static-intl.huaweicloud.comstatic-intl.huaweicloud.com/upload/files/pdf/20171115/20171115170… ·...

Virtual Private Cloud

API Reference

Issue 01

Date 2017-12-31

Contents

1 API Calling..................................................................................................................................... 11.1 Service Usage................................................................................................................................................................. 11.2 Request Methods............................................................................................................................................................ 11.3 Request Authentication Methods....................................................................................................................................21.4 Token Authentication......................................................................................................................................................21.5 AK/SK Authentication................................................................................................................................................... 31.5.1 AK and SK Generation................................................................................................................................................31.5.2 Request Signing Procedure..........................................................................................................................................41.5.3 Sample Code................................................................................................................................................................41.6 Obtaining a Project ID..................................................................................................................................................12

2 Common Message Headers....................................................................................................... 132.1 Common Request Headers........................................................................................................................................... 132.2 Common Response Headers.........................................................................................................................................15

3 Virtual Private Cloud..................................................................................................................163.1 Creating a VPC.............................................................................................................................................................163.2 Querying VPC Details.................................................................................................................................................. 193.3 Querying VPCs.............................................................................................................................................................213.4 Updating VPC Information.......................................................................................................................................... 243.5 Deleting a VPC.............................................................................................................................................................27

4 Subnet............................................................................................................................................ 294.1 Creating a Subnet..........................................................................................................................................................294.2 Querying Subnet Details...............................................................................................................................................334.3 Querying Subnets......................................................................................................................................................... 364.4 Updating Subnet Information....................................................................................................................................... 394.5 Deleting a Subnet..........................................................................................................................................................42

5 Elastic IP Address........................................................................................................................ 455.1 Applying for an Elastic IP Address.............................................................................................................................. 455.2 Querying an Elastic IP Address....................................................................................................................................495.3 Querying Elastic IP Addresses..................................................................................................................................... 535.4 Binding or Unbinding an Elastic IP Address................................................................................................................565.5 Deleting an Elastic IP Address..................................................................................................................................... 59

Virtual Private CloudAPI Reference Contents

Issue 01 (2017-12-31) ii

6 Bandwidth.....................................................................................................................................626.1 Querying a Bandwidth..................................................................................................................................................626.2 Querying Bandwidths................................................................................................................................................... 656.3 Updating Bandwidth Information.................................................................................................................................69

7 Quota..............................................................................................................................................737.1 Querying Quotas...........................................................................................................................................................73

8 Private IP Address....................................................................................................................... 788.1 Applying for a Private IP Address................................................................................................................................788.2 Querying Private IP Address Details............................................................................................................................818.3 Querying Private IP Addresses.....................................................................................................................................848.4 Deleting a Private IP Address.......................................................................................................................................87

9 Security Group............................................................................................................................. 899.1 Creating a Security Group............................................................................................................................................ 899.2 Querying Security Group Details................................................................................................................................. 939.3 Querying Security Groups............................................................................................................................................ 979.4 Deleting a Security Group.......................................................................................................................................... 1029.5 Creating a Security Group Rule..................................................................................................................................1049.6 Querying Security Group Rule Details.......................................................................................................................1089.7 Querying Security Group Rules..................................................................................................................................1129.8 Deleting a Security Group Rule..................................................................................................................................116

10 Port..............................................................................................................................................11810.1 Creating a Port.......................................................................................................................................................... 11810.2 Querying a Port.........................................................................................................................................................12610.3 Querying Ports..........................................................................................................................................................13110.4 Updating a Port.........................................................................................................................................................13710.5 Deleting a Port.......................................................................................................................................................... 144

11 VPC Peering Connection........................................................................................................14611.1 Overview...................................................................................................................................................................14611.2 Querying VPC Peering Connections........................................................................................................................ 14711.3 Querying a VPC Peering Connection....................................................................................................................... 14911.4 Creating a VPC Peering Connection........................................................................................................................ 15211.5 Accepting a VPC Peering Connection......................................................................................................................15411.6 Refusing a VPC Peering Connection........................................................................................................................15611.7 Updating a VPC Peering Connection....................................................................................................................... 15911.8 Deleting a VPC Peering Connection........................................................................................................................ 161

12 VPC Route.................................................................................................................................16412.1 Overview.................................................................................................................................................................. 16412.2 Querying VPC Routes.............................................................................................................................................. 16512.3 Querying a VPC Route............................................................................................................................................. 16712.4 Creating a VPC Route.............................................................................................................................................. 169


Issue 01 (2017-12-31) iii

12.5 Deleting a VPC Route.............................................................................................................................................. 171

13 Port (Native OpenStack API)................................................................................................ 17313.1 Overview.................................................................................................................................................................. 17313.2 Querying Ports..........................................................................................................................................................18213.3 Querying a Port.........................................................................................................................................................18913.4 Creating a Port.......................................................................................................................................................... 19113.5 Updating a Port.........................................................................................................................................................19413.6 Deleting a Port.......................................................................................................................................................... 197

14 Network (Native OpenStack API)........................................................................................19914.1 Overview.................................................................................................................................................................. 19914.2 Querying Networks...................................................................................................................................................20214.3 Querying Network Details........................................................................................................................................20514.4 Creating a Network...................................................................................................................................................20714.5 Updating a Network..................................................................................................................................................21014.6 Deleting a Network...................................................................................................................................................212

15 Subnet (Native OpenStack API)...........................................................................................21415.1 Overview.................................................................................................................................................................. 21415.2 Querying Subnets..................................................................................................................................................... 21815.3 Querying a Subnet.................................................................................................................................................... 22115.4 Creating a Subnet......................................................................................................................................................22315.5 Updating a Subnet.................................................................................................................................................... 22515.6 Deleting a Subnet......................................................................................................................................................228

16 Router (Native OpenStack API)........................................................................................... 23016.1 Overview.................................................................................................................................................................. 23016.2 Querying Routers......................................................................................................................................................23216.3 Querying a Router.................................................................................................................................................... 23516.4 Creating a Router......................................................................................................................................................23716.5 Updating a Router.....................................................................................................................................................23916.6 Deleting a Router......................................................................................................................................................24116.7 Adding an Interface to a Router............................................................................................................................... 24316.8 Removing an Interface from a Router...................................................................................................................... 245

17 Floating IP Address (Native OpenStack API)....................................................................24817.1 Overview.................................................................................................................................................................. 24817.2 Querying Floating IP Addresses...............................................................................................................................24917.3 Querying a Floating IP Address............................................................................................................................... 25117.4 Creating a Floating IP Address.................................................................................................................................25317.5 Updating a Floating IP Address................................................................................................................................25517.6 Deleting a Floating IP Address.................................................................................................................................258

18 Network ACL (Native OpenStack API).............................................................................. 26018.1 Overview.................................................................................................................................................................. 260


Issue 01 (2017-12-31) iv

18.2 Querying Network ACL Rules................................................................................................................................. 26418.3 Querying a Network ACL Rule................................................................................................................................26718.4 Creating a Network ACL Rule................................................................................................................................. 26918.5 Updating a Network ACL Rule................................................................................................................................ 27118.6 Deleting a Network ACL Rule................................................................................................................................. 27418.7 Querying Network ACL Policies............................................................................................................................. 27518.8 Querying a Network ACL Policy............................................................................................................................. 27818.9 Creating a Network ACL Policy.............................................................................................................................. 28018.10 Updating a Network ACL Policy........................................................................................................................... 28218.11 Deleting a Network ACL Policy.............................................................................................................................28518.12 Inserting a Network ACL Rule...............................................................................................................................28618.13 Removing a Network ACL Rule from a Network ACL Policy............................................................................. 28918.14 Querying Network ACL Groups............................................................................................................................ 29218.15 Querying a Network ACL Group........................................................................................................................... 29418.16 Creating a Network ACL Group............................................................................................................................ 29618.17 Updating a Network ACL Group........................................................................................................................... 29918.18 Deleting a Network ACL Group............................................................................................................................ 301

19 Security Group (Native OpenStack API)............................................................................30419.1 Overview.................................................................................................................................................................. 30419.2 Querying Security Groups........................................................................................................................................ 30719.3 Querying a Security Group.......................................................................................................................................31019.4 Creating a Security Group........................................................................................................................................ 31219.5 Updating a Security Group....................................................................................................................................... 31519.6 Deleting a Security Group........................................................................................................................................ 31819.7 Querying Security Group Rules............................................................................................................................... 31919.8 Querying a Security Group Rule.............................................................................................................................. 32219.9 Creating a Security Group Rule................................................................................................................................32419.10 Deleting a Security Group Rule..............................................................................................................................327

A Appendix....................................................................................................................................329A.1 Error Codes................................................................................................................................................................329A.2 ICMP-Port Range Relationship Table....................................................................................................................... 340A.3 VPC Monitoring Metrics........................................................................................................................................... 341A.4 Pagination.................................................................................................................................................................. 342

B Change History..........................................................................................................................344


Issue 01 (2017-12-31) v

1 API Calling

API requests sent by third-party applications to the public cloud service must be authenticatedusing signatures.

This chapter describes the overall method of using signatures and provides sample codes todetail how to use the default signer to sign requests and how to use an HTTP client to sendrequests.

1.1 Service UsagePublic cloud services provide RESTful APIs.

Representational State Transfer (REST) allocates Uniform Resource Identifiers (URIs) todispersed resources so that resources can be located. Applications on clients use UniformResource Locators (URLs) to obtain resources.

The URL is in the following format: https://Endpoint/uri

Table 1-1 describes the parameters in a URL.

Table 1-1 Parameter description

Parameter Description

Endpoint Specifies the URL that is the entry point for a web service. Obtainthe value from Regions and Endpoints.

URI Specifies the API access path for performing a specified operation.Obtain the value from the URI of the API, for example, v3/auth/tokens.

1.2 Request MethodsThe HTTP protocol defines request methods, such as GET, PUT, POST, DELETE, andPATCH, to indicate the desired action to be performed on the identified resource. Thefollowing table describes the HTTP methods supported by the RESTful APIs.

Virtual Private CloudAPI Reference 1 API Calling

Issue 01 (2017-12-31) 1

http://developer-intl.huaweicloud.com/endpoint.html

Table 1-2 HTTPS methods

Method Description

GET The GET method requests a representation of the specified resource.

PUT The PUT method requests that the enclosed entity be stored under thesupplied URI.

POST The POST method requests that the server accept the entity enclosed in therequest as a new subordinate of the web resource identified by the URI.

DELETE The DELETE method deletes the specified resource, for example, anobject.

PATCH The PATCH method applies partial modifications to a resource.If the resource does not exist, the PATCH method creates a resource.

1.3 Request Authentication MethodsYou can use either of the following two authentication methods to call APIs:

l Token authentication: Requests are authenticated using Tokens.l AK/SK authentication: Requests are encrypted using the access key (AK) and secret key

(SK) to provide higher security.

1.4 Token Authentication

ScenariosIf you use a token for authentication, you must obtain the user's token and add X-Auth-Tokento the request message header of the service API when making an API call.

This section describes how to make an API call for token authentication.

Make an API Call1. Send POST https://Endpoint of IAM/v3/auth/tokens to obtain the endpoint of IAM and

the region name in the message body.See Regions and Endpoints.An example request message is as follows:

NOTE

Replace the items in italic in the following example with actual ones. For details, see the Identityand Access Management API Reference.

{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": {


Issue 01 (2017-12-31) 2


"name": "username", "password": "password", "domain": { "name": "domainname" } } } }, "scope": { "project": { "id": "0215ef11e49d4743be23dd97a1561e91" //This ID is used as an example. } } }}

2. Obtain the token. For details, see section "Obtaining the User Token" in the Identity andAccess Management API Reference.

3. Make a call to a service API, add X-Auth-Token to the message header, and set thevalue of X-Auth-Token to the token obtained in step 2.

1.5 AK/SK AuthenticationWhen you use an API gateway to send requests to underlying services, the requests are signedusing the AK and SK.

NOTE

AK: indicates the ID of the access key. AK is used together with SK to obtain an encrypted signature fora request.

SK: indicates the secret access key together used with the access key ID to sign requests. AK and SKcan be used together to identify a request sender to prevent the request from being modified.

1.5.1 AK and SK Generation1. Log in to the management console.2. Click the username and select Basic Information from the drop-down list.3. On the displayed page, click Manage my credentials.

4. Click Access Credentials.5. Click Add Access Key to switch to the Add Access Key page.6. Enter the password used for the current login.7. Enter the authentication code received in the email or mobile phone.

NOTE

For users created in Identity and Access Management (IAM), if no email address or mobile phoneis filled during the user creation, you only need to authenticate the login password.

8. Click OK to download the access key.

NOTE

To prevent the access key from being leaked, keep it secure.


Issue 01 (2017-12-31) 3

1.5.2 Request Signing Procedure

Preparations1. Download the API Gateway signature tool.

Download path: http://esdk.huawei.com/ilink/esdk/download/HW_4567062. Extract the package.3. Create a Java project, and reference the extracted JAR to the dependency path.

Sign a Request1. Create a request com.cloud.sdk.DefaultRequest (JAVA) used for signing.2. Set the target API URL, HTTPS method, and content of request

com.cloud.sdk.DefaultRequest (JAVA).3. Sign request com.cloud.sdk.DefaultRequest (JAVA).

a. Call SignerFactory.getSigner(String serviceName, String regionName) to obtaina signing tool.

b. Call Signer.sign(Request<?> request, Credentials credentials) to sign the requestcreated in step 1.The following code shows the details://Select an algorithm for request signing.Signer signer = SignerFactory.getSigner(serviceName, region);//Sign the request. The request will change after the signing.signer.sign(request, new BasicCredentials(this.ak, this.sk));

4. Convert the request signed in the previous step to a new request that can be used to makean API call and copy the header of the signed request to the new request.For example, if Apache HttpClient is used, convert DefaultRequest to HttpRequestBaseand copy the header of the signed DefaultRequest to HttpRequestBase.For details, see descriptions of AccessServiceImpl.java in section 1.5.3 Sample Code.

1.5.3 Sample CodeThe following three types of code show how to sign a request and how to use an HTTP clientto send an HTTPS request:

AccessService: indicates the abstract class that converts the GET, POST, PUT, and DELETEmethods in to the access method.

Demo: indicates the execution entry used to simulate GET, POST, PUT, and DELETE requestsending.

AccessServiceImpl: indicates the implementation of the access method. Code required forAPI gateway communication is in the access method.

For details about region and serviceName in the following code, see Regions andEndpoints.

AccessService.java:

package com.cloud.apigateway.sdk.demo;

import java.io.InputStream;import java.net.URL;


Issue 01 (2017-12-31) 4

http://esdk.huawei.com/ilink/esdk/download/HW_456706



import java.util.Map;

import org.apache.http.HttpResponse;

import com.cloud.sdk.http.HttpMethodName;

public abstract class AccessService { protected String serviceName = null; protected String region = null; protected String ak = null; protected String sk = null; public AccessService(String serviceName, String region, String ak, String sk) { this.region = region; this.serviceName = serviceName; this.ak = ak; this.sk = sk; } public abstract HttpResponse access(URL url, Map<String, String> header, InputStream content, Long contentLength, HttpMethodName httpMethod) throws Exception; public HttpResponse access(URL url, Map<String, String> header, HttpMethodName httpMethod) throws Exception { return this.access(url, header, null, 0l, httpMethod); } public HttpResponse access(URL url, InputStream content, Long contentLength, HttpMethodName httpMethod) throws Exception { return this.access(url, null, content, contentLength, httpMethod); } public HttpResponse access(URL url, HttpMethodName httpMethod) throws Exception { return this.access(url, null, null, 0l, httpMethod); } public abstract void close(); public String getServiceName() { return serviceName; } public void setServiceName(String serviceName) { this.serviceName = serviceName; } public String getRegion() { return region; } public void setRegion(String region) { this.region = region; } public String getAk() { return ak; } public void setAk(String ak) { this.ak = ak; }


Issue 01 (2017-12-31) 5

public String getSk() { return sk; } public void setSk(String sk) { this.sk = sk; } }

AccessServiceImpl.java:


import java.io.IOException;import java.io.InputStream;import java.net.URISyntaxException;import java.net.URL;import java.util.HashMap;import java.util.Map;

import javax.net.ssl.SSLContext;

import org.apache.http.Header;import org.apache.http.HttpHeaders;import org.apache.http.HttpResponse;import org.apache.http.client.methods.HttpDelete;import org.apache.http.client.methods.HttpGet;import org.apache.http.client.methods.HttpHead;import org.apache.http.client.methods.HttpPatch;import org.apache.http.client.methods.HttpPost;import org.apache.http.client.methods.HttpPut;import org.apache.http.client.methods.HttpRequestBase;import org.apache.http.conn.ssl.AllowAllHostnameVerifier;import org.apache.http.conn.ssl.SSLConnectionSocketFactory;import org.apache.http.conn.ssl.SSLContexts;import org.apache.http.conn.ssl.TrustSelfSignedStrategy;import org.apache.http.entity.InputStreamEntity;import org.apache.http.impl.client.CloseableHttpClient;import org.apache.http.impl.client.HttpClients;

import com.cloud.sdk.DefaultRequest;import com.cloud.sdk.Request;import com.cloud.sdk.auth.credentials.BasicCredentials;import com.cloud.sdk.auth.signer.Signer;import com.cloud.sdk.auth.signer.SignerFactory;import com.cloud.sdk.http.HttpMethodName;

public class AccessServiceImpl extends AccessService {

private CloseableHttpClient client = null;

public AccessServiceImpl(String serviceName, String region, String ak, String sk) { super(serviceName, region, ak, sk); }

/** {@inheritDoc} */

public HttpResponse access(URL url, Map<String, String> headers, InputStream content, Long contentLength, HttpMethodName httpMethod) throws Exception {

// Make a request for signing. Request request = new DefaultRequest(this.serviceName); try { // Set the request address. request.setEndpoint(url.toURI());


Issue 01 (2017-12-31) 6

String urlString = url.toString();

String parameters = null;

if (urlString.contains("?")) { parameters = urlString.substring(urlString.indexOf("?") + 1); Map parametersmap = new HashMap<String, String>(); if (null != parameters && !"".equals(parameters)) { String[] parameterarray = parameters.split("&"); for (String p : parameterarray) { String key = p.split("=")[0]; String value = p.split("=")[1]; parametersmap.put(key, value); } request.setParameters(parametersmap); } }

} catch (URISyntaxException e) { // It is recommended to add logs in this place. e.printStackTrace(); } // Set the request method. request.setHttpMethod(httpMethod); if (headers != null) { // Add request header information if required. request.setHeaders(headers); } // Configure the request content. request.setContent(content);

// Select an algorithm for request signing. Signer signer = SignerFactory.getSigner(serviceName, region); // Sign the request, and the request will change after the signing. signer.sign(request, new BasicCredentials(this.ak, this.sk));

// Make a request that can be sent by the HTTP client. HttpRequestBase httpRequestBase = createRequest(url, null, request.getContent(), contentLength, httpMethod); Map<String, String> requestHeaders = request.getHeaders(); // Put the header of the signed request to the new request. for (String key : requestHeaders.keySet()) { if (key.equalsIgnoreCase(HttpHeaders.CONTENT_LENGTH.toString())) { continue; } httpRequestBase.addHeader(key, requestHeaders.get(key)); }

HttpResponse response = null; SSLContext sslContext = SSLContexts.custom() .loadTrustMaterial(null, new TrustSelfSignedStrategy()) .useTLS().build(); SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory( sslContext, new AllowAllHostnameVerifier());

client = HttpClients.custom().setSSLSocketFactory(sslSocketFactory) .build(); // Send the request, and a response will be returned. response = client.execute(httpRequestBase); return response; }

/** * Make a request that can be sent by the HTTP client. * * @param url


Issue 01 (2017-12-31) 7

* specifies the API access path. * @param header * specifies the header information to be added. * @param content * specifies the body content to be sent in the API call. * @param contentLength * specifies the length of the content. This parameter is optional. * @param httpMethod * specifies the HTTP method to be used. * @return specifies the request that can be sent by an HTTP client. */ private static HttpRequestBase createRequest(URL url, Header header, InputStream content, Long contentLength, HttpMethodName httpMethod) {

HttpRequestBase httpRequest; if (httpMethod == HttpMethodName.POST) { HttpPost postMethod = new HttpPost(url.toString());

if (content != null) { InputStreamEntity entity = new InputStreamEntity(content, contentLength); postMethod.setEntity(entity); } httpRequest = postMethod; } else if (httpMethod == HttpMethodName.PUT) { HttpPut putMethod = new HttpPut(url.toString()); httpRequest = putMethod;

if (content != null) { InputStreamEntity entity = new InputStreamEntity(content, contentLength); putMethod.setEntity(entity); } } else if (httpMethod == HttpMethodName.PATCH) { HttpPatch patchMethod = new HttpPatch(url.toString()); httpRequest = patchMethod;

if (content != null) { InputStreamEntity entity = new InputStreamEntity(content, contentLength); patchMethod.setEntity(entity); } } else if (httpMethod == HttpMethodName.GET) { httpRequest = new HttpGet(url.toString()); } else if (httpMethod == HttpMethodName.DELETE) { httpRequest = new HttpDelete(url.toString()); } else if (httpMethod == HttpMethodName.HEAD) { httpRequest = new HttpHead(url.toString()); } else { throw new RuntimeException("Unknown HTTP method name: " + httpMethod); }

httpRequest.addHeader(header); return httpRequest; }

@Override public void close() { try { if (client != null) { client.close(); } } catch (IOException e) { // It is recommended to add logs in this place. e.printStackTrace(); } }


Issue 01 (2017-12-31) 8

}

Demo.java:


import java.io.BufferedReader;import java.io.ByteArrayInputStream;import java.io.IOException;import java.io.InputStream;import java.io.InputStreamReader;import java.net.MalformedURLException;import java.net.URL;

import org.apache.http.HttpResponse;

import com.cloud.sdk.http.HttpMethodName;

public class Demo {

//replace real region private static final String region = "regionName";

//replace real service name private static final String serviceName = "serviceName";

public static void main(String[] args) {

//replace real AK String ak = "akString"; //replace real SK String sk = "skString";

// get method //replace real url String url = "urlString"; get(ak, sk, url);

// post method //replace real url String postUrl = "urlString"; //replace real body String postbody = "bodyString"; post(ak, sk, postUrl, postbody);

// put method //replace real body String putbody = "bodyString"; //replace real url String putUrl = "urlString"; put(ak, sk, putUrl, putbody);

// delete method //replace real url String deleteUrl = "urlString"; delete(ak, sk, deleteUrl); }

public static void put(String ak, String sk, String requestUrl, String putBody) {

AccessService accessService = null; try { accessService = new AccessServiceImpl(serviceName, region, ak, sk); URL url = new URL(requestUrl); HttpMethodName httpMethod = HttpMethodName.PUT;


Issue 01 (2017-12-31) 9

InputStream content = new ByteArrayInputStream(putBody.getBytes()); HttpResponse response = accessService.access(url, content, (long) putBody.getBytes().length, httpMethod); System.out.println(response.getStatusLine().getStatusCode()); } catch (Exception e) { e.printStackTrace(); } finally { accessService.close(); }

} public static void patch(String ak, String sk, String requestUrl, String putBody) {

AccessService accessService = null; try { accessService = new AccessServiceImpl(serviceName, region, ak, sk); URL url = new URL(requestUrl); HttpMethodName httpMethod = HttpMethodName.PATCH; InputStream content = new ByteArrayInputStream(putBody.getBytes()); HttpResponse response = accessService.access(url, content, (long) putBody.getBytes().length, httpMethod); System.out.println(convertStreamToString(response.getEntity() .getContent())); } catch (Exception e) { e.printStackTrace(); } finally { accessService.close(); }

}

public static void delete(String ak, String sk, String requestUrl) {

AccessService accessService = null;

try { accessService = new AccessServiceImpl(serviceName, region, ak, sk); URL url = new URL(requestUrl); HttpMethodName httpMethod = HttpMethodName.DELETE;

HttpResponse response = accessService.access(url, httpMethod); System.out.println(convertStreamToString(response.getEntity() .getContent())); } catch (Exception e) { e.printStackTrace(); } finally { accessService.close(); }

}

public static void get(String ak, String sk, String requestUrl) {

AccessService accessService = null;

try { accessService = new AccessServiceImpl(serviceName, region, ak, sk); URL url = new URL(requestUrl); HttpMethodName httpMethod = HttpMethodName.GET; HttpResponse response; response = accessService.access(url, httpMethod); System.out.println(convertStreamToString(response.getEntity() .getContent()));


Issue 01 (2017-12-31) 10

} catch (Exception e) { e.printStackTrace(); } finally { accessService.close(); }

}

public static void post(String ak, String sk, String requestUrl, String postbody) {

AccessService accessService = new AccessServiceImpl(serviceName, region, ak, sk); URL url = null; try { url = new URL(requestUrl); } catch (MalformedURLException e) { e.printStackTrace(); } InputStream content = new ByteArrayInputStream(postbody.getBytes()); HttpMethodName httpMethod = HttpMethodName.POST; HttpResponse response;

try { response = accessService.access(url, content, (long) postbody.getBytes().length, httpMethod); System.out.println(convertStreamToString(response.getEntity() .getContent())); } catch (Exception e) { e.printStackTrace(); } finally { accessService.close(); } }

private static String convertStreamToString(InputStream is) { BufferedReader reader = new BufferedReader(new InputStreamReader(is)); StringBuilder sb = new StringBuilder();

String line = null; try { while ((line = reader.readLine()) != null) { sb.append(line + "\n"); } } catch (IOException e) { e.printStackTrace(); } finally { try { is.close(); } catch (IOException e) { e.printStackTrace(); } }

return sb.toString(); }

}

NOTE

1. Parameters URI, AK, SK, and HTTP METHOD are mandatory.

2. You can use the request.addHeader() method to add header information.


Issue 01 (2017-12-31) 11

1.6 Obtaining a Project IDA project ID is required for some URLs when an API is called. It can be project_id ortenant_id because project_id has the same meaning as tenant_id in this document. Beforecalling an API, you need to obtain a project ID on the console. The steps are as follows:

1. Log in to the management console.2. Click the username and select Basic Information from the drop-down list.3. On the displayed page, click Manage my credentials.

On the displayed page, view the project ID in the project list.

Figure 1-1 Viewing project IDs


Issue 01 (2017-12-31) 12

2 Common Message Headers

This chapter describes common request and response REST message headers.

2.1 Common Request Headers

Table 2-1 Common request headers

Parameter Description Mandatory Example Value

x-sdk-date Specifies the timewhen the request issent. The time is inYYYYMMDD'T'HHMMSS'Z' format.The value is thecurrent GMT time ofthe system.

NoThis field ismandatory forAK/SKauthentication.

20150907T101459Z

Authorization Specifies theauthenticationinformation.The value can beobtained from therequest signingresult.For details, seesection 1.5.2Request SigningProcedure.


SDK-HMAC-SHA256Credential=ZIRRKMTWPTQFQI1WKNKB/20150907//ec2/sdk_request,SignedHeaders=content-type;host;x-sdk-date,Signature=55741b610f3c9fa3ae40b5a8021ebf7ebc2a28a603fc62d25cb3bfe6608e1994

Virtual Private CloudAPI Reference 2 Common Message Headers

Issue 01 (2017-12-31) 13


Host Specifies the serverdomain name andport number of theresources beingrequested. The valuecan be obtained fromthe URL of theservice API. Thevalue ishostname[:port]. Ifthe port number isnot specified, thedefault port is used.The default portnumber for https is443.


code.test.comorcode.test.com:443

Content-type Specifies the requestbody MIME type.You are advised touse the default valueapplication/json.For interfaces usedto upload objects orimages, the value canvary depending onthe flow type.

Yes application/json

Content-Length Specifies the lengthof the request body.The unit is byte.

No 3495

X-Project-Id Specifies the projectID. Obtain theproject ID byfollowing theinstructions insection 1.6Obtaining a ProjectID.This parameter ismandatory for arequest from a DeCor multi-project user.

NoThis field ismandatory forrequests thatuse AK/SKauthenticationin theDedicatedCloud (DeC)scenario ormulti-projectscenario.

e9993fc787d94b6c886cbaa340f9c0f4


Issue 01 (2017-12-31) 14


X-Auth-Token Specifies the usertoken.For details abouthow to obtain thetoken, see section"Obtaining the UserToken" in theIdentity and AccessManagement APIReference. After therequest is processed,the value of X-Subject-Token inthe message headeris the token value.

NoThis field ismandatory fortokenauthentication.

The following is part of anexample token:MIIPAgYJKoZIhvcNAQc-CoIIO8zCCDu8CAQExDTALBglghkgBZQMEAgEwgg1QBgkqhkiG9w0BBwGggg1BBIINPXsidG9rZ.

NOTE

For details about other parameters in the message header, see the HTTP protocol documentation.

2.2 Common Response Headers

Table 2-2 Common response headers

Name Description Example Value

Content-Length

Specifies the length of the response body.The unit is byte.

--

Date Specifies the GMT time when a requestresponse is returned.

Wed, 27 Dec 201606:49:46 GMT

Content-type Specifies the response body MIME type. application/json


Issue 01 (2017-12-31) 15

3 Virtual Private Cloud

3.1 Creating a VPC

FunctionThis interface is used to create a VPC.

URIl POST /v1/{tenant_id}/vpcsl Parameter description

Name Mandatory Description

tenant_id Yes Specifies the tenant ID ofthe operator.

Requestl Parameter description

Name Mandatory Type Description

vpc Yes Dictionarydata structure

Specifies the VPC objects.

Descriptions of vpc fields

Virtual Private CloudAPI Reference 3 Virtual Private Cloud

Issue 01 (2017-12-31) 16


name No String Specifies the name of the VPC.The name must be unique for a tenant.The value is a string of no more than 64characters and can contain digits, letters,underscores (_), and hyphens (-).

cidr No String Specifies the range of available subnets in theVPC.The value must be in CIDR format, forexample, 192.168.0.0/16.The value ranges from 10.0.0.0/8 to10.255.255.0/24, 172.16.0.0/12 to172.31.255.0/24, or 192.168.0.0/16 to192.168.255.0/24.

l Example request{ "vpc": { "name": "vpc", "cidr": "192.168.0.0/16" } }

Responsel Parameter description






id Yes String Specifies a resource ID in UUID format.

name No String Specifies the name of the VPC.The name must be unique for a tenant.The value is a string of no more than 64characters and can contain digits, letters,underscores (_), and hyphens (-).


Issue 01 (2017-12-31) 17


cidr No String Specifies the range of available subnets inthe VPC.The value must be in CIDR format, forexample, 192.168.0.0/16.The value ranges from 10.0.0.0/8 to10.255.255.0/24, 172.16.0.0/12 to172.31.255.0/24, or 192.168.0.0/16 to192.168.255.0/24.

status Yes String Specifies the status of the VPC.The value can be CREATING, OK,DOWN, PENDING_UPDATE,PENDING_DELETE, or ERROR.

l Example response{ "vpc": { "id": "99d9d709-8478-4b46-9f3f-2206b1023fd3", "name": "vpc", "cidr": "192.168.0.0/16", "status": "CREATING", }}

Returned Valuel Normal

200

l Abnormal

Returned Value Description

400 Bad Request The server failed to process the request.

401 Unauthorized You must enter the username and password toaccess the requested page.

403 Forbidden You are forbidden to access the requested page.

404 Not Found The server could not find the requested page.

405 Method Not Allowed You are not allowed to use the methodspecified in the request.

406 Not Acceptable The response generated by the server could notbe accepted by the client.

407 Proxy Authentication Required You must use the proxy server forauthentication so that the request can beprocessed.


Issue 01 (2017-12-31) 18


408 Request Timeout The request timed out.

409 Conflict The request could not be processed due to aconflict.

500 Internal Server Error Failed to complete the request because of aninternal service error.

501 Not Implemented Failed to complete the request because theserver does not support the requested function.

502 Bad Gateway Failed to complete the request because therequest is invalid.

503 Service Unavailable Failed to complete the request because theservice is unavailable.

504 Gateway Timeout A gateway timeout error occurred.

3.2 Querying VPC Details

FunctionThis interface is used to query details about a VPC.

URIl GET /v1/{tenant_id}/vpcs/{vpc_id}l Parameter description



vpc_id Yes Specifies the VPC ID,which uniquely identifiesthe VPC.


Nonel Example request

None


Issue 01 (2017-12-31) 19






Name Mandatory

Type Description


name No String Specifies the VPC name.

cidr Yes String Specifies the range of available subnetsin the VPC.


l Example response

{ "vpc": { "id": "99d9d709-8478-4b46-9f3f-2206b1023fd3", "name": "vpc", "cidr": "192.168.0.0/16", "status": "OK",}}


200l Abnormal








Issue 01 (2017-12-31) 20











3.3 Querying VPCs

FunctionThis interface is used to query VPCs using search criteria and to display the VPCs in a list.

URIl GET /v1/{tenant_id}/vpcsl Example:

/v1/{tenant_id}/vpcs?limit=10&marker=13551d6b-755d-4757-b956-536f674975c0l Parameter description


tenant_id Yes String Specifies the tenant ID of the operator.

marker No String Specifies the resource ID of paginationquery. If the parameter is left blank, onlyresources on the first page are queried.

limit No int Specifies the number of records returnedon each page.The value ranges from 0 to intmax.


Issue 01 (2017-12-31) 21



None



vpcs Yes List data structure Specifies the VPC list objects.

Descriptions of vpcs fields



name No String Specifies the VPC name.

cidr Yes String Specifies the range of available subnets inthe VPC.


Descriptions of route fields


destination

Yes String Specifies the destination networksegment of a route.The value must be in the CIDR format.Currently, only the value 0.0.0.0/0 issupported.

nexthop Yes String Specifies the next hop of a route.The value must be an IP address andmust belong to the subnet in the VPC.Otherwise, this value does not take effect.

l Example response

{ "vpcs": [ { "id": "13551d6b-755d-4757-b956-536f674975c0",


Issue 01 (2017-12-31) 22

"name": "default", "cidr": "172.16.0.0/16", "status": "OK", }, { "id": "3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85", "name": "222", "cidr": "192.168.0.0/16", "status": "OK", }, { "id": "99d9d709-8478-4b46-9f3f-2206b1023fd3", "name": "vpc", "cidr": "192.168.0.0/16", "status": "OK", } ]}


200l Abnormal















Issue 01 (2017-12-31) 23




3.4 Updating VPC Information

FunctionThis interface is used to update information about a VPC.

URIl PUT /v1/{tenant_id}/vpcs/{vpc_id}l Parameter description






vpc Yes Dictionary datastructure

VPC object, which must containname or cidr



Issue 01 (2017-12-31) 24

Name Mandatory

Type Description

name No String Specifies the name of the VPC.The name must be unique for a tenant.The value is a string of no more than 64characters and can contain digits, letters,underscores (_), and hyphens (-).If name is not specified, cidr must bespecified.

cidr No String Specifies the range of available subnets inthe VPC.The value must be in CIDR format, forexample, 192.168.0.0/16.The value ranges from 10.0.0.0/8 to10.255.255.0/24, 172.16.0.0/12 to172.31.255.0/24, or 192.168.0.0/16 to192.168.255.0/24.If cidr is not specified, name must bespecified.

l Example request

{"vpc": { "name": "vpc1", "cidr": "192.168.0.0/16" }}



vpc Yes Dictionary datastructure





name Yes String Specifies the VPC name.

cidr Yes String Specifies the range of available subnets inthe VPC.


Issue 01 (2017-12-31) 25



l Example response

{ "vpc": { "id": "99d9d709-8478-4b46-9f3f-2206b1023fd3", "name": "vpc1", "cidr": "192.168.0.0/16", "status": "OK", }}


200l Abnormal















Issue 01 (2017-12-31) 26




3.5 Deleting a VPC

Function

This interface is used to delete a VPC.

URIl DELETE /v1/{tenant_id}/vpcs/{vpc_id}l Parameter description






None

Responsel Example response

None


204l Abnormal




Issue 01 (2017-12-31) 27
















Issue 01 (2017-12-31) 28

4 Subnet

4.1 Creating a Subnet

FunctionThis interface is used to create a subnet.

URIl POST /v1/{tenant_id}/subnetsl Parameter description





subnet Yes Dictionary datastructure

Specifies the subnet objects.

Descriptions of subnet fields

Virtual Private CloudAPI Reference 4 Subnet

Issue 01 (2017-12-31) 29

Name Mandatory

Type Description

name Yes String Specifies the subnet name.The value is a string of 1 to 64characters that can contain letters,digits, underscores (_), and hyphens(-).

cidr Yes String Specifies the network segment onwhich the subnet resides.The value must be in CIDR format.The value must be within the CIDRblock of the VPC. The subnet maskcannot be greater than 28.

gateway_ip Yes String Specifies the gateway of the subnet.The value must be a valid IP address.The value must be an IP address in thesubnet segment.

dhcp_enable No Boolean Specifies whether the DHCP functionis enabled for the subnet.The value can be true or false.If this parameter is left blank, it is setto true by default.

primary_dns No String Specifies the IP address of DNSserver 1 on the subnet.The value must be a valid IP address.

secondary_dns No String Specifies the IP address of DNSserver 2 on the subnet.The value must be a valid IP address.

dnsList No List Specifies the DNS server address listof a subnet. This field is required ifyou need to use more than two DNSservers.This parameter value is the superset ofboth DNS server address 1 and DNSserver address 2.

availability_zone

No String Identifies the availability zone (AZ) towhich the subnet belongs.The value must be an existing AZ inthe system.

vpc_id Yes String Specifies the ID of the VPC to whichthe subnet belongs.


Issue 01 (2017-12-31) 30

Name Mandatory

Type Description

port_security_enable

No String Specifies the operations can beperformed on security groups duringsubnet creation.This is a system default parameter.Users do not need to configure thisparameter.

l Example Request{ "subnet": { "name": "subnet", "cidr": "192.168.20.0/24", "gateway_ip": "192.168.20.1", "dhcp_enable": "true", "primary_dns": "114.114.114.114", "secondary_dns": "114.114.115.115", "dnsList": [ "114.114.114.114", "114.114.115.115" ], "availability_zone":"aa-bb-cc",//AZ aa-bb-cc is used as an example. "vpc_id":"3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85" }}







id Yes String Specifies a resource ID in UUIDformat.

name Yes String Specifies the subnet name.

cidr Yes String Specifies the subnet networksegment.

gateway_ip Yes String Specifies the subnet gatewayaddress.

dhcp_enable No Boolean Specifies whether the DHCPfunction is enabled for the subnet.


Issue 01 (2017-12-31) 31


primary_dns No String Specifies the IP address of DNSserver 1 on the subnet.

secondary_dns No String Specifies the IP address of DNSserver 2 on the subnet.

dnsList No List Specifies the IP address list of DNSservers on the subnet.

availability_zone No String Identifies the AZ to which thesubnet belongs.

vpc_id Yes String Specifies the ID of the VPC towhich the subnet belongs.

status Yes String Specifies the status of the subnet.The value can be ACTIVE,DOWN, UNKNOWN, orERROR.

neutron_network_id

Yes String Specifies the network (NativeOpenStack API) ID.

neutron_subnet_id Yes String Specifies the subnet (NativeOpenStack API) ID.

l Example Response

{ "subnet": { "id": "4779ab1c-7c1a-44b1-a02e-93dfc361b32d", "name": "subnet", "cidr": "192.168.20.0/24", "dnsList": [ "114.114.114.114", "1114.114.115.115" ], "status": "UNKNOWN", "vpc_id": "3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85", "gateway_ip": "192.168.20.1", "dhcp_enable": true, "primary_dns": "114.114.114.114", "secondary_dns": "114.114.115.115", "availability_zone":"aa-bb-cc",//AZ aa-bb-cc is used as an example. "neutron_network_id": "4779ab1c-7c1a-44b1-a02e-93dfc361b32d", "neutron_subnet_id": "213cb9d-3122-2ac1-1a29-91ffc1231a12" }}


200l Abnormal


Issue 01 (2017-12-31) 32
















4.2 Querying Subnet Details

FunctionThis interface is used to query details about a subnet.

URIl GET /v1/{tenant_id}/subnets/{subnet_id}l Parameter description


Issue 01 (2017-12-31) 33



subnet_id Yes Specifies the subnet ID,which uniquely identifiesthe subnet.


None

l Example request

None









cidr Yes String Specifies the subnet networksegment.

gateway_ip Yes String Specifies the subnet gatewayaddress.

dhcp_enable No Boolean Specifies whether the DHCPfunction is enabled for the subnet.

primary_dns No String Specifies the IP address of DNSserver 1 on the subnet.

secondary_dns No String Specifies the IP address of DNSserver 2 on the subnet.



Issue 01 (2017-12-31) 34


availability_zone No String Identifies the AZ to which thesubnet belongs.

vpc_id Yes String Specifies the ID of the VPC towhich the subnet belongs.

status Yes String Specifies the status of the subnet.The value can be ACTIVE,DOWN, UNKNOWN, or ERROR.

neutron_network_id


neutron_subnet_id Yes String Specifies the subnet (NativeOpenStack API) ID.

l Example response

{ "subnet": { "id": "4779ab1c-7c1a-44b1-a02e-93dfc361b32d", "name": "subnet", "cidr": "192.168.20.0/24", "dnsList": [ "114.114.114.114", "114.114.115.115" ], "status": "ACTIVE", "vpc_id": "3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85", "gateway_ip": "192.168.20.1", "dhcp_enable": true, "primary_dns": "114.114.114.114", "secondary_dns": "114.114.115.115", "availability_zone": "aa-bb-cc"//AZ aa-bb-cc is used as an example. "neutron_network_id": "4779ab1c-7c1a-44b1-a02e-93dfc361b32d", "neutron_subnet_id": "213cb9d-3122-2ac1-1a29-91ffc1231a12" }}


200l Abnormal








Issue 01 (2017-12-31) 35











4.3 Querying Subnets

FunctionThis interface is used to query subnets using search criteria and to display the subnets in a list.

URIl GET /v1/{tenant_id}/subnetsl Example:

/v1/{tenant_id}/subnets?limit=10&marker=4779ab1c-7c1a-44b1-a02e-93dfc361b32d&vpc_id=3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85

l Parameter description



marker No String Specifies the resource ID of paginationquery. If the parameter is left blank,only resources on the first page arequeried.


Issue 01 (2017-12-31) 36


limit No String Specifies the number of recordsreturned on each page.The value ranges from 0 to intmax.

vpc_id No String Specifies the VPC ID used as the queryfilter.



None



subnets Yes List datastructure

Specifies the subnet list objects.

Descriptions of subnets fields




cidr Yes String Specifies the subnet network segment.

gateway_ip Yes String Specifies the subnet gateway address.

dhcp_enable No Boolean Specifies whether the DHCP functionis enabled for the subnet.

primary_dns No String Specifies the IP address of DNS server1 on the subnet.

secondary_dns No String Specifies the IP address of DNS server2 on the subnet.


availability_zone No String Identifies the AZ to which the subnetbelongs.


Issue 01 (2017-12-31) 37


vpc_id Yes String Specifies the ID of the VPC to whichthe subnet belongs.

status Yes String Specifies the status of the subnet.The value can be ACTIVE, DOWN,UNKNOWN, or ERROR.

neutron_network_id


neutron_subnet_id

Yes String Specifies the subnet (NativeOpenStack API) ID.

l Example response{ "subnets": [ { "id": "4779ab1c-7c1a-44b1-a02e-93dfc361b32d", "name": "subnet", "cidr": "192.168.20.0/24", "dnsList": [ "114.114.114.114", "114.114.115.115" ], "status": "ACTIVE", "vpc_id": "3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85", "gateway_ip": "192.168.20.1", "dhcp_enable": true, "primary_dns": "114.114.114.114", "secondary_dns": "114.114.115.115", "availability_zone": "aa-bb-cc"//AZ aa-bb-cc is used as an example. "neutron_network_id": "4779ab1c-7c1a-44b1-a02e-93dfc361b32d", "neutron_subnet_id": "213cb9d-3122-2ac1-1a29-91ffc1231a12"

}, { "id": "531dec0f-3116-411b-a21b-e612e42349fd", "name": "Subnet1", "cidr": "192.168.1.0/24", "dnsList": [ "114.114.114.114", "114.114.115.115" ], "status": "ACTIVE", "vpc_id": "3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85", "gateway_ip": "192.168.1.1", "dhcp_enable": true, "primary_dns": "114.114.114.114", "secondary_dns": "114.114.115.115", "availability_zone": "aa-bb-cc"//AZ aa-bb-cc is used as an example. "neutron_network_id": "531dec0f-3116-411b-a21b-e612e42349fd", "neutron_subnet_id": "1aac193-a2ad-f153-d122-12d64c2c1d78" } ]}



Issue 01 (2017-12-31) 38

200

l Abnormal
















4.4 Updating Subnet Information

Function

This interface is used to update information about a subnet.

URIl PUT /v1/{tenant_id}/vpcs/{vpc_id}/subnets/{subnet_id}



Issue 01 (2017-12-31) 39



vpc_id Yes Specifies the ID of thesubnet VPC.








name Yes String Specifies the subnet name.The value is a string of 1 to 64characters that can contain letters,digits, underscores (_), and hyphens(-).

dhcp_enable No Boolean Specifies whether the DHCPfunction is enabled for the subnet.The value can be true or false.If this parameter is left blank, it isset to true by default.

primary_dns No String Specifies the IP address of DNSserver 1 on the subnet.The value must be a valid IPaddress.

secondary_dns No String Specifies the IP address of DNSserver 2 on the subnet.The value must be a valid IPaddress.


Issue 01 (2017-12-31) 40


dnsList No List Specifies the DNS server address listof a subnet. This field is required ifyou need to use more than two DNSservers.This parameter value is the supersetof both DNS server address 1 andDNS server address 2.

l Example request

{ "subnet": { "name": "subnetqq", "dhcp_enable": "false", "primary_dns": "114.114.114.115", "secondary_dns": "114.114.115.116" }}








status Yes String Specifies the status of the subnet.The value can be ACTIVE,DOWN, UNKNOWN, or ERROR.

l Example response{ "subnet": { "id": "4779ab1c-7c1a-44b1-a02e-93dfc361b32d", "status": "ACTIVE" }}


200


Issue 01 (2017-12-31) 41

l Abnormal
















4.5 Deleting a Subnet

FunctionThis interface is used to delete a subnet.

URIl DELETE /v1/{tenant_id}/vpcs/{vpc_id}/subnets/{subnet_id}l Parameter description


Issue 01 (2017-12-31) 42



vpc_id Yes Specifies the ID of thesubnet VPC.



None

l Example request

None

Response

Example responseNone


204

l Abnormal











Issue 01 (2017-12-31) 43









Issue 01 (2017-12-31) 44

5 Elastic IP Address

5.1 Applying for an Elastic IP Address

FunctionThis interface is used to apply for an elastic IP address.

URIl POST /v1/{tenant_id}/publicipsl Parameter description





publicip Yes Dictionarydata structure

Specifies the elastic IP address objects.

bandwidth

Yes Dictionarydata structure

Specifies the bandwidth objects.

Descriptions of publicip fields

Virtual Private CloudAPI Reference 5 Elastic IP Address

Issue 01 (2017-12-31) 45


type Yes String Specifies the type of theelastic IP address. Thevalue can the 5_telcom,5_union, 5_bgp, or5_sbgp.The value must be atype supported by thesystem..

ip_address No String Specifies the elastic IPaddress to be obtained.The value must be avalid IP address in theavailable IP addresssegment.

Descriptions of bandwidth fields


name No String Specifies the bandwidthname.The value is a string of 1to 64 characters that cancontain letters, digits,underscores (_), andhyphens (-).This parameter ismandatory whenshare_type is set toPER and is optionalwhen share_type is setto WHOLE with an IDspecified.

size No int Specifies the bandwidthsize.The value ranges from 1Mbit/s to 300 Mbit/s.


Issue 01 (2017-12-31) 46


id No String Specifies the ID of thebandwidth. You canspecify an earlier sharedbandwidth whenapplying for an elasticIP address for thebandwidth whose type isset to WHOLE.The bandwidth whosetype is set to WHOLEexclusively uses its ownID.The value can be the IDof the bandwidth whosetype is set to WHOLE.

share_type Yes String Specifies whether thebandwidth is shared orexclusive.The value can be PERor WHOLE.

charge_mode No String Specifies the chargingmode (by traffic or bybandwidth).The default value istraffic. Currently, EIPscan only be charged bytraffic.

l Example request

{ "publicip": { "type": "5_bgp" }, "bandwidth": { "name": "bandwidth123", "size": 10, "share_type": "PER" }}



publicip Yes Dictionarydata structure



Issue 01 (2017-12-31) 47



id Yes String Specifies the ID of theelastic IP address, whichuniquely identifies theelastic IP address.

status Yes String Specifies the status ofthe elastic IP address.The value can beFREEZED,BIND_ERROR,BINDING,PENDING_DELETE,PENDING_CREATE,NOTIFYING,NOTIFY_DELETE,PENDING_UPDATE,DOWN, ACTIVE,ELB, or ERROR.

type Yes String Specifies the type of theelastic IP address.

public_ip_address Yes String Specifies the obtainedelastic IP address.

tenant_id Yes String Specifies the tenant IDof the operator.

create_time Yes String Specifies the time forapplying for the elasticIP address.

bandwidth _size Yes int Specifies the bandwidthsize.

l Example response{ "publicip": { "id": "f588ccfa-8750-4d7c-bf5d-2ede24414706", "status": "PENDING_CREATE", "type": "5_bgp", "public_ip_address": "161.17.101.7", "tenant_id": "8b7e35ad379141fc9df3e178bd64f55c", "create_time": "2015-07-16 04:10:52", "bandwidth_size": 0 }}


200


Issue 01 (2017-12-31) 48

l Abnormal
















5.2 Querying an Elastic IP Address

FunctionThis interface is used to query details about an elastic IP address.

URIl GET /v1/{tenant_id}/publicips/{publicip_id}l Parameter description


Issue 01 (2017-12-31) 49



publicip _id Yes Specifies the ID of theelastic IP address, whichuniquely identifies theelastic IP address.


None

l Example Request

None



publicip Yes Dictionary datastructure

Specifies the elastic IP addressobjects.






Issue 01 (2017-12-31) 50




private_ip_address No String Specifies the private IPaddress bound to theelastic IP address.The parameter isreturned only when theprivate IP address isbound to the elastic IPaddress.

port_id No String Specifies the port ID.The parameter isreturned only when theprivate IP address isbound to the elastic IPaddress.



bandwidth_id Yes String Specifies the bandwidthID of the elastic IPaddress.


bandwidth_share_type Yes String Specifies whether thebandwidth is shared orexclusive.

bandwidth_name Yes String Specifies the bandwidthname.

l Example Response{ "publicip": { "id": "2ec9b78d-9368-46f3-8f29-d1a95622a568", "status": "DOWN", "type": "5_bgp", "public_ip_address": "161.17.101.12", "tenant_id": "8b7e35ad379141fc9df3e178bd64f55c", "private_ip_address": "192.168.10.5", "create_time": "2015-07-16 04:32:50", "bandwidth_id": "49c8825b-bed9-46ff-9416-704b96d876a2",


Issue 01 (2017-12-31) 51

"bandwidth_share_type": "PER", "bandwidth_size": 10, "bandwidth_name": "bandwidth-test" }}


200l Abnormal

















Issue 01 (2017-12-31) 52

5.3 Querying Elastic IP Addresses

Function

This interface is used to query elastic IP addresses using search criteria and to display theelastic IP addresses in a list.

URIl GET /v1/{tenant_id}/publicipsl Example:

/v1/{tenant_id}/publicips?limit=10&marker=4779ab1c-7c1a-44b1-a02e-93dfc361b32dl Parameter description



marker No String Specifies the resourceID of pagination query.If the parameter is leftblank, only resources onthe first page arequeried.

limit No int Specifies the number ofrecords returned on eachpage. The value rangesfrom 0 to intmax.



None



publicips Yes List datastructure

Specifies the elastic IP address listobjects.

Descriptions of publicips fields


Issue 01 (2017-12-31) 53

Name Mandatory

Type Description


status Yes String Specifies the status ofthe elastic IP address.The value can beFREEZED,BIND_ERROR,BINDING,PENDING_DELETE,PENDING_CREATE,NOTIFYING,NOTIFY_DELETE,PENDING_UPDATE,DOWN, ACTIVE,ELB, ERROR, orUNKNOWN.



private_ip_address No String Specifies the private IPaddress bound to theelastic IP address.The parameter isreturned only when theprivate IP address isbound to the elastic IPaddress.

port_id No String Specifies the port ID.The parameter isreturned only when theprivate IP address isbound to the elastic IPaddress.




Issue 01 (2017-12-31) 54

Name Mandatory

Type Description

bandwidth_id Yes String Specifies the bandwidthID of the elastic IPaddress.


bandwidth_share_type Yes String Specifies whether thebandwidth is shared orexclusive.

bandwidth_name Yes String Specifies the bandwidthname.

l Example response

{ "publicips": [ { "id": "6285e7be-fd9f-497c-bc2d-dd0bdea6efe0", "status": "DOWN", "type": "5_bgp", "public_ip_address": "161.17.101.9", "private_ip_address": "192.168.10.5", "tenant_id": "8b7e35ad379141fc9df3e178bd64f55c", "create_time": "2015-07-16 04:22:32", "bandwidth_id": "3fa5b383-5a73-4dcb-a314-c6128546d855", "bandwidth_share_type": "PER", "bandwidth_size": 5, "bandwidth_name": "bandwidth-test" }, { "id": "80d5b82e-43b9-4f82-809a-37bec5793bd4", "status": "DOWN", "type": "5_bgp", "public_ip_address": "161.17.101.10", "private_ip_address": "192.168.10.6", "tenant_id": "8b7e35ad379141fc9df3e178bd64f55c", "create_time": "2015-07-16 04:23:03", "bandwidth_id": "a79fd11a-047b-4f5b-8f12-99c178cc780a", "bandwidth_share_type": "PER", "bandwidth_size": 5, "bandwidth_name": "bandwidth-test1"

} ]}


200l Abnormal




Issue 01 (2017-12-31) 55















5.4 Binding or Unbinding an Elastic IP Address

Function

This interface is used to bind an elastic IP address to a NIC or unbind an elastic IP addressfrom a NIC.

URIl PUT /v1/{tenant_id}/publicips/{publicip_id}l Parameter description




Issue 01 (2017-12-31) 56





publicip Yes Dictionary datastructure




port_id No String Specifies the port ID.Constraints: The valuemust be an existing portID. If this parameter isnot included or theparameter value is leftblank, the elastic IPaddress is unbound. Ifthe specified port IDdoes not exist or hasbeen bound to an elasticIP address, an errormessage will bedisplayed.

l Example request

{ "publicip": { "port_id": "f588ccfa-8750-4d7c-bf5d-2ede24414706" }}



publicip

Yes Dictionary datastructure



Issue 01 (2017-12-31) 57







port_id No String Specifies the port ID.




l Example response

{ "publicip": { "id": "f588ccfa-8750-4d7c-bf5d-2ede24414706", "status": "PENDING_UPDATE", "type": "5_bgp", "public_ip_address": "161.17.101.7", "port_id": "f588ccfa-8750-4d7c-bf5d-2ede24414706", "tenant_id": "8b7e35ad379141fc9df3e178bd64f55c", "create_time": "2015-07-16 04:10:52", "bandwidth_size": 6 }}


Issue 01 (2017-12-31) 58


200l Abnormal
















5.5 Deleting an Elastic IP Address

FunctionThis interface is used to delete an elastic IP address.


Issue 01 (2017-12-31) 59

URIl DELETE /v1/{tenant_id}/publicips/{publicip_id}l Parameter description






None


None


204l Abnormal










Issue 01 (2017-12-31) 60










Issue 01 (2017-12-31) 61

6 Bandwidth

6.1 Querying a Bandwidth

FunctionThis interface is used to query details about a bandwidth.

URIl GET /v1/{tenant_id}/bandwidths/{bandwidth_id}l Parameter description



bandwidth_id Yes Specifies the bandwidthID, which uniquelyidentifies the bandwidth.



None


Virtual Private CloudAPI Reference 6 Bandwidth

Issue 01 (2017-12-31) 62


bandwidth Yes Dictionary datastructure




name Yes String Specifies the bandwidth name.The value is a string of 1 to 64characters that can contain letters,digits, underscores (_), and hyphens(-).

size Yes int Specifies the bandwidth size.The value ranges from 1 Mbit/s to300 Mbit/s.

id Yes String Specifies the bandwidth ID, whichuniquely identifies the bandwidth.

share_type Yes String Specifies whether the bandwidth isshared or exclusive.The value can be PER or WHOLE.

publicip_info Yes Dictionarydatastructure

Specifies the elastic IP address ofthe bandwidth.The bandwidth, whose type is set toWHOLE, supports up to 20 elasticIP addresses. The bandwidth, whosetype is set to PER, supports onlyone elastic IP address.

tenant_id Yes String Specifies the tenant ID of the user.

bandwidth_type

Yes String Specifies the bandwidth type.The value can be bgp, union,double, or telcom.

charge_mode No String The default value is traffic.Currently, EIPs can only be chargedby traffic.

publicip_info object


Issue 01 (2017-12-31) 63


publicip_id Yes String Specifies the ID of the elastic IPaddress, which uniquely identifiesthe elastic IP address.

publicip_address Yes String Specifies the elastic IP address.

publicip_type Yes String Specifies the elastic IP addresstype.The value can be 5_telcom,5_union, or 5_bgp.

l Example response{ "bandwidth": { "id": "3fa5b383-5a73-4dcb-a314-c6128546d855", "name": "2222", "size": 5, "share_type": "PER", "publicip_info": [ { "publicip_id": "6285e7be-fd9f-497c-bc2d-dd0bdea6efe0", "publicip_address": "161.17.101.9", "publicip_type": "5_bgp" } ], "tenant_id": "8b7e35ad379141fc9df3e178bd64f55c", "bandwidth_type": "bgp" }}


200l Abnormal









Issue 01 (2017-12-31) 64










6.2 Querying Bandwidths

Function

This interface is used to query bandwidths using search criteria and to display the bandwidthsin a list.

URIl GET /v1/{tenant_id}/bandwidthsl Example:

/v1/{tenant_id}/bandwidths?limit=10&marker=4779ab1c-7c1a-44b1-a02e-93dfc361b32d



tenant_id Yes String Specifies the tenant ID of theoperator.

marker No String Specifies the resource ID ofpagination query. If the parameter isleft blank, only resources on the firstpage are queried.

limit No int Specifies the number of recordsreturned on each page.The value ranges from 0 to intmax.


Issue 01 (2017-12-31) 65



None


Name Mandatory

Type Description

bandwidths

Yes List datastructure

Specifies the bandwidth list objects.

Descriptions of bandwidths fields

Name Mandatory

Type Description

name Yes String Specifies the bandwidth name.

size Yes int Specifies the bandwidth size.


share_type Yes String Specifies whether the bandwidth isshared or exclusive.The value can be PER orWHOLE.

publicip_info Yes Dictionarydata structure

Specifies the elastic IP address ofthe bandwidth.The bandwidth, whose type is setto WHOLE, supports up to 20elastic IP addresses. Thebandwidth, whose type is set toPER, supports only one elastic IPaddress.


bandwidth_type Yes String Specifies the bandwidth type.The value can be bgp, union,double, or telcom.


Issue 01 (2017-12-31) 66

Name Mandatory

Type Description

charge_mode No String The default value is traffic.Currently, EIPs can only becharged by traffic.



publicip_id Yes String Specifies the ID of the elastic IPaddress, which uniquely identifiesthe elastic IP address.

publicip_address

Yes String Specifies the elastic IP address.

publicip_type Yes String Specifies the type of the elastic IPaddress.

l Example response

{ "bandwidths": [ { "id": "a79fd11a-047b-4f5b-8f12-99c178cc780a", "name": "ddddd", "size": 5, "share_type": "PER", "publicip_info": [ { "publicip_id": "80d5b82e-43b9-4f82-809a-37bec5793bd4", "publicip_address": "161.17.101.10", "publicip_type": "5_bgp" } ], "tenant_id": "8b7e35ad379141fc9df3e178bd64f55c", "bandwidth_type": "bgp" }, { "id": "3fa5b383-5a73-4dcb-a314-c6128546d855", "name": "22212", "size": 6, "share_type": "PER", "publicip_info": [ { "publicip_id": "6285e7be-fd9f-497c-bc2d-dd0bdea6efe0", "publicip_address": "161.17.101.9", "publicip_type": "5_bgp" } ], "tenant_id": "8b7e35ad379141fc9df3e178bd64f55c", "bandwidth_type": "bgp" }, { "id": "f54e0df7-422d-4ab6-8d65-fd436151479c", "name": "2222", "size": 5, "share_type": "PER", "publicip_info": [


Issue 01 (2017-12-31) 67

{ "publicip_id": "4ca21961-8e52-4ff4-b9c5-af2dcc2c7b50", "publicip_address": "161.17.102.13", "publicip_type": "5_bgp" } ], "tenant_id": "8b7e35ad379141fc9df3e178bd64f55c", "bandwidth_type": "bgp" } ]}


200l Abnormal

















Issue 01 (2017-12-31) 68

6.3 Updating Bandwidth Information

FunctionThis interface is used to update information about a bandwidth.

URIl PUT /v1/{tenant_id}/bandwidths/{bandwidth_id}l Parameter description



bandwidth _id Yes Specifies the bandwidthID, which uniquelyidentifies the bandwidth.



bandwidth Yes Dictionary datastructure



Name Mandatory

Type Description

name No String Specifies the bandwidth name.At least one in parameter name or parametersize must be set.The value is a string of 1 to 64 characters thatcan contain letters, digits, underscores (_), andhyphens (-). If the value is left blank, thename of the bandwidth is not changed.

size No int Specifies the bandwidth size.Either parameter size or name must be set.The value ranges from 1 Mbit/s to 300 Mbit/s.If the parameter is not included, the bandwidthsize is not changed.


Issue 01 (2017-12-31) 69

l Example request{ "bandwidth": {"name": "bandwidth123", "size": 10 }}



bandwidth Yes Dictionarydatastructure




name Yes String Specifies the bandwidth name.

size Yes int Specifies the bandwidth size.


share_type Yes String Specifies whether the bandwidth isshared or exclusive.The value can be PER or WHOLE.

publicip_info Yes Dictionary datastructure

Specifies the elastic IP address of thebandwidth.The bandwidth, whose type is set toWHOLE, supports up to 20 elastic IPaddresses. The bandwidth, whose typeis set to PER, supports only oneelastic IP address.


bandwidth_type

Yes String Specifies the type of the bandwidth.

charge_mode No String The default value is traffic. Currently,EIPs can only be charged by traffic.



Issue 01 (2017-12-31) 70


publicip_id Yes String Specifies the ID of the elastic IPaddress, which uniquely identifies theelastic IP address.

publicip_address

Yes String Specifies the elastic IP address.

publicip_type Yes String Specifies the type of the elastic IPaddress.

l Example response{ "bandwidth": { "id": "3fa5b383-5a73-4dcb-a314-c6128546d855", "name": "bandwidth123", "size": 10, "share_type": "PER", "publicip_info": [ { "publicip_id": "6285e7be-fd9f-497c-bc2d-dd0bdea6efe0", "publicip_address": "161.17.101.9", "publicip_type": "5_bgp" } ], "tenant_id": "8b7e35ad379141fc9df3e178bd64f55c", "bandwidth_type": "bgp" }}


200

l Abnormal










Issue 01 (2017-12-31) 71










Issue 01 (2017-12-31) 72

7 Quota

7.1 Querying Quotas

Function

This interface is used to query network resource quotas for the VPC service of a tenant. Thenetwork resources include VPCs, subnets, security groups, security group rules, elastic IPaddresses, and VPNs.

URIl GET /v1/{tenant_id}/quotasl Example:

/v1/{tenant_id}/quotas?type=vpcl Parameter description

Name Mandatory

Type Description


type No String Specifies the resource type.The value can be vpc, subnet,securityGroup, securityGroupRule,publicIp, vpn, physicalConnect,virtualInterface, vpcPeer,loadbalancer, listener, firewall, orshareBandwidthIP.



Virtual Private CloudAPI Reference 7 Quota

Issue 01 (2017-12-31) 73

None



quotas Yes List datastructure

Specifies the quota list objects.

Descriptions of quotas fields


resources Yes List datastructure

Specifies the resource list objects.

Descriptions of resources fields


type Yes String Specifies the resource type.The value can be vpc, subnet,securityGroup, securityGroupRule,publicIp, vpn, physicalConnect,virtualInterface, vpcPeer, loadbalancer,listener, firewall, or shareBandwidthIP.

used Yes int Specifies the number of created networkresources.The value ranges from 0 to the value ofquota.


Issue 01 (2017-12-31) 74


quota Yes int Specifies the maximum quota values forthe resources.The quotas can be changed only in theFusionSphere OpenStack system. If it isleft blank, -1 is displayed and theresources cannot be created.The default quotas for different resourcesare as follows:l VPC: 2l Subnet: 100l Security group: 100l Security group rule: 5000l Elastic IP address: 10l VPN: 5l Physical connection: 10l Virtual interface: 50l Load balancer: 10l Listener: 10l VPC peering connection: 50l Firewall: 200l IP address with shared bandwidth: 20The value ranges from the default quotavalue to the maximum quota value.

min Yes int Specifies the minimum quota valueallowed.

l Example response

{ "quotas": { "resources": [ { "type": "vpc", "used": 4, "quota": 150, "min": 0 }, { "type": "subnet", "used": 5, "quota": 400, "min": 0 }, { "type": "securityGroup", "used": 1, "quota": 100, "min": 0 }, { "type": "securityGroupRule",


Issue 01 (2017-12-31) 75

"used": 6, "quota": 5000, "min": 0 }, { "type": "publicIp", "used": 2, "quota": 10, "min": 0 }, { "type": "vpn", "used": 0, "quota": 5, "min": 0 }, { "type": "vpcPeer", "used": 0, "quota": 50, "min": 0 }, { "type": "loadbalancer", "used": 0, "quota": 10, "min": 0 }, { "type": "listener", "used": 0, "quota": 10, "min": 0 }, { "type":"physicalConnect", "used":0, "quota":10, "min":0 }, { "type":"virtualInterface", "used":0, "quota":50, "min":0 }, { "type": "firewall", "used": 0, "quota": 200, "min": 0 }, { "type": "shareBandwidthIP", "used": 0, "quota": 20, "min": 0 } ] }}


200

l Abnormal


Issue 01 (2017-12-31) 76

















Issue 01 (2017-12-31) 77

8 Private IP Address

8.1 Applying for a Private IP Address

Function

This interface is used to apply for a private IP address.

URIl POST /v1/{tenant_id}/privateips






privateips Yes List datastructure

Specifies the private IP address listobjects.

Descriptions of privateips fields


subnet_id Yes String Specifies the ID of the subnet fromwhich the IP address is allocated.

Virtual Private CloudAPI Reference 8 Private IP Address

Issue 01 (2017-12-31) 78


ip_address No String Specifies the target IP address.The value can be an available IPaddress in the subnet. If it is notspecified, the system automaticallyassigns an IP address.

l Example request

{ "privateips": [ { "subnet_id": "531dec0f-3116-411b-a21b-e612e42349fd" }, { "subnet_id": "531dec0f-3116-411b-a21b-e612e42349fd", "ip_address": "192.168.1.17" } ]}







status Yes String Specifies the status of theprivate IP address.The value can be ACTIVE orDOWN.

id Yes String Specifies the ID of the privateIP address.

subnet_id Yes String Specifies the ID of the subnetfrom which the IP address isallocated.



Issue 01 (2017-12-31) 79


device_owner

Yes String Specifies the VM using theprivate IP address. Theparameter is left blank if it is notused.The value can benetwork:dhcp,network:router_interface_distributed, or compute:xxx (xxxspecifies the AZ name, forexample, compute:aa-bb-ccindicates that the private IPaddress is used by VM in theaa-bb-cc AZ).The value range specifies onlythe type of private IP addressessupported by the current service.

ip_address Yes String Specifies the private IP addressobtained.

l Example response{ "privateips": [ { "status": "DOWN", "id": "c60c2ce1-1e73-44bd-bf48-fd688448ff7b", "subnet_id": "531dec0f-3116-411b-a21b-e612e42349fd", "tenant_id": "8b7e35ad379141fc9df3e178bd64f55c", "device_owner": "", "ip_address": "192.168.1.10" }, { "status": "DOWN", "id": "4b123c18-ae92-4dfa-92cd-d44002359aa1", "subnet_id": "531dec0f-3116-411b-a21b-e612e42349fd", "tenant_id": "8b7e35ad379141fc9df3e178bd64f55c", "device_owner": "", "ip_address": "192.168.1.17" } ]}


200

l Abnormal





Issue 01 (2017-12-31) 80














8.2 Querying Private IP Address Details

FunctionThis interface is used to query details about a private IP address using the specified ID.

URIl GET /v1/{tenant_id}/privateips/{privateip_id}l Parameter description




Issue 01 (2017-12-31) 81


privateip _id Yes Specifies the ID of theprivate IP address, whichuniquely identifies theprivate IP address.



None



privateip Yes Dictionarydata structure

Specifies the private IP addressobjects.

Descriptions of privateip fields


status Yes String Specifies the status of the privateIP address.The value can be ACTIVE orDOWN.

id Yes String Specifies the ID of the private IPaddress.




Issue 01 (2017-12-31) 82


device_owner Yes String Specifies the VM using the privateIP address. The parameter is leftblank if it is not used.The value can be network:dhcp,network:router_interface_distributed, or compute:xxx (xxxspecifies the AZ name, forexample, compute:aa-bb-ccindicates that the private IP addressis used by VM in the aa-bb-ccAZ).The value range specifies only thetype of private IP addressessupported by the current service.


l Example response{ "privateip": { "status": "DOWN", "id": "d600542a-b231-45ed-af05-e9930cb14f78", "subnet_id": "531dec0f-3116-411b-a21b-e612e42349fd", "tenant_id": "8b7e35ad379141fc9df3e178bd64f55c", "device_owner": "", "ip_address": "192.168.1.11" }}


200

l Abnormal









Issue 01 (2017-12-31) 83










8.3 Querying Private IP Addresses

Function

This interface is used to query private IP addresses using search criteria and to display theprivate IP addresses in a list.

URIl GET /v1/{tenant_id}/subnets/{subnet_id}/privateips

l Example:/v1/{tenant_id}/subnets/{subnet_id}/privateips?limit=10&marker=4779ab1c-7c1a-44b1-a02e-93dfc361b32d


Name Mandatory

Type Description


subnet_id Yes String Specifies the unique ID of the subnet towhich the private IP address belongs.

marker No String Specifies the resource ID of paginationquery. If the parameter is left blank,only resources on the first page arequeried.


Issue 01 (2017-12-31) 84

Name Mandatory

Type Description

limit No int Specifies the number of recordsreturned on each page.The value ranges from 0 to intmax.



None







status Yes String Specifies the status of the private IPaddress.The value can be ACTIVE orDOWN.

id Yes String Specifies the ID of the private IPaddress.




Issue 01 (2017-12-31) 85


device_owner

Yes String Specifies the VM using the private IPaddress. The parameter is left blank ifit is not used.The value can be network:dhcp,network:router_interface_distributed, or compute:xxx (xxx specifiesthe AZ name, for example,compute:aa-bb-cc indicates that theprivate IP address is used by VM inthe aa-bb-cc AZ).The value range specifies only thetype of private IP addresses supportedby the current service.


l Example response{ "privateips": [ { "status": "DOWN", "id": "d600542a-b231-45ed-af05-e9930cb14f78", "subnet_id": "531dec0f-3116-411b-a21b-e612e42349fd", "tenant_id": "8b7e35ad379141fc9df3e178bd64f55c", "device_owner": "", "ip_address": "192.168.1.11" },{ "status": "DOWN", "id": "d600542a-b231-45ed-af05-e9930cb14f79", "subnet_id": "531dec0f-3116-411b-a21b-e612e42349fd", "tenant_id": "8b7e35ad379141fc9df3e178bd64f55c", "device_owner": "", "ip_address": "192.168.1.12" } ]}


200

l Abnormal







Issue 01 (2017-12-31) 86












8.4 Deleting a Private IP Address

Function

This interface is used to delete a private IP address.

URIl DELETE /v1/{tenant_id}/privateips/{privateip_id}




privateip _id Yes Specifies the ID of theprivate IP address, whichuniquely identifies theprivate IP address.


Issue 01 (2017-12-31) 87



None


None


204l Abnormal

















Issue 01 (2017-12-31) 88

9 Security Group

9.1 Creating a Security Group

FunctionThis interface is used to create a security group.

URIl POST /v1/{tenant_id}/security-groupsl Parameter description





security_group Yes Dictionary datastructure

Specifies the security group objects.

Virtual Private CloudAPI Reference 9 Security Group

Issue 01 (2017-12-31) 89

Table 9-1 Description of security_group fields


name Yes String Specifies the security group name.The value is a string of 1 to 64 characters thatcan contain letters, digits, underscores (_), andhyphens (-).

description No String Provides supplementary information about thesecurity group.The value is a string of 0 to 128 characters,which consists of letters and digits.

vpc_id No String Specifies the resource ID of the VPC to whichthe security group belongs.

l Example request{ "security_group": { "name":"qq", "description": "qq", "vpc_id" : "3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85" } }



security_group Yes Dictionarydatastructure


Descriptions of security_group fields


name Yes String Specifies the security groupname.

description Yes String Provides supplementaryinformation about the securitygroup.

id Yes String Specifies the security group ID,which uniquely identifies thesecurity group.

vpc_id No String Specifies the resource ID of theVPC to which the securitygroup belongs.


Issue 01 (2017-12-31) 90


security_group_rules Yes List datastructure

Specifies the default securitygroup rule, which ensures thathosts in the security group cancommunicate with one another.

security_group_rules object


id Yes String Specifies the security group ruleID.

security_group_id Yes String Specifies the security group ID.

direction Yes String Specifies the direction of accesscontrol.The value can be egress oringress.

ethertype Yes String Specifies the version of theInternet Protocol.The value can be IPv4 or IPv6.

protocol No String Specifies the protocol type.If the parameter is left blank, thesecurity group supports all typesof protocols.The value can be icmp, tcp, orudp.

port_range_min No Integer Specifies the start port.The value ranges from 1 to65,535.The value must be less than orequal to the value ofport_range_max. An emptyvalue indicates all ports. Ifprotocol is icmp, the valuerange is determined by theICMP-port range relationshiptable provided in Appendix A.2.


Issue 01 (2017-12-31) 91


port_range_max No Integer Specifies the end port.The value ranges from 1 to65,535.The value must be greater thanor equal to the value ofport_range_min. An emptyvalue indicates all ports. Ifprotocol is icmp, the valuerange is determined by theICMP-port range relationshiptable provided in Appendix A.2.

remote_ip_prefix No String Specifies the remote IP address.If the access control direction isset to egress, the parameterspecifies the source IP address.If the access control direction isset to ingress, the parameterspecifies the destination IPaddress.The parameter is exclusive withparameter remote_group_id.The value can be in the CIDRformat or IP addresses.

remote_group_id No String Specifies the ID of the peersecurity group.The value is exclusive withparameter remote_ip_prefix.

l Example response{ "security_group": { "id": "16b6e77a-08fa-42c7-aa8b-106c048884e6", "name": "qq", "description": "qq", "vpc_id": "3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85", "security_group_rules": [ { "direction": "egress", "ethertype": "IPv4", "id": "369e6499-b2cb-4126-972a-97e589692c62", "security_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6" }, { "direction": "ingress", "ethertype": "IPv4", "id": "0222556c-6556-40ad-8aac-9fd5d3c06171", "remote_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6", "security_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6" } ] } }


200l Abnormal




Issue 01 (2017-12-31) 92












502 Bad Gateway Failed to complete the request because theserver has received an invalid response.



9.2 Querying Security Group Details

Function

This interface is used to query details about a security group.

URIl GET /v1/{tenant_id}/security-groups/{security_group_id}





Issue 01 (2017-12-31) 93


security_group_id Yes Specifies the securitygroup ID, which uniquelyidentifies the securitygroup.



None



security_group Yes Dictionarydatastructure


Table 9-2 Description of security_group fields


name Yes String Specifies the security groupname.

description Yes String Provides supplementaryinformation about the securitygroup.

id Yes String Specifies the security group ID,which uniquely identifies thesecurity group.

vpc_id No String Specifies the resource ID of theVPC to which the security groupbelongs.


Specifies the default securitygroup rule, which ensures thathosts in the security group cancommunicate with one another.


Issue 01 (2017-12-31) 94

Table 9-3 security_group_rules object







port_range_min No Integer Specifies the start port.The value ranges from 1 to65,535.The value must be less than orequal to the value ofport_range_max. An empty valueindicates all ports. If protocol isicmp, the value range isdetermined by the ICMP-portrange relationship table providedin Appendix A.2.

port_range_max No Integer Specifies the end port.The value ranges from 1 to65,535.The value must be greater than orequal to the value ofport_range_min. An empty valueindicates all ports. If protocol isicmp, the value range isdetermined by the ICMP-portrange relationship table providedin Appendix A.2.


Issue 01 (2017-12-31) 95


remote_ip_prefix No String Specifies the remote IP address. Ifthe access control direction is setto egress, the parameter specifiesthe source IP address. If the accesscontrol direction is set to ingress,the parameter specifies thedestination IP address.The parameter is exclusive withparameter remote_group_id.The value can be in the CIDRformat or IP addresses.


l Example response{ "security_group": { "id": "16b6e77a-08fa-42c7-aa8b-106c048884e6", "name": "qq", "description": "qq", "vpc_id": "3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85", "security_group_rules": [ { "direction": "egress", "ethertype": "IPv4", "id": "369e6499-b2cb-4126-972a-97e589692c62", "security_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6" }, { "direction": "ingress", "ethertype": "IPv4", "id": "0222556c-6556-40ad-8aac-9fd5d3c06171", "remote_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6", "security_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6" } ] } }


200l Abnormal









Issue 01 (2017-12-31) 96










9.3 Querying Security Groups

FunctionThis interface is used to query security groups using search criteria and to display the securitygroups in a list.

URIl GET /v1/{tenant_id}/security-groupsl Example:

/v1/{tenant_id}/security-groups?limit=10&marker=4779ab1c-7c1a-44b1-a02e-93dfc361b32d&vpc_id=3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85






Issue 01 (2017-12-31) 97


limit No int Specifies the number ofrecords returned on eachpage.The value ranges from 0to intmax.

vpc_id No String Specifies the VPC IDused as the query filter.



None



security_groups


Specifies the security group listobjects.

Table 9-4 Descriptions of security_groups fields


name Yes String Specifies the securitygroup name.

description Yes String Provides supplementaryinformation about thesecurity group.

id Yes String Specifies the securitygroup ID, which uniquelyidentifies the securitygroup.

vpc_id No String Specifies the resource IDof the VPC to which thesecurity group belongs.


Issue 01 (2017-12-31) 98



Specifies the defaultsecurity group rule, whichensures that hosts in thesecurity group cancommunicate with oneanother.

Table 9-5 security_group_rules object


id Yes String Specifies the securitygroup rule ID.

security_group_id Yes String Specifies the securitygroup ID.

direction Yes String Specifies the direction ofaccess control.The value can be egressor ingress.

ethertype Yes String Specifies the version ofthe Internet Protocol.The value can be IPv4 orIPv6.

protocol No String Specifies the protocoltype.If the parameter is leftblank, the security groupsupports all types ofprotocols.The value can be icmp,tcp, or udp.


Issue 01 (2017-12-31) 99


port_range_min No Integer Specifies the start port.The value ranges from 1to 65,535.The value must be lessthan or equal to the valueof port_range_max. Anempty value indicates allports. If protocol is icmp,the value range isdetermined by the ICMP-port range relationshiptable provided inAppendix A.2.

port_range_max No Integer Specifies the end port.The value ranges from 1to 65,535.The value must be greaterthan or equal to the valueof port_range_min. Anempty value indicates allports. If protocol is icmp,the value range isdetermined by the ICMP-port range relationshiptable provided inAppendix A.2.

remote_ip_prefix No String Specifies the remote IPaddress. If the accesscontrol direction is set toegress, the parameterspecifies the source IPaddress. If the accesscontrol direction is set toingress, the parameterspecifies the destinationIP address.The parameter isexclusive with parameterremote_group_id.The value can be in theCIDR format or IPaddresses.


Issue 01 (2017-12-31) 100


remote_group_id No String Specifies the ID of thepeer security group.The value is exclusivewith parameterremote_ip_prefix.

l Example response{"security_groups": [{"id": "16b6e77a-08fa-42c7-aa8b-106c048884e6","name": "qq","description": "qq", "vpc_id": "3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85","security_group_rules": [ ]},{"id": "9c0f56be-a9ac-438c-8c57-fce62de19419","name": "default","description": "default", "vpc_id": "13551d6b-755d-4757-b956-536f674975c0","security_group_rules": []}]}{ "security_groups": [ { "id": "16b6e77a-08fa-42c7-aa8b-106c048884e6", "name": "qq", "description": "qq", "vpc_id": "3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85", "security_group_rules": [ { "direction": "egress", "ethertype": "IPv4", "id": "369e6499-b2cb-4126-972a-97e589692c62", "security_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6" }, { "direction": "ingress", "ethertype": "IPv4", "id": "0222556c-6556-40ad-8aac-9fd5d3c06171", "remote_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6", "security_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6" } ] }, { "id": "9c0f56be-a9ac-438c-8c57-fce62de19419", "name": "default", "description": "qq", "vpc_id": "13551d6b-755d-4757-b956-536f674975c0", "security_group_rules": [ { "direction": "egress", "ethertype": "IPv4", "id": "95479e0a-e312-4844-b53d-a5e4541b783f", "security_group_id": "9c0f56be-a9ac-438c-8c57-fce62de19419" }, { "direction": "ingress", "ethertype": "IPv4", "id": "0c4a2336-b036-4fa2-bc3c-1a291ed4c431", "remote_group_id": "9c0f56be-a9ac-438c-8c57-fce62de19419", "security_group_id": "9c0f56be-a9ac-438c-8c57-fce62de19419" } ] } ] }


200l Abnormal









Issue 01 (2017-12-31) 101










9.4 Deleting a Security Group

FunctionThis interface is used to delete a security group.

URIl DELETE /v1/{tenant_id}/security-groups/{security_group_id}l Parameter description


security_group_id Yes Specifies the security group ID,which uniquely identifies thesecurity group.

tenant_id No Specifies the tenant ID of theoperator.


Nonel Example Request

None


Issue 01 (2017-12-31) 102

Responsel Example Response

None


204l Abnormal

















Issue 01 (2017-12-31) 103

9.5 Creating a Security Group Rule

Function

This interface is used to create a security group rule.

URIl POST /v1/{tenant_id}/security-group-rules


None


Name Mandatory

Type Description

security_group_rule Yes Dictionarydata structure

Specifies the security grouprule.

Descriptions of security_group_rule fields

Name Mandatory

Type Description



ethertype No String Specifies the version of theInternet Protocol.The value can be IPv4 or IPv6.If you do not set this parameter,IPv4 is used by default.

protocol No String Specifies the protocol type.If the parameter is left blank, thesecurity group supports all typesof protocols.The value can be icmp, tcp, orudp.Specifies the protocol.


Issue 01 (2017-12-31) 104

Name Mandatory

Type Description

port_range_min No Integer Specifies the start port.The value ranges from 1 to65,535.The value cannot be greater thanthe port_range_max value. Anempty value indicates all ports. Ifthe protocol is icmp, the valuerange is shown in A.2 ICMP-Port Range Relationship Table.

port_range_max No Integer Specifies the end port.The value ranges from 1 to65,535.If the protocol is not icmp, thevalue cannot be smaller than theport_range_min value. Anempty value indicates all ports. Ifthe protocol is icmp, the valuerange is shown in A.2 ICMP-Port Range Relationship Table.

remote_ip_prefix No String Specifies the remote IP address.If the access control direction isset to egress, the parameterspecifies the source IP address. Ifthe access control direction is setto ingress, the parameterspecifies the destination IPaddress.The parameter is exclusive withparameter remote_group_id.The value can be in the CIDRformat or IP addresses.


l Example Request{"security_group_rule": {"direction": "ingress","port_range_min": "80","ethertype": "IPv4","port_range_max": "80","protocol": "tcp","remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5","security_group_id": "a7734e61-b545-452d-a3cd-0189cbd9747a"


Issue 01 (2017-12-31) 105

}}


Name Mandatory

Type Description

security_group_rule

Yes Dictionarydata structure

Specifies the security group rule.

security_group_rule objects







port_range_min No Integer Specifies the start port.The value ranges from 1 to65,535.The value must be less than orequal to the value ofport_range_max. An emptyvalue indicates all ports. Ifprotocol is icmp, the valuerange is determined by theICMP-port range relationshiptable provided in Appendix A.2.


Issue 01 (2017-12-31) 106


port_range_max No Integer Specifies the end port.The value ranges from 1 to65,535.The value must be greater thanor equal to the value ofport_range_min. An emptyvalue indicates all ports. Ifprotocol is icmp, the valuerange is determined by theICMP-port range relationshiptable provided in Appendix A.2.



l Example Response{"security_group_rule": {"direction": "ingress","ethertype": "IPv4","id": "2bc0accf-312e-429a-956e-e4407625eb62","port_range_max": 80,"port_range_min": 80,"protocol": "tcp","remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5","remote_ip_prefix": null,"security_group_id": "a7734e61-b545-452d-a3cd-0189cbd9747a","tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"}}


201


Issue 01 (2017-12-31) 107

l Abnormal
















9.6 Querying Security Group Rule Details

FunctionThis interface is used to query details about a security group rule.

URIl GET /v1/{tenant_id}/security-group-rules/{rules_security_groups_id}l Parameter description


Issue 01 (2017-12-31) 108



rules_security_groups_id Yes Specifies the securitygroup rule ID, whichuniquely identifies thesecurity group rule.


Nonel Example Request

None


Name Mandatory

Type Description

security_group_rule Yes Dictionarydata structure

Specifies the security group rule.








Issue 01 (2017-12-31) 109



port_range_min No Integer Specifies the start port.The value ranges from 1 to65,535.The value cannot be greater thanthe port_range_max value. Anempty value indicates all ports.If the protocol is icmp, the valuerange is shown in A.2 ICMP-Port Range RelationshipTable.

port_range_max No Integer Specifies the end port.The value ranges from 1 to65,535.If the protocol is not icmp, thevalue cannot be smaller than theport_range_min value. Anempty value indicates all ports.If the protocol is icmp, the valuerange is shown in A.2 ICMP-Port Range RelationshipTable.




Issue 01 (2017-12-31) 110

l Example Response{"security_group_rule": {"direction": "ingress","ethertype": "IPv4","id": "2bc0accf-312e-429a-956e-e4407625eb62","port_range_max": 80,"port_range_min": 80,"protocol": "tcp","remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5","remote_ip_prefix": null,"security_group_id": "a7734e61-b545-452d-a3cd-0189cbd9747a","tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"}}


200l Abnormal
















Issue 01 (2017-12-31) 111



9.7 Querying Security Group Rules

Function

This interface is used to query security group rules using search criteria and to display thesecurity group rules in a list.

URIl GET /v1/{tenant_id}/security-group-rules

l Example:/v1/{tenant_id}/security-groups?security_group_id=a7734e61-b545-452da3cd-0189cbd9747a&limit=10&marker=4779ab1c-7c1a-44b1-a02e-93dfc361b32d





limit No int Specifies the number ofrecords returned on eachpage.The value ranges from 0to intmax.

security_group_id

No String Specifies the securitygroup ID.


None

l Example Request

None


Issue 01 (2017-12-31) 112


Name Mandatory

Type Description

security_group_rules


Specifies the security grouprules.








port_range_min No Integer Specifies the start port.The value ranges from 1 to65,535.The value cannot be greater thanthe port_range_max value. Anempty value indicates all ports.If the protocol is icmp, the valuerange is shown in A.2 ICMP-Port Range RelationshipTable.


Issue 01 (2017-12-31) 113


port_range_max No Integer Specifies the end port.The value ranges from 1 to65,535.If the protocol is not icmp, thevalue cannot be smaller than theport_range_min value. Anempty value indicates all ports.If the protocol is icmp, the valuerange is shown in A.2 ICMP-Port Range RelationshipTable.



l Example Response{"security_group_rules": [{"direction": "egress","ethertype": "IPv6","id": "3c0e45ff-adaf-4124-b083-bf390e5482ff","port_range_max": null,"port_range_min": null,"protocol": null,"remote_group_id": null,"remote_ip_prefix": null,"security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5","tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"},{"direction": "egress","ethertype": "IPv4","id": "93aa42e5-80db-4581-9391-3a608bd0e448","port_range_max": null,"port_range_min": null,"protocol": null,"remote_group_id": null,"remote_ip_prefix": null,


Issue 01 (2017-12-31) 114

"security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5","tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"},{"direction": "ingress","ethertype": "IPv6","id": "c0b09f00-1d49-4e64-a0a7-8a186d928138","port_range_max": null,"port_range_min": null,"protocol": null,"remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5","remote_ip_prefix": null,"security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5","tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"},{"direction": "ingress","ethertype": "IPv4","id": "f7d45c89-008e-4bab-88ad-d6811724c51c","port_range_max": null,"port_range_min": null,"protocol": null,"remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5","remote_ip_prefix": null,"security_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5","tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"}]}


200l Abnormal












Issue 01 (2017-12-31) 115







9.8 Deleting a Security Group Rule

Function

This interface is used to delete a security group rule.

URIl DELETE /v1/{tenant_id}/security-group-rules/{rules_security_groups_id}



rules_security_groups_id Yes Specifies the security group ruleID, which uniquely identifies thesecurity group rule.

tenant_id No Specifies the tenant ID of theoperator.


None

l Example Request

None

Responsel Example Response

None


Issue 01 (2017-12-31) 116


204l Abnormal

















Issue 01 (2017-12-31) 117

10 Port

10.1 Creating a Port

Function

This interface is used to create a port.

URLl POST /v1/ports



port Yes Dictionarydata structure

Specifies the port object.

Descriptions of port fields

Name Mandatory

Type Description

name No String Specifies the port name.The value can contain no morethan 255 characters. Thisparameter is left blank bydefault.

network_id Yes String Specifies the ID of the networkto which the port belongs.The network ID must be a realone in the network environment.

Virtual Private CloudAPI Reference 10 Port

Issue 01 (2017-12-31) 118

Name Mandatory

Type Description

admin_state_up No Bool Specifies the administrativestate of the port.The value can only be true, andthe default value is true.

fixed_ips No Dict Specifies the port IP address.A port supports only one fixedIP address that cannot bechanged.

tenant_id No String Specifies the ID of the tenant.Only the administrator canspecify the tenant ID of othertenants.

security_groups No List Specifies the UUID of thesecurity group, for example,"security_groups":["a0608cbf-d047-4f54-8b28-cd7b59853fff"]. This attributeis extended.

allowed_address_pairs No Dict 1. Specifies a set of zero ormore allowed address pairs.An address pair consists ofan IP address and MACaddress. This attribute isextended. For details, seeparameterallow_address_pair.

2. The IP address cannot be0.0.0.0.

3. Configure an independentsecurity group for the port ifa large CIDR block (subnetmask less than 24) isconfigured for parameterallowed_address_pairs.

extra_dhcp_opts No List Specifies a set of zero or moreextra DHCP option pairs. Anoption pair consists of an optionvalue and name. This attribute isextended.

Parameter fixed_ip


Issue 01 (2017-12-31) 119


subnet_id No String Specifies the subnet ID.You cannot change the parametervalue.

ip_address No String Specifies the port IP address.You cannot change the parametervalue.

Parameter allow_address_pair


ip_address No String 1. Specifies the IP address.2. You cannot set it to 0.0.0.0.3. Configure an independent security

group for the port if a large CIDRblock (subnet mask less than 24) isconfigured for parameterallowed_address_pairs.

mac_address No String Specifies the MAC address.

Parameter extra_dhcp_opt


opt_name No String Specifies the option name.

opt_value No String Specifies the option value.

l Example request

{"port": {"admin_state_up": true,"fixed_ips": [{"ip_address": "10.128.1.10","subnet_id": "70f2e74b-e660-410a-b754-0ca46744348a"}],"name": "test","network_id": "5b808927-13c9-4e60-a4f4-ed6ffe225167","tenant_id": "43f2d1cca56a40729dcb17212482f34d"}}

{"port": {"admin_state_up": true,"fixed_ips": [{"ip_address": "10.128.1.10",


Issue 01 (2017-12-31) 120

"subnet_id": "70f2e74b-e660-410a-b754-0ca46744348a"}],"name": "test","network_id": "5b808927-13c9-4e60-a4f4-ed6ffe225167","tenant_id": "43f2d1cca56a40729dcb17212482f34d"}}



port Yes Dictionary datastructure




id Yes String Specifies the port ID, whichuniquely identifies the port.


network_id Yes String Specifies the ID of the networkto which the port belongs.The network ID must be a realone in the networkenvironment.

admin_state_up Yes Bool Specifies the administrativestate of the port.The value can only be true,and the default value is true.

mac_address Yes String Specifies the port MACaddress.The system automatically setsthis parameter, and you are notallowed to configure theparameter value.

fixed_ips No List Specifies the port IP address.A port supports only one fixedIP address that cannot bechanged.


Issue 01 (2017-12-31) 121


device_id No String Specifies the ID of the deviceto which the port belongs.The system automatically setsthis parameter, and you are notallowed to configure or changethe parameter value.

device_owner No String Specifies the belonged device,which can be the DHCP server,router, load balancers, or Nova.The system automatically setsthis parameter, and you are notallowed to configure or changethe parameter value.

tenant_id Yes String Specifies the ID of the tenant.Only the administrator canspecify the tenant ID of othertenants.

status Yes String Specifies the status of the port.The value can be ACTIVE,BUILD, or DOWN.

security_groups Yes List Specifies the UUID of thesecurity group. This attribute isextended.

allowed_address_pairs No List 1. Specifies a set of zero ormore allowed address pairs.An address pair consists ofan IP address and MACaddress. This attribute isextended. For details, seeparameterallow_address_pair.


3. Configure an independentsecurity group for the portif a large CIDR block(subnet mask less than 24)is configured for parameterallowed_address_pairs.

extra_dhcp_opts No List Specifies a set of zero or moreextra DHCP option pairs. Anoption pair consists of anoption value and name. Thisattribute is extended.


Issue 01 (2017-12-31) 122


binding:vif_type No String Specifies the interface type ofthe port. The value can be ovs,hw_veb, or others. Thisattribute is extended.This parameter is visible onlyto administrators.

binding:vif_details No Dict Specifies the VIF details.Parameter ovs_hybrid_plugspecifies whether the OVS/bridge hybrid mode is used.This parameter is visible onlyto administrators.

binding:host_id No String Specifies the host ID.This parameter is visible onlyto administrators.

binding:profile No Dict Allows the configuration ofcustomized data. This attributeis extended.This parameter is visible onlyto administrators.

binding:vnic_type Yes String Specifies the type of the boundvNIC.The value can be normal ordirect.Parameter normal indicatessoftware switching. Parameterdirect indicates SR-IOV PCIepassthrough, which is notsupported.

dns_assignment No List(Dict)

Specifies the default privatenetwork domain nameinformation of the active NIC.The system automatically setsthis parameter, and you are notallowed to configure or changethe parameter value.

dns_name No String Specifies the default privatenetwork DNS name of theactive NIC.The system automatically setsthis parameter, and you are notallowed to configure or changethe parameter value.


Issue 01 (2017-12-31) 123

Parameter fixed_ip


subnet_id No String Specifies the subnet ID.You cannot change the parametervalue.

ip_address No String Specifies the port IP address.



ip_address No String 1. Specifies the IP address.2. You cannot set it to 0.0.0.0.3. Configure an independent

security group for the port if alarge CIDR block (subnet maskless than 24) is configured forparameterallowed_address_pairs.






l Example response

{"port": {"id": "d00f9c13-412f-4855-8af3-de5d8c24cd60","name": "test","status": "DOWN","admin_state_up": "true","fixed_ips": [{"subnet_id": "70f2e74b-e660-410a-b754-0ca46744348a","ip_address": "10.128.1.10"}],"dns_name": "","mac_address": "fa:16:3e:d7:f2:6c","network_id": "5b808927-13c9-4e60-a4f4-ed6ffe225167","tenant_id": "43f2d1cca56a40729dcb17212482f34d","device_id": "","device_owner": "",


Issue 01 (2017-12-31) 124

"security_groups": ["02b4e8ee-74fa-4a31-802e-5490df11245e"],"extra_dhcp_opts": [],"allowed_address_pairs": [],"binding:vnic_type": "normal"}}


201l Abnormal

















Issue 01 (2017-12-31) 125

10.2 Querying a Port

Function

This interface is used to query a single port.

URLl GET /v1/ports/{port_id}



port_id Yes Specifies the port ID,which uniquely identifiesthe port.


None

l Example request

None


Name Mandatory

Type Description




Name Mandatory

Type Description


name No String Specifies the port name.The value can contain no morethan 255 characters. Thisparameter is left blank by default.


Issue 01 (2017-12-31) 126

Name Mandatory

Type Description

network_id Yes String Specifies the ID of the network towhich the port belongs.The network ID must be a realone in the network environment.

admin_state_up Yes Bool Specifies the administrative stateof the port.The value can only be true, andthe default value is true.

mac_address Yes String Specifies the port MAC address.The system automatically sets thisparameter, and you are notallowed to configure theparameter value.

fixed_ips No List Specifies the port IP address.A port supports only one fixed IPaddress that cannot be changed.

device_id No String Specifies the ID of the device towhich the port belongs.The system automatically sets thisparameter, and you are notallowed to configure or changethe parameter value.

device_owner No String Specifies the belonged device,which can be the DHCP server,router, load balancers, or Nova.The system automatically sets thisparameter, and you are notallowed to configure or changethe parameter value.

tenant_id Yes String Specifies the ID of the tenant.Only the administrator can specifythe tenant ID of other tenants.




Issue 01 (2017-12-31) 127

Name Mandatory

Type Description

allowed_address_pairs No List Specifies a set of zero or moreallowed address pairs. An addresspair consists of an IP address andMAC address. This attribute isextended. For details, seeparameter allow_address_pair.The IP address cannot be 0.0.0.0.


binding:vif_type No String Specifies the interface type of theport. The value can be ovs,hw_veb, or others. This attributeis extended.This parameter is visible only toadministrators.

binding:vif_details No Dict Specifies the VIF details.Parameter ovs_hybrid_plugspecifies whether the OVS/bridgehybrid mode is used.This parameter is visible only toadministrators.

binding:host_id No String Specifies the host ID.This parameter is visible only toadministrators.

binding:profile No Dict Allows the configuration ofcustomized data. This attribute isextended.This parameter is visible only toadministrators.



Issue 01 (2017-12-31) 128

Name Mandatory

Type Description


Specifies the default privatenetwork domain nameinformation of the active NIC.The system automatically sets thisparameter, and you are notallowed to configure or changethe parameter value.

dns_name No String Specifies the default privatenetwork DNS name of the activeNIC.The system automatically sets thisparameter, and you are notallowed to configure or changethe parameter value.

Parameter fixed_ip

Name Mandatory

Type Description

subnet_id No String Specifies the subnet ID.



Name Mandatory

Type Description

ip_address No String Specifies the IP address.You cannot set it to 0.0.0.0.



Name Mandatory

Type Description




Issue 01 (2017-12-31) 129

l Example response{"port": {"id": "d00f9c13-412f-4855-8af3-de5d8c24cd60","name": "test","status": "DOWN","admin_state_up": "true","fixed_ips": [{"subnet_id": "70f2e74b-e660-410a-b754-0ca46744348a","ip_address": "10.128.1.10"}],"dns_name": "","mac_address": "fa:16:3e:d7:f2:6c","network_id": "5b808927-13c9-4e60-a4f4-ed6ffe225167","tenant_id": "43f2d1cca56a40729dcb17212482f34d","device_id": "","device_owner": "","security_groups": ["02b4e8ee-74fa-4a31-802e-5490df11245e"],"extra_dhcp_opts": [],"allowed_address_pairs": [],"binding:vnic_type": "normal"}}


200l Abnormal













Issue 01 (2017-12-31) 130






10.3 Querying Ports

FunctionThis interface is used to query ports and to display the ports in a list.

URLl GET /v1/portsl Example:

/v1/ports?id={port_id}&name={port_name}&admin_state_up={is_admin_status_up}&network_id={network_id}&mac_address={port_mac}&device_id={port_device_id}&device_owner={device_owner}&status={port_status}



id No String Specifies that the port ID isused as the filter.

name No String Specifies that the port nameis used as the filter.The value can contain nomore than 255 characters.

admin_state_up No Bool Specifies that theadministrative state is usedas the filter.

network_id No String Specifies that the network IDis used as the filter.

mac_address No String Specifies that the MACaddress is used as the filter.

device_id No String Specifies that the device IDis used as the filter.


Issue 01 (2017-12-31) 131


device_owner No String Specifies that the deviceowner is used as the filter.

status No String Specifies the status of theport.The value can be ACTIVE,BUILD, and DOWN.

marker No String Specifies the resource ID ofpagination query. If theparameter is left blank, onlyresources on the first pageare queried.

limit No int Specifies the number ofrecords returned on eachpage.The value ranges from 0 tointmax.



None



ports Yes List datastructure

Specifies the port objects.

Descriptions of ports fields



name No String Specifies the port name.The value can contain no morethan 255 characters. Thisparameter is left blank by default.


Issue 01 (2017-12-31) 132


network_id Yes String Specifies the ID of the network towhich the port belongs.The network ID must be a realone in the network environment.

admin_state_up Yes Bool Specifies the administrative stateof the port.The value can only be true, andthe default value is true.

mac_address Yes String Specifies the port MAC address.The system automatically sets thisparameter, and you are notallowed to configure theparameter value.

fixed_ips No List Specifies the port IP address.A port supports only one fixed IPaddress that cannot be changed.

device_id No String Specifies the ID of the device towhich the port belongs.The system automatically sets thisparameter, and you are notallowed to configure or changethe parameter value.

device_owner No String Specifies the belonged device,which can be the DHCP server,router, load balancers, or Nova.The system automatically sets thisparameter, and you are notallowed to configure or changethe parameter value.

tenant_id Yes String Specifies the ID of the tenant.Only the administrator can specifythe tenant ID of other tenants.




Issue 01 (2017-12-31) 133


allowed_address_pairs

No List Specifies a set of zero or moreallowed address pairs. An addresspair consists of an IP address andMAC address. This attribute isextended. For details, seeparameter allow_address_pair.The IP address cannot be 0.0.0.0.


binding:vif_type No String Specifies the interface type of theport. The value can be ovs,hw_veb, or others. This attributeis extended.This parameter is visible only toadministrators.

binding:vif_details No Dict Specifies the VIF details.Parameter ovs_hybrid_plugspecifies whether the OVS/bridgehybrid mode is used.This parameter is visible only toadministrators.

binding:host_id No String Specifies the host ID.This parameter is visible only toadministrators.

binding:profile No Dict Allows the configuration ofcustomized data. This attribute isextended.This parameter is visible only toadministrators.



Issue 01 (2017-12-31) 134



Specifies the default privatenetwork domain nameinformation of the active NIC.The system automatically sets thisparameter, and you are notallowed to configure or changethe parameter value.

dns_name No String Specifies the default privatenetwork DNS name of the activeNIC.The system automatically sets thisparameter, and you are notallowed to configure or changethe parameter value.

fixed_ip object

Name Mandatory

Type Description



allow_address_pair object


ip_address No String Specifies the IP address.You cannot set it to 0.0.0.0.


extra_dhcp_opt object




l Example response

{"ports": [{"id": "d00f9c13-412f-4855-8af3-de5d8c24cd60",


Issue 01 (2017-12-31) 135

"name": "test","status": "DOWN","admin_state_up": "true","fixed_ips": [{"subnet_id": "70f2e74b-e660-410a-b754-0ca46744348a","ip_address": "10.128.1.10"}],"dns_name": "","mac_address": "fa:16:3e:d7:f2:6c","network_id": "5b808927-13c9-4e60-a4f4-ed6ffe225167","tenant_id": "43f2d1cca56a40729dcb17212482f34d","device_id": "","device_owner": "","security_groups": ["02b4e8ee-74fa-4a31-802e-5490df11245e"],"extra_dhcp_opts": [],"allowed_address_pairs": [],"binding:vnic_type": "normal"},{"id": "28ba8f45-7636-45e4-8c0a-675d7663717c","name": "test1","status": "DOWN","admin_state_up": "true","fixed_ips": [{"subnet_id": "061d3ca2-bd1f-4bd1-a01d-7a5155328c0e","ip_address": "192.168.10.10"}],"dns_name": "","mac_address": "fa:16:3e:3d:91:cd","network_id": "be2fe79a-3ee2-4d87-bd71-5afa78a5670d","tenant_id": "43f2d1cca56a40729dcb17212482f34d","device_id": "","device_owner": "","security_groups": ["0bfc8687-ca18-4c37-ac84-d2198baba585"],"extra_dhcp_opts": [],"allowed_address_pairs": [],"binding:vnic_type": "normal"}]}


200

l Abnormal







Issue 01 (2017-12-31) 136












10.4 Updating a Port

Function

This interface is used to update a port.

URLl PUT /v1/ports/{port_id}






Issue 01 (2017-12-31) 137






name No String Specifies the port name.The value is a string of 1 to 64characters that can containdigits, letters, underscores (_),and hyphens (-).

security_groups No List Specifies the UUID of thesecurity group. This attribute isextended.










Issue 01 (2017-12-31) 138

l Example request{"port": {"name": "adc"}}



port Yes Dictionarydatastructure






network_id Yes String Specifies the ID of the networkto which the port belongs.The network ID must be a realone in the networkenvironment.

admin_state_up Yes Bool Specifies the administrativestate of the port.The value can only be true,and the default value is true.

mac_address Yes String Specifies the port MACaddress.The system automatically setsthis parameter, and you are notallowed to configure theparameter value.

fixed_ips No List Specifies the port IP address.A port supports only one fixedIP address that cannot bechanged.


Issue 01 (2017-12-31) 139


device_id No String Specifies the ID of the deviceto which the port belongs.The system automatically setsthis parameter, and you are notallowed to configure or changethe parameter value.

device_owner No String Specifies the belonged device,which can be the DHCP server,router, load balancers, or Nova.The system automatically setsthis parameter, and you are notallowed to configure or changethe parameter value.

tenant_id Yes String Specifies the ID of the tenant.Only the administrator canspecify the tenant ID of othertenants.






extra_dhcp_opts No List Specifies a set of zero or moreextra DHCP option pairs. Anoption pair consists of anoption value and name. Thisattribute is extended.


Issue 01 (2017-12-31) 140


binding:vif_type No String Specifies the interface type ofthe port. The value can be ovs,hw_veb, or others. Thisattribute is extended.This parameter is visible onlyto administrators.

binding:vif_details No Dict Specifies the VIF details.Parameter ovs_hybrid_plugspecifies whether the OVS/bridge hybrid mode is used.This parameter is visible onlyto administrators.

binding:host_id No String Specifies the host ID.This parameter is visible onlyto administrators.

binding:profile No Dict Allows the configuration ofcustomized data. This attributeis extended.This parameter is visible onlyto administrators.



Specifies the default privatenetwork domain nameinformation of the active NIC.The system automatically setsthis parameter, and you are notallowed to configure or changethe parameter value.

dns_name No String Specifies the default privatenetwork DNS name of theactive NIC.The system automatically setsthis parameter, and you are notallowed to configure or changethe parameter value.


Issue 01 (2017-12-31) 141

Parameter fixed_ip






ip_address No String 1. Specifies the IP address.2. You cannot set it to 0.0.0.0.3. Configure an independent security

group for the port if a large CIDRblock (subnet mask less than 24) isconfigured for parameterallowed_address_pairs.



Name Mandatory

Type Description



l Example response

{"port": {"id": "7204e0da-40de-4207-a536-6f59b84f6f0e","name": "adc","status": "DOWN","admin_state_up": "true","fixed_ips": [{"subnet_id": "689156ca-038f-4478-b265-fd26aa8bbe31","ip_address": "192.168.0.9"}],

"mac_address": "fa:16:3e:d7:f2:6c","network_id": "b4152e98-e3af-4e49-bb7f-7766e2b5ec63","tenant_id": "caa6cf4337ea47fb823b15709ebe8591","device_id": "","device_owner": "","security_groups": ["59b39002-e79b-4bac-8e27-aa884ab1beb6"],


Issue 01 (2017-12-31) 142

"extra_dhcp_opts": [],"allowed_address_pairs": [],"binding:vnic_type": "normal"}}


200l Abnormal

















Issue 01 (2017-12-31) 143

10.5 Deleting a Port

Function

This interface is used to delete a port.

URLl DELETE /v1/ports/{port_id}l Parameter description



Restrictions

You are not allowed to delete the port if device_owner is specified.



None


None


204l Abnormal







Issue 01 (2017-12-31) 144













Issue 01 (2017-12-31) 145

11 VPC Peering Connection

11.1 Overview

Object IntroductionManage and perform other operations on VPC peering connections, including querying VPCpeering connections as well as creating, querying, deleting, and updating a VPC peeringconnection.

Object Model

Table 11-1 peering object

Attribute Type CRUD

DefaultValue

Constraint

Description

id Uuid-str R Automaticallygenerated

N/A Specifies the VPCpeering connection ID.

name String(64) CRU N/A N/A Specifies the VPCpeering connectionname.

status String(16) R N/A N/A Specifies the VPCpeering connectionstatus. The value can bePENDING_ACCEPTANCE, REJECTED,EXPIRED,DELETED, orACTIVE.

Virtual Private CloudAPI Reference 11 VPC Peering Connection

Issue 01 (2017-12-31) 146

Attribute Type CRUD

DefaultValue

Constraint

Description

request_vpc_info Dict CR N/A N/A Specifies informationabout the local VPC.For details, see Table11-2.

accept_vpc_info Dict CR N/A N/A Specifies informationabout the peer VPC.For details, see Table11-2.

Table 11-2 vpc_info object

Attribute Type CRUD

DefaultValue

Constraint

Description

vpc_id Uuid-str CR N/A AnexistingVPC ID

Specifies the ID of aVPC involved in a VPCpeering connection.

tenant_id String(255) CR TenantID oftheVPC

N/A Specifies the ID of thetenant to which a VPCinvolved in the VPCpeering connectionbelongs.

11.2 Querying VPC Peering Connections

Function

This interface is used to query VPC peering connections and to display the query result in alist.

API Format

Method URI Description

GET /v2.0/vpc/peerings?id={id}&name={name}&status={status}&tenant_id={tenant_id}&vpc_id={vpc_id}

Queries all VPC peeringconnections accessible tothe tenant submitting therequest.


Issue 01 (2017-12-31) 147

Restrictions

N/A

Extension Description

N/A

Request Parameter

N/A

Response Parameter

Parameter Type Mandatory Description

peerings List(peering) Yes Specifies the VPC peering connectionobject list. For details, see Table 11-1.

Example RequestGET /v2.0/vpc/peerings

Example Response{ "peerings": [ { "request_vpc_info": { "vpc_id": "9daeac7c-a98f-430f-8e38-67f9c044e299", "tenant_id": "f65e9ebc-ed5d-418b-a931-9a723718ba4e" }, "accept_vpc_info": { "vpc_id": "f583c072-0bb8-4e19-afb2-afb7c1693be5", "tenant_id": "f65e9ebc-ed5d-418b-a931-9a723718ba4e" }, "name": "test", "id": "b147a74b-39bb-4c7a-aed5-19cac4c2df13", "status": "ACTIVE" } ]}

Error Codes

NormalResponseCode

Type Description

200 OK Specifies the normal response code for the GET and PUToperations.

201 Created Specifies the normal response code for the POSToperation.


Issue 01 (2017-12-31) 148

NormalResponseCode

Type Description

204 No Content Specifies the normal response code for the DELETEoperation.






405 Method Not Allowed You are not allowed to use the method specified inthe request.

406 Not Acceptable The response generated by the server could not beaccepted by the client.

407 Proxy Authentication Required You must use the proxy server for authenticationso that the request can be processed.




501 Not Implemented Failed to complete the request because the serverdoes not support the requested function.

502 Bad Gateway Failed to complete the request because the requestis invalid.

503 Service Unavailable Failed to complete the request because the serviceis unavailable.


11.3 Querying a VPC Peering Connection

Function

This interface is used to query details about a VPC peering connection.


Issue 01 (2017-12-31) 149

API FormatMethod URI Description

GET /v2.0/vpc/peerings/{peering_id} Queries details about a VPCpeering connection.

RestrictionsN/A

Extension DescriptionN/A

Request ParameterN/A

Response ParameterParameter Type Mandatory Description

peering Dict Yes Specifies the VPC peeringconnection object list. For details, seeTable 11-1.

Example RequestGET /v2.0/vpc/peerings/22b76469-08e3-4937-8c1d-7aad34892be1

Example Response{ "peering": { "name": "test", "id": "22b76469-08e3-4937-8c1d-7aad34892be1" "request_vpc_info": { "vpc_id": "9daeac7c-a98f-430f-8e38-67f9c044e299", "tenant_id": "f65e9ebc-ed5d-418b-a931-9a723718ba4e" }, "accept_vpc_info": { "vpc_id": "f583c072-0bb8-4e19-afb2-afb7c1693be5", "tenant_id": "f65e9ebc-ed5d-418b-a931-9a723718ba4e" }, "status": "ACTIVE" }}


Issue 01 (2017-12-31) 150

Error CodesNormalResponseCode

Type Description




















Issue 01 (2017-12-31) 151

11.4 Creating a VPC Peering Connection

FunctionThis interface is used to create a VPC peering connection.

If you create a VPC peering connection with another VPC of your own, the connection iscreated without the need for you to accept the connection.

If you create a VPC peering connection with a VPC of another tenant, the peer tenant mustaccept the connection so that the connection can be created. If the peer tenant refuses theconnection, it cannot be created.


POST /v2.0/vpc/peerings Creates a VPC peeringconnection.

RestrictionsN/A


Request ParameterParameter

Type Mandatory

Description

peering Dict Yes Specifies the VPC peering connection object list. For details,see Table 11-1.Mandatory fields: name and vpc_id in request_vpc_infoand accept_vpc_info. If you create a VPC peeringconnection with a VPC of another tenant, you must specifythe tenant_id in accept_vpc_info and do not need to specifythe tenant_id in request_vpc_info.


Issue 01 (2017-12-31) 152

Response Parameter

Parameter

Type Mandatory

Description

peering Dict Yes Specifies the VPC peering connection information. Fordetails, see the peering object model.

Example RequestPOST /v2.0/vpc/peerings { "peering": { "name": "test", "request_vpc_info": { "vpc_id": "9daeac7c-a98f-430f-8e38-67f9c044e299" }, "accept_vpc_info": { "vpc_id": "f583c072-0bb8-4e19-afb2-afb7c1693be5" } } }

Example Response{ "peering": { "name": "test", "id": "22b76469-08e3-4937-8c1d-7aad34892be1" "request_vpc_info": { "vpc_id": "9daeac7c-a98f-430f-8e38-67f9c044e299", "tenant_id": "f65e9ebc-ed5d-418b-a931-9a723718ba4e" }, "accept_vpc_info": { "vpc_id": "f583c072-0bb8-4e19-afb2-afb7c1693be5", "tenant_id": "f65e9ebc-ed5d-418b-a931-9a723718ba4e" }, "status": "ACTIVE" }}

Error Codes

NormalResponseCode

Type Description





Issue 01 (2017-12-31) 153
















11.5 Accepting a VPC Peering Connection

Function

After tenant A requests to create a VPC peering connection with a VPC of tenant B. Tenant Bmust accept the request to make the VPC peering connection take effect. This interface isused by a tenant to accept a VPC peering connection request initiated by another tenant.


PUT /v2.0/vpc/peerings/{peering_id}/accept

Accepts the VPC peeringconnection request initiatedby another tenant.


Issue 01 (2017-12-31) 154

Restrictions

N/A


N/A

Request Parameter

N/A


peering Dict Yes Specifies the VPC peering connectioninformation. For details, see the peeringobject model.

Example RequestPUT /v2.0/vpc/peerings/22b76469-08e3-4937-8c1d-7aad34892be1/accept

Example Response{ "peering": { "name": "test", "id": "22b76469-08e3-4937-8c1d-7aad34892be1" "request_vpc_info": { "vpc_id": "9daeac7c-a98f-430f-8e38-67f9c044e299", "tenant_id": "f65e9ebc-ed5d-418b-a931-9a723718ba4e" }, "accept_vpc_info": { "vpc_id": "f583c072-0bb8-4e19-afb2-afb7c1693be5", "tenant_id": "059a737356594b41b447b557bf0aae56" }, "status": "ACTIVE" }}


Type Description




Issue 01 (2017-12-31) 155

NormalResponseCode

Type Description

















11.6 Refusing a VPC Peering Connection

FunctionAfter tenant A request to create a VPC peering connection with a VPC of tenant B. The VPCpeering connection takes effect only after tenant B accepts the request. However, tenant can


Issue 01 (2017-12-31) 156

refuse the VPC peering connection request. This interface is used by a tenant to refuse a VPCpeering connection request initiated by another tenant.

API Format


PUT /v2.0/vpc/peerings/{peering_id}/reject

Refuses the VPC peeringconnection request initiatedby another tenant.

Restrictions

N/A


N/A

Request Parameter

N/A

Response Parameter

Parameter

Type Mandatory

Description

peering Dict Yes Specifies the VPC peering connection object list. For details,see Table 11-1.

Example RequestPOST /v2.0/vpc/peerings/22b76469-08e3-4937-8c1d-7aad34892be1/reject

Example Response{ "peering": { "name": "test", "id": "22b76469-08e3-4937-8c1d-7aad34892be1" "request_vpc_info": { "vpc_id": "9daeac7c-a98f-430f-8e38-67f9c044e299", "tenant_id": "f65e9ebc-ed5d-418b-a931-9a723718ba4e" }, "accept_vpc_info": { "vpc_id": "f583c072-0bb8-4e19-afb2-afb7c1693be5", "tenant_id": "f65e9ebc-ed5d-418b-a931-9a723718ba4e" }, "status": "REJECTED" }}


Issue 01 (2017-12-31) 157


Type Description




















Issue 01 (2017-12-31) 158

11.7 Updating a VPC Peering Connection

FunctionUpdates a VPC peering connection.


PUT /v2.0/vpc/peerings/{peering_id} Updates a VPC peeringconnection.

RestrictionsN/A


Request ParameterParameter Type Mandatory Description

peering Dict Yes Updates a VPC peering connection.Mandatory: None. When updating a VPCpeering connection, you must specify atleast one attribute. Currently, only theVPC peering connection name can beupdated.


peering Dict Yes Specifies the VPC peering connectionobject list. For details, see Table 11-1.

Example RequestPUT /v2.0/vpc/peerings/7a9a954a-eb41-4954-a300-11ab17a361a2 { "peering": { "name": "test2" } }


Issue 01 (2017-12-31) 159

Example Response{ "peering": { "name": "test2", "id": "22b76469-08e3-4937-8c1d-7aad34892be1" "request_vpc_info": { "vpc_id": "9daeac7c-a98f-430f-8e38-67f9c044e299", "tenant_id": "f65e9ebc-ed5d-418b-a931-9a723718ba4e" }, "accept_vpc_info": { "vpc_id": "f583c072-0bb8-4e19-afb2-afb7c1693be5", "tenant_id": "059a737356594b41b447b557bf0aae56" }, "status": "ACTIVE" }}


Type Description















Issue 01 (2017-12-31) 160







11.8 Deleting a VPC Peering Connection

Function

This interface is used to delete a VPC peering connection.

A VPC peering connection can be deleted either by the local or peer tenant.


DELETE /v2.0/vpc/peerings/{peering_id} Deletes a VPC peeringconnection.

Restrictions

N/A


N/A

Request Parameter

N/A

Response Parameter

N/A

Example RequestDELETE /v2.0/vpc/peerings/2b098395-046a-4071-b009-312bcee665cb


Issue 01 (2017-12-31) 161

Example Response

N/A

Error Codes

NormalResponseCode

Type Description



















Issue 01 (2017-12-31) 162




Issue 01 (2017-12-31) 163

12 VPC Route

12.1 Overview

Object Introduction

Manage and perform other operations on VPC routes, including querying routes, creating aroute, querying a route, and deleting a route.

Object Model

Table 12-1 route object

Attribute Type CRUD

DefaultValue

Constraint

Description

id String R Automaticallygenerated

N/A Specifies the route ID.

destination String(64) CR N/A N/A Specifies the destinationIP address or CIDRblock.

nexthop String(64) CR N/A N/A Specifies the next hop. Ifthe route type is peering,enter the VPC peeringconnection ID.

type String(16) CR N/A Currently,the valuecan onlybepeering.

Specifies the route type.

vpc_id String CR N/A ExistingVPC ID

Specifies the VPC forwhich a route is to beadded.

Virtual Private CloudAPI Reference 12 VPC Route

Issue 01 (2017-12-31) 164

Attribute Type CRUD

DefaultValue

Constraint

Description

tenant_id String(255)

CR N/A N/A Specifies the tenant ID.Only the administratorcan specify the tenant IDof other tenants.

12.2 Querying VPC Routes

FunctionThis interface is used to query routes and display the routes in a list.

API FormatMethod

URI Description

GET /v2.0/vpc/routes?id={id}&vpc_id={vpc_id}&tenant_id={tenant_id}&destination={destination}&type={type}

Queries all routes of thetenant submitting therequest. The routes arefiltered by VPC ID.

RestrictionsN/A

Request ParameterNone

Response ParameterParameter Type Mandato

ryDescription

routes List (route) Yes Specifies the route object list. For details,see Table 12-1.

Example RequestGET /v2.0/vpc/routes?vpc_id=ab78be2d-782f-42a5-aa72-35879f6890ff

Example Response{ "routes": [


Issue 01 (2017-12-31) 165

{ "type": "peering", "nexthop": "60c809cb-6731-45d0-ace8-3bf5626421a9", "destination": "192.168.200.0/24", "vpc_id": "ab78be2d-782f-42a5-aa72-35879f6890ff", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "id": "3d42a0d4-a980-4613-ae76-a2cddecff054" } ] }


Type Description

















Issue 01 (2017-12-31) 166





12.3 Querying a VPC Route

FunctionThis interface is used to query details about a route.


GET /v2.0/vpc/routes/{route_id} Queries details about aspecified route.

RestrictionsN/A



route Dict Yes Specifies the route object list. For details,see Table 12-1.

Example RequestGET /v2.0/vpc/routes/60c809cb-6731-45d0-ace8-3bf5626421a9

Example Response{ "route": { "type": "peering", "nexthop": "60c809cb-6731-45d0-ace8-3bf5626421a9", "destination": "192.168.200.0/24",


Issue 01 (2017-12-31) 167

"vpc_id": "ab78be2d-782f-42a5-aa72-35879f6890ff", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "id": "3d42a0d4-a980-4613-ae76-a2cddecff054" }}


Type Description


















Issue 01 (2017-12-31) 168




12.4 Creating a VPC Route

Function

This interface is used to create a route.


POST /v2.0/vpc/routes Creates a route.

Restrictions

N/A


route Dict Yes Specifies the route object list. For details, seeTable 12-1.Mandatory fields: destination, nexthop, type,and vpc_id


route Dict Yes Specifies the route object list. For details, seeTable 12-1.

Example RequestPOST /v2.0/vpc/routes { "route": { "type": "peering", "nexthop": "60c809cb-6731-45d0-ace8-3bf5626421a9",


Issue 01 (2017-12-31) 169

"destination": "192.168.200.0/24", "vpc_id": "ab78be2d-782f-42a5-aa72-35879f6890ff" }}

Example Response{ "route": { "type": "peering", "nexthop": "60c809cb-6731-45d0-ace8-3bf5626421a9", "destination": "192.168.200.0/24", "vpc_id": "ab78be2d-782f-42a5-aa72-35879f6890ff", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "id": "3d42a0d4-a980-4613-ae76-a2cddecff054" }}

Error Codes

NormalResponseCode

Type Description















Issue 01 (2017-12-31) 170







12.5 Deleting a VPC Route

Function

This interface is used to delete a route.

API Format


DELETE /v2.0/vpc/routes/{route_id} Deletes a route to which thespecified tenant has access.

Restrictions

N/A

Request Parameter

None

Response Parameter

None

Example RequestDELETE /v2.0/vpc/routes/60c809cb-6731-45d0-ace8-3bf5626421a9

Example ResponseNone (STATUS CODE 204)


Issue 01 (2017-12-31) 171

Error CodesN/A


Issue 01 (2017-12-31) 172

13 Port (Native OpenStack API)

13.1 Overview

Object IntroductionThis interface is used to manage and perform operations on ports, including querying ports,creating a port, querying a specified port, deleting a port, and updating a port.

Object Model

Table 13-1 port object

Attribute Type CRUD DefaultValue

Constraint Description

id Uuid-Str R Automaticallygenerated

N/A Specifies the portID. A maximumof 255 charactersare allowed.

name String(255) CRU None N/A Specifies the portname.

network_id Uuid-Str CR N/A The valuemust be anexistingnetwork ID.

Specifies the IDof the network towhich the portbelongs.

admin_state_up

Bool CRU true The valuecan only betrue orfalse.

Specifies theadministrativestatus.The value canonly be true.

Virtual Private CloudAPI Reference 13 Port (Native OpenStack API)

Issue 01 (2017-12-31) 173



mac_address String(32) R Automaticallygenerated

The valuemust be avalid MACaddress.

Specifies the portMAC address.For example,"mac_address":"fa:16:3e:9e:ff:55".This value canonly bedynamicallyassigned by thesystem.

fixed_ips List(fixed_ips)

CRU Automaticallygenerated fromthe addresspool

Only onefixed IPaddress canbeconfiguredfor a port.

Specifies the portIP address. Fordetails, see thefixed_ips object.For example, thevalue is"fixed_ips":[{"subnet_id":"4dc70db6-cb7f-4200-9790-a6a910776bba","ip_address":"192.169.25.79"}].Only one fixed IPaddress can beconfigured foreach port, and theIP address cannotbe changed onceconfigured.

device_id String(255) CRUD None N/A Specifies thedevice ID.This value isautomaticallymaintained by thesystem andcannot be set orupdatedmanually. Theport with thisfield specifiedcannot bedeleted.


Issue 01 (2017-12-31) 174



device_owner

String(255) CRUD None N/A Specifies theDHCP, router orNova to which adevice belongs.This parametervalue cannot beupdated. You canonly setdevice_owner toneutron:VIP_PORT for a virtualIP address portduring portcreation. If thisparameter of aport is not leftblank, the portcan only bedeleted when thisparameter valueisneutron:VIP_PORT.The port with thisfield specifiedcannot bedeleted.

tenant_id String(255) CR N/A N/A Specifies thetenant ID. Onlythe administratorcan specify thetenant ID of othertenants.

status String(16) R N/A The valuecan only beACTIVE,BUILD, orDOWN.

Specifies the portstatus. The valuecan be ACTIVE,BUILD, orDOWN.The status of aHANA SR-IOVVM port isalways DOWN.


Issue 01 (2017-12-31) 175



security_groups

List(String) CRUD N/A SecuritygroupUUID orleft blank

Specifies theUUID of thesecurity group.For example,"security_groups": ["a0608cbf-d047-4f54-8b28-cd7b59853fff"].This is anextendedattribute.This parametercannot be leftblank.

allowed_address_pairs

List(allow_address_pair)

CRU N/A N/A Specifies the IPand MACaddress pair. Fordetails, see theallow_address_pair parameterstable. This is anextendedattribute.The IP addresscannot be 0.0.0.0.Configure anindependentsecurity group forthe port if a largeCIDR block(subnet mask lessthan 24) isconfigured forparameterallowed_address_pairs.In the hardwareSDN networkingplan, theip_addressattribute valuecannot be inCIDR format.


Issue 01 (2017-12-31) 176



extra_dhcp_opts

List(extra_dhcp_opt)

CRU N/A N/A Specifies theextended DHCPoption. This is anextendedattribute.

binding:vif_type

String(64) R N/A N/A Specifies the portvirtual interface(VIF) type. Thevalue can be ovsor hw_veb. Thisis an extendedattribute.This parameter isavailable only toadministrators.

binding:vif_details

Dict R N/A N/A Specifies the VIFdetails. Parameterovs_hybrid_plugspecifies whetherthe OVS/bridgehybrid mode isused.This parameter isunavailable tocommon tenants.

binding:host_id

String(255) R None N/A Specifies the hostID. This is anextendedattribute.This parameter isavailable only toadministrators.


Issue 01 (2017-12-31) 177



binding:profile

Dict CR None N/A Specifies theuser-definedsettings. This isan extendedattribute.Instructions:l The

disable_security_groupsfield is inboolean typeand isavailable tocommontenants. Thedefault valueis false. Inhigh-performancecommunication scenarios,you can setthe parametervalue to true,which makesthis parameterto be availableto commontenants. Youcan specifythis parameterwhen creatinga port.Currently, thevalue of thisparameter canonly be set totrue.Example:{"disable_security_groups":true },Currently, thevalue can onlybe set to true.When thevalue is set totrue, the


Issue 01 (2017-12-31) 178



FWaaSfunction doesnot takeeffect.

l Other fieldsare availableonly toadministrators.

binding:vnic_type

String(64) R normal normal Specifies the typeof the boundvNIC.normal:Softswitch

port_security_enabled

Bool CRU true N/A Specifies whetherthe securityoption is enabledfor the port. If theoption is notenabled, thesecurity groupand DHCPsnooping do nottake effect.


Issue 01 (2017-12-31) 179



dns_assignment

List(Dict) R Automaticallygenerated

N/A Specifies thedefault privatenetwork domainname informationof the active NIC.This is anextendedattribute.The systemautomatically setsthis parameter,and you are notallowed toconfigure orchange theparameter value.l hostname:

dns_namevalue of theNIC

l ip_address:Private IPv4address of theNIC

l fqdn: Defaultprivatenetwork fullyqualifieddomain name(FQDN) ofthe IP address


Issue 01 (2017-12-31) 180



dns_name String R Automaticallygenerated

N/A Specifies thedefault privatenetwork DNSname of theactive NIC. Thisis an extendedattribute.The systemautomatically setsthis parameter,and you are notallowed toconfigure orchange theparameter value.Before accessingthe defaultprivate networkdomain name,ensure that thesubnet uses theDNS provided bythe currentsystem.

Table 13-2 fixed_ip object



subnet_id Uuid-Str CRU Automaticallygenerated

The valuemust be anexistingsubnet ID.

Specifies the ID ofthe subnet towhich the portbelongs.This parametercannot be updated.

ip_address String(64) CRU Automaticallygenerated

The valuemust be avalid IPaddress.

Specifies the portIP address.This parametercannot be updated.


Issue 01 (2017-12-31) 181

Table 13-3 allow_address_pair object

Attribute Type CRUD

DefaultValue


ip_address String(64)

CRU None Thisparametercannot beleft blank.

Specifies the IP address.This parameter cannot be0.0.0.0.

mac_address String(32)

CRU None N/A Specifies the MAC address.

Table 13-4 extra_dhcp_opt object



opt_name String(64) CRU None N/A Specifies theoption name.

opt_value String(255) CRU None N/A Specifies theoption value.

13.2 Querying Ports

FunctionThis interface is used to query ports.


Issue 01 (2017-12-31) 182


GET /v2.0/ports?id={port_id}&name={port_name }&admin_state_up={is_admin_status_up}&network_id={network_id}&mac_address={port_mac}&device_id={port_device_id}&device_owner={device_owner}&tenant_id={tenant_id}&status={port_status}&fixed_ips=ip_address={id_address}&fixed_ips=subnet_id={subnet_id}&dns_name={dns_name}

Queries all networksaccessible to the tenantsubmitting the request. Amaximum of 2000 recordscan be returned for eachquery operation. If thenumber of records exceeds2000, the pagination markerwill be returned. For details,see section A.4 Pagination.

RestrictionsN/A


Request ParameterN/A

Response ParameterParameter Type Mandat

oryDescription

ports List(port) Yes Specifies the port list. For details, seeTable 13-1.

Example Request[Example 1]

l Example JSON requestGET /v2.0/ports?limit=2&marker=0000f817-6d8d-46a0-85b7-2eb53a2e6bcb

l Example JSON response{ "ports": [ { "admin_state_up": true, "allowed_address_pairs": [],


Issue 01 (2017-12-31) 183

"binding:vnic_type": "normal", "device_id": "dhcp4ebd0208-8328-5d69-8c44-ec50939c0967-babaf0c4-d6e5-409c-9bbc-ede841e010f0", "device_owner": "network:dhcp", "port_security_enabled":false, "extra_dhcp_opts": [], "fixed_ips": [ { "ip_address": "172.16.1.2", "subnet_id": "4d57c51a-e53c-4895-9dc4-23dec6bd6699" } ], "dns_name": "", "id": "0050d1cb-202a-4a46-8674-03eb6f06a814", "mac_address": "fa:16:3e:7f:ed:2c", "name": "distributed_dhcp_port", "network_id": "babaf0c4-d6e5-409c-9bbc-ede841e010f0", "security_groups": [], "status": "DOWN", "tenant_id": "3e4a1816927f405cacbc3dca1e05111e" }, { "admin_state_up": true, "allowed_address_pairs": [], "binding:host_id": "dummy_725DFB13-D21D-B211-9630-000000821800", "binding:vnic_type": "normal", "device_id": "3dc6d518-460e-47c1-a786-5ff2c382fdd6", "device_owner": "network:router_gateway", "port_security_enabled":false, "extra_dhcp_opts": [], "fixed_ips": [ { "ip_address": "10.10.10.53", "subnet_id": "bb739afa-d755-4cd9-a268-f419927c5a12" } ], "dns_name": "", "id": "0102ddd1-e444-4786-9897-d6ae8f6e27c1", "mac_address": "fa:16:3e:51:fd:8c", "name": "", "network_id": "f65e9ebc-ed5d-418b-a931-9a723718ba4e", "security_groups": [], "status": "ACTIVE", "tenant_id": "" } ], "ports_links": [ { "href": "https://network.localdomain.com:8020/v2.0/ports?limit=2&marker=0102ddd1-e444-4786-9897-d6ae8f6e27c1", "rel": "next" }, { "href": "https://network.localdomain.com:8020/v2.0/ports?limit=2&marker=0050d1cb-202a-4a46-8674-03eb6f06a814&page_reverse=True", "rel": "previous" } ]}

[Example 2]

l Example JSON requestGET /v2.0/ports?mac_address=fa:16:3e:f1:0b:09

l Example JSON response{ "ports": [ { "admin_state_up": true,


Issue 01 (2017-12-31) 184

"allowed_address_pairs": [], "binding:vnic_type": "normal", "device_id": "e6c05704-c907-4cc1-8106-69b0996c43b9", "device_owner": "compute:az3.dc1", "port_security_enabled":true, "extra_dhcp_opts": [], "fixed_ips": [ { "ip_address": "172.16.0.37", "subnet_id": "b3ac1347-63f2-4e82-b853-3d86416a0db5" } ], "dns_assignment": [ { "hostname": "ip-172-16-0-37", "ip_address": "172.16.0.37", "fqdn": "ip-172-16-0-37.southchina.compute.internal." } ], "dns_name": "ip-172-16-0-37", "id": "7bb64706-6e46-4f94-a28a-4bc7caaab87d", "mac_address": "fa:16:3e:f1:0b:09", "name": "port_vm_50_3", "network_id": "a54e1b19-ce78-4b7e-b28b-d2d716cdc161", "security_groups": [ "ef69bc60-2f4b-4f97-b95b-e3b68df0c0b2" ], "status": "ACTIVE", "tenant_id": "6c9298ec8c874f7f99688489ab65f90e" } ]}

[Example 3]

l Example JSON requestGET /v2.0/ports?admin_state_up=False

l Example JSON response{ "ports": [

{ "admin_state_up": false, "allowed_address_pairs": [], "binding:vnic_type": "normal", "device_id": "", "device_owner": "", "port_security_enabled":true, "extra_dhcp_opts": [], "fixed_ips": [ { "ip_address": "10.100.100.62", "subnet_id": "9b28f20c-0234-419f-a0b4-4a84f182f64b" } ], "dns_name": "", "id": "ffc0bdee-8413-4fa2-bd82-fa8efe5b3a87", "mac_address": "fa:16:3e:2b:bc:57", "name": "small_net_port", "network_id": "b299b151-7a66-4c6f-a313-cdd3b5724296", "security_groups": [ "ef69bc60-2f4b-4f97-b95b-e3b68df0c0b2" ], "status": "DOWN", "tenant_id": "6c9298ec8c874f7f99688489ab65f90e" } ]}


Issue 01 (2017-12-31) 185

[Example 4]

l Example JSON requestGET /v2.0/ports?device_id=e6c05704-c907-4cc1-8106-69b0996c43b9

l Example JSON response{ "ports": [ { "admin_state_up": true, "allowed_address_pairs": [], "binding:vnic_type": "normal", "device_id": "e6c05704-c907-4cc1-8106-69b0996c43b9", "device_owner": "compute:az3.dc1", "port_security_enabled":true, "extra_dhcp_opts": [], "fixed_ips": [ { "ip_address": "10.1.0.37", "subnet_id": "b3ac1347-63f2-4e82-b853-3d86416a0db5" } ], "dns_assignment": [ { "hostname": "ip-10-1-0-37", "ip_address": "10.1.0.37", "fqdn": "ip-10-1-0-37.xxx.compute.internal."//xxx indicates the region name. } ], "dns_name": "ip-10-1-0-37", "id": "7bb64706-6e46-4f94-a28a-4bc7caaab87d", "mac_address": "fa:16:3e:f1:0b:09", "name": "port_vm_50_3", "network_id": "a54e1b19-ce78-4b7e-b28b-d2d716cdc161", "security_groups": [ "ef69bc60-2f4b-4f97-b95b-e3b68df0c0b2" ], "status": "ACTIVE", "tenant_id": "6c9298ec8c874f7f99688489ab65f90e" } ]}

[Example 5]

l Example JSON requestGET /v2.0/ports?tenant_id=6c9298ec8c874f7f99688489ab65f90e&name=port_vm_50_3

l Example JSON response{ "ports": [ { "admin_state_up": true, "allowed_address_pairs": [], "binding:vnic_type": "normal", "device_id": "e6c05704-c907-4cc1-8106-69b0996c43b9", "device_owner": "compute:az3.dc1", "port_secuirty_enabled":true, "extra_dhcp_opts": [], "fixed_ips": [ { "ip_address": "10.1.0.37", "subnet_id": "b3ac1347-63f2-4e82-b853-3d86416a0db5" } ], "dns_assignment": [ { "hostname": "ip-10-1-0-37", "ip_address": "10.1.0.37",


Issue 01 (2017-12-31) 186

"fqdn": "ip-10-1-0-37.xxx.compute.internal."//xxx indicates the region name. } ], "dns_name": "ip-10-1-0-37", "id": "7bb64706-6e46-4f94-a28a-4bc7caaab87d", "mac_address": "fa:16:3e:f1:0b:09", "name": "port_vm_50_3", "network_id": "a54e1b19-ce78-4b7e-b28b-d2d716cdc161", "security_groups": [ "ef69bc60-2f4b-4f97-b95b-e3b68df0c0b2" ], "status": "ACTIVE", "tenant_id": "6c9298ec8c874f7f99688489ab65f90e" } ]}

[Example 6]

l Example JSON requestGET /v2.0/ports?name=port_vm_50_3

l Example JSON response{ "ports": [ { "status": "DOWN", "allowed_address_pairs": [], "extra_dhcp_opts": [], "device_owner": "", "port_security_enabled":true, "fixed_ips": [ { "subnet_id": "391c74f7-e3b1-405c-8473-2f71a0aec7dc", "ip_address": "10.1.0.33" } ], "dns_name": "", "id": "0f405555-739f-4a19-abb7-ec11d005b3a9", "security_groups": [ "043548bc-1020-4be0-885a-caac8530e8f6" ], "device_id": "", "port_security_enabled":true, "name": "port_vm_50_3", "admin_state_up": true, "network_id": "9898a82d-7795-4ad5-bf2c-0ed8b822be4f", "tenant_id": "3e4a1816927f405cacbc3dca1e05111e", "binding:vnic_type": "normal", "mac_address": "fa:16:3e:b0:d9:cf" }, { "status": "ACTIVE", "allowed_address_pairs": [], "extra_dhcp_opts": [], "device_owner": "compute:az3.dc1", "port_security_enabled":true, "fixed_ips": [ { "subnet_id": "b3ac1347-63f2-4e82-b853-3d86416a0db5", "ip_address": "10.1.0.37" } ], "dns_assignment": [ { "hostname": "ip-10-1-0-37", "ip_address": "10.1.0.37", "fqdn": "ip-10-1-0-37.xxx.compute.internal."//xxx indicates the region name.


Issue 01 (2017-12-31) 187

} ], "dns_name": "ip-10-1-0-37", "id": "7bb64706-6e46-4f94-a28a-4bc7caaab87d", "security_groups": [ "ef69bc60-2f4b-4f97-b95b-e3b68df0c0b2" ], "device_id": "e6c05704-c907-4cc1-8106-69b0996c43b9", "name": "port_vm_50_3", "admin_state_up": true, "network_id": "a54e1b19-ce78-4b7e-b28b-d2d716cdc161", "tenant_id": "6c9298ec8c874f7f99688489ab65f90e", "binding:vnic_type": "normal", "mac_address": "fa:16:3e:f1:0b:09" } ]}


Type Description

200 OK Specifies the normal response code for the GET andPUT operations.














Issue 01 (2017-12-31) 188







13.3 Querying a Port

Function

This interface is used to query details about a specified port.

API Format


GET /v2.0/ports/{port_id} Queries details about thespecified port.

Restrictions

N/A


N/A

Request Parameter

N/A

Response Parameter


port Dict Yes Specifies the port list. For details, seeTable 13-1.


Issue 01 (2017-12-31) 189

Example RequestGET /v2.0/ports/08db2f8b-8887-4c84-b68b-905582c45c8f

Example Response{ "port": { "status": "ACTIVE", "allowed_address_pairs": [ ], "extra_dhcp_opts": [ ], "device_owner": "compute:az3.dc1", "port_security_enabled":true, "fixed_ips": [ { subnet_id": "b3ac1347-63f2-4e82-b853-3d86416a0db5", ip_address": "10.1.0.36" } ], "dns_assignment": [ { "hostname": "ip-10-1-0-36", "ip_address": "10.1.0.36", "fqdn": "ip-10-1-0-36.xxx.compute.internal."//xxx indicates the region name. } ], "dns_name": "ip-10-1-0-36", "id": "20a2782c-bfb7-4775-a553-9253ab0e3365", "security_groups": [ "ef69bc60-2f4b-4f97-b95b-e3b68df0c0b2" ], "device_id": "0bd481a0-7dc5-4a3c-bb7b-2553437cd7a5", "name": "port_vm_50_2", "admin_state_up": true, "network_id": "a54e1b19-ce78-4b7e-b28b-d2d716cdc161", "tenant_id": "6c9298ec8c874f7f99688489ab65f90e", "binding:vnic_type": "normal", "mac_address": "fa:16:3e:ab:1f:a5" }}


Type Description





Issue 01 (2017-12-31) 190
















13.4 Creating a Port

FunctionThis interface is used to create a port.


POST /v2.0/ports Creates a port.


Issue 01 (2017-12-31) 191

RestrictionsN/A


Request ParameterParameter

Type Mandatory

Description

port Dict Yes Specifies the port list. For details, see Table 13-1.Mandatory field: network_id

Response ParameterParameter

Type Mandatory

Description

port Dict Yes Specifies the port information. For details, see the Portsobject model.

Example RequestPOST /v2.0/ports{ "port": { "admin_state_up": true,

"fixed_ips": [ { "ip_address": "10.1.0.150", "subnet_id": "b3ac1347-63f2-4e82-b853-3d86416a0db5" } ], "name": "test", "network_id": "a54e1b19-ce78-4b7e-b28b-d2d716cdc161", "tenant_id": "6c9298ec8c874f7f99688489ab65f90e" }}

Example Response{ "port": { "admin_state_up": true, "allowed_address_pairs": [], "binding:host_id": "az3.dc1", "binding:profile": {},


Issue 01 (2017-12-31) 192

"binding:vif_details": { "ovs_hybrid_plug": true, "port_filter": true }, "binding:vif_type": "ovs", "binding:vnic_type": "normal", "device_id": "", "device_owner": "compute:az3.dc1", "port_security_enabled":true, "extra_dhcp_opts": [], "fixed_ips": [ { "ip_address": "10.1.0.150", "subnet_id": "b3ac1347-63f2-4e82-b853-3d86416a0db5" } ], "dns_assignment": [ { "hostname": "ip-10-1-0-150", "ip_address": "10.1.0.150", "fqdn": "ip-10-1-0-150.xxx.compute.internal."//xxx indicates the region name. } ], "dns_name": "ip-10-1-0-150", "id": "7a9a954a-eb41-4954-a300-11ab17a361a2", "mac_address": "fa:16:3e:7f:60:cb", "name": "test", "network_id": "a54e1b19-ce78-4b7e-b28b-d2d716cdc161", "security_groups": [ "ef69bc60-2f4b-4f97-b95b-e3b68df0c0b2" ], "status": "DOWN", "tenant_id": "6c9298ec8c874f7f99688489ab65f90e" }}

Error Codes

NormalResponseCode

Type Description









Issue 01 (2017-12-31) 193













13.5 Updating a Port

Function

This interface is used to update a port.

API Format


PUT /v2.0/ports/{port_id} Updates a port.

Restrictions

N/A


N/A


Issue 01 (2017-12-31) 194

Request Parameter

Parameter

Type

Mandatory

Description

ports Dict Yes Specifies the port list. For details, see Table 13-1.This parameter has no mandatory fields. You must specifyat least one attribute when updating the port.

Response Parameter

Parameter

Type Mandatory

Description

ports Dict Yes Specifies the port list. For details, see Table 13-1.

Example RequestPUT /v2.0/ports/ 7a9a954a-eb41-4954-a300-11ab17a361a2{ "port": { "name": "test2" }}

Example Response{ "port": { "admin_state_up": false, "allowed_address_pairs": [], "binding:vnic_type": "normal", "device_id": "6c9298ec8c874f7f99688489ab65f903", "device_owner": "test", "port_security_enabled":true, "extra_dhcp_opts": [], "fixed_ips": [ { "ip_address": "10.1.0.198", "subnet_id": "b3ac1347-63f2-4e82-b853-3d86416a0db5" } ], "dns_name": "", "id": "7a9a954a-eb41-4954-a300-11ab17a361a2", "mac_address": "fa:16:3e:7f:60:cb", "name": "test2", "network_id": "a54e1b19-ce78-4b7e-b28b-d2d716cdc161", "security_groups": [ "ef69bc60-2f4b-4f97-b95b-e3b68df0c0b2" ], "status": "BUILD", "tenant_id": "6c9298ec8c874f7f99688489ab65f90e" }}


Issue 01 (2017-12-31) 195


Type Description




















Issue 01 (2017-12-31) 196

13.6 Deleting a Port

Function

This interface is used to delete a port.


DELETE /v2.0/ports/{port_id} Deletes a port.

Restrictionsl A port with device_owner set to a value other than neutron:VIP_PORT cannot be

deleted.l A port with device_id specified cannot be deleted.


N/A

Request Parameter

N/A

Response Parameter

N/A

Example RequestDELETE /v2.0/ports/2b098395-046a-4071-b009-312bcee665cb

Example Response

N/A


Type Description




Issue 01 (2017-12-31) 197

NormalResponseCode

Type Description


















Issue 01 (2017-12-31) 198

14 Network (Native OpenStack API)

14.1 Overview

Object IntroductionThis interface is used to manage and perform operations on network resources, includingquerying networks, creating a network, querying a specified network, deleting a network, andupdating a network.

Object Model

Table 14-1 network object



status String R ACTIVE N/A Specifies the networkstatus. The value canbe ACTIVE, BUILD,DOWN, or ERROR.

subnets List(Uuid-str)

R Empty list N/A Specifies IDs of thesubnets associatedwith this network. TheIDs are in a list.Only one subnet canbe associated witheach network.

name String(255)

CRU None N/A Specifies the networkname.The name cannot beadmin_external_net.

Virtual Private CloudAPI Reference 14 Network (Native OpenStack API)

Issue 01 (2017-12-31) 199



router:external

Bool CRU false The valuecan only betrue orfalse.

Specifies whether thenetwork is an externalnetwork. This is anextended attribute.This attribute is foradministrators only.Tenants cannotconfigure or updatethis attribute and canonly query it.

admin_state_up

Bool CRU true The valuecan only betrue orfalse.

Specifies theadministrative status.The value can only betrue.


CR N/A N/A Specifies the tenantID. Only theadministrator canspecify the tenant IDof other tenants.

shared Bool CRU false The valuecan only betrue orfalse.

Specifies whether thenetwork can be sharedby different tenants.This attribute is foradministrators only.Tenants cannotconfigure or updatethis attribute and canonly query it.


N/A Specifies the networkID.

provider:physical_network

String(64) CR N/A N/A Specifies the physicalnetwork used by thisnetwork. This is anextended attribute.This attribute isavailable only toadministrators.


Issue 01 (2017-12-31) 200



provider:network_type

String(32) CR N/A The valuecan only bevlan, vxlan,flat, local,geneve, orgre.

Specifies the networktype. Only theVXLAN andGENEVE networksare supported. This isan extended attribute.This attribute isavailable only toadministrators. OnlyGENEVE tenants canperform operations onthis attribute.

provider:segmentation_id

Int CR N/A VLAN: 1 to4094VXLAN: 1to 16million

Specifies the networksegment ID. The valueis a VLAN ID for aVLAN network and isa VNI for a VXLANnetwork. This is anextended attribute.This attribute isavailable only toadministrators.

segments List(segment)

CR N/A N/A Specifies a list ofproviders. This is anextended attribute.This attribute isincompatible with thepreceding threeprovider attributes.This attribute isavailable only toadministrators.

availability_zone_hints

List<String>

R N/A N/A Specifies theavailability zonesavailable to thisnetwork. The currentversion does notsupport cross-availability-zonenetwork scheduling.An empty list isreturned.


Issue 01 (2017-12-31) 201



availability_zones

List<String>

R N/A N/A Specifies theavailability zone ofthis network.An empty list isreturned.

port_security_enabled

Bool CRU true N/A Specifies whether thesecurity option isenabled for the port. Ifthe option is notenabled, the securitygroup and DHCPsnooping settings ofall VMs in thenetwork do not takeeffect.

dns_domain String(255)

R Automaticallygenerated

N/A Specifies the defaultprivate network DNSdomain address. Thesystem automaticallysets this parameter,and you are notallowed to configureor change theparameter value.

14.2 Querying Networks

FunctionThis interface is used to query networks using search criteria and to display the networks in alist.


Issue 01 (2017-12-31) 202


GET /v2.0/networks?id={network_id}&status={network_status}&name={network_name}&admin_state_up={is_admin_status_up}&tenant_id={tenant_id}&shared={is_shared}&provider:network_type={geneve}

Queries all networksaccessible to the tenantsubmitting the request. Amaximum of 2000 recordscan be returned for eachquery operation. If thenumber of records exceeds2000, the pagination markerwill be returned. For details,see section A.4 Pagination.

RestrictionsN/A



networks List (network) Yes Specifies the network list. For details,see Table 14-1.

Example RequestGET /v2.0/networks

Example Response{ "networks": [ { "status": "ACTIVE", "availability_zone_hints": [ ], "availability_zones": [ ], "subnets": [ "ab78be2d-782f-42a5-aa72-35879f6890ff" ], "router:external": false, "shared": false, "port_security_enabled":true, "name": "testnet01", "admin_state_up": true, "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "dns_domain":"xxx.compute.internal.",//xxx indicates the region name. "id": "3d42a0d4-a980-4613-ae76-a2cddecff054" }, {


Issue 01 (2017-12-31) 203

"status": "ACTIVE", "availability_zone_hints": [ ], "availability_zones": [ ], "subnets": [ ], "router:external": false, "shared": false, "port_security_enabled":true, "name": "demo-net", "admin_state_up": true, "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "dns_domain":"southchina.compute.internal.", "id": "60c809cb-6731-45d0-ace8-3bf5626421a9" }, { "status": "ACTIVE", "availability_zone_hints": [ ], "availability_zones": [ ], "subnets": [ "132dc12d-c02a-4c90-9cd5-c31669aace04" ], "router:external": false, "shared": false, "port_security_enabled":true, "name": "publicnet", "admin_state_up": true, "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "dns_domain":"xxx.compute.internal.",//xxx indicates the region name. "id": "9daeac7c-a98f-430f-8e38-67f9c044e299" } ]}

Error Codes

NormalResponseCode

Type Description











Issue 01 (2017-12-31) 204











14.3 Querying Network Details

FunctionThis interface is used to query details about a network.


GET /v2.0/networks/{network-id} Queries details about thespecified network.

RestrictionsN/A



Issue 01 (2017-12-31) 205

Response Parameter


network Dict Yes Specifies the network list. For details, seeTable 14-1.

Example RequestGET /v2.0/networks/60c809cb-6731-45d0-ace8-3bf5626421a9

Example Response{ "network": { "status": "ACTIVE", "subnets": [ ], "availability_zone_hints": [ ], "availability_zones": [ ], "name": "demo-net", "admin_state_up": true, "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "router:external": false, "shared": false, "port_security_enabled":true, "dns_domain":"xxx.compute.internal.",//xxx indicates the region name. "id": "60c809cb-6731-45d0-ace8-3bf5626421a9" }}

Error Codes

NormalResponseCode

Type Description










Issue 01 (2017-12-31) 206












14.4 Creating a Network

FunctionThis interface is used to create a network.


POST /v2.0/networks Creates a network.

RestrictionsN/A


Issue 01 (2017-12-31) 207


network Dict Yes Specifies the network list. For details, see Table14-1.This parameter has no mandatory fields.


network Dict Yes Specifies the network list. For details, seeTable 14-1.

Example RequestPOST /v2.0/networks{ "network": { "shared": false, "name": "demo-net", "admin_state_up": true, "tenant_id": "6fbe9263116a4b68818cf1edce16bc4" }}

Example Response{ "network": { "status": "ACTIVE", "subnets": [ ], "availability_zone_hints": [ ], "availability_zones": [ ], "name": "demo-net", "provider:physical_network": "physnet1", "admin_state_up": true, "tenant_id": "6fbe9263116a4b68818cf1edce16bc4", "provider:network_type": "vlan", "router:external": false, "shared": false, "port_security_enabled":true, "dns_domain":"xxx.compute.internal.",//xxx indicates the region name. "id": "ca7192a3-867c-42c1-bfd8-6bb777bae6cf", "provider:segmentation_id": 55 }}


Issue 01 (2017-12-31) 208


Type Description




















Issue 01 (2017-12-31) 209

14.5 Updating a Network

Function

This interface is used to update a network.

API Format


PUT /v2.0/networks/{network-id} Updates a network.

Restrictions

N/A


N/A

Request Parameter


networks Dict Yes Specifies the network list. For details, seeTable 14-1.This parameter has no mandatory fields. Youmust specify at least one attribute whenupdating the port.

Response Parameter


networks Dict Yes Specifies the subnet metadata. For details, seeTable 14-1.

Example RequestPUT /v2.0/networks/7a9a954a-eb41-4954-a300-11ab17a361a2{ "network": { "name": "sample_network, "qos_policy_id": "6a8454ade84346f59e8d40665f878b2e" }}


Issue 01 (2017-12-31) 210

Example Response{ "network": { "admin_state_up": true, "availability_zone_hints": [], "availability_zones": [ "nova" ], "created_at": "2016-03-08T20:19:41", "dns_domain":"xxx.compute.internal.",//xxx indicates the region name. "id": "7a9a954a-eb41-4954-a300-11ab17a361a2", "mtu": 1500, "name": "sample_network_5_updated", "port_security_enabled": true, "project_id": "4fd44f30292945e481c7b8a0c8908869", "qos_policy_id": "6a8454ade84346f59e8d40665f878b2e", "router:external": false, "shared": false, "status": "ACTIVE", "subnets": [ "54d6f61d-db07-451c-9ab3-b9609b6b6f0b" ], "tenant_id": "4fd44f30292945e481c7b8a0c8908869", "updated_at": "2016-03-08T20:19:41", "vlan_transparent": false, "description": "" }}


Type Description











Issue 01 (2017-12-31) 211











14.6 Deleting a Network

Function

This interface is used to delete a network.

API Format


DELETE /v2.0/networks/{network-id} Deletes all networks towhich the specified tenanthas access.

Restrictions

N/A

Request Parameter

None


Issue 01 (2017-12-31) 212

Response ParameterNone

Example RequestDELETE /v2.0/networks/60c809cb-6731-45d0-ace8-3bf5626421a9


Error CodesN/A


Issue 01 (2017-12-31) 213

15 Subnet (Native OpenStack API)

15.1 Overview

Object Introduction

This interface is used to manage and perform operations on subnet resources, includingquerying subnets, creating a subnet, querying a specified subnet, deleting a subnet, andupdating a subnet.

Object Model

Table 15-1 subnet object



id Uuid-str R Automatically generated

N/A Specifies the subnetID.

name String(255)

CRU None N/A Specifies the subnetname.

ip_version Int CR N/A The valuecan only be4 or 6.

Specifies theInternet Protocol(IP) version.Only IPv4 issupported.

ipv6_address_mode

String CR N/A The valuecan only bedhcpv6-stateful,dhcpv6-stateless, orslaac.

Specifies the IPv6addressing mode.This attribute is notsupported.

Virtual Private CloudAPI Reference 15 Subnet (Native OpenStack API)

Issue 01 (2017-12-31) 214



ipv6_ra_mode

String CR N/A The valuecan only bedhcpv6-stateful,dhcpv6-stateless, orslaac.

Specifies the IPv6route broadcastmode.This attribute is notsupported.

network_id Uuid-str CR N/A The valuemust be anexistingnetwork ID.

Specifies the ID ofthe network towhich the subnetbelongs.

cidr String(64) CR N/A The valuemust be inthe validCIDRformat.

Specifies the CIDRformat.Only the addressesin the 10.0.0.0/8,172.16.0.0/12, and192.168.0.0/16network segmentsare supported. Inaddition, the subnetmask cannot begreater than 28.

gateway_ip String(64) CRUD First IPaddress in aCIDR block

The valuemust be avalid IPaddress ornull.

The gateway IPaddress cannotconflict with IPaddressesconfigured forallocation_pools.(If the parametervalue is changed,this change doesnot take effect inthe L3 plug-indelivered withFusionSphereOpenStackV100R006C10.)


Issue 01 (2017-12-31) 215



allocation_pools

List(allocation_pool)

CR All IPaddresses ina CIDRblockexceptingthe gatewayandbroadcastaddresses

The startand end IPaddressesmust bevalid.

Specifies theavailable IP addresspool. For detailsabout theallocation_poolobject, see Table15-2.For example,[ { "start":"10.0.0.2", "end":"10.0.0.251"} ]The first and thelast four IPaddresses in eachsubnet are the onesreserved by thesystem. Forexample, in subnet192.168.1.0/24, IPaddresses192.168.1.0,192.168.1.252,192.168.1.253,192.168.1.254, and192.168.1.255 arereserved by thesystem. By default,the IP addressesreserved by thesystem are not inthe IP address poolspecified byallocation_pool.When updating anIP address pool, theallocation_poolvalue can containneither gateway norbroadcast IPaddresses.

dns_nameservers

List(String)

CRU Empty list A maximumof five DNSserveraddressesaresupported.

Specifies the DNSserver address.For example,"dns_nameservers":["8.8.8.8","8.8.4.4"].


Issue 01 (2017-12-31) 216



host_routes List(host_route)

CRU Empty list A maximumof 20 staticVM routesaresupported.

Specifies the staticVM routes. Fordetails, see thehost_route object.Static routes are notsupported, andentered informationwill be ignored.


CR N/A N/A Specifies the tenantID. Only theadministrator canspecify the tenantID of other tenants.

enable_dhcp Bool CRU true The valuecan only betrue orfalse.

Specifies whetherto enable the DHCPfunction. Valuefalse indicates thatthe DHCP functionis not enabled.The value can onlybe true.

Table 15-2 allocation_pool object

Parameter Type Constraint Mandatory Remarks

start String(64) The valuemust be avalid IPaddress.

No Specifies the start IPaddress of a network pool.

end String(64) The valuemust be avalid IPaddress.

No Specifies the end IPaddress of a network pool.


Issue 01 (2017-12-31) 217

Table 15-3 host_route object

Parameter Type Constraint Mandatory Remarks

destination String(64) The valuemust be inthe validCIDRformat.

No Specifies the destinationsubnet of a route.

nexthop String(64) The valuemust be avalid IPaddress.

No Specifies the next-hop IPaddress of a route.

15.2 Querying Subnets

FunctionThis interface is used to query subnets using search criteria and to display the subnets in a list.


GET /v2.0/subnets?name={subnet_name }&ip_version={ip_version}&network_id={network_id}&cidr={subnet_cidr_address}&gateway_ip={subnet_gateway}&tenant_id={tenant_id}&enable_dhcp={is_enable_dhcp}

Queries all subnetsaccessible to the tenantsubmitting the request. Amaximum of 2000 recordscan be returned for eachquery operation. If thenumber of records exceeds2000, the pagination markerwill be returned. For details,see section A.4 Pagination.

RestrictionsN/A



Issue 01 (2017-12-31) 218


subnets List(subnet) Yes Specifies the subnet list. For details,see Table 15-1.

Example Request{ "subnets": [ { "name": "", "enable_dhcp": true, "network_id": "9daeac7c-a98f-430f-8e38-67f9c044e299", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "dns_nameservers": [,],"allocation_pools": [ { "start": "192.150.73.2", "end": "192.150.73.254" } ], "host_routes": [], "ip_version": 4, "gateway_ip": "192.150.73.1", "cidr": "192.150.73.0/24", "id": "132dc12d-c02a-4c90-9cd5-c31669aace04" }, { "name": "testsubnet", "enable_dhcp": true, "network_id": "60c809cb-6731-45d0-ace8-3bf5626421a9", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "dns_nameservers": [ "8.8.4.4", "8.8.8.8" ], "allocation_pools": [ { "start": "10.0.10.2", "end": "10.0.10.254" } ], "host_routes": [], "ip_version": 4, "gateway_ip": "10.0.10.1", "cidr": "10.0.10.0/24", "id": "e0fa7de1-a6e2-44c9-b052-b9d8cebe93c4" }, { "name": "subnet02", "enable_dhcp": true, "network_id": "3d42a0d4-a980-4613-ae76-a2cddecff054", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "dns_nameservers": [ "8.8.8.7", "8.8.8.8" ], "allocation_pools": [ { "start": "10.1.1.2", "end": "10.1.1.254" } ], "host_routes": [],


Issue 01 (2017-12-31) 219

"ip_version": 4, "gateway_ip": "10.1.1.1", "cidr": "10.1.1.0/24", "id": "e25189a8-54df-4948-9396-d8291ffc92a0" } ]}

Error Codes

NormalResponseCode

Type Description


















Issue 01 (2017-12-31) 220




15.3 Querying a Subnet

FunctionThis interface is used to query details about a subnet.


GET /v2.0/subnets/{subnet-id} Queries details about thespecified subnet.

RestrictionsN/A



subnet Dict Yes Specifies the subnet list. For details,see Table 15-1.

Example RequestGET /v2.0/subnets/e0fa7de1-a6e2-44c9-b052-b9d8cebe93c4

Example Response{ "subnet": { "name": "testsubnet", "enable_dhcp": true, "network_id": "60c809cb-6731-45d0-ace8-3bf5626421a9", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "dns_nameservers": [ "8.8.8.7", "8.8.8.8"


Issue 01 (2017-12-31) 221

], "allocation_pools": [ { "start": "10.0.10.2", "end": "10.0.10.254" } ], "host_routes": [], "ip_version": 4, "gateway_ip": "10.0.10.1", "cidr": "10.0.10.0/24", "id": "e0fa7de1-a6e2-44c9-b052-b9d8cebe93c4" }}

Error Codes

NormalResponseCode

Type Description
















Issue 01 (2017-12-31) 222






15.4 Creating a Subnet

Function

This interface is used to create a subnet.

API Format


POST /v2.0/subnets Creates a subnet.

Restrictions

N/A

Request Parameter


subnet dict Yes Specifies the subnet list. For details, seeTable 15-1.Mandatory fields: network_id and cidr

Response Parameter


subnet dict Yes Specifies the subnet list. For details, seeTable 15-1.


Issue 01 (2017-12-31) 223

Example RequestPOST /v2.0/subnets{ "subnet": { "name": "testsubnet", "enable_dhcp": true, "network_id": "60c809cb-6731-45d0-ace8-3bf5626421a9", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "dns_nameservers": [ "8.8.8.8", "8.8.8.7" ], "allocation_pools": [ { "start": "10.0.10.2", "end": "10.0.10.254" } ], "host_routes": [], "ip_version": 4, "gateway_ip": "10.0.10.1", "cidr": "10.0.10.0/24" }}

Example Response{ "subnet": { "name": "testsubnet", "enable_dhcp": true, "network_id": "60c809cb-6731-45d0-ace8-3bf5626421a9", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "dns_nameservers": [ "8.8.8.7", "8.8.8.8" ], "allocation_pools": [ { "start": "10.0.10.2", "end": "10.0.10.254" } ], "host_routes": [], "ip_version": 4, "gateway_ip": "10.0.10.1", "cidr": "10.0.10.0/24", "id": "e0fa7de1-a6e2-44c9-b052-b9d8cebe93c4" }}


Type Description




Issue 01 (2017-12-31) 224

NormalResponseCode

Type Description

















15.5 Updating a Subnet

Function

This interface is used to update information about a subnet.


Issue 01 (2017-12-31) 225


PUT /v2.0/subnets/{subnet-id} Updates a subnet.

RestrictionsWhen updating the allocation_pools field, neither gateway nor broadcast IP addresses can beincluded.


subnet dict Yes Specifies the subnet list. For details, seeTable 15-1.This parameter has no mandatory fields. Youmust specify at least one attribute whenupdating the subnet.


subnet dict Yes Specifies the subnet list. For details,see Table 15-1.

Example RequestPUT /v2.0/subnets/907c9a08-7b14-4863-9d9c-9f6b93fa987a{ "subnet": { "name": "testsubnet", "dns_nameservers": [ "1.1.1.1", "2.2.2.2" ], "enable_dhcp": true }}

Example Response{ "subnet": { "name": "testsubnet", "enable_dhcp": true, "network_id": "9daeac7c-a98f-430f-8e38-67f9c044e299", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "dns_nameservers": [ "1.1.1.1", "2.2.2.2"


Issue 01 (2017-12-31) 226

], "allocation_pools": [ { "start": "10.0.10.2", "end": "10.0.10.254" } ], "host_routes": [], "ip_version": 4, "gateway_ip": "10.0.10.1", "cidr": "10.0.10.0/24", "id": "907c9a08-7b14-4863-9d9c-9f6b93fa987a" }}

Error Codes

NormalResponseCode

Type Description
















Issue 01 (2017-12-31) 227






15.6 Deleting a Subnet

Function

This interface is used to delete a subnet.

API Format


DELETE /v2.0/subnets/{subnet-id} Deletes a subnet.

Restrictions

N/A

Request Parameter

None

Response Parameter

None

Example RequestDELETE /v2.0/subnets/74259164-e63a-4ad9-9c77-a1bd2c9aa187

Example Response

None


Issue 01 (2017-12-31) 228


Type Description




















Issue 01 (2017-12-31) 229

16 Router (Native OpenStack API)

16.1 Overview

Object IntroductionThis interface is used to manage and perform operations on router resources, includingquerying routers, creating a router, querying a specified router, deleting a router, and updatinga router.

Response Parameter

Table 16-1 router object




N/A Specifies the routerID.

name String(64) CRU None N/A Specifies the routername.The name can containonly digits, letters,underscores (_), andhyphens (-).

admin_state_up

Bool CRU true The valuecan only betrue or false.

Specifies theadministrative status.The value can only betrue.

Virtual Private CloudAPI Reference 16 Router (Native OpenStack API)

Issue 01 (2017-12-31) 230



status String R N/A N/A Specifies the routerstatus. The value canbe ACTIVE,DOWN, or ERROR.

tenant_id String(255) CR N/A N/A Specifies the tenantID. Only theadministrator canspecify the tenant IDof other tenants.

external_gateway_info

Dict CRU N/A N/A Specifies the externalgateway information.This is an extendedattribute. For details,see Table 16-2.

routes List(route) RU N/A N/A Specifies informationabout the routes. Thisis an extendedattribute. For details,see Table 16-3.

distributed Bool CRU False The valuecan only betrue or false.

Specifies thedistributeddeployment mode.Administratorpermission required.

ha Bool CR False The valuecan only betrue or false.

Specifies the HAdeployment mode.Administratorpermission required.


Issue 01 (2017-12-31) 231

Table 16-2 external_gateway_info object



network_id Uuid-str CRU N/A N/A Specifies the UUIDof the externalnetwork.You can use GET /v2.0/networks?router:external=True or run theneutron net-external-listcommand to queryinformation aboutthe external network.

enable_snat Bool CRU N/A N/A Specifies whetherthe SNAT function isenabled.The default value isfalse.

Table 16-3 route object



destination String RU N/A The prefixcannot bethe same asthat of adirect route.

Specifies the IP addresssegment. You can onlyconfigure the defaultroute, and its value canonly be 0.0.0.0/0.

nexthop String RU N/A N/A Specifies the next hopIP address. The IPaddress can only be onein the subnet associatedwith the router.

16.2 Querying Routers

FunctionThis interface is used to query routers.


Issue 01 (2017-12-31) 232


GET /v2.0/routers?id={ id }&name={ name }&admin_state_up={admin_state_up}&tenant_id={tenant_id}&status={status}

Queries all routersaccessible to the tenantsubmitting the request.

RestrictionsN/A



routers List(router) Yes Specifies the router list. For details,see Table 16-1.

Example RequestGET/v2.0/routers

Example Response{ "routers": [ { "status": "ACTIVE", "external_gateway_info": { "network_id": "9daeac7c-a98f-430f-8e38-67f9c044e299", "enable_snat": false }, "name": "router", "admin_state_up": true, "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "routes": [], "id": "b147a74b-39bb-4c7a-aed5-19cac4c2df13", } ]}


Issue 01 (2017-12-31) 233


Type Description




















Issue 01 (2017-12-31) 234

16.3 Querying a Router

FunctionThis interface is used to query details about a router.


GET /v2.0/routers/{router_id} Queries details about aspecific router accessible tothe tenant submitting therequest.

RestrictionsN/A



router Dict Yes Specifies the router list. For details,see Table 16-1.

Example RequestGET /v2.0/routers/b147a74b-39bb-4c7a-aed5-19cac4c2df13

Example Response{ "router": { "status": "ACTIVE", "external_gateway_info": { "network_id": "9daeac7c-a98f-430f-8e38-67f9c044e299","enable_snat": false }, "name": "router", "admin_state_up": true, "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "routes": [], "id": "b147a74b-39bb-4c7a-aed5-19cac4c2df13", "distributed": false, "ha": false }}


Issue 01 (2017-12-31) 235


Type Description




















Issue 01 (2017-12-31) 236

16.4 Creating a Router

FunctionThis interface is used to create a router.


POST /v2.0/routers Creates a router.

RestrictionsN/A


router Dict Yes Specifies the router list. For details,see Table 16-1. This parameter hasno mandatory fields.


router Dict Yes Specifies a router. For details, see therouter object table.

Example RequestPOST /v2.0/routers{ "router": { "name": "router2", "admin_state_up": true, "external_gateway_info": { "network_id": "9daeac7c-a98f-430f-8e38-67f9c044e299" } }}

Example Response{ "router": { "status": "ACTIVE",


Issue 01 (2017-12-31) 237

"external_gateway_info": { "network_id": "9daeac7c-a98f-430f-8e38-67f9c044e299", "enable_snat": false } "name": "router2", "admin_state_up": true, "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "id": "76e48ca6-7d2d-45a6-947b-e48969a6035b", "distributed": false, "ha": false }}


Type Description
















Issue 01 (2017-12-31) 238






16.5 Updating a Router

Function

This interface is used to update a router.

API Format


PUT /v2.0/routers/{router_id} Updates router information.

Restrictions

N/A

Request Parameter


router Dict Yes Specifies the router list. For details, seeTable 16-1.This parameter has no mandatory fields.You must specify at least one attribute whenupdating the router.

Response Parameter


router Dict Yes Specifies the router list. For details, see Table16-1.


Issue 01 (2017-12-31) 239

Example RequestPUT/v2.0/routers{ "router": { "name": "router3" }}

Example Response{ "router": { "status": "ACTIVE", "external_gateway_info": { "network_id": "9daeac7c-a98f-430f-8e38-67f9c044e299","enable_snat": false }, "name": "router3", "admin_state_up": true, "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "id": "7b45d3c6-22a8-4cfc-ad17-56b8d5323eef" }}

Error Codes

NormalResponseCode

Type Description












Issue 01 (2017-12-31) 240










16.6 Deleting a Router

FunctionThis interface is used to delete a router.


DELETE /v2.0/routers/{router_id} Deletes a specified router.

RestrictionsN/A



Example RequestDELETE /v2.0/routers/0735a367-2caf-48fb-85aa-6082266f342e


Issue 01 (2017-12-31) 241

Example Response

None

Error Codes

NormalResponseCode

Type Description



















Issue 01 (2017-12-31) 242



16.7 Adding an Interface to a Router

Function

This interface is used to add an interface to a router.

API Format


PUT /v2.0/routers/{router_id}/add_router_interface

Adds an interface to arouter.

Restrictionsl When a port is used, the port can have only one IP address.

l When a subnet is used, the gateway IP address must be configured for the subnet.

l A router cannot be added for networks whose provider:network_type is geneve.

Request Parameter


subnet_id uuid-str No Specifies the subnet ID. Either subnet_id orport_id is used.Use the gateway IP address of the subnet tocreate a router interface.

port_id uuid-str No Specifies the port ID. Either subnet_id orport_id is used. Use the port IP address tocreate a router interface.

Response Parameter


subnet_id uuid-str Yes Specifies the subnet ID.

tenant_id uuid-str Yes Specifies the tenant ID.

port_id uuid-str Yes Specifies the port ID.


Issue 01 (2017-12-31) 243


id uuid-str Yes Specifies the router ID.

Example RequestPUT /v2.0/routers/5b8e885c-1347-4ac2-baf9-2249c8ed1270/add_router_interface{"subnet_id": "ab78be2d-782f-42a5-aa72-35879f6890ff"}

Example Response{ "subnet_id": "ab78be2d-782f-42a5-aa72-35879f6890ff", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "port_id": "40e86635-b2a3-45de-a7c8-3cced5b7e755", "id": "5b8e885c-1347-4ac2-baf9-2249c8ed1270"}

Error Codes

NormalResponseCode

Type Description













Issue 01 (2017-12-31) 244









16.8 Removing an Interface from a Router

FunctionThis interface is used to remove an interface from a router.


PUT /v2.0/routers/{router_id}/remove_router_interface

Removes an interface from arouter.

RestrictionsYou are not allowed to remove an interface from a router if the subnet contains load balancerobjects.


subnet_id uuid-str No Specifies the subnet ID. Either subnet_id orport_id is used.Use the gateway IP address of the subnet tocreate a router interface.


Issue 01 (2017-12-31) 245


port_id uuid-str No Specifies the port ID. Either subnet_id orport_id is used. Use the port IP address tocreate a router interface.

Response Parameter


subnet_id uuid-str Yes Specifies the subnet ID.

tenant_id uuid-str Yes Specifies the tenant ID.

port_id uuid-str Yes Specifies the port ID.

id uuid-str Yes Specifies the router ID.

Example RequestPUT /v2.0/routers/b625c58c-0cfe-49e0-acc8-f2374f8187ff/remove_router_interface{"subnet_id": "4b910a10-0860-428b-b463-d84dbc5e288e"}

Example Response{ "subnet_id": "4b910a10-0860-428b-b463-d84dbc5e288e", "tenant_id": "3d72597871904daeb6887f75f848b531", "port_id": "34d7d063-8f40-4958-b420-096db40d4067", "id": "b625c58c-0cfe-49e0-acc8-f2374f8187ff"}

Error Codes

NormalResponseCode

Type Description







Issue 01 (2017-12-31) 246
















Issue 01 (2017-12-31) 247

17 Floating IP Address (Native OpenStack

API)

17.1 Overview

Object IntroductionManage and perform operations on floating IP addresses, including querying floating IPaddresses, creating floating IP addresses, querying a specified floating IP address, deleting afloating IP address, and updating a floating IP address.

Object Model

Table 17-1 Floating IP address object



status String R DOWN N/A Specifies the networkstatus. The value canbe ACTIVE,DOWN, or ERROR.


N/A Specifies the floatingIP address ID.

floating_ip_address

String(64) CR None N/A Specifies the floatingIP address.

Virtual Private CloudAPI Reference 17 Floating IP Address (Native OpenStack API)

Issue 01 (2017-12-31) 248



floating_network_id

Uuid-str CR N/A N/A Specifies the externalnetwork ID.You can only usefixed externalnetwork. You can useGET /v2.0/networks?router:external=True or GET /v2.0/networks?name={floating_network} or run theneutron net-external-listcommand to obtaininformation about theexternal network.

router_id Uuid-str R None N/A Specifies the ID of thebelonged router.

port_id Uuid-str CRU None N/A Specifies the port ID.

fixed_ip_address

String(64) CRU None IP address ornone

Specifies the privateIP address of theassociated port.Content entered byusers will be ignored.


CR ID of theauthenticatedtenant

N/A Specifies the tenantID. Only theadministrator canspecify the tenant IDof other tenants.

17.2 Querying Floating IP Addresses

FunctionThis interface is used to query floating IP addresses using search criteria and to display thefloating IP addresses in a list.


Issue 01 (2017-12-31) 249

API Format


GET /v2.0/floatingips?id={fip_id}&router_id={router_id}&floating_network_id={net_id }&floating_ip_address={floating_ip }&port_id={port_id }&fixed_ip_address={fixed_ip}&tenant_id={tenant_id}

Queries all floating IPaddresses accessible to thetenant submitting therequest. A maximum of2000 records can bereturned for each queryoperation. If the number ofrecords exceeds 2000, thepagination marker will bereturned. For details, seesection A.4 Pagination.

Restrictions

N/A

Request Parameter

None

Response Parameter


floatingips List(floatingip)

Yes Specifies the floating IP address list. Fordetails, see Table 17-1.

Example RequestGET /v2.0/floatingips

Example Response{ "floatingips": [ { "router_id": "21978e24-b96d-43be-8452-5dd731acde96", "status": "DOWN", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "floating_network_id": "0a2228f2-7f8a-45f1-8e09-9039e1d09975", "fixed_ip_address": "10.1.1.2", "floating_ip_address": "192.150.73.5", "port_id": "3cb820b8-82ba-446c-9845-f1ef843d744b", "id": "2dedb5e7-cb70-4e78-b50f-d88c8321d161" } ]}


Issue 01 (2017-12-31) 250


Type Description




ErrorResponseCode

Type Possible Cause

400 Bad request The server failed to process the request.

401 Unauthorized You must enter the username and password to access therequested page.



409 Conflict The request could not be processed due to a conflict.

500 Internal servererror

Failed to complete the request because of an internalservice error.

503 Serviceunavailable

Failed to complete the request because the service isunavailable.

17.3 Querying a Floating IP Address

FunctionThis interface is used to query details about a floating IP address.


Issue 01 (2017-12-31) 251

API Format


GET /v2.0/floatingips/{floatingip_id} Queries details about aspecific floating IP addressaccessible to the tenantsubmitting the request.

Restrictions

N/A

Request Parameter

None

Response Parameter


floatingip Dict Yes Specifies the floating IP address list. Fordetails, see Table 17-1.

Example RequestGET/v2.0/floatingips/2dedb5e7-cb70-4e78-b50f-d88c8321d161

Example Response{ "floatingip": { "router_id": "b147a74b-39bb-4c7a-aed5-19cac4c2df13", "status": "DOWN", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "floating_network_id": "0a2228f2-7f8a-45f1-8e09-9039e1d09975", "fixed_ip_address": "10.1.1.2", "floating_ip_address": "192.150.73.5", "port_id": "3cb820b8-82ba-446c-9845-f1ef843d744b", "id": "2dedb5e7-cb70-4e78-b50f-d88c8321d161" }}

Error Codes

NormalResponseCode

Type Description



Issue 01 (2017-12-31) 252

NormalResponseCode

Type Description



ErrorResponseCode

Type Possible Cause










17.4 Creating a Floating IP Address

FunctionThis interface is used to create a floating IP address.


POST /v2.0/floatingips Creates a floating IP addressand associates it with aninternal port.


Issue 01 (2017-12-31) 253

Restrictions

You can use GET /v2.0/networks?router:external=True or run the neutron net-external-list command to obtain the UUID of the external network required for creating a floating IPaddress.

Request Parameter


floatingip Dict Yes Specifies the floating IP address list. Fordetails, see Table 17-1.Mandatory field: floating_network_id

Response Parameter



Example RequestPOST /v2.0/floatingips{ "floatingip": { "floating_network_id": "5ce655fa-c911-4d2c-99f7-445bc1162ef8", "port_id": "552389f5-8f4c-4bb7-9991-07233c315d60" }}

Example Response{ "floatingip": { "router_id": "76c052d6-6a92-444c-b67d-147ee166a480", "status": "DOWN", "tenant_id": "6fd9b5fdb997425f97bc5ba1f0846084", "floating_network_id": "5ce655fa-c911-4d2c-99f7-445bc1162ef8", "fixed_ip_address": "12.14.56.5", "floating_ip_address": "100.64.0.30", "port_id": "552389f5-8f4c-4bb7-9991-07233c315d60", "id": "2567f393-5c76-42db-a397-477723ce41f7" }}

Error Codes

NormalResponseCode

Type Description



Issue 01 (2017-12-31) 254

NormalResponseCode

Type Description



ErrorResponseCode

Type Possible Cause










17.5 Updating a Floating IP Address

FunctionThis interface is used to update a floating IP address.


PUT /v2.0/floatingips/{floatingip_id} Updates a specific floatingIP address and the portassociated with the address.


Issue 01 (2017-12-31) 255

Restrictions

When you bind a floating IP address, if the floating IP address is in the error state, tryunbinding the address first.

You are not allowed to bind a floating IP address that has been bound to a port to another port.You must first unbind the IP address from its original port and bind it to the required port.


floatingip Dict Yes Specifies the floating IP address list. Fordetails, see Table 17-1. Parametersfloatingip and port_id are mandatoryfields.



Example Request 1PUT /v2.0/floatingips/b639c937-4737-4107-8978-fecc7327a5ae{ "floatingip": { "port_id": "21b5c483-84e9-40a1-86b3-3041606106f5", "fixed_ip_address": "10.0.2.2" }}

Example Response 1{ "floatingip": { "router_id": "76c052d6-6a92-444c-b67d-147ee166a480", "status": "ACTIVE", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "floating_network_id": "0a2228f2-7f8a-45f1-8e09-9039e1d09975", "fixed_ip_address": "10.0.2.2", "floating_ip_address": "192.150.73.19", "port_id": "21b5c483-84e9-40a1-86b3-3041606106f5", "id": "b639c937-4737-4107-8978-fecc7327a5ae" }}

Example Request 2PUT /v2.0/floatingips/3870858f-91dc-489f-92a1-c04dbdc6d781{ "floatingip": { "port_id": null


Issue 01 (2017-12-31) 256

}}

Example Response 2{ "floatingip": { "floating_network_id": "809fdbbc-2e3e-426e-897c-cb632b081a72", "router_id": null, "fixed_ip_address": null, "floating_ip_address": "192.168.0.3", "tenant_id": "3c8c36e1520147ccbc83d2ccfbb9ab24", "status": "ACTIVE", "port_id": null, "id": "3870858f-91dc-489f-92a1-c04dbdc6d781" }}

Error Codes

NormalResponseCode

Type Description




ErrorResponseCode

Type Possible Cause











Issue 01 (2017-12-31) 257

17.6 Deleting a Floating IP Address

Function

This interface is used to delete a floating IP address.

API Format


DELETE /v2.0/floatingips/{floatingip_id} Deletes a specific floating IPaddress.

Restrictions

None

Request Parameter

None

Response Parameter

None

Example RequestDELETE/v2.0/floatingips/a95ec431-8473-463b-aede-34fb048ee3a7

Example Response

None

Error Codes

NormalResponseCode

Type Description





Issue 01 (2017-12-31) 258

ErrorResponseCode

Type Possible Cause











Issue 01 (2017-12-31) 259

18 Network ACL (Native OpenStack API)

18.1 Overview

Object Introduction

Use FWaaS API 2.0 to manage and perform other operations on the network ACL objectmodels. The operations include querying, creating, updating, and deleting firewall rules,querying, creating, updating, and deleting firewall policies, as well as querying, creating,updating, and deleting firewall groups.

Object Model

Table 18-1 Firewall Rule object



id Uuid-str R None N/A Specifies the UUIDof the network ACLrule.

name String(255)

CRU None The value cancontain amaximum of255 characters.

Specifies thenetwork ACL rulename.

description String(255)

CRU None The value cancontain amaximum of255 characters.

Providessupplementaryinformation aboutthe network ACLrule.

tenant_id Uuid-str CR None N/A Specifies the ownerof the network ACLrule.

Virtual Private CloudAPI Reference 18 Network ACL (Native OpenStack API)

Issue 01 (2017-12-31) 260



public Bool CRU false The value canonly be true orfalse.

Specifies whetherthe firewall rule canbe shared bydifferent tenants.This attribute is foradministrators only.Tenants cannotconfigure or updatethis attribute andcan only query it.

protocol String CRU None The value canbe TCP, UDP,ICMP, or avalue rangingfrom 0 to 255.

Specifies thesupported InternetProtocol (IP)protocol.

source_port String CRU None The value canbe an integerfrom 1 to65,535 or aport numberrange in theformat of a:b.

Specifies the sourceport number or portnumber range.

destination_port

String CRU None The value canbe an integerfrom 1 to65,535 or aport numberrange in theformat of a:b.

Specifies thedestination portnumber or portnumber range.

ip_version Integer CRU 4 IPv4/IPv6 Specifies the IPprotocol version.

source_ip_address

String CRU None N/A Specifies the sourceIP address or CIDRblock.

destination_ip_address

String CRU None N/A Specifies thedestination IPaddress or CIDRblock.

action String CRU DENY DENY/ALLOW/REJECT

Specifies actionsperformed onforwarded networkACL traffic.


Issue 01 (2017-12-31) 261



enabled Bool CRU true true/false Specifies whetherthe network ACLrule is enabled.

Table 18-2 Firewall Policy object



id Uuid-str R None N/A Specifies theUUID of thenetwork ACLpolicy.

name String CRU None The value cancontain amaximum of 255characters.

Specifies the nameof the networkACL policy.

description String CRU None The value cancontain amaximum of 255characters.

Providessupplementaryinformation aboutthe network ACLpolicy.

tenant_id Uuid-str CR None N/A Specifies theowner of thenetwork ACLpolicy.

firewall_rules

List CRU None N/A Specifies thefirewall rulesreferenced by thenetwork ACLpolicy.

audited Bool CRU false true/false Specifies the auditflag.


Issue 01 (2017-12-31) 262



public Bool CRU false The value can onlybe true or false.

Specifies whetherthe firewall policycan be shared bydifferent tenants.This attribute is foradministratorsonly. Tenantscannot configureor update thisattribute and canonly query it.

Table 18-3 Firewall Group object



id Uuid-str R None N/A Specifies theUUID of thenetwork ACLgroup.

name String CRU None The value cancontain amaximum of 255characters.

Specifies thename of thenetwork ACLgroup.

description String CRU None The value cancontain amaximum of 255characters.

Providessupplementaryinformationabout thenetwork ACLgroup.

tenant_id Uuid-str CR None N/A Specifies theowner of thenetwork ACLgroup.

ingress_firewall_policy_id

Uuid-str CRU None N/A Specifies thenetwork ACLpolicy forinbound traffic.

egress_firewall_policy_id

Uuid-str CRU None N/A Specifies thenetwork ACLpolicy foroutbound traffic.


Issue 01 (2017-12-31) 263



ports List CRU None The value must bethe port ID of thedistributed router.

Specifies the listof ports boundwith the networkACL group.

public Bool CRU false The value canonly be true orfalse.

Specifieswhether thefirewall groupcan be shared bydifferent tenants.This attribute isforadministratorsonly. Tenantscannot configureor update thisattribute and canonly query it.

status String R None The value canonly be one of thefollowing:ACTIVE,CREATE,INACTIVE,PENDING_CREATE,PENDING_UPDATE,PENDING_DELETE, and ERROR

Specifies thestatus of thenetwork ACLpolicy.

admin_state_up

Bool CRU true true/false Specifieswhether thenetwork ACL iscontrolled by theadministrator.

18.2 Querying Network ACL Rules

FunctionThis interface is used to query all network ACL rules.


Issue 01 (2017-12-31) 264


GET /v2.0/fwaas/firewall_rules Queries all network ACLrules accessible to the tenantsubmitting the request.

RestrictionsN/A



firewall_rules List(firewall rule)

Yes Specifies the firewall rule list. For details,see Table 18-1. A maximum of 2000records can be returned for each queryoperation. If the number of recordsexceeds 2000, the pagination marker willbe returned. For details, see section A.4Pagination.

Example RequestGET/v2.0/fwaas/firewall_rules

Example Response{ "firewall_rules": [ { "protocol": "tcp", "name": "crhfwruleupdate", "mode": "normal", "tenant_id": "f480f5d250824e5fafedcf05acf1419c", "rule_profile": "", "enabled": true, "source_port": null, "source_ip_address": null, "destination_ip_address": null, "firewall_policy_id": "b4f81251-c47a-4fe1-8579-6f9271d015d1", "action": "deny", "position": 1, "ip_version": 4, "shared": false, "destination_port": null, "id": "2a193015-4a88-4aa1-84ad-d4955adae707", "description": "" }, {


Issue 01 (2017-12-31) 265

"protocol": "tcp", "name": "update_firewall-role-tommy", "mode": "mix", "tenant_id": "a1c6f90c94334bd2953d9a61b8031a68", "rule_profile": "", "enabled": false, "source_port": "20:50", "source_ip_address": null, "destination_ip_address": null, "firewall_policy_id": null, "action": "deny", "position": null, "ip_version": 4, "shared": true, "destination_port": "40:60", "id": "db7a204c-9eb1-40a2-9bd6-ed5cfd3cff32", "description": "update check parameter" } ]}


Type Description














Issue 01 (2017-12-31) 266








18.3 Querying a Network ACL Rule

Function

This interface is used to query details about a specific network ACL rule.

API Format


GET /v2.0/fwaas/firewall_rules/{firewall_rule_id} Queries details about anetwork ACL rule specifiedby the tenant submitting therequest.

Restrictions

N/A

Request Parameter

None

Response Parameter


firewall_rule Dict Yes Specifies the firewall rule. For details, seeTable 18-1.


Issue 01 (2017-12-31) 267

Example RequestGET/v2.0/fwaas/firewall_rules/514e6776-162a-4b5d-ab8b-aa36b86655ef

Example Response{ "firewall_rule": { "protocol": "tcp", "name": "bobby_rule", "mode": "normal", "tenant_id": "4490a89232ce46d4ae4bfb227ef1a40a", "rule_profile": "", "enabled": true, "source_port": null, "source_ip_address": null, "destination_ip_address": null, "firewall_policy_id": null, "action": "allow", "position": null, "ip_version": 4, "shared": false, "destination_port": null, "id": "514e6776-162a-4b5d-ab8b-aa36b86655ef", "description": "" }}


Type Description











Issue 01 (2017-12-31) 268











18.4 Creating a Network ACL Rule

Function

This interface is used to create a network ACL rule.

API Format


POST /v2.0/fwaas/firewall_rules Creates a network ACL rule.

Restrictions

N/A

Request Parameter


firewall_rule Dict Yes Specifies the firewall rule. Fordetails, see Table 18-1.Mandatory field: none


Issue 01 (2017-12-31) 269

Response Parameter


firewall_rule Dict Yes Specifies the firewall rule. Fordetails, see Table 18-1.

Example RequestPOST /v2.0/fwaas/firewall_rules{ "firewall_rule": { "action": "allow", "enabled": true, "destination_port": "80", "protocol": "tcp", "name": "ALLOW_HTTP" }}

Example Response{ "firewall_rule": { "protocol": "tcp", "description": "", "source_ip_address": null, "destination_ip_address": null, "source_port": null, "destination_port": "80", "id": "b94acf06-efc2-485d-ba67-a61acf2a7e28", "name": "ALLOW_HTTP", "tenant_id": "23c8a121505047b6869edf39f3062712", "enabled": true, "action": "allow", "ip_version": 4, "public": false }}

Error Codes

NormalResponseCode

Type Description





Issue 01 (2017-12-31) 270
















18.5 Updating a Network ACL Rule

Function

This interface is used to update a network ACL rule.

API Format


PUT /v2.0/fwaas/firewall_rules/{firewall_rule_id} Updates a network ACLrule.


Issue 01 (2017-12-31) 271

RestrictionsN/A


firewall_rule Dict Yes Specifies the firewall rule. Fordetails, see Table 18-1.Mandatory field: none


firewall_rule Dict Yes Specifies the firewall rule. Fordetails, see Table 18-1.

Example RequestPUT /v2.0/fwaas/firewall_rules/b94acf06-efc2-485d-ba67-a61acf2a7e28{ "firewall_rule": { "action": "reject" }}

Example Response{ "firewall_rule": { "protocol": "tcp", "description": "", "source_ip_address": null, "destination_ip_address": null, "source_port": null, "destination_port": "80", "id": "b94acf06-efc2-485d-ba67-a61acf2a7e28", "name": "ALLOW_HTTP", "tenant_id": "23c8a121505047b6869edf39f3062712", "enabled": true, "action": "reject", "ip_version": 4, "public": false }}


Issue 01 (2017-12-31) 272


Type Description




















Issue 01 (2017-12-31) 273

18.6 Deleting a Network ACL Rule

Function

This interface is used to delete a network ACL rule.

API Format


DELETE /v2.0/fwaas/firewall_rules/{firewall_rule_id}

Deletes a network ACL rule.

Restrictions

N/A

Request Parameter

None

Response Parameter

None

Example Request

DELETE /v2.0/fwaas/firewall_rules/b94acf06-efc2-485d-ba67-a61acf2a7e28

Example Response

None

Error Codes

NormalResponseCode

Type Description





Issue 01 (2017-12-31) 274
















18.7 Querying Network ACL Policies

FunctionThis interface is used to query all network ACL policies.


Issue 01 (2017-12-31) 275


GET /v2.0/fwaas/firewall_policies Queries all network ACLpolicies accessible to thetenant submitting therequest. A maximum of2000 records can bereturned for each queryoperation. If the number ofrecords exceeds 2000, thepagination marker will bereturned. For details, seesection A.4 Pagination.

RestrictionsN/A



firewall_policies List(firewall policy)

Yes Specifies the firewall policy list. Fordetails, see Table 18-2.

Example RequestGET/v2.0/fwaas/firewall_policies

Example Response{ "firewall_policies": [ { "description": "", "firewall_rules": [ "6c6803e0-ca8c-4aa9-afb3-4f89275b6c32" ], "tenant_id": "23c8a121505047b6869edf39f3062712", "public": false, "id": "6b70e321-0c21-4b83-bb8a-a886d1414a5f", "audited": false, "name": "fwp1" }, { "description": "", "firewall_rules": [ "6c6803e0-ca8c-4aa9-afb3-4f89275b6c32" ],


Issue 01 (2017-12-31) 276

"tenant_id": "23c8a121505047b6869edf39f3062712", "public": false, "id": "fce92002-5a15-465d-aaca-9b44453bb738", "audited": false, "name": "fwp2" } ]}


Type Description

















Issue 01 (2017-12-31) 277





18.8 Querying a Network ACL Policy

Function

This interface is used to query details about a specific network ACL policy.

API Format


GET /v2.0/fwaas/firewall_policies/{firewall_policy_id}

Queries details about anetwork ACL policyspecified by the tenantsubmitting the request.

Restrictions

N/A

Request Parameter

None

Response Parameter


firewall_policy Dict Yes Specifies the firewall policy list. Fordetails, see Table 18-2.

Example Request

GET/v2.0/fwaas/firewall_policies/fed2d88f-d0e7-4cc5-bd7e-c495f67037b6


Issue 01 (2017-12-31) 278

Example Response{ "firewall_policy": { "description": "", "firewall_rules": [ "3c0e6267-73df-4d9a-87a6-e226f2db2036" ], "tenant_id": "23c8a121505047b6869edf39f3062712", "public": false, "id": "fed2d88f-d0e7-4cc5-bd7e-c495f67037b6", "audited": false, "name": "bobby_fwp1" }}


Type Description















Issue 01 (2017-12-31) 279







18.9 Creating a Network ACL Policy

FunctionThis interface is used to create a network ACL policy.


POST /v2.0/fwaas/firewall_policies Creates a network ACLpolicy.

RestrictionsN/A


firewall_policy Dict Yes Specifies the firewall policy list. Fordetails, see Table 18-2.Mandatory field: none


Issue 01 (2017-12-31) 280



Example RequestPOST /v2.0/fwaas/firewall_policies{ "firewall_policy": { "name": "test-policy", "firewall_rules": [ "b8243448-cb3c-496e-851c-dadade4c161b" ] }}

Example Response{ "firewall_policy": { "description": "", "firewall_rules": [ "b8243448-cb3c-496e-851c-dadade4c161b" ], "tenant_id": "23c8a121505047b6869edf39f3062712", "public": false, "id": "2fb0e81f-9f63-44b2-9894-c13a3284594a", "audited": false, "name": "test-policy" }}


Type Description







Issue 01 (2017-12-31) 281















18.10 Updating a Network ACL Policy

FunctionThis interface is used to update a network ACL policy.


PUT /v2.0/fwaas/firewall_policies/{firewall_policy_id}

Updates a network ACLpolicy.


Issue 01 (2017-12-31) 282

Restrictions

N/A

Request Parameter


firewall_policy Dict Yes Specifies the firewall policy list. Fordetails, see Table 18-2.Mandatory field: none

Response Parameter



Example RequestPUT /v2.0/fwaas/firewall_policies/2fb0e81f-9f63-44b2-9894-c13a3284594a { "firewall_policy": { "firewall_rules": [ "0f82b221-8cd6-44bd-9dfc-0e118fa7b6b1" ] }}

Example Response{ "firewall_policy": { "description": "", "firewall_rules": [ "0f82b221-8cd6-44bd-9dfc-0e118fa7b6b1" ], "tenant_id": "23c8a121505047b6869edf39f3062712", "public": false, "id": "2fb0e81f-9f63-44b2-9894-c13a3284594a", "audited": false, "name": "test-policy" }}

Error Codes

NormalResponseCode

Type Description



Issue 01 (2017-12-31) 283

NormalResponseCode

Type Description



















Issue 01 (2017-12-31) 284

18.11 Deleting a Network ACL Policy

Function

This interface is used to delete a network ACL policy.

API Format


DELETE /v2.0/fwaas/firewall_policies/{firewall_policy_id}

Deletes a network ACLpolicy.

Restrictions

N/A

Request Parameter

None

Response Parameter

None

Example Request

DELETE /v2.0/fwaas/firewall_policies/2fb0e81f-9f63-44b2-9894-c13a3284594a

Example Response

None

Error Codes

NormalResponseCode

Type Description





Issue 01 (2017-12-31) 285
















18.12 Inserting a Network ACL Rule

FunctionThis interface is used to insert a network ACL rule in a network ACL policy.


PUT /v2.0/fwaas/firewall_policies/{firewall_policy_id}/insert_rule

Inserts a network ACL rulein a specific network ACLpolicy.


Issue 01 (2017-12-31) 286

RestrictionsN/A


firewall_policy_id String Yes firewall policy ID

firewall_rule_id String Yes firewall rule ID

insert_after String No The insert_after parameter indicatesthe firewall rule that has already beenassociated with the firewall policy. Anew firewall rule will be insertedafter the firewall rule associated withthe firewall policy.If both the insert_after andinsert_before parameters arespecified, the insert_after parameterwill be ignored.

insert_before String No The insert_before parameterindicates the firewall rule that hasalready been associated with thefirewall policy. A new firewall rulewill be inserted before the firewallrule associated with the firewallpolicy.If both the insert_after andinsert_before parameters arespecified, the insert_after parameterwill be ignored.


description String Yes Provides supplementary informationabout the firewall policy.

audited Boolean Yes Each time the firewall policy or theassociated firewall rules are changed,this attribute will be set to False.

firewall_rules List Yes Specifies the ID list of the firewallrules associated with the currentfirewall policy.

id String Yes Specifies the firewall policy ID.


Issue 01 (2017-12-31) 287


name String Yes Specifies the firewall policy name.

public Boolean Yes If this attribute is set to True, thenetwork ACL policy is visible totenants other than its owner. Thenetwork ACL policy is not visible toother tenants by default.

tenant_id String Yes Specifies the ID of the current tenant.

Example RequestPUT /v2.0/fwaas/firewall_policies/afc52ce9-5305-4ec9-9feb-44feb8330341/insert_rule { "insert_after": "b8243448-cb3c-496e-851c-dadade4c161b", "firewall_rule_id": "0f82b221-8cd6-44bd-9dfc-0e118fa7b6b1", "insert_before": ""}

Example Response{ "description": "", "firewall_rules": [ "b8243448-cb3c-496e-851c-dadade4c161b", "0f82b221-8cd6-44bd-9dfc-0e118fa7b6b1" ], "tenant_id": "23c8a121505047b6869edf39f3062712", "public": false, "id": "afc52ce9-5305-4ec9-9feb-44feb8330341", "audited": false, "name": "test-policy"}


Type Description







Issue 01 (2017-12-31) 288















18.13 Removing a Network ACL Rule from a NetworkACL Policy

Function

This interface is used to remove a network ACL rule from a network ACL policy.

API Format


PUT /v2.0/fwaas/firewall_policies/{firewall_policy_id}/remove_rule

Removes a network ACLrule from a specific networkACL policy.


Issue 01 (2017-12-31) 289

RestrictionsN/A


firewall_rule_id String Yes firewall rule ID


description String Yes Provides supplementary informationabout the firewall policy.

audited Boolean Yes Each time the firewall policy or theassociated firewall rules are changed,this attribute will be set to False.

firewall_rules List Yes Specifies the ID list of the firewallrules associated with the currentfirewall policy.

id String Yes Specifies the firewall policy ID.

name String Yes Specifies the firewall policy name.

public Boolean Yes If this attribute is set to True, thenetwork ACL policy is visible totenants other than its owner. Thenetwork ACL policy is not visible toother tenants by default.

tenant_id String Yes Specifies the ID of the current tenant.

Example RequestPUT /v2.0/fwaas/firewall_policies/afc52ce9-5305-4ec9-9feb-44feb8330341/remove_rule {"firewall_rule_id": "0f82b221-8cd6-44bd-9dfc-0e118fa7b6b1"}

Example Response{ "description": "", "firewall_rules": [ "b8243448-cb3c-496e-851c-dadade4c161b" ], "tenant_id": "23c8a121505047b6869edf39f3062712", "public": false, "id": "afc52ce9-5305-4ec9-9feb-44feb8330341", "audited": false,


Issue 01 (2017-12-31) 290

"name": "test-policy"}


Type Description



















Issue 01 (2017-12-31) 291



18.14 Querying Network ACL Groups

Function

This interface is used to query all network ACL groups.

API Format


GET /v2.0/fwaas/firewall_groups Queries all network ACLgroups accessible to thetenant submitting therequest. A maximum of2000 records can bereturned for each queryoperation. If the number ofrecords exceeds 2000, thepagination marker will bereturned. For details, seesection A.4 Pagination.

Restrictions

N/A

Request Parameter

None

Response Parameter


firewall_groups List(firewallgroup)

Yes Specifies the firewall group list. Fordetails, see Table 18-3.

Example RequestGET/v2.0/fwaas/firewall_groups


Issue 01 (2017-12-31) 292

Example Response{ "firewall_groups": [ { "status": "INACTIVE", "public": false, "egress_firewall_policy_id": null, "name": "", "admin_state_up": true, "ports": [ ], "tenant_id": "23c8a121505047b6869edf39f3062712", "id": "cd600d47-0045-483f-87a1-5041ae2f513b", "ingress_firewall_policy_id": null, "description": "" }, { "status": "INACTIVE", "public": false, "egress_firewall_policy_id": "d939df29-fe76-4089-90c3-3778e4d53141", "name": "fwg-1475475043", "admin_state_up": true, "ports": [ ], "tenant_id": "0af57070695044ea9a70f04779e6aa1f", "id": "ca971b45-70ce-4879-9734-b6cac1d00845", "ingress_firewall_policy_id": "d939df29-fe76-4089-90c3-3778e4d53141", "description": "" } ]}

Error Codes

NormalResponseCode

Type Description











Issue 01 (2017-12-31) 293











18.15 Querying a Network ACL Group

Function

This interface is used to query details about a specific network ACL group.


GET /v2.0/fwaas/firewall_groups/{firewall_group_id}

Queries details about anetwork ACL groupspecified by the tenantsubmitting the request.

Restrictions

N/A

Request Parameter

None


Issue 01 (2017-12-31) 294

Response Parameter


firewall_group Dict Yes Specifies the firewall group list. Fordetails, see Table 18-3.

Example RequestGET/v2.0/fwaas/firewall_groups/ a504a4cf-9300-40e0-b2d4-649bd157c55a

Example Response{ "firewall_group": { "status": "ACTIVE", "public": false, "egress_firewall_policy_id": null, "name": "bobby_fwg1", "admin_state_up": true, "ports": [ "16e6d779-15e9-48fb-abc5-b86457792a15" ], "tenant_id": "23c8a121505047b6869edf39f3062712", "id": "a504a4cf-9300-40e0-b2d4-649bd157c55a", "ingress_firewall_policy_id": "fed2d88f-d0e7-4cc5-bd7e-c495f67037b6", "description": "test" }}

Error Codes

NormalResponseCode

Type Description










Issue 01 (2017-12-31) 295












18.16 Creating a Network ACL Group

FunctionThis interface is used to create a network ACL group.


POST /v2.0/fwaas/firewall_groups Creates a network ACLgroup.

RestrictionsN/A


Issue 01 (2017-12-31) 296

Request Parameter


firewall_group Dict Yes Specifies the firewall group list. Fordetails, see Table 18-3.Mandatory field: none

Response Parameter



Example RequestPOST /v2.0/fwaas/firewall_groups{ "firewall_group": { "ingress_firewall_policy_id": "afc52ce9-5305-4ec9-9feb-44feb8330341", "ports": [ "c133f2bf-6937-4416-bb17-012e1be5cd2d" ] }}

Example Response{ "firewall_group": { "status": "PENDING_CREATE", "public": false, "egress_firewall_policy_id": null, "name": "", "admin_state_up": true, "ports": [ "c133f2bf-6937-4416-bb17-012e1be5cd2d" ], "tenant_id": "23c8a121505047b6869edf39f3062712", "id": "0415f554-26ed-44e7-a881-bdf4e6216e38", "ingress_firewall_policy_id": "afc52ce9-5305-4ec9-9feb-44feb8330341", "description": "" }}

Error Codes

NormalResponseCode

Type Description



Issue 01 (2017-12-31) 297

NormalResponseCode

Type Description



















Issue 01 (2017-12-31) 298

18.17 Updating a Network ACL Group

Function

This interface is used to update a network ACL group.


PUT /v2.0/fwaas/firewall_groups/{firewall_group_id}

Updates a network ACLgroup.

Restrictions

N/A


firewall_group Dict Yes Specifies the firewall group list. Fordetails, see Table 18-3.Mandatory field: none



Example RequestPUT /v2.0/fwaas/firewall_groups/2fb0e81f-9f63-44b2-9894-c13a3284594a { "firewall_group": { "egress_firewall_policy_id": "53f36c32-db25-4856-a0ba-e605fd88c5e9" }}

Example Response{ "firewall_group": { "status": "PENDING_UPDATE", "public": false, "egress_firewall_policy_id": "53f36c32-db25-4856-a0ba-e605fd88c5e9",


Issue 01 (2017-12-31) 299

"name": "", "admin_state_up": true, "ports": [ "c133f2bf-6937-4416-bb17-012e1be5cd2d" ], "tenant_id": "23c8a121505047b6869edf39f3062712", "id": "0415f554-26ed-44e7-a881-bdf4e6216e38", "ingress_firewall_policy_id": "afc52ce9-5305-4ec9-9feb-44feb8330341", "description": "" }}

Error Codes

NormalResponseCode

Type Description

















Issue 01 (2017-12-31) 300





18.18 Deleting a Network ACL Group

FunctionThis interface is used to delete a network ACL group.


DELETE /v2.0/fwaas/firewall_groups/{firewall_group_id}

Deletes a network ACLgroup.

RestrictionsN/A



Example RequestDELETE /v2.0/fwaas/firewall_groups/0415f554-26ed-44e7-a881-bdf4e6216e38

Example ResponseNone


Issue 01 (2017-12-31) 301


Type Description




















Issue 01 (2017-12-31) 302


Issue 01 (2017-12-31) 303

19 Security Group (Native OpenStack API)

19.1 Overview

Object Introduction

Manage and perform operations on security groups and security group rules, includingquerying security groups and security group rules, creating a security group and securitygroup rule, querying a security group and security group rule, deleting a security group andsecurity group rule, and updating security groups.

Object Model

Table 19-1 Security Group object



id Uuid-str R None N/A Specifies thesecurity group ID.


CR None N/A Specifies the tenantID. Only theadministrator canspecify the tenant IDof other tenants.

name String(255)

CRU None The value ofthisparametercannot bedefaultwhen youcreate orupdate asecuritygroup.

Specifies thesecurity groupname.

Virtual Private CloudAPI Reference 19 Security Group (Native OpenStack API)

Issue 01 (2017-12-31) 304




CRU None N/A Providessupplementaryinformation aboutthe security group.


List(security_group_rule)

R None N/A Specifies thesecurity group rulelist. For details, seeTable 19-2.

Table 19-2 Security Group Rule object



id Uuid-str R None N/A Specifies the securitygroup rule ID.


CRU None N/A Providessupplementaryinformation about thesecurity group rule.

security_group_id

Uuid-str CR None N/A Specifies the ID ofthe belonged securitygroup.

remote_group_id

Uuid-str CR None Eitherremote_group_id orremote_ip_prefix is used.

Specifies the peer IDof the belongedsecurity group.

direction String CR None ingress/egress Specifies thedirection of thetraffic for which thesecurity group ruletakes effect.

remote_ip_prefix

String(255)

CR None The valuemust be inCIDR format.Eitherremote_group_id orremote_ip_prefix is used.

Specifies the peer IPaddress segment.


Issue 01 (2017-12-31) 305



protocol String CR None The valuemust be tcp,udp, icmp, oran IP protocolnumber.

Specifies the protocoltype or the IPprotocol number.

port_range_max

Int CR None The valueranges from 1to 65,535.(The valueranges from 0to 255 when itindicates thecode.)

Specifies themaximum portnumber. When ICMPis used, the value isthe ICMP code.

port_range_min

Int CR None The valueranges from 1to 65,535.(The valueranges from 0to 255 when itindicates thetype.)

Specifies theminimum portnumber. If the ICMPprotocol is used, thisparameter indicatesthe ICMP type.When the TCP orUDP protocol isused, bothport_range_maxand port_range_minmust be specified,and theport_range_maxvalue must be greaterthan theport_range_minvalue.When the ICMPprotocol is used, ifyou specify theICMP code(port_range_max),you must also specifythe ICMP type(port_range_min).

ethertype String CR IPv4 IPv4/IPv6 Specifies the networktype.Only IPv4 issupported.


Issue 01 (2017-12-31) 306




CR None N/A Specifies the tenantID. Only theadministrator canspecify the tenant IDof other tenants.

19.2 Querying Security Groups

Function

This interface is used to query security groups.

API Format


GET /v2.0/security-groups?name={ name }&description={ description }&tenant_id ={tenant_id}

Queries all security groupsaccessible to the tenantsubmitting the request. Amaximum of 2000 recordscan be returned for eachquery operation. If thenumber of records exceeds2000, the pagination markerwill be returned. For details,see section A.4 Pagination.

Restrictions

N/A

Request Parameter

None

Response Parameter


security_groups List(security_group)

Yes Specifies the security group list. Fordetails, see Table 19-1.


Issue 01 (2017-12-31) 307

Example RequestGET /v2.0/security-groups

Example Response{ "security_groups": [ { "tenant_id": "84b25ac10ed642cca484aa55c098e3aa", "name": "default", "description": "Default security group", "security_group_rules": [ { "remote_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967", "direction": "ingress", "remote_ip_prefix": null, "protocol": null, "ethertype": "IPv6", "tenant_id": "84b25ac10ed642cca484aa55c098e3aa", "port_range_max": null, "port_range_min": null, "id": "07adc044-3f21-4eeb-bd57-5e5eb6024b7f", "description": null, "security_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967" }, { "remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "ethertype": "IPv6", "tenant_id": "84b25ac10ed642cca484aa55c098e3aa", "port_range_max": null, "port_range_min": null, "id": "47e05c14-1aa2-4355-aaf8-b57e18f98c9a", "description": null, "security_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967" }, { "remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "ethertype": "IPv4", "tenant_id": "84b25ac10ed642cca484aa55c098e3aa", "port_range_max": null, "port_range_min": null, "id": "8a8a238b-fdb1-4321-b667-26205c7f37d1", "description": null, "security_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967" }, { "remote_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967", "direction": "ingress", "remote_ip_prefix": null, "protocol": null, "ethertype": "IPv4", "tenant_id": "84b25ac10ed642cca484aa55c098e3aa", "port_range_max": null, "port_range_min": null, "id": "b5874440-84a0-4382-8e37-3f012b90b71e", "description": null, "security_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967" } ], "id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967" }


Issue 01 (2017-12-31) 308

]}


Type Description



















Issue 01 (2017-12-31) 309



19.3 Querying a Security Group

FunctionThis interface is used to query details about a specific security group.


GET /v2.0/security-groups/{security_group_id} Queries details about thespecified security group.

RestrictionsN/A



security_group Dict Yes Specifies the security group list. Fordetails, see Table 19-1.

Example RequestGET /v2.0/security-groups/1d8b19c7-7c56-48f7-a99b-4b40eb390967

Example Response{ "security_group": { "tenant_id": "84b25ac10ed642cca484aa55c098e3aa", "name": "default", "description": "Default security group", "security_group_rules": [ { "remote_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967", "direction": "ingress", "remote_ip_prefix": null,


Issue 01 (2017-12-31) 310

"protocol": null, "ethertype": "IPv6", "tenant_id": "84b25ac10ed642cca484aa55c098e3aa", "port_range_max": null, "port_range_min": null, "id": "07adc044-3f21-4eeb-bd57-5e5eb6024b7f", "description": null, "security_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967" }, { "remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "ethertype": "IPv6", "tenant_id": "84b25ac10ed642cca484aa55c098e3aa", "port_range_max": null, "port_range_min": null, "id": "47e05c14-1aa2-4355-aaf8-b57e18f98c9a", "description": null, "security_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967" }, { "remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "ethertype": "IPv4", "tenant_id": "84b25ac10ed642cca484aa55c098e3aa", "port_range_max": null, "port_range_min": null, "id": "8a8a238b-fdb1-4321-b667-26205c7f37d1", "description": null, "security_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967" }, { "remote_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967", "direction": "ingress", "remote_ip_prefix": null, "protocol": null, "ethertype": "IPv4", "tenant_id": "84b25ac10ed642cca484aa55c098e3aa", "port_range_max": null, "port_range_min": null, "id": "b5874440-84a0-4382-8e37-3f012b90b71e", "description": null, "security_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967" } ], "id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967" }}


Type Description




Issue 01 (2017-12-31) 311

NormalResponseCode

Type Description

















19.4 Creating a Security Group

FunctionThis interface is used to create a security group.


Issue 01 (2017-12-31) 312


POST /v2.0/security-groups Creates a security group.

RestrictionsN/A


security_group

Dict Yes Specifies the security group and security grouplist. For details, see Table 19-1. Mandatoryfield: none


security_group Dict Yes Specifies the security group list. Fordetails, see Table 19-1.

Example RequestPOST /v2.0/security-groups{ "security_group": { "name": "test" }}

Example Response{ "security_group": { "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "name": "test", "description": "", "security_group_rules": [ { "remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "ethertype": "IPv4", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "port_range_max": null, "port_range_min": null, "id": "2c4b4ca9-902e-47e7-bf68-d628cb06a388", "description": null,


Issue 01 (2017-12-31) 313

"security_group_id": "9f79f6af-b30f-4b83-bc20-d86e0857cdf3" }, { "remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "ethertype": "IPv6", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "port_range_max": null, "port_range_min": null, "id": "b197706d-e21d-439c-8bd8-0754bd2fac3c", "description": null, "security_group_id": "9f79f6af-b30f-4b83-bc20-d86e0857cdf3" } ], "id": "9f79f6af-b30f-4b83-bc20-d86e0857cdf3" }}


Type Description














Issue 01 (2017-12-31) 314








19.5 Updating a Security Group

Function

This interface is used to update a security group.

API Format


PUT /v2.0/security-groups/{security_group_id} Updates a security group.

Restrictions

N/A

Request Parameter


security_group

Dict Yes Specifies the security group list. For details, seeTable 19-1.This parameter has no mandatory fields. You mustspecify at least one attribute when updating thesecurity group.


Issue 01 (2017-12-31) 315


security_group Dict Yes Specifies a security group. Fordetails, see the Security Groupobject table.

Example RequestPUT/v2.0/security-groups/9f79f6af-b30f-4b83-bc20-d86e0857cdf3{ "security_group": { "name": "test01" }}

Example Response{ "security_group": { "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "name": "test01", "description": "", "security_group_rules": [ { "remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "ethertype": "IPv4", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "port_range_max": null, "port_range_min": null, "id": "2c4b4ca9-902e-47e7-bf68-d628cb06a388", "description": null, "security_group_id": "9f79f6af-b30f-4b83-bc20-d86e0857cdf3" }, { "remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "ethertype": "IPv6", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "port_range_max": null, "port_range_min": null, "id": "b197706d-e21d-439c-8bd8-0754bd2fac3c", "description": null, "security_group_id": "9f79f6af-b30f-4b83-bc20-d86e0857cdf3" } ], "id": "9f79f6af-b30f-4b83-bc20-d86e0857cdf3" }}


Issue 01 (2017-12-31) 316


Type Description




















Issue 01 (2017-12-31) 317

19.6 Deleting a Security Group

Function

This interface is used to delete a security group.

API Format


DELETE /v2.0/security-groups/{security_group_id} Deletes the specifiedsecurity group.

Restrictions

N/A

Request Parameter

None

Response Parameter

None

Example RequestDELETE /v2.0/security-groups/a7ebb1d8-71e5-42e5-9030-4e0fca059d50

Example Response

None

Error Codes

NormalResponseCode

Type Description





Issue 01 (2017-12-31) 318
















19.7 Querying Security Group Rules

FunctionThis interface is used to query security group rules.


Issue 01 (2017-12-31) 319


GET /v2.0/security-group-rules?security_group_id={security_group_id}&remote_group_id={remote_group_id}&direction={direction}&remote_ip_prefix={remote_ip_prefix}&protocol={protocol}&port_range_max={port_range_max}&port_range_min={port_range_min}&ethertype={ethertype}&tenant_id ={tenant_id}

Queries all the securitygroup rules accessible to thetenant submitting therequest. A maximum of2000 records can bereturned for each queryoperation. If the number ofrecords exceeds 2000, thepagination marker will bereturned. For details, seesection A.4 Pagination.

RestrictionsN/A




List(security_group_rule)

Yes Specifies the security group rule list.For details, see Table 19-2.

Example RequestGET/v2.0/security-group-rules

Example Response{ "security_group_rules": [ { "remote_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967", "direction": "ingress", "remote_ip_prefix": null, "protocol": null, "tenant_id": "6c9298ec8c874f7f99688489ab65f90e", "port_range_max": null, "security_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967", "port_range_min": null, "ethertype": "IPv6", "description": null, "id": "07adc044-3f21-4eeb-bd57-5e5eb6024b7f" }, { "remote_group_id": null, "direction": "egress",


Issue 01 (2017-12-31) 320

"remote_ip_prefix": null, "protocol": null, "tenant_id": "6c9298ec8c874f7f99688489ab65f90e", "port_range_max": null, "security_group_id": "328fb454-a2ee-4a11-bdb1-ee19bbdfde43", "port_range_min": null, "ethertype": "IPv6", "description": null, "id": "09358f83-f4a5-4386-9563-a1e3c373d655" }, { "remote_group_id": "4c763030-366e-428c-be2b-d48f6baf5297", "direction": "ingress", "remote_ip_prefix": null, "protocol": null, "tenant_id": "6c9298ec8c874f7f99688489ab65f90e", "port_range_max": null, "security_group_id": "4c763030-366e-428c-be2b-d48f6baf5297", "port_range_min": null, "ethertype": "IPv6", "description": null, "id": "219a6f56-1069-458b-bec0-df9270e7a074" } ]}


Type Description












Issue 01 (2017-12-31) 321










19.8 Querying a Security Group Rule

FunctionThis interface is used to query details about a specific security group rule.


GET /v2.0/security-group-rules/{security-groups-rules-id}

Queries details about thespecified security grouprule.

RestrictionsN/A



Issue 01 (2017-12-31) 322

Response Parameter


security_group_rule Dict Yes Specifies the security group rulelist. For details, see Table 19-2.

Example RequestGET/v2.0/security-group-rules/1755bc80-cf3a-4f57-8ae9-d9796482ddc0

Example Response{ "security_group_rule": { "remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "port_range_max": null, "security_group_id": "723bc02c-d7f7-49b5-b6ff-d08320f315e2", "port_range_min": null, "ethertype": "IPv4", "description": null, "id": "1755bc80-cf3a-4f57-8ae9-d9796482ddc0" }}

Error Codes

NormalResponseCode

Type Description










Issue 01 (2017-12-31) 323












19.9 Creating a Security Group Rule

Function

This interface is used to create a security group rule.

API Format


POST /v2.0/security-group-rules Creates a security grouprule.

Restrictions

N/A

Request Parameter


Issue 01 (2017-12-31) 324


security_group_rule Dict Yes Specifies the security group rulelist. For details, see Table 19-2.Mandatory parameters: directionand security_group_id


security_group_rule Dict Yes Specifies the security group rulelist. For details, see Table 19-2.

Example RequestPOST/v2.0/security-group-rules{ "security_group_rule": { "security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", "direction": "egress", "protocol": "tcp", "remote_ip_prefix": "10.10.0.0/24" }}

Example ResponseSON:{ "security_group_rule": { "remote_group_id": null, "direction": "egress", "remote_ip_prefix": "10.10.0.0/24", "protocol": "tcp", "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", "port_range_max": null, "security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", "port_range_min": null, "ethertype": "IPv4", "description": null, "id": "7c336b04-1603-4911-a6f4-f2af1d9a0488" }}


Type Description



Issue 01 (2017-12-31) 325

NormalResponseCode

Type Description



















Issue 01 (2017-12-31) 326

19.10 Deleting a Security Group Rule

Function

This interface is used to delete a security group rule.

API Format


DELETE /v2.0/security-group-rules/{security-groups-rules-id}

Deletes a specified securitygroup rule.

Restrictions

N/A

Request Parameter

None

Response Parameter

None

Example RequestDELETE/v2.0/security-group-rules/07adc044-3f21-4eeb-bd57-5e5eb6024b7f


Error Codes

NormalResponseCode

Type Description





Issue 01 (2017-12-31) 327

















Issue 01 (2017-12-31) 328

A Appendix

A.1 Error Codes

Description

If an error occurs when an API is called, error information is returned. This section describesthe error information for VPC APIs (excluding native OpenStack APIs).

Example of Returned Error Information{"code": "VPC.0001","message": "Token is null."}

Error Code Description

Module

HTTPStatusCode

ErrorCode

Description Error Message Handling Measure

Public 400

VPC.0001

The token isempty.

Token is null Verify whether the tokenin the request header isempty.

400

VPC.0002

The AZ isempty.

Available zoneName is null.

Verify whether theavailability_zone field inthe request body forcreating a subnet isempty.

Virtual Private CloudAPI Reference A Appendix

Issue 01 (2017-12-31) 329

Module

HTTPStatusCode

ErrorCode


404

VPC.0003

The VPC doesnot exist.

VPC does not exit. Check whether the VPCID is correct or whetherthe VPC exists under thetenant.

400

VPC.0004

The status ofthe VPC isabnormal.

VPC does notactive, please trylater.

Try again later or contacttechnical support.

Creating aVPC

400

VPC.0101

VPCparameters areincorrect.

Param is invalid. Check whether the inputparameter value is validbased on the returnederror message and APIreference document.

409

VPC.0114

The number ofVPCs exceedsthe systemquota.

Quota exceeded forresources: ['router'].

Clear VPC resources thatno longer will be used orapply for expanding theVPC resource quota.

400

VPC.0115

The VPCname alreadyexists.

The router name hasexist.

Change the VPC name.

Querying aVPC

500

VPC.0105

The interfacefails to invokethebackgroundservice.

- Check whether theNeutron service is normalor contact technicalsupport.

500

VPC.0106

An error isreturned forthe failure toinvoke thebackgroundservice.

get router is null. Check whether theNeutron service is normalor contact technicalsupport.

QueryingVPCs

500

VPC.0105

The interfacefails to invokethebackgroundservice.



Issue 01 (2017-12-31) 330

Module

HTTPStatusCode

ErrorCode


500

VPC.0106

An error isreturned forthe failure toinvoke thebackgroundservice.

query routers orgetList are null.

Check whether theNeutron service is normalor contact technicalsupport.

Deleting aVPC

500

VPC.0102

The interfacefails to obtainthe routingresources.

Delete router fail. Contact technical support.

409

VPC.0103

The VPCcannot bedeletedbecause it isbeing created.

Resource status isbusy, try it againlater.

Contact technical support.

409

VPC.0104

The VPCcannot bedeletedbecause itcontainssubnets.

Router containssubnets, pleasedelete subnet first.

Delete the subnet in theVPC.

500

VPC.0107

The VPCcannot bedeletedbecause itcontainsnetwork ACL.

Delete the firewallfirst before deletingthe router.

Delete the network ACLof the tenant.

500

VPC.0108

The VPCcannot bedeletedbecause itcontains EIPs.

Router is used notallow deleted.

Delete EIPs of the tenant.


Issue 01 (2017-12-31) 331

Module

HTTPStatusCode

ErrorCode


500

VPC.0109

The VPCcannot bedeletedbecause itcontainsVPNs.

Router is used notallow deleted.

Delete VPNs of thetenant.

500

VPC.0110

The VPCcannot bedeletedbecause itsstatus isunstable.

deleteDefaultNet-workFromRouterrouter status isinvalid.


500

VPC.0111

An internalerror occursduring theVPC deletion.

- Contact technical support.

409

VPC.0112

The VPCcannot bedeletedbecause itcontainssecuritygroups.

Delete thesecuritygroup firstbefore deleting therouter.

Delete security groups ofthe tenant.

409

VPC.0118

The VPCcannot bedeletedbecause itcontains loadbalancers.

ELB exists underthis router, deleteELB firstly.

Delete load balancers inthe VPC.

500

VPC.0119

An erroroccurred whenthe VPCservice makescalls to theELB service.

- Check whether the ELBservice is normal orcontact technical support.


Issue 01 (2017-12-31) 332

Module

HTTPStatusCode

ErrorCode


409

VPC.0120

The VPCcannot bedeletedbecause itcontainsextensionroutes.

exroutes existsunder this router,delete exroutesfirstly.

Delete extension routes inthe VPC.

Updating aVPC

500

VPC.0113

The VPCcannot beupdatedbecause thestatus of theVPC isabnormal.

Router status is notactive.


400

VPC.0115

The VPCname alreadyexists.

The router name hasexist.

Change the VPC name.

400

VPC.0117

The subnetparameters areinvalid. Thenetworksegment of theVPC does notcontain allthose of thesubnets.

Cidr can not containsubnetList cidr.

Change the CIDR of theVPC.

Creating asubnet

400

VPC.0201

The subnetparameters areincorrect.

Subnet name isinvalid.

Check whether the inputparameter value is validbased on the returnederror message and APIreference document.

500

VPC.0202

An internalerror occurs inthe subnet.

Create subnet failed. Contact technical support.


Issue 01 (2017-12-31) 333

Module

HTTPStatusCode

ErrorCode


400

VPC.0203

The networksegment of thesubnet is not inthe range ofthe VPC.

Subnet is not in therange of VPC.

Change the CIDR of thesubnet.

400

VPC.0204

The networksegment of thesubnet alreadyexists in theVPC.

The subnet hasalready existed inthe VPC, or hasbeen in conflict withthe VPC subnet.

Change the CIDR of thesubnet.

Querying asubnet

400

VPC.0201

The subnetparameters areincorrect.

Subnet ID is invalid. Check whether the subnetID is valid.

Queryingsubnets

500

VPC.0202

An internalerror occurs inthe subnet.

List subnets error. Contact technical support.

Deleting asubnet

500

VPC.0206

The subnetcannot bedeletedbecause it isbeing used bythe VPN.

Subnet has beenused by VPN,please remove thesubnet from theVPN and try again.

Delete the subnet that isused by the VPN.

500

VPC.0207

This operationis not allowedbecause thesubnet doesnot belong tothe VPC.

Subnet does notbelong to the VPC.

Check whether the subnetis in the VPC.

500

VPC.0208

The subnetcannot bedeletedbecause it isbeing used bythe private IPaddress.

Subnet is used byprivate IP, can notbe deleted.

Delete the private IPaddress of the subnet.


Issue 01 (2017-12-31) 334

Module

HTTPStatusCode

ErrorCode


500

VPC.0209

The subnetcannot bedeletedbecause it isbeing used byan ECS or loadbalancer.

Subnet is still used,such as computer,LB.

Delete the ECS or loadbalancer in the subnet.

500

VPC.0210

The subnetcannot bedeletedbecause it isbeing used bythe customroute.

Subnet has beenused by routes,please remove theroutes first and tryagain.

Delete the custom route.

500

VPC.0211

The subnetcannot bedeletedbecause it isbeing used byload balancers.

subnet is still usedby LBaas.

Delete load balancers inthe subnet.

Updating asubnet

500

VPC.0205

The subnetcannot beupdatedbecause it isbeingprocessed.

Subnet states isinvalid, please tryagain later.


400

VPC.0207

This operationis not allowedbecause thesubnet doesnot belong tothe VPC.

Subnet does notbelong to the VPC.

Check whether the subnetis in the VPC.

Applying foranelasticIPaddress

400

VPC.0501

Theparameters ofthe EIP areincorrect.

Bandwidthshare_type isinvalid.



Issue 01 (2017-12-31) 335

Module

HTTPStatusCode

ErrorCode


500

VPC.0502

You are notallowed toapply for anEIP.

Tenant status isop_restricted.

Check whether theaccount balance isinsufficient or frozen.

500

VPC.0503

Failed tocreate an EIP.

Creating publicIpfailed.


500

VPC.0504

Failed to applyfor an EIP.

FloatIp is null. Contact technical support.

500

VPC.0508

Port-relatedresourcescannot befound.

Port is invalid. Contact technical support.

409

VPC.0510

The elastic IPaddress hasbeen bound tothe VM.

Floatingip hasalready associatedwith port.

Unbind the EIP fromother ECSs.

409

VPC.0511

An elastic IPaddress hasbeen bound tothe port.

Port has alreadyassociated withfloatingip.

Unbind the port fromother ECSs.

409

VPC.0521

InsufficientEIP quota.

Quota exceeded forresources:['floatingip'].

Release the unboundEIPS or apply forincreasing the EIP quota.

409

VPC.0522

The IP addressis invalid or inuse.

The IP address is inuse.

Check whether the IPaddress format is valid orreplace it to another IPaddress.

Querying anEIP

400

VPC.0501


Invalidfloatingip_id.

Check whether the EIP IDis valid.


Issue 01 (2017-12-31) 336

Module

HTTPStatusCode

ErrorCode


500

VPC.0514

An exceptionoccurs in theFusionSphereOpenStacksystem.


QueryingEIPs

400

VPC.0501


Invalid limit. Check whether the inputparameter value is validbased on the returnederror message and APIreference document.

Deleting anEIP

400

VPC.0501


Invalid param. Contact technical support.

409

VPC.0512

The status ofthe EIP isabnormal.



500

VPC.0513

Networkresourcescannot befound.

getElementByKeyerror.


500

VPC.0516

Failed todelete the EIPbecause it isbeing used bya loadbalancer.

Publicip is in usedby ELB.

Unbind the load balancerfrom the EIP.

409

VPC.0517

Deleting theEIP failsbecause it isbound to theECS.

Floatingip hasassociated with port,please disassociate itfirstly.

Unbind the EIP from theECS.


Issue 01 (2017-12-31) 337

Module

HTTPStatusCode

ErrorCode


500

VPC.0518

The EIPcannot bedeletedbecause it isused by thenetwork ACL.

Public IP hasfirewall rules.


Updating anelasticIPaddress

400

VPC.0501


Port id is invalid. Check whether the subnetID is valid.

500

VPC.0509

An EIP hasbeen bound tothe port.

Floating ip doublestatus is invalid.

Unbind the port fromother EIPs.

409

VPC.0510

The elastic IPaddress hasbeen bound tothe VM.

Floatingip hasalready associatedwith port.

Unbind the EIP fromother ECSs.

409

VPC.0511

Failed to bindthe EIP to theECS becausethe ECS hasalready beenbound to anEIP.

Port has alreadyassociated withfloatingip.

Unbind the ECS fromother EIP.

409

VPC.0512

The status ofthe EIP isabnormal.



Querying thebandwidth

400

VPC.0301

The bandwidthparameters areincorrect.

getBandwidth errorbandwidthId isinvalid.

Check whether thebandwidth ID is valid.

500

VPC.0302

Failed toobtainunderlyingresources.



Issue 01 (2017-12-31) 338

Module

HTTPStatusCode

ErrorCode


Queryingbandwidths

400

VPC.0301


Get bandwidthserror limit is invalid.


500

VPC.0302



Updating thebandwidth

400

VPC.0301


updateBandwidthinput param isinvalid.


500

VPC.0302



500

VPC.0305

An internalerror occursduring thebandwidthupdate.

updateBandwidtherror.


Creating asecurity group

400

VPC.0601

Theparameters ofthe securitygroup areincorrect.

Creatingsecuritygroup nameis invalid.


500

VPC.0602

An internalerror occurs inthe securitygroup.

Add security groupfail.


Querying asecurity group

400

VPC.0601


Securitygroup id isinvalid.

Check whether thesecurity group ID is valid.


Issue 01 (2017-12-31) 339

Module

HTTPStatusCode

ErrorCode


500

VPC.0602


Query securitygroup fail.


404

VPC.0603

The securitygroup does notexist.

Securitygroup is notexit.

Check whether thesecurity group ID iscorrect or whether thesecurity group existsunder the tenant.

Queryingsecuritygroups

400

VPC.0601


Query securitygroups error limit isinvalid.


500

VPC.0602


Query securitygroups fail.


A.2 ICMP-Port Range Relationship TableICMP Type port_range_min port_range_max

Any NULL NULL

Echo 8 0

Echo reply 0 0

Fragment need DF set 3 4

Host redirect 5 1

Host TOS redirect 5 3

Host unreachable 3 1

Information reply 16 0


Issue 01 (2017-12-31) 340

ICMP Type port_range_min port_range_max

Information request 15 0

Net redirect 5 0

Net TOS redirect 5 2

Net unreachable 3 0

Parameter problem 12 0

Port unreachable 3 3

Protocol unreachable 3 2

Reassembly timeout 11 1

Source quench 4 0

Source route failed 3 5

Timestamp reply 14 0

Timestamp request 13 0

TTL exceeded 11 0

A.3 VPC Monitoring Metrics

DescriptionThis section describes monitoring metrics reported by VPC to Cloud Eye as well as theirnamespaces and dimensions. You can use APIs provided by Cloud Eye to query themonitoring metrics of the monitored object and alarms generated for VPC.

NamespaceSYS.VPC

MetricsMetric Name Description Value

RangeMonitoredObject

up_bandwidth UpstreamBandwidth

Specifies theoutbound networkrate of themonitored object.

≥ 0 byte/s Bandwidth orelastic IPaddress

down_bandwidth DownstreamBandwidth

Specifies inboundnetwork rate ofthe monitoredobject.

≥ 0 byte/s Bandwidth orelastic IPaddress


Issue 01 (2017-12-31) 341

Metric Name Description ValueRange

MonitoredObject

up_stream UpstreamTraffic

Specifies theoutbound networktraffic of themonitored object.

≥ 0 byte Bandwidth orelastic IPaddress

down_stream DownstreamTraffic

Specifies theinbound networktraffic of themonitored object.

≥ 0 byte Bandwidth orelastic IPaddress

Dimension

Key Value

publicip_id Specifies the elastic IP address ID.

bandwidth_id Specifies the bandwidth ID.

A.4 Pagination

Scenarios

Neutron APIs v2.0 provides the pagination function. You can set parameters limit andmarker in the URL to enable the desired number of items to be returned. All returned itemsare displayed in the ascending order of ID.

l To access the next page of the request, perform the following configurations:

– Replace the value of marker in the original access request URL. Replace the valueof marker to the value of marker in the value of herf if the value of rel in theresponse is next.

– Set the value of page_reverse to False.

l To access the previous page of the request, perform the following configurations:

– Replace the value of marker in the original access request URL. Replace the valueof marker to the value of marker in the value of herf if the value of rel in theresponse is previous.

– Set the value of page_reverse to True.

Request Parameter


limit String No Specifies the number of items displayed perpage.


Issue 01 (2017-12-31) 342


marker String No Specifies the ID of the last item in theprevious list. If the marker value is invalid,error code 400 will be returned.

page_reverse Bool No Specifies the page direction. The value canbe True or False.

offset String No The offset+1 record will be first displayed.(The native OpenStack APIs are used forthis function. The APIs include /ports, /subnets, /networks, /routers, /security-groups, /security-group-rules, /fwaas/firewall_rules, /fwaas/firewall_policies,and /fwaas/firewall_groups.)

Example RequestGET /v2.0/networks?limit=2&marker=3d42a0d4-a980-4613-ae76-a2cddecff054&page_reverse=False

Example Response{"networks": [{"status": "ACTIVE","subnets": [],"name": "liudongtest ","admin_state_up": false,"tenant_id": "6fbe9263116a4b68818cf1edce16bc4f","id": "60c809cb-6731-45d0-ace8-3bf5626421a9"

},{"status": "ACTIVE","subnets": ["132dc12d-c02a-4c90-9cd5-c31669aace04"],"name": "publicnet","admin_state_up": true,"tenant_id": "6fbe9263116a4b68818cf1edce16bc4f","id": "9daeac7c-a98f-430f-8e38-67f9c044e299"}],"networks_links": [{"href": "http://192.168.82.231:9696/v2.0/networks?limit=2&marker=9daeac7c-a98f-430f-8e38-67f9c044e299","rel": "next"},{"href": "http://192.168.82.231:9696/v2.0/networks?limit=2&marker=60c809cb-6731-45d0-ace8-3bf5626421a9&page_reverse=True","rel": "previous"}]}


Issue 01 (2017-12-31) 343

B Change History

Released On Description

2017-12-31 This issue is the first officialrelease.

Virtual Private CloudAPI Reference B Change History

Issue 01 (2017-12-31) 344

static-intl.huaweicloud.comstatic-intl.huaweicloud.com/upload/files/pdf/20171115/20171115170… ·...

Documents