

bgp speaker list advertised routes

List routes advertised

openstack bgp speaker list advertised routes
    [--sort-column SORT_COLUMN]
    <bgp-speaker>
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

bgp-speaker

BGP speaker (name or ID)

This command is provided by the python-neutronclient plugin.

bgp speaker remove network

Remove a network from a BGP speaker

openstack bgp speaker remove network <bgp-speaker> <network>
bgp-speaker

BGP speaker (name or ID)

network

Network to remove (name or ID)

This command is provided by the python-neutronclient plugin.

bgp speaker remove peer

Remove a peer from a BGP speaker

openstack bgp speaker remove peer <bgp-speaker> <bgp-peer>
bgp-speaker

BGP speaker (name or ID)

bgp-peer

BGP Peer to remove (name or ID)

This command is provided by the python-neutronclient plugin.

bgp speaker set

Set BGP speaker properties

openstack bgp speaker set
    [--name NAME]
    [--advertise-floating-ip-host-routes]
    [--no-advertise-floating-ip-host-routes]
    [--advertise-tenant-networks]
    [--no-advertise-tenant-networks]
    <bgp-speaker>
--name <NAME>

Name of the BGP speaker to update

--advertise-floating-ip-host-routes

Enable the advertisement of floating IP host routes by the BGP speaker. (default)

--no-advertise-floating-ip-host-routes

Disable the advertisement of floating IP host routes by the BGP speaker.

--advertise-tenant-networks

Enable the advertisement of tenant network routes by the BGP speaker. (default)

--no-advertise-tenant-networks

Disable the advertisement of tenant network routes by the BGP speaker.

bgp-speaker

BGP speaker to update (name or ID)

This command is provided by the python-neutronclient plugin.

bgp speaker show

Show a BGP speaker

openstack bgp speaker show <bgp-speaker>
bgp-speaker

BGP speaker to display (name or ID)

This command is provided by the python-neutronclient plugin.

bgp speaker show dragents

List dynamic routing agents hosting a BGP speaker

openstack bgp speaker show dragents
    [--sort-column SORT_COLUMN]
    <bgp-speaker>
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

bgp-speaker

ID or name of the BGP speaker

This command is provided by the python-neutronclient plugin.

bgpvpn create

Create BGP VPN resource

openstack bgpvpn create
    [--project <project>]
    [--project-domain <project-domain>]
    [--name <name>]
    [--route-target <route-target>]
    [--import-target <import-target>]
    [--export-target <export-target>]
    [--route-distinguisher <route-distinguisher>]
    [--vni VNI]
    [--local-pref LOCAL_PREF]
    [--type {l2,l3}]
--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--name <name>

Name of the BGP VPN

--route-target <route-target>

Add Route Target to import/export list (repeat option for multiple Route Targets)

--import-target <import-target>

Add Route Target to import list (repeat option for multiple Route Targets)

--export-target <export-target>

Add Route Target to export list (repeat option for multiple Route Targets)

--route-distinguisher <route-distinguisher>

Add Route Distinguisher to the list of Route Distinguishers from which a Route Distinguishers will be picked from to advertise a VPN route (repeat option for multiple Route Distinguishers)

--vni <VNI>

VXLAN Network Identifier to be used for this BGPVPN when a VXLAN encapsulation is used

--local-pref <LOCAL_PREF>

Default BGP LOCAL_PREF to use in route advertisementstowards this BGPVPN.

--type <TYPE>

BGP VPN type selection between IP VPN (l3) and Ethernet VPN (l2) (default: l3)

This command is provided by the python-neutronclient plugin.

bgpvpn delete

Delete BGP VPN resource(s)

openstack bgpvpn delete <bgpvpn> [<bgpvpn> ...]
bgpvpn

BGP VPN(s) to delete (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn list

List BGP VPN resources

openstack bgpvpn list
    [--sort-column SORT_COLUMN]
    [--project <project>]
    [--project-domain <project-domain>]
    [--long]
    [--property <key=value>]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--long

List additional fields in output

--property <key=value>

Filter property to apply on returned BGP VPNs (repeat to filter on multiple properties)

This command is provided by the python-neutronclient plugin.

bgpvpn network association create

Create a BGP VPN network association

openstack bgpvpn network association create
    [--project <project>]
    [--project-domain <project-domain>]
    <bgpvpn>
    <network>
--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

bgpvpn

BGP VPN to apply the network association (name or ID)

network

Network to associate the BGP VPN (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn network association delete

Delete a BGP VPN network association(s) for a given BGP VPN

openstack bgpvpn network association delete
    <network
    association
    ID>
    [<network association ID> ...]
    <bgpvpn>
network association ID

Network association ID(s) to remove

bgpvpn

BGP VPN the network association belongs to (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn network association list

List BGP VPN network associations for a given BGP VPN

openstack bgpvpn network association list
    [--sort-column SORT_COLUMN]
    [--long]
    [--property <key=value>]
    <bgpvpn>
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

--property <key=value>

Filter property to apply on returned BGP VPNs (repeat to filter on multiple properties)

bgpvpn

BGP VPN listed associations belong to (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn network association show

Show information of a given BGP VPN network association

openstack bgpvpn network association show
    <network
    association
    ID>
    <bgpvpn>
network association ID

Network association ID to look up

bgpvpn

BGP VPN the association belongs to (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn port association create

Create a BGP VPN port association

openstack bgpvpn port association create
    [--project <project>]
    [--project-domain <project-domain>]
    [--advertise-fixed-ips | --no-advertise-fixed-ips]
    [--prefix-route prefix=<cidr>[,local_pref=<integer>]]
    [--bgpvpn-route bgpvpn=<BGP VPN ID or name>[,local_pref=<integer>]]
    <bgpvpn>
    <port>
--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--advertise-fixed-ips

Fixed IPs of the port will be advertised to the BGP VPN (default)

--no-advertise-fixed-ips

Fixed IPs of the port will not be advertised to the BGP VPN

--prefix-route prefix=<cidr>[,local_pref=<integer>]

Add prefix route in CIDR notation. Optionally, can control the value of the BGP LOCAL_PREF of the routes that will be advertised (repeat option for multiple prefix routes)

--bgpvpn-route bgpvpn=<BGP VPN ID or name>[,local_pref=<integer>]

Add BGP VPN route for route leaking. Optionally, can control the value of the BGP LOCAL_PREF of the routes that will be advertised (repeat option for multiple BGP VPN routes)

bgpvpn

BGP VPN to apply the port association (name or ID)

port

Port to associate the BGP VPN (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn port association delete

Delete a BGP VPN port association(s) for a given BGP VPN

openstack bgpvpn port association delete
    <port
    association
    ID>
    [<port association ID> ...]
    <bgpvpn>
port association ID

Port association ID(s) to remove

bgpvpn

BGP VPN the port association belongs to (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn port association list

List BGP VPN port associations for a given BGP VPN

openstack bgpvpn port association list
    [--sort-column SORT_COLUMN]
    [--long]
    [--property <key=value>]
    <bgpvpn>
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

--property <key=value>

Filter property to apply on returned BGP VPNs (repeat to filter on multiple properties)

bgpvpn

BGP VPN listed associations belong to (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn port association set

