openstack-nf

openstack Network Function Virtualization

Network Service APIs - Version 1.2

- Ravi Chunduru

Contributors

Balaji - Freescale

Srini Addepalli - Freescale

1.0 Network Service Appliance Category API

Network Service appliance category API can be used to manage different categories of network service appliances.

1.1 List Network service Appliance Categories

Verb	URI	Description
GET	/nsappliances/category	List all network service Appliance Categories

Normal Response Code(s): 200, 203

Error Response Codes(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413)

Example JSON response

{
    "nsappliance-categories": 
    [
        {
            "id": "52415800-8b69-11e0-9b19-734f6af67565",
            "category": "firewall",
            "description": "Firewall Security appliance",
            "shared":True
        },
        {
            "id": "493454534-8b69-11e0-9b19-74f6af672345",
            "category": "IPS",
            "description": "Intrusion Prevention Appliance",
            "shared":False  
        }
    ]
}

1.2 create a Network service category

Verb	URI	Description
POST	/nsappliances/category	Create a network service Appliance

Normal Response Code(s): 202

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404), badMediaType (415), serverCapacityUnavailable (503)

This operation creates a network service category. Each category is identified by UUID.

The following table describes the required and optional attributes that you can specify in the request body.

Name	Description	Required
category	Type of network service Appliance grouped as category. Following are few categories firewall, IPS, WAF etc., User can create category of his choice	Yes
description	Describe about the category	False
shared	Set the accessibility of the nsappliance category for other tenants

Network service Appliance Category create JSON request

{
    "category": "firewall",
    "description": "Firewall Security appliance",
    "shared":True
}

Network service Appliance Category create JSON response

{
    "id": "52415800-8b69-11e0-9b19-734f565bc83b",
    "tenant-id": "35415810-6b62-71e0-0b11-234f565bc422",    
    "category": "firewall",
    "description": "Firewall Security appliance",
    "shared":True
}

1.3 Get Network Service Appliance Category Details

Verb	URI	Description
GET	/nsappliances/category/{category_id}	List details of a specified network service

Normal Response Code(s): 200, 203

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

Specify the Network Service Appliance Category ID as id in the URI.

This operation does not require a request body.

This operation returns the details of a specific Network Service Appliance Category by its ID.

Example JSON response

{
    "id": "52415800-8b69-11e0-9b19-734f565bc83b",
    "tenant-id": "35415810-6b62-71e0-0b11-234f565bc422",
    "category": "firewall",
    "description": "Firewall Security appliance",
    "shared":True
}

1.4 Update a Network Service Appliance Category

Verb	URI	Description
PUT	/nsappliances/category/{category_id}	Update a specified Network Service Category

Normal Response Code(s): 200

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

This operation enables you to update the editable attributes of a specified Network Service.

Specify the Network Service Appliance Category ID as id in the URI.

The following table describes the attributes that you can specify in the request body:

Name	Description
description	You can edit the description of this Network Service Appliance Category
shared	Set the accessibility of the nsappliance category for other tenants

1.5 Delete a Network Service Appliance Category

Verb	URI	Description
DELETE	/nsappliances/category/id	Delete a specified Network Service Appliance Category

Normal Response Code(s): 204

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404), itemInUse (409)

This operation deletes a specified Network Service instance from the system.

Specify the ID for the Network Service Appliance Category as id in the URI.

This operation does not require a request body or return a response body.

1.6 List Network Functions

Verb	URI	Description
GET	/nsappliances/networkfunction	List all network Functions

Normal Response Code(s): 200, 203

Error Response Codes(s): computeFault (400, 500), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413)

Example JSON response

{
    "networkfunctions": 
    [
        {
            "id": "52415800-8b69-11e0-9b19-734f6af67565",
            "name":"UTM-service"
        },
        {
            "id": "493454534-8b69-11e0-9b19-74f6af672345",
            "name":"Firewall-Service"
        }
    ]
}

1.7 create a Network Function

Verb	URI	Description
POST	/nsappliances/networkfunctions	Create a network Function

Normal Response Code(s): 202

Error Response Code(s): computeFault (400, 500), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404), badMediaType (415), serverCapacityUnavailable (503)

This operation creates a network Function Catalogue. Each Network function is identified by UUID.

The following table describes the required and optional attributes that you can specify in the request body.

Name	Description	Required
name	The name of network function	Yes

Network Function create JSON request

{
    "name": "firewall"
}

Network Function create JSON response

{
    "id": "52415800-8b69-11e0-9b19-734f565bc83b",
    "category": "firewall"
}

1.8 Get Network Functions Catalog Details

Verb	URI	Description
GET	/nsappliances/networkfunctions/{function_id}	List details of a specified network Function

Normal Response Code(s): 200, 203

Error Response Code(s): computeFault (400, 500), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

Specify the Network Function ID as id in the URI.

This operation does not require a request body.

This operation returns the details of a specific Network Service Appliance Category by its ID.

Example JSON response

{
    "id": "52415800-8b69-11e0-9b19-734f565bc83b",
    "name": "firewall"
}

1.9 Update a Network Function Name

Verb	URI	Description
PUT	/nsappliances/networkfunctions/{function_id}	Update a specified Network Function name

Normal Response Code(s): 200

Error Response Code(s): computeFault (400, 500), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

This operation enables you to update the editable attributes of a specified Network Function.

Specify the Network Function ID as id in the URI.

The following table describes the attributes that you can specify in the request body:

Name	Description
name	You can edit the description of this Network Function name

1.10 Delete a Network Function

Verb	URI	Description
DELETE	/nsappliances/category/id	Delete a specified Network Function

Normal Response Code(s): 204

Error Response Code(s): computeFault (400, 500,), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404), itemInUse (409)

This operation deletes a specified Network Function from the system.

Specify the ID for the Network function id in the URI.

This operation does not require a request body or return a response body.

2.0 Network Service Appliance Image Management

The following set of APIs are to manage Images for the configured Network Service Appliances.

2.1 List Image mappings for a Network Service Appliance

Verb	URI	Description
GET	/nsappliances/category/{category_id}/imagemap	List all Network Service Appliance images for a specified Category

Normal Response Code(s): 200, 203
Error Response Codes(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413)

Example JSON response

{
"imagemap": [
    {
        "id": "52415800-8b69-11e0-9b19-734f6af67565",
        "tenant-id": "11415800-8b69-11e0-9b19-734f6af67522",
        "name": "iptables-appliance",
        "imageRef": "http://servers.api.openstack.org/1234/images/52415800-8b69-11e0-9b19-734f6f006e54",
        "flavorRef": "52415800-8b69-11e0-9b19-734f1195ff37",
        "metadata": {
            "My Server Name": "iptables-perimeter-firewall"
        },
        "personality": [
            {
                "path": "/etc/banner.txt",
                "contents": "ICAgICAgDQoiQSBjbG91ZCBkb2VzIG5vdCBrbm93IHdoeSBp dCBtb3ZlcyBpbiBqdXN0IHN1Y2ggYSBkaXJlY3Rpb24gYW5k IGF0IHN1Y2ggYSBzcGVlZC4uLkl0IGZlZWxzIGFuIGltcHVs c2lvbi4uLnRoaXMgaXMgdGhlIHBsYWNlIHRvIGdvIG5vdy4g QnV0IHRoZSBza3kga25vd3MgdGhlIHJlYXNvbnMgYW5kIHRo ZSBwYXR0ZXJucyBiZWhpbmQgYWxsIGNsb3VkcywgYW5kIHlv dSB3aWxsIGtub3csIHRvbywgd2hlbiB5b3UgbGlmdCB5b3Vy c2VsZiBoaWdoIGVub3VnaCB0byBzZWUgYmV5b25kIGhvcml6 b25zLiINCg0KLVJpY2hhcmQgQmFjaA=="
            }
        ]
    },
    {
        "id": "12415800-8b69-11e0-9b19-734f6af67565",
        "tenant-id": "11415800-8b69-11e0-9b19-734f6af67522",
        "name": "waf-appliance",
        "imageRef": "http://servers.api.openstack.org/1234/images/12415800-8b69-11e0-9b19-734f6f006e54",
        "flavorRef": "12415800-8b69-11e0-9b19-734f1195ff37",
        "metadata": {
            "My Server Name": "web-application-firewall"
        },
        "personality": [
            {
                "path": "/etc/banner.txt",
                "contents": "ICAgICAgDQoiQSBjbG91ZCBkb2VzIG5vdCBrbm93IHdoeSBp dCBtb3ZlcyBpbiBqdXN0IHN1Y2ggYSBkaXJlY3Rpb24gYW5k IGF0IHN1Y2ggYSBzcGVlZC4uLkl0IGZlZWxzIGFuIGltcHVs c2lvbi4uLnRoaXMgaXMgdGhlIHBsYWNlIHRvIGdvIG5vdy4g QnV0IHRoZSBza3kga25vd3MgdGhlIHJlYXNvbnMgYW5kIHRo ZSBwYXR0ZXJucyBiZWhpbmQgYWxsIGNsb3VkcywgYW5kIHlv dSB3aWxsIGtub3csIHRvbywgd2hlbiB5b3UgbGlmdCB5b3Vy c2VsZiBoaWdoIGVub3VnaCB0byBzZWUgYmV5b25kIGhvcml6 b25zLiINCg0KLVJpY2hhcmQgQmFjaA=="
            }
        ]
    }
]
}

2.2 Create Image map for a given Network Service Appliance Cateogry

Verb	URI	Description
POST	/nsappliances/category/{category_id}/imagemap	Create a Image map of a specified Network Service Appliance Category

Normal Response Code(s): 202

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404), badMediaType (415), serverCapacityUnavailable (503)

This operation creates a Image mapping for a Network Service Appliance Category.

This API does not upload any new images but refers to existing Image in Glance. It creates a mapping with existing Image with NS Appliance Category.

The following table describes the required and optional attributes that you can specify in the request body.

Name	Description	Required
name	Name of the Image map	True
imageRef	The image reference for the desired image for your NS Appliance.Specify as an ID or full URL.	True
flavorRef	The flavor reference for the desired flavor for your NS Appliance.Specify as an ID or full URL.	True
metadata	Metadata key and value pairs. For information, see openstack docs”.	False
personality	File path and contents. For information, see openstack docs	False

NS Appliance Image map create JSON request

{
    "name": "waf-appliance",
    "imageRef" :"http://servers.api.openstack.org/1234/images/52415800-8b69-11e0-9b19-734f6f006e54",
    "flavorRef" : "52415800-8b69-11e0-9b19-734f1195ff37",
    "metadata" : {
       "My Server Name" : "web-application-firewall"
    },
    "personality" : [
        {          
            "path" : "/etc/banner.txt",
            "contents" : "ICAgICAgDQoiQSBjbG91ZCBkb2VzIG5vdCBrbm93IHdoeSBp dCBtb3ZlcyBpbiBqdXN0IHN1Y2ggYSBkaXJlY3Rpb24gYW5k IGF0IHN1Y2ggYSBzcGVlZC4uLkl0IGZlZWxzIGFuIGltcHVs c2lvbi4uLnRoaXMgaXMgdGhlIHBsYWNlIHRvIGdvIG5vdy4g QnV0IHRoZSBza3kga25vd3MgdGhlIHJlYXNvbnMgYW5kIHRo ZSBwYXR0ZXJucyBiZWhpbmQgYWxsIGNsb3VkcywgYW5kIHlv dSB3aWxsIGtub3csIHRvbywgd2hlbiB5b3UgbGlmdCB5b3Vy c2VsZiBoaWdoIGVub3VnaCB0byBzZWUgYmV5b25kIGhvcml6 b25zLiINCg0KLVJpY2hhcmQgQmFjaA=="
        } 
    ]
}

NS Appliance create image map JSON response

{
    "imagemap": {
        "id": "52415800-8b69-11e0-9b19-734f565bc83b",
        "tenant_id": "1234",
        "name": "waf-appliance",
        "image": {
            "id": "52415800-8b69-11e0-9b19-734f6f006e54",
            "name": "WAF 1.2",
            "links": [
                {
                    "rel": "self",
                    "href": "http://servers.api.openstack.org/v2/1234/images/52415800-8b69-11e0-9b19-734f6f006e54"
                },
                {
                    "rel": "bookmark",
                    "href": "http://servers.api.openstack.org/1234/images/52415800-8b69-11e0-9b19-734f6f006e54"
                }
            ]
        },
        "flavor": {
            "id": "52415800-8b69-11e0-9b19-734f1195ff37",
            "name": "256 MB Server",
            "links": [
                {
                    "rel": "self",
                    "href": "http://servers.api.openstack.org/v2/1234/flavors/52415800-8b69-11e0-9b19-734f1195ff37"
                },
                {
                    "rel": "bookmark",
                    "href": "http://servers.api.openstack.org/1234/flavors/52415800-8b69-11e0-9b19-734f1195ff37"
                }
            ]
        },
        "metadata": {
            "My Server Name": "web-application-firewall"
        }
    }
}

2.3 Get image map for NS Appliance Details

Verb	URI	Description
GET	/nsappliances/category/{category_id}/imagemap/{imagemap_id}	List details of a specified image of a specified NS Appliance category

Normal Response Code(s): 200, 203

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

Specify the imagemap ID as {imagemap_id} and NS Appliance Category ID as cateogry_id in the URI.

This operation does not require a request body.

This operation returns the details of a specific NS Appliance Image map by its ID.

Example JSON response

{
    "imagemap": {
        "id": "52415800-8b69-11e0-9b19-734f565bc83b",
        "tenant_id": "1234",
        "name": "waf-appliance",
        "image": {
            "id": "52415800-8b69-11e0-9b19-734f6f006e54",
            "name": "WAF 1.2",
            "links": [
                {
                    "rel": "self",
                    "href": "http://servers.api.openstack.org/v2/1234/images/52415800-8b69-11e0-9b19-734f6f006e54"
                },
                {
                    "rel": "bookmark",
                    "href": "http://servers.api.openstack.org/1234/images/52415800-8b69-11e0-9b19-734f6f006e54"
                }
            ]
        },
        "flavor": {
            "id": "52415800-8b69-11e0-9b19-734f1195ff37",
            "name": "256 MB Server",
            "links": [
                {
                    "rel": "self",
                    "href": "http://servers.api.openstack.org/v2/1234/flavors/52415800-8b69-11e0-9b19-734f1195ff37"
                },
                {
                    "rel": "bookmark",
                    "href": "http://servers.api.openstack.org/1234/flavors/52415800-8b69-11e0-9b19-734f1195ff37"
                }
            ]
        },
        "metadata": {
            "My Server Name": "web-application-firewall"
        }
    }
}

2.4 Update Image map for a given NS Appliance Category

Verb	URI	Description
PUT	/nsappliances/category/{category_id}/imagemap/{imagemap_id}	Update a specified Image map of a specified NS Appliance Category

Normal Response Code(s): 200

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

This operation enables you to update the editable attributes of a specified NS Appliance Category Image mapping.

Specify the NS Appliance Category ID as category_id and imagemap ID as imagemap_id in the URI.

This request requires a body. Chaning parameters other than the specified attributes will result in 400 Bad request error.

The following table describes the attributes that you can specify in the request body:

Name	Description
name	Change the Image mapping name

2.5 Delete a image map in NS Appliance Category

Verb	URI	Description
DELETE	/nsappliances/category/{category_id}/imagemap/{imagemap_id}	Delete a specified image map of a NS Appliance Category

Normal Response Code(s): 204

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404), itemInUse (409)

This operation deletes a specified Network Service Appliance Category imagemap from the system.

Specify the ID for the NS Appliance Category as category id and Image Mapping ID in imagemap id

This operation does not require a request body or return a response body.

3.0 NS Appliance Chain Management

3.1 List all NS Appliance chains

Verb	URI	Description
GET	/nsapplainces/chain	List all NS Appliance Chains

Normal Response Code(s): 200, 203

Error Response Codes(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413)

Example JSON response


{
“chain”: [
{
“id”: “36b63baa-8010-4873-b040-1d886e39fd8b”,
“tenant-id”: “4b38f464-5890-4bed-8c75-24e88e366d4c”,
“name”: “security services chain”,
“nsappliances-imagemaps”: [
“edb70004-5499-4a78-a8cd-a708ff44e087”,
“3fa754ad-07cd-45e6-8ff2-e353a8d5051e”,
“daa512af-eb6a-4e72-8db6-451978188d33”
]
},
{
“id”: “11b63baa-8010-4873-b040-1d886e39fd8b”,
“tenant-id”: “4b38f464-5890-4bed-8c75-24e88e366d4c”,
“name”: “value added network servers chain”,
“nsappliances-imagemaps”: [
“aab70004-5499-4a78-a8cd-a708ff44e087”,
“bb754ad-07cd-45e6-8ff2-e353a8d5051e”
]
}
]
}







#####3.2 Create a NS Appliance Chain

Verb	URI	Description
POST	/nsappliances/chain	Create a NS Appliances Chain

Normal Response Code(s): 202

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404), badMediaType (415), serverCapacityUnavailable (503)

This operation creates a NS Appliance Image map chain. Each Chain is identified by UUID.

Further information to fulfil the NS Appliance Chain is provided in other APIs.

The chain will be created with the list of NS Appliances provided in the same order given. For example, if user wants NS applainces in the order of firewall, VPN, firewall, IPS. Then user to have send Image maps of those Network Serivce Appliances in the same order in this Request.

The following table describes the required and optional attributes that you can specify in the request body.

Name	Description	Required
name	Name of the NS Appliance Chain	False
id	List of NS Appliance Image maps. The order is important	Yes

NS Appliance chain create JSON request

{
     "name": "security services chain"
     "nsappliances-imagemaps": [
        "edb70004-5499-4a78-a8cd-a708ff44e087",
        "3fa754ad-07cd-45e6-8ff2-e353a8d5051e",
        "daa512af-eb6a-4e72-8db6-451978188d33"
      ]
}          

NS Appliance Chain create JSON response

{
    "id": "36b63baa-8010-4873-b040-1d886e39fd8b",
     "tenant-id":"4b38f464-5890-4bed-8c75-24e88e366d4c",
     "name": "security services chain"
     "nsappliances-imagemaps": [
        "edb70004-5499-4a78-a8cd-a708ff44e087",
        "3fa754ad-07cd-45e6-8ff2-e353a8d5051e",
        "daa512af-eb6a-4e72-8db6-451978188d33"
      ]
}

3.3 Get details of a NS Appliance Chain

Verb	URI	Description
GET	/nsappliances/chain/{chain_id}	List details of a specified NS Appliance Chain

Normal Response Code(s): 200, 203

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

Specify the Network Service Appliance Chain ID as id in the URI.

This operation does not require a request body.

This operation returns the details of a specific Network Service Appliance Chain by its ID.

Example JSON response

{
    "id": "36b63baa-8010-4873-b040-1d886e39fd8b",
     "tenant-id":"4b38f464-5890-4bed-8c75-24e88e366d4c",
     "name": "security services chain"
     "nsappliances-imagemaps": [
        "edb70004-5499-4a78-a8cd-a708ff44e087",
        "3fa754ad-07cd-45e6-8ff2-e353a8d5051e",
        "daa512af-eb6a-4e72-8db6-451978188d33"
      ]
}

3.4 update a NS Appliance Chain

Verb	URI	Description
PUT	/nsappliances/chain/{chain_id}	Update a specified NS Appliance Chain/td>

Normal Response Code(s): 200

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

This operation updates the attributes