Set BGP VPN port association properties

openstack bgpvpn port association set
    [--advertise-fixed-ips | --no-advertise-fixed-ips]
    [--prefix-route prefix=<cidr>[,local_pref=<integer>]]
    [--bgpvpn-route bgpvpn=<BGP VPN ID or name>[,local_pref=<integer>]]
    [--no-prefix-route]
    [--no-bgpvpn-route]
    <port
    association
    ID>
    <bgpvpn>
--advertise-fixed-ips

Fixed IPs of the port will be advertised to the BGP VPN

--no-advertise-fixed-ips

Fixed IPs of the port will not be advertised to the BGP VPN

--prefix-route prefix=<cidr>[,local_pref=<integer>]

Add prefix route in CIDR notation. Optionally, can control the value of the BGP LOCAL_PREF of the routes that will be advertised (repeat option for multiple prefix routes)

--bgpvpn-route bgpvpn=<BGP VPN ID or name>[,local_pref=<integer>]

Add BGP VPN route for route leaking. Optionally, can control the value of the BGP LOCAL_PREF of the routes that will be advertised (repeat option for multiple BGP VPN routes)

--no-prefix-route

Empty prefix route list

--no-bgpvpn-route

Empty BGP VPN route list

port association ID

Port association ID to update

bgpvpn

BGP VPN the port association belongs to (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn port association show

Show information of a given BGP VPN port association

openstack bgpvpn port association show <port association ID> <bgpvpn>
port association ID

Port association ID to look up

bgpvpn

BGP VPN the association belongs to (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn port association unset

Unset BGP VPN port association properties

openstack bgpvpn port association unset
    [--advertise-fixed-ips | --no-advertise-fixed-ips]
    [--prefix-route <cidr>]
    [--bgpvpn-route <BGP VPN ID or name>]
    [--all-prefix-routes]
    [--all-bgpvpn-routes]
    <port
    association
    ID>
    <bgpvpn>
--advertise-fixed-ips

Fixed IPs of the port will not be advertised to the BGP VPN

--no-advertise-fixed-ips

Fixed IPs of the port will be advertised to the BGP VPN

--prefix-route <cidr>

Remove prefix route in CIDR notation (repeat option for multiple prefix routes)

--bgpvpn-route <BGP VPN ID or name>

Remove BGP VPN route (repeat option for multiple BGP VPN routes)

--all-prefix-routes

Empty prefix route list

--all-bgpvpn-routes

Empty BGP VPN route list

port association ID

Port association ID to update

bgpvpn

BGP VPN the port association belongs to (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn router association create

Create a BGP VPN router association

openstack bgpvpn router association create
    [--project <project>]
    [--project-domain <project-domain>]
    [--advertise_extra_routes | --no-advertise_extra_routes]
    <bgpvpn>
    <router>
--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--advertise_extra_routes

Routes will be advertised to the BGP VPN (default)

--no-advertise_extra_routes

Routes from the router will not be advertised to the BGP VPN

bgpvpn

BGP VPN to apply the router association (name or ID)

router

Router to associate the BGP VPN (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn router association delete

Delete a BGP VPN router association(s) for a given BGP VPN

openstack bgpvpn router association delete
    <router
    association
    ID>
    [<router association ID> ...]
    <bgpvpn>
router association ID

Router association ID(s) to remove

bgpvpn

BGP VPN the router association belongs to (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn router association list

List BGP VPN router associations for a given BGP VPN

openstack bgpvpn router association list
    [--sort-column SORT_COLUMN]
    [--long]
    [--property <key=value>]
    <bgpvpn>
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

--property <key=value>

Filter property to apply on returned BGP VPNs (repeat to filter on multiple properties)

bgpvpn

BGP VPN listed associations belong to (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn router association set

Set BGP VPN router association properties

openstack bgpvpn router association set
    [--advertise_extra_routes | --no-advertise_extra_routes]
    <router
    association
    ID>
    <bgpvpn>
--advertise_extra_routes

Routes will be advertised to the BGP VPN

--no-advertise_extra_routes

Routes from the router will not be advertised to the BGP VPN

router association ID

Router association ID to update

bgpvpn

BGP VPN the router association belongs to (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn router association show

Show information of a given BGP VPN router association

openstack bgpvpn router association show
    <router
    association
    ID>
    <bgpvpn>
router association ID

Router association ID to look up

bgpvpn

BGP VPN the association belongs to (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn router association unset

Unset BGP VPN router association properties

openstack bgpvpn router association unset
    [--advertise_extra_routes | --no-advertise_extra_routes]
    <router
    association
    ID>
    <bgpvpn>
--advertise_extra_routes

Routes from the router will not be advertised to the BGP VPN

--no-advertise_extra_routes

Routes will be advertised to the BGP VPN

router association ID

Router association ID to update

bgpvpn

BGP VPN the router association belongs to (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn set

Set BGP VPN properties

openstack bgpvpn set
    [--name <name>]
    [--route-target <route-target>]
    [--no-route-target]
    [--import-target <import-target>]
    [--no-import-target]
    [--export-target <export-target>]
    [--no-export-target]
    [--route-distinguisher <route-distinguisher>]
    [--no-route-distinguisher]
    [--vni VNI]
    [--local-pref LOCAL_PREF]
    <bgpvpn>
--name <name>

Name of the BGP VPN

--route-target <route-target>

Add Route Target to import/export list (repeat option for multiple Route Targets)

--no-route-target

Empty route target list

--import-target <import-target>

Add Route Target to import list (repeat option for multiple Route Targets)

--no-import-target

Empty import route target list

--export-target <export-target>

Add Route Target to export list (repeat option for multiple Route Targets)

--no-export-target

Empty export route target list

--route-distinguisher <route-distinguisher>

Add Route Distinguisher to the list of Route Distinguishers from which a Route Distinguishers will be picked from to advertise a VPN route (repeat option for multiple Route Distinguishers)

--no-route-distinguisher

Empty route distinguisher list

--vni <VNI>

VXLAN Network Identifier to be used for this BGPVPN when a VXLAN encapsulation is used

--local-pref <LOCAL_PREF>

Default BGP LOCAL_PREF to use in route advertisementstowards this BGPVPN.

bgpvpn

BGP VPN to update (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn show

Show information of a given BGP VPN

openstack bgpvpn show <bgpvpn>
bgpvpn

BGP VPN to display (name or ID)

This command is provided by the python-neutronclient plugin.

bgpvpn unset

Unset BGP VPN properties

openstack bgpvpn unset
    [--route-target <route-target>]
    [--all-route-target]
    [--import-target <import-target>]
    [--all-import-target]
    [--export-target <export-target>]
    [--all-export-target]
    [--route-distinguisher <route-distinguisher>]
    [--all-route-distinguisher]
    [--vni VNI]
    [--local-pref LOCAL_PREF]
    <bgpvpn>
--route-target <route-target>

Remove Route Target from import/export list (repeat option for multiple Route Targets)

--all-route-target

Empty route target list

--import-target <import-target>

Remove Route Target from import list (repeat option for multiple Route Targets)

--all-import-target

Empty import route target list

--export-target <export-target>

Remove Route Target from export list (repeat option for multiple Route Targets)

--all-export-target

Empty export route target list

--route-distinguisher <route-distinguisher>

Remove Route Distinguisher from the list of Route Distinguishers from which a Route Distinguishers will be picked from to advertise a VPN route (repeat option for multiple Route Distinguishers)

--all-route-distinguisher

Empty route distinguisher list

--vni <VNI>

VXLAN Network Identifier to be used for this BGPVPN when a VXLAN encapsulation is used

--local-pref <LOCAL_PREF>

Default BGP LOCAL_PREF to use in route advertisementstowards this BGPVPN.

bgpvpn

BGP VPN to update (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group create

Create a new firewall group

openstack firewall group create
    [--name NAME]
    [--description <description>]
    [--ingress-firewall-policy <ingress-firewall-policy> | --no-ingress-firewall-policy]
    [--egress-firewall-policy <egress-firewall-policy> | --no-egress-firewall-policy]
    [--public | --private | --share | --no-share]
    [--enable | --disable]
    [--project <project>]
    [--project-domain <project-domain>]
    [--port <port> | --no-port]
--name <NAME>

Name for the firewall group

--description <description>

Description of the firewall group

--ingress-firewall-policy <ingress-firewall-policy>

Ingress firewall policy (name or ID)

--no-ingress-firewall-policy

Detach ingress firewall policy from the firewall group

--egress-firewall-policy <egress-firewall-policy>

Egress firewall policy (name or ID)

--no-egress-firewall-policy

Detach egress firewall policy from the firewall group

--public

Make the firewall group public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R release.

--private

Restrict use of the firewall group to the current project. This option is deprecated and would be removed in R release.

--share

Share the firewall group to be used in all projects (by default, it is restricted to be used by the current project).

--no-share

Restrict use of the firewall group to the current project

--enable

Enable firewall group

--disable

Disable firewall group

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--port <port>

Port(s) (name or ID) to apply firewall group. This option can be repeated

--no-port

Detach all port from the firewall group

This command is provided by the python-neutronclient plugin.

firewall group delete

Delete firewall group(s)

openstack firewall group delete <firewall-group> [<firewall-group> ...]
firewall-group

Firewall group(s) to delete (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group list

List firewall groups

openstack firewall group list [--sort-column SORT_COLUMN] [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

firewall group policy add rule

Insert a rule into a given firewall policy

openstack firewall group policy add rule
    [--insert-before <firewall-rule>]
    [--insert-after <firewall-rule>]
    <firewall-policy>
    <firewall-rule>
--insert-before <firewall-rule>

Insert the new rule before this existing rule (name or ID)

--insert-after <firewall-rule>

Insert the new rule after this existing rule (name or ID)

firewall-policy

Firewall policy to insert rule (name or ID)

firewall-rule

Firewall rule to be inserted (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group policy create

Create a new firewall policy

openstack firewall group policy create
    [--description DESCRIPTION]
    [--audited | --no-audited]
    [--share | --public | --private | --no-share]
    [--project <project>]
    [--project-domain <project-domain>]
    [--firewall-rule <firewall-rule> | --no-firewall-rule]
    <name>
--description <DESCRIPTION>

Description of the firewall policy

--audited

Enable auditing for the policy

--no-audited

Disable auditing for the policy

--share

Share the firewall policy to be used in all projects (by default, it is restricted to be used by the current project).

--public

Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project.) This option is deprecated and would be removed in R release.

--private

Restrict use of the firewall policy to the current project.This option is deprecated and would be removed in R release.

--no-share

Restrict use of the firewall policy to the current project

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--firewall-rule <firewall-rule>

Firewall rule(s) to apply (name or ID)

--no-firewall-rule

Unset all firewall rules from firewall policy

name

Name for the firewall policy

This command is provided by the python-neutronclient plugin.

firewall group policy delete

Delete firewall policy(s)

openstack firewall group policy delete
    <firewall-policy>
    [<firewall-policy> ...]
firewall-policy

Firewall policy(s) to delete (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group policy list

List firewall policies

openstack firewall group policy list
    [--sort-column SORT_COLUMN]
    [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

firewall group policy remove rule

Remove a rule from a given firewall policy

openstack firewall group policy remove rule
    <firewall-policy>
    <firewall-rule>
firewall-policy

Firewall policy to remove rule (name or ID)

firewall-rule

Firewall rule to remove from policy (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group policy set

Set firewall policy properties

openstack firewall group policy set
    [--description DESCRIPTION]
    [--audited | --no-audited]
    [--share | --public | --private | --no-share]
    [--name <name>]
    [--firewall-rule <firewall-rule>]
    [--no-firewall-rule]
    <firewall-policy>
--description <DESCRIPTION>

Description of the firewall policy

--audited

Enable auditing for the policy

--no-audited

Disable auditing for the policy

--share

Share the firewall policy to be used in all projects (by default, it is restricted to be used by the current project).

--public

Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project.) This option is deprecated and would be removed in R release.

--private

Restrict use of the firewall policy to the current project.This option is deprecated and would be removed in R release.

--no-share

Restrict use of the firewall policy to the current project

--name <name>

Name for the firewall policy

--firewall-rule <firewall-rule>

Firewall rule(s) to apply (name or ID)

--no-firewall-rule

Remove all firewall rules from firewall policy

firewall-policy

Firewall policy to update (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group policy show

Display firewall policy details

openstack firewall group policy show <firewall-policy>
firewall-policy

Firewall policy to show (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group policy unset

Unset firewall policy properties

openstack firewall group policy unset
    [--firewall-rule <firewall-rule> | --all-firewall-rule]
    [--audited]
    [--share]
    [--public]
    <firewall-policy>
--firewall-rule <firewall-rule>

Remove firewall rule(s) from the firewall policy (name or ID)

--all-firewall-rule

Remove all firewall rules from the firewall policy

--audited

Disable auditing for the policy

--share

Restrict use of the firewall policy to the current project

--public

Restrict use of the firewall policy to the current project. This option is deprecated and would be removed in R release.

firewall-policy

Firewall policy to unset (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group rule create

Create a new firewall rule

openstack firewall group rule create
    [--name <name>]
    [--description <description>]
    [--protocol {tcp,udp,icmp,any}]
    [--action {allow,deny,reject}]
    [--ip-version <ip-version>]
    [--source-ip-address <source-ip-address> | --no-source-ip-address]
    [--destination-ip-address <destination-ip-address> | --no-destination-ip-address]
    [--source-port <source-port> | --no-source-port]
    [--destination-port <destination-port> | --no-destination-port]
    [--public | --private | --share | --no-share]
    [--enable-rule | --disable-rule]
    [--source-firewall-group <source-firewall-group> | --no-source-firewall-group]
    [--destination-firewall-group <destination-firewall-group> | --no-destination-firewall-group]
    [--project <project>]
    [--project-domain <project-domain>]
--name <name>

Name of the firewall rule

--description <description>

Description of the firewall rule

--protocol <PROTOCOL>

Protocol for the firewall rule

--action <ACTION>

Action for the firewall rule

--ip-version <ip-version>

Set IP version 4 or 6 (default is 4)

--source-ip-address <source-ip-address>

Source IP address or subnet

--no-source-ip-address

Detach source IP address

--destination-ip-address <destination-ip-address>

Destination IP address or subnet

--no-destination-ip-address

Detach destination IP address

--source-port <source-port>

Source port number or range(integer in [1, 65535] or range like 123:456)

--no-source-port

Detach source port number or range

--destination-port <destination-port>

Destination port number or range(integer in [1, 65535] or range like 123:456)

--no-destination-port

Detach destination port number or range

--public

Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R Release

--private

Restrict use of the firewall rule to the current project.This option is deprecated and would be removed in R release.

--share

Share the firewall rule to be used in all projects (by default, it is restricted to be used by the current project).

--no-share

Restrict use of the firewall rule to the current project

--enable-rule

Enable this rule (default is enabled)

--disable-rule

Disable this rule

--source-firewall-group <source-firewall-group>

Source firewall group (name or ID)

--no-source-firewall-group

No associated destination firewall group

--destination-firewall-group <destination-firewall-group>

Destination firewall group (name or ID)

--no-destination-firewall-group

No associated destination firewall group

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

This command is provided by the python-neutronclient plugin.

firewall group rule delete

Delete firewall rule(s)

openstack firewall group rule delete
    <firewall-rule>
    [<firewall-rule> ...]
firewall-rule

Firewall rule(s) to delete (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group rule list

List firewall rules that belong to a given tenant

openstack firewall group rule list [--sort-column SORT_COLUMN] [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

firewall group rule set

Set firewall rule properties

openstack firewall group rule set
    [--name <name>]
    [--description <description>]
    [--protocol {tcp,udp,icmp,any}]
    [--action {allow,deny,reject}]
    [--ip-version <ip-version>]
    [--source-ip-address <source-ip-address> | --no-source-ip-address]
    [--destination-ip-address <destination-ip-address> | --no-destination-ip-address]
    [--source-port <source-port> | --no-source-port]
    [--destination-port <destination-port> | --no-destination-port]
    [--public | --private | --share | --no-share]
    [--enable-rule | --disable-rule]
    [--source-firewall-group <source-firewall-group> | --no-source-firewall-group]
    [--destination-firewall-group <destination-firewall-group> | --no-destination-firewall-group]
    <firewall-rule>
--name <name>

Name of the firewall rule

--description <description>

Description of the firewall rule

--protocol <PROTOCOL>

Protocol for the firewall rule

--action <ACTION>

Action for the firewall rule

--ip-version <ip-version>

Set IP version 4 or 6 (default is 4)

--source-ip-address <source-ip-address>

Source IP address or subnet

--no-source-ip-address

Detach source IP address

--destination-ip-address <destination-ip-address>

Destination IP address or subnet

--no-destination-ip-address

Detach destination IP address

--source-port <source-port>

Source port number or range(integer in [1, 65535] or range like 123:456)

--no-source-port

Detach source port number or range

--destination-port <destination-port>

Destination port number or range(integer in [1, 65535] or range like 123:456)

--no-destination-port

Detach destination port number or range

--public

Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R Release

--private

Restrict use of the firewall rule to the current project.This option is deprecated and would be removed in R release.

--share

Share the firewall rule to be used in all projects (by default, it is restricted to be used by the current project).

--no-share

Restrict use of the firewall rule to the current project

--enable-rule

Enable this rule (default is enabled)

--disable-rule

Disable this rule

--source-firewall-group <source-firewall-group>

Source firewall group (name or ID)

--no-source-firewall-group

No associated destination firewall group

--destination-firewall-group <destination-firewall-group>

Destination firewall group (name or ID)

--no-destination-firewall-group

No associated destination firewall group

firewall-rule

Firewall rule to set (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group rule show

Display firewall rule details

openstack firewall group rule show <firewall-rule>
firewall-rule

Firewall rule to display (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group rule unset

Unset firewall rule properties

openstack firewall group rule unset
    [--source-ip-address]
    [--destination-ip-address]
    [--source-port]
    [--destination-port]
    [--share]
    [--public]
    [--enable-rule]
    [--source-firewall-group]
    [--destination-firewall-group]
    <firewall-rule>
--source-ip-address

Source IP address or subnet

--destination-ip-address

Destination IP address or subnet

--source-port

Source port number or range(integer in [1, 65535] or range like 123:456)

--destination-port

Destination port number or range(integer in [1, 65535] or range like 123:456)

--share

Restrict use of the firewall rule to the current project

--public

Restrict use of the firewall rule to the current project. This option is deprecated and would be removed in R Release.

--enable-rule

Disable this rule

--source-firewall-group

Source firewall group (name or ID)

--destination-firewall-group

Destination firewall group (name or ID)

firewall-rule

Firewall rule to unset (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group set

Set firewall group properties

openstack firewall group set
    [--name NAME]
    [--description <description>]
    [--ingress-firewall-policy <ingress-firewall-policy> | --no-ingress-firewall-policy]
    [--egress-firewall-policy <egress-firewall-policy> | --no-egress-firewall-policy]
    [--public | --private | --share | --no-share]
    [--enable | --disable]
    [--port <port>]
    [--no-port]
    <firewall-group>
--name <NAME>

Name for the firewall group

--description <description>

Description of the firewall group

--ingress-firewall-policy <ingress-firewall-policy>

Ingress firewall policy (name or ID)

--no-ingress-firewall-policy

Detach ingress firewall policy from the firewall group

--egress-firewall-policy <egress-firewall-policy>

Egress firewall policy (name or ID)

--no-egress-firewall-policy

Detach egress firewall policy from the firewall group

--public

Make the firewall group public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R release.

--private

Restrict use of the firewall group to the current project. This option is deprecated and would be removed in R release.

--share

Share the firewall group to be used in all projects (by default, it is restricted to be used by the current project).

--no-share

Restrict use of the firewall group to the current project

--enable

Enable firewall group

--disable

Disable firewall group

--port <port>

Port(s) (name or ID) to apply firewall group. This option can be repeated

--no-port

Detach all port from the firewall group

firewall-group

Firewall group to update (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group show

Display firewall group details

openstack firewall group show <firewall-group>
firewall-group

Firewall group to show (name or ID)

This command is provided by the python-neutronclient plugin.

firewall group unset

Unset firewall group properties

openstack firewall group unset
    [--port <port> | --all-port]
    [--ingress-firewall-policy]
    [--egress-firewall-policy]
    [--public | --share]
    [--enable]
    <firewall-group>
--port <port>

Port(s) (name or ID) to apply firewall group. This option can be repeated

--all-port

Remove all ports for this firewall group

--ingress-firewall-policy

Ingress firewall policy (name or ID) to delete

--egress-firewall-policy

Egress firewall policy (name or ID) to delete

--public

Make the firewall group public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R release.

--share

Restrict use of the firewall group to the current project

--enable

Disable firewall group

firewall-group

Firewall group to unset (name or ID)

This command is provided by the python-neutronclient plugin.

network log create

Create a new network log

openstack network log create
    [--description <description>]
    [--enable | --disable]
    [--project <project>]
    [--project-domain <project-domain>]
    [--event {ALL,ACCEPT,DROP}]
    --resource-type <resource-type>
    [--resource <resource>]
    [--target <target>]
    <name>
--description <description>

Description of the network log

--enable

Enable this log (default is disabled)

--disable

Disable this log

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--event {ALL,ACCEPT,DROP}

An event to store with log

--resource-type <resource-type>

Network log type(s). You can see supported type(s) with following command: $ openstack network loggable resources list

--resource <resource>

Name or ID of resource (security group or firewall group) that used for logging. You can control for logging target combination with –target option.

--target <target>

Port (name or ID) for logging. You can control for logging target combination with –resource option.

name

Name for the network log

This command is provided by the python-neutronclient plugin.

network log delete

Delete network log(s)

openstack network log delete <network-log> [<network-log> ...]
network-log

Network log(s) to delete (name or ID)

This command is provided by the python-neutronclient plugin.

network log list

List network logs

openstack network log list [--sort-column SORT_COLUMN] [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

network log set

Set network log properties

openstack network log set
    [--description <description>]
    [--enable | --disable]
    [--name <name>]
    <network-log>
--description <description>

Description of the network log

--enable

Enable this log (default is disabled)

--disable

Disable this log

--name <name>

Name of the network log

network-log

Network log to set (name or ID)

This command is provided by the python-neutronclient plugin.

network log show

Display network log details

openstack network log show <network-log>
network-log

Network log to show (name or ID)

This command is provided by the python-neutronclient plugin.

network loggable resources list

List supported loggable resources

openstack network loggable resources list
    [--sort-column SORT_COLUMN]
    [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

network onboard subnets

Onboard network subnets into a subnet pool

openstack network onboard subnets <network> <subnetpool>
network

Onboard all subnets associated with this network

subnetpool

Target subnet pool for onboarding subnets

This command is provided by the python-neutronclient plugin.

network subport list

List all subports for a given network trunk

openstack network subport list
    [--sort-column SORT_COLUMN]
    --trunk <trunk>
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--trunk <trunk>

List subports belonging to this trunk (name or ID)

This command is provided by the python-neutronclient plugin.

network trunk create

Create a network trunk for a given project

openstack network trunk create
    [--description <description>]
    --parent-port <parent-port>
    [--subport <port=,segmentation-type=,segmentation-id=>]
    [--enable | --disable]
    [--project <project>]
    [--project-domain <project-domain>]
    <name>
--description <description>

A description of the trunk

--parent-port <parent-port>

Parent port belonging to this trunk (name or ID)

--subport <port=,segmentation-type=,segmentation-id=>

Subport to add. Subport is of form ‘port=<name or ID>,segmentation-type=,segmentation-ID=’ (–subport) option can be repeated

--enable

Enable trunk (default)

--disable

Disable trunk

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

name

Name of the trunk to create

This command is provided by the python-neutronclient plugin.

network trunk delete

Delete a given network trunk

openstack network trunk delete <trunk> [<trunk> ...]
trunk

Trunk(s) to delete (name or ID)

This command is provided by the python-neutronclient plugin.

network trunk list

List all network trunks

openstack network trunk list [--sort-column SORT_COLUMN] [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

network trunk set

Set network trunk properties

openstack network trunk set
    [--name <name>]
    [--description <description>]
    [--subport <port=,segmentation-type=,segmentation-id=>]
    [--enable | --disable]
    <trunk>
--name <name>

Set trunk name

--description <description>

A description of the trunk

--subport <port=,segmentation-type=,segmentation-id=>

Subport to add. Subport is of form ‘port=<name or ID>,segmentation-type=,segmentation-ID=’(–subport) option can be repeated

--enable

Enable trunk

--disable

Disable trunk

trunk

Trunk to modify (name or ID)

This command is provided by the python-neutronclient plugin.

network trunk show

Show information of a given network trunk

openstack network trunk show <trunk>
trunk

Trunk to display (name or ID)

This command is provided by the python-neutronclient plugin.

network trunk unset

Unset subports from a given network trunk

openstack network trunk unset --subport <subport> <trunk>
--subport <subport>

Subport to delete (name or ID of the port) (–subport) option can be repeated

trunk

Unset subports from this trunk (name or ID)

This command is provided by the python-neutronclient plugin.

sfc flow classifier create

Create a flow classifier

openstack sfc flow classifier create
    [--description <description>]
    [--protocol <protocol>]
    [--ethertype {IPv4,IPv6}]
    [--source-port <min-port>:<max-port>]
    [--destination-port <min-port>:<max-port>]
    [--source-ip-prefix <source-ip-prefix>]
    [--destination-ip-prefix <destination-ip-prefix>]
    [--logical-source-port <logical-source-port>]
    [--logical-destination-port <logical-destination-port>]
    [--l7-parameters L7_PARAMETERS]
    <name>
--description <description>

Description for the flow classifier

--protocol <protocol>

IP protocol name. Protocol name should be as per IANA standard.

--ethertype {IPv4,IPv6}

L2 ethertype, default is IPv4

--source-port <min-port>:<max-port>

Source protocol port (allowed range [1,65535]. Must be specified as a:b, where a=min-port and b=max-port) in the allowed range.

--destination-port <min-port>:<max-port>

Destination protocol port (allowed range [1,65535]. Must be specified as a:b, where a=min-port and b=max-port) in the allowed range.

--source-ip-prefix <source-ip-prefix>

Source IP address in CIDR notation

--destination-ip-prefix <destination-ip-prefix>

Destination IP address in CIDR notation

--logical-source-port <logical-source-port>

Neutron source port (name or ID)

--logical-destination-port <logical-destination-port>

Neutron destination port (name or ID)

--l7-parameters <L7_PARAMETERS>

Dictionary of L7 parameters. Currently, no value is supported for this option.

name

Name of the flow classifier

This command is provided by the python-neutronclient plugin.

sfc flow classifier delete

Delete a given flow classifier

openstack sfc flow classifier delete <flow-classifier>
flow-classifier

Flow classifier to delete (name or ID)

This command is provided by the python-neutronclient plugin.

sfc flow classifier list

List flow classifiers

openstack sfc flow classifier list [--sort-column SORT_COLUMN] [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

sfc flow classifier set

Set flow classifier properties

openstack sfc flow classifier set
    [--name <name>]
    [--description <description>]
    <flow-classifier>
--name <name>

Name of the flow classifier

--description <description>

Description for the flow classifier

flow-classifier

Flow classifier to modify (name or ID)

This command is provided by the python-neutronclient plugin.

sfc flow classifier show

Display flow classifier details

openstack sfc flow classifier show <flow-classifier>
flow-classifier

Flow classifier to display (name or ID)

This command is provided by the python-neutronclient plugin.

sfc port chain create

Create a port chain

openstack sfc port chain create
    [--description <description>]
    [--flow-classifier <flow-classifier>]
    [--chain-parameters correlation=<correlation-type>,symmetric=<boolean>]
    --port-pair-group <port-pair-group>
    <name>
--description <description>

Description for the port chain

--flow-classifier <flow-classifier>

Add flow classifier (name or ID). This option can be repeated.

--chain-parameters correlation=<correlation-type>,symmetric=<boolean>

Dictionary of chain parameters. Supports correlation=(mpls|nsh) (default is mpls) and symmetric=(true|false).

--port-pair-group <port-pair-group>

Add port pair group (name or ID). This option can be repeated.

name

Name of the port chain

This command is provided by the python-neutronclient plugin.

sfc port chain delete

Delete a given port chain

openstack sfc port chain delete <port-chain>
port-chain

Port chain to delete (name or ID)

This command is provided by the python-neutronclient plugin.

sfc port chain list

List port chains

openstack sfc port chain list [--sort-column SORT_COLUMN] [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

sfc port chain set

Set port chain properties

openstack sfc port chain set
    [--name <name>]
    [--description <description>]
    [--flow-classifier <flow-classifier>]
    [--no-flow-classifier]
    [--port-pair-group <port-pair-group>]
    [--no-port-pair-group]
    <port-chain>
--name <name>

Name of the port chain

--description <description>

Description for the port chain

--flow-classifier <flow-classifier>

Add flow classifier (name or ID). This option can be repeated.

--no-flow-classifier

Remove associated flow classifiers from the port chain

--port-pair-group <port-pair-group>

Add port pair group (name or ID). Current port pair groups order is kept, the added port pair group will be placed at the end of the port chain. This option can be repeated.

--no-port-pair-group

Remove associated port pair groups from the port chain. At least one –port-pair-group must be specified together.

port-chain

Port chain to modify (name or ID)

This command is provided by the python-neutronclient plugin.

sfc port chain show

Display port chain details

openstack sfc port chain show <port-chain>
port-chain

Port chain to display (name or ID)

This command is provided by the python-neutronclient plugin.

sfc port chain unset

Unset port chain properties

openstack sfc port chain unset
    [--flow-classifier <flow-classifier> | --all-flow-classifier]
    [--port-pair-group <port-pair-group>]
    <port-chain>
--flow-classifier <flow-classifier>

Remove flow classifier(s) from the port chain (name or ID). This option can be repeated.

--all-flow-classifier

Remove all flow classifiers from the port chain

--port-pair-group <port-pair-group>

Remove port pair group(s) from the port chain (name or ID). This option can be repeated.

port-chain

Port chain to unset (name or ID)

This command is provided by the python-neutronclient plugin.

sfc port pair create

Create a port pair

openstack sfc port pair create
    [--description <description>]
    [--service-function-parameters correlation=<correlation-type>,weight=<weight>]
    --ingress <ingress>
    --egress <egress>
    <name>
--description <description>

Description for the port pair

--service-function-parameters correlation=<correlation-type>,weight=<weight>

Dictionary of service function parameters. Currently, correlation=(None|mpls|nsh) and weight are supported. Weight is an integer that influences the selection of a port pair within a port pair group for a flow. The higher the weight, the more flows will hash to the port pair. The default weight is 1.

--ingress <ingress>

Ingress neutron port (name or ID)

--egress <egress>

Egress neutron port (name or ID)

name

Name of the port pair

This command is provided by the python-neutronclient plugin.

sfc port pair delete

Delete a given port pair

openstack sfc port pair delete <port-pair>
port-pair

Port pair to delete (name or ID)

This command is provided by the python-neutronclient plugin.

sfc port pair group create

Create a port pair group

openstack sfc port pair group create
    [--description <description>]
    [--port-pair <port-pair>]
    [--enable-tap | --disable-tap]
    [--port-pair-group-parameters lb-fields=<lb-fields>]
    <name>
--description <description>

Description for the port pair group

--port-pair <port-pair>

Port pair (name or ID). This option can be repeated.

--enable-tap

Port pairs of this port pair group are deployed as passive tap service function

--disable-tap

Port pairs of this port pair group are deployed as l3 service function (default)

--port-pair-group-parameters lb-fields=<lb-fields>

Dictionary of port pair group parameters. Currently only one parameter lb-fields is supported. <lb-fields> is a & separated list of load-balancing fields.

name

Name of the port pair group

This command is provided by the python-neutronclient plugin.

sfc port pair group delete

Delete a given port pair group

openstack sfc port pair group delete <port-pair-group>
port-pair-group

Port pair group to delete (name or ID)

This command is provided by the python-neutronclient plugin.

sfc port pair group list

List port pair group

openstack sfc port pair group list [--sort-column SORT_COLUMN] [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

sfc port pair group set

Set port pair group properties

openstack sfc port pair group set
    [--name <name>]
    [--description <description>]
    [--port-pair <port-pair>]
    [--no-port-pair]
    <port-pair-group>
--name <name>

Name of the port pair group

--description <description>

Description for the port pair group

--port-pair <port-pair>

Port pair (name or ID). This option can be repeated.

--no-port-pair

Remove all port pair from port pair group

port-pair-group

Port pair group to modify (name or ID)

This command is provided by the python-neutronclient plugin.

sfc port pair group show

Display port pair group details

openstack sfc port pair group show <port-pair-group>
port-pair-group

Port pair group to display (name or ID)

This command is provided by the python-neutronclient plugin.

sfc port pair group unset

Unset port pairs from port pair group

openstack sfc port pair group unset
    [--port-pair <port-pair> | --all-port-pair]
    <port-pair-group>
--port-pair <port-pair>

Remove port pair(s) from the port pair group (name or ID). This option can be repeated.

--all-port-pair

Remove all port pairs from the port pair group

port-pair-group

Port pair group to unset (name or ID)

This command is provided by the python-neutronclient plugin.

sfc port pair list

List port pairs

openstack sfc port pair list [--sort-column SORT_COLUMN] [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

sfc port pair set

Set port pair properties

openstack sfc port pair set
    [--name <name>]
    [--description <description>]
    <port-pair>
--name <name>

Name of the port pair

--description <description>

Description for the port pair

port-pair

Port pair to modify (name or ID)

This command is provided by the python-neutronclient plugin.

sfc port pair show

Display port pair details

openstack sfc port pair show <port-pair>
port-pair

Port pair to display (name or ID)

This command is provided by the python-neutronclient plugin.

sfc service graph create

Create a service graph.

openstack sfc service graph create
    [--description DESCRIPTION]
    --branching-point SRC_CHAIN
    :DST_CHAIN_1,DST_CHAIN_2,DST_CHAIN_N
    <name>
--description <DESCRIPTION>

Description for the service graph.

--branching-point SRC_CHAIN:DST_CHAIN_1,DST_CHAIN_2,DST_CHAIN_N

Service graph branching point: the key is the source Port Chain while the value is a list of destination Port Chains. This option can be repeated.

name

Name of the service graph.

This command is provided by the python-neutronclient plugin.

sfc service graph delete

Delete a given service graph.

openstack sfc service graph delete <service-graph>
service-graph

ID or name of the service graph to delete.

This command is provided by the python-neutronclient plugin.

sfc service graph list

List service graphs

openstack sfc service graph list [--sort-column SORT_COLUMN] [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

sfc service graph set

Set service graph properties

openstack sfc service graph set
    [--name <name>]
    [--description <description>]
    <service-graph>
--name <name>

Name of the service graph

--description <description>

Description for the service graph

service-graph

Service graph to modify (name or ID)

This command is provided by the python-neutronclient plugin.

sfc service graph show

Show information of a given service graph.

openstack sfc service graph show <service-graph>
service-graph

ID or name of the service graph to display.

This command is provided by the python-neutronclient plugin.

vpn endpoint group create

Create an endpoint group

openstack vpn endpoint group create
    [--description <description>]
    --type TYPE
    --value ENDPOINTS
    [--project <project>]
    [--project-domain <project-domain>]
    <name>
--description <description>

Description for the endpoint group

--type <TYPE>

Type of endpoints in group (e.g. subnet, cidr)

--value <ENDPOINTS>

Endpoint(s) for the group. Must all be of the same type. (–value) option can be repeated

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

name

Name for the endpoint group

This command is provided by the python-neutronclient plugin.

vpn endpoint group delete

Delete endpoint group(s)

openstack vpn endpoint group delete
    <endpoint-group>
    [<endpoint-group> ...]
endpoint-group

Endpoint group(s) to delete (name or ID)

This command is provided by the python-neutronclient plugin.

vpn endpoint group list

List endpoint groups that belong to a given project

openstack vpn endpoint group list [--sort-column SORT_COLUMN] [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

vpn endpoint group set

Set endpoint group properties

openstack vpn endpoint group set
    [--description <description>]
    [--name <name>]
    <endpoint-group>
--description <description>

Description for the endpoint group

--name <name>

Set a name for the endpoint group

endpoint-group

Endpoint group to set (name or ID)

This command is provided by the python-neutronclient plugin.

vpn endpoint group show

Display endpoint group details

openstack vpn endpoint group show <endpoint-group>
endpoint-group

Endpoint group to display (name or ID)

This command is provided by the python-neutronclient plugin.

vpn ike policy create

Create an IKE policy

openstack vpn ike policy create
    [--description <description>]
    [--auth-algorithm {sha1,sha256,sha384,sha512}]
    [--encryption-algorithm {aes-128,3des,aes-192,aes-256}]
    [--phase1-negotiation-mode {main}]
    [--ike-version {v1,v2}]
    [--pfs {group5,group2,group14}]
    [--lifetime units=UNITS,value=VALUE]
    [--project <project>]
    [--project-domain <project-domain>]
    <name>
--description <description>

Description of the IKE policy

--auth-algorithm <AUTH_ALGORITHM>

Authentication algorithm

--encryption-algorithm <ENCRYPTION_ALGORITHM>

Encryption algorithm

--phase1-negotiation-mode <PHASE1_NEGOTIATION_MODE>

IKE Phase1 negotiation mode

--ike-version <IKE_VERSION>

IKE version for the policy

--pfs <PFS>

Perfect Forward Secrecy

--lifetime units=UNITS,value=VALUE

IKE lifetime attributes. ‘units’-seconds, default:seconds. ‘value’-non negative integer, default:3600.

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

name

Name of the IKE policy

This command is provided by the python-neutronclient plugin.

vpn ike policy delete

Delete IKE policy (policies)

openstack vpn ike policy delete <ike-policy> [<ike-policy> ...]
ike-policy

IKE policy to delete (name or ID)

This command is provided by the python-neutronclient plugin.

vpn ike policy list

List IKE policies that belong to a given project

openstack vpn ike policy list [--sort-column SORT_COLUMN] [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

vpn ike policy set

Set IKE policy properties

openstack vpn ike policy set
    [--description <description>]
    [--auth-algorithm {sha1,sha256,sha384,sha512}]
    [--encryption-algorithm {aes-128,3des,aes-192,aes-256}]
    [--phase1-negotiation-mode {main}]
    [--ike-version {v1,v2}]
    [--pfs {group5,group2,group14}]
    [--lifetime units=UNITS,value=VALUE]
    [--name <name>]
    <ike-policy>
--description <description>

Description of the IKE policy

--auth-algorithm <AUTH_ALGORITHM>

Authentication algorithm

--encryption-algorithm <ENCRYPTION_ALGORITHM>

Encryption algorithm

--phase1-negotiation-mode <PHASE1_NEGOTIATION_MODE>

IKE Phase1 negotiation mode

--ike-version <IKE_VERSION>

IKE version for the policy

--pfs <PFS>

Perfect Forward Secrecy

--lifetime units=UNITS,value=VALUE

IKE lifetime attributes. ‘units’-seconds, default:seconds. ‘value’-non negative integer, default:3600.

--name <name>

Name of the IKE policy

ike-policy

IKE policy to set (name or ID)

This command is provided by the python-neutronclient plugin.

vpn ike policy show

Display IKE policy details

openstack vpn ike policy show <ike-policy>
ike-policy

IKE policy to display (name or ID)

This command is provided by the python-neutronclient plugin.

vpn ipsec policy create

Create an IPsec policy

openstack vpn ipsec policy create
    [--description <description>]
    [--auth-algorithm {sha1,sha256,sha384,sha512}]
    [--encapsulation-mode {tunnel,transport}]
    [--encryption-algorithm {3des,aes-128,aes-192,aes-256}]
    [--lifetime units=UNITS,value=VALUE]
    [--pfs {group2,group5,group14}]
    [--transform-protocol {esp,ah,ah-esp}]
    [--project <project>]
    [--project-domain <project-domain>]
    <name>
--description <description>

Description of the IPsec policy

--auth-algorithm <AUTH_ALGORITHM>

Authentication algorithm for IPsec policy

--encapsulation-mode <ENCAPSULATION_MODE>

Encapsulation mode for IPsec policy

--encryption-algorithm <ENCRYPTION_ALGORITHM>

Encryption algorithm for IPsec policy

--lifetime units=UNITS,value=VALUE

IPsec lifetime attributes. ‘units’-seconds, default:seconds. ‘value’-non negative integer, default:3600.

--pfs <PFS>

Perfect Forward Secrecy for IPsec policy

--transform-protocol <TRANSFORM_PROTOCOL>

Transform protocol for IPsec policy

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

name

Name of the IPsec policy

This command is provided by the python-neutronclient plugin.

vpn ipsec policy delete

Delete IPsec policy(policies)

openstack vpn ipsec policy delete <ipsec-policy> [<ipsec-policy> ...]
ipsec-policy

ipsec policy to delete (name or ID)

This command is provided by the python-neutronclient plugin.

vpn ipsec policy list

List IPsec policies that belong to a given project

openstack vpn ipsec policy list [--sort-column SORT_COLUMN] [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

vpn ipsec policy set

Set IPsec policy properties

openstack vpn ipsec policy set
    [--description <description>]
    [--auth-algorithm {sha1,sha256,sha384,sha512}]
    [--encapsulation-mode {tunnel,transport}]
    [--encryption-algorithm {3des,aes-128,aes-192,aes-256}]
    [--lifetime units=UNITS,value=VALUE]
    [--pfs {group2,group5,group14}]
    [--transform-protocol {esp,ah,ah-esp}]
    [--name <name>]
    <ipsec-policy>
--description <description>

Description of the IPsec policy

--auth-algorithm <AUTH_ALGORITHM>

Authentication algorithm for IPsec policy

--encapsulation-mode <ENCAPSULATION_MODE>

Encapsulation mode for IPsec policy

--encryption-algorithm <ENCRYPTION_ALGORITHM>

Encryption algorithm for IPsec policy

--lifetime units=UNITS,value=VALUE

IPsec lifetime attributes. ‘units’-seconds, default:seconds. ‘value’-non negative integer, default:3600.

--pfs <PFS>

Perfect Forward Secrecy for IPsec policy

--transform-protocol <TRANSFORM_PROTOCOL>

Transform protocol for IPsec policy

--name <name>

Name of the IPsec policy

ipsec-policy

IPsec policy to set (name or ID)

This command is provided by the python-neutronclient plugin.

vpn ipsec policy show

Display IPsec policy details

openstack vpn ipsec policy show <ipsec-policy>
ipsec-policy

IPsec policy to display (name or ID)

This command is provided by the python-neutronclient plugin.

vpn ipsec site connection create

Create an IPsec site connection

openstack vpn ipsec site connection create
    [--description <description>]
    [--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
    [--mtu MTU]
    [--initiator {bi-directional,response-only}]
    [--peer-cidr PEER_CIDRS | --local-endpoint-group LOCAL_ENDPOINT_GROUP]
    [--peer-endpoint-group PEER_ENDPOINT_GROUP]
    [--enable | --disable]
    [--local-id LOCAL_ID]
    --peer-id PEER_ID
    --peer-address PEER_ADDRESS
    --psk PSK
    --vpnservice VPNSERVICE
    --ikepolicy IKEPOLICY
    --ipsecpolicy IPSECPOLICY
    [--project <project>]
    [--project-domain <project-domain>]
    <name>
--description <description>

Description for the connection

--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT

Ipsec connection Dead Peer Detection attributes. ‘action’-hold,clear,disabled,restart,restart-by-peer. ‘interval’ and ‘timeout’ are non negative integers. ‘interval’ should be less than ‘timeout’ value. ‘action’, default:hold ‘interval’, default:30, ‘timeout’, default:120.

--mtu <MTU>

MTU size for the connection

--initiator <INITIATOR>

Initiator state

--peer-cidr <PEER_CIDRS>

Remote subnet(s) in CIDR format. Cannot be specified when using endpoint groups. Only applicable, if subnet provided for VPN service.

--local-endpoint-group <LOCAL_ENDPOINT_GROUP>

Local endpoint group (name or ID) with subnet(s) for IPsec connection

--peer-endpoint-group <PEER_ENDPOINT_GROUP>

Peer endpoint group (name or ID) with CIDR(s) for IPSec connection

--enable

Enable IPSec site connection

--disable

Disable IPSec site connection

--local-id <LOCAL_ID>

An ID to be used instead of the external IP address for a virtual router

--peer-id <PEER_ID>

Peer router identity for authentication. Can be IPv4/IPv6 address, e-mail address, key id, or FQDN

--peer-address <PEER_ADDRESS>

Peer gateway public IPv4/IPv6 address or FQDN

--psk <PSK>

Pre-shared key string.

--vpnservice VPNSERVICE

VPN service instance associated with this connection (name or ID)

--ikepolicy IKEPOLICY

IKE policy associated with this connection (name or ID)

--ipsecpolicy IPSECPOLICY

IPsec policy associated with this connection (name or ID)

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

name

Set friendly name for the connection

This command is provided by the python-neutronclient plugin.

vpn ipsec site connection delete

Delete IPsec site connection(s)

openstack vpn ipsec site connection delete
    <ipsec-site-connection>
    [<ipsec-site-connection> ...]
ipsec-site-connection

IPsec site connection to delete (name or ID)

This command is provided by the python-neutronclient plugin.

vpn ipsec site connection list

List IPsec site connections that belong to a given project

openstack vpn ipsec site connection list
    [--sort-column SORT_COLUMN]
    [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

vpn ipsec site connection set

Set IPsec site connection properties

openstack vpn ipsec site connection set
    [--description <description>]
    [--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT]
    [--mtu MTU]
    [--initiator {bi-directional,response-only}]
    [--peer-cidr PEER_CIDRS | --local-endpoint-group LOCAL_ENDPOINT_GROUP]
    [--peer-endpoint-group PEER_ENDPOINT_GROUP]
    [--enable | --disable]
    [--local-id LOCAL_ID]
    [--peer-id PEER_ID]
    [--peer-address PEER_ADDRESS]
    [--name <name>]
    <ipsec-site-connection>
--description <description>

Description for the connection

--dpd action=ACTION,interval=INTERVAL,timeout=TIMEOUT

Ipsec connection Dead Peer Detection attributes. ‘action’-hold,clear,disabled,restart,restart-by-peer. ‘interval’ and ‘timeout’ are non negative integers. ‘interval’ should be less than ‘timeout’ value. ‘action’, default:hold ‘interval’, default:30, ‘timeout’, default:120.

--mtu <MTU>

MTU size for the connection

--initiator <INITIATOR>

Initiator state

--peer-cidr <PEER_CIDRS>

Remote subnet(s) in CIDR format. Cannot be specified when using endpoint groups. Only applicable, if subnet provided for VPN service.

--local-endpoint-group <LOCAL_ENDPOINT_GROUP>

Local endpoint group (name or ID) with subnet(s) for IPsec connection

--peer-endpoint-group <PEER_ENDPOINT_GROUP>

Peer endpoint group (name or ID) with CIDR(s) for IPSec connection

--enable

Enable IPSec site connection

--disable

Disable IPSec site connection

--local-id <LOCAL_ID>

An ID to be used instead of the external IP address for a virtual router

--peer-id <PEER_ID>

Peer router identity for authentication. Can be IPv4/IPv6 address, e-mail address, key id, or FQDN

--peer-address <PEER_ADDRESS>

Peer gateway public IPv4/IPv6 address or FQDN

--name <name>

Set friendly name for the connection

ipsec-site-connection

IPsec site connection to set (name or ID)

This command is provided by the python-neutronclient plugin.

vpn ipsec site connection show

Show information of a given IPsec site connection

openstack vpn ipsec site connection show <ipsec-site-connection>
ipsec-site-connection

IPsec site connection to display (name or ID)

This command is provided by the python-neutronclient plugin.

vpn service create

Create an VPN service

openstack vpn service create
    [--description <description>]
    [--subnet <subnet>]
    [--flavor <flavor>]
    [--enable | --disable]
    --router ROUTER
    [--project <project>]
    [--project-domain <project-domain>]
    <name>
--description <description>

Description for the VPN service

--subnet <subnet>

Local private subnet (name or ID)

--flavor <flavor>

Flavor for the VPN service (name or ID)

--enable

Enable VPN service

--disable

Disable VPN service

--router ROUTER

Router for the VPN service (name or ID)

--project <project>

Owner’s project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

name

Name for the VPN service

This command is provided by the python-neutronclient plugin.

vpn service delete

Delete VPN service(s)

openstack vpn service delete <vpn-service> [<vpn-service> ...]
vpn-service

VPN service to delete (name or ID)

This command is provided by the python-neutronclient plugin.

vpn service list

List VPN services that belong to a given project

openstack vpn service list [--sort-column SORT_COLUMN] [--long]
--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--long

List additional fields in output

This command is provided by the python-neutronclient plugin.

vpn service set

Set VPN service properties

openstack vpn service set
    [--description <description>]
    [--subnet <subnet>]
    [--flavor <flavor>]
    [--enable | --disable]
    [--name <name>]
    <vpn-service>
--description <description>

Description for the VPN service

--subnet <subnet>

Local private subnet (name or ID)

--flavor <flavor>

Flavor for the VPN service (name or ID)

--enable

Enable VPN service

--disable

Disable VPN service

--name <name>

Name for the VPN service

vpn-service

VPN service to modify (name or ID)

This command is provided by the python-neutronclient plugin.

vpn service show

Display VPN service details

openstack vpn service show <vpn-service>
vpn-service

VPN service to display (name or ID)

This command is provided by the python-neutronclient plugin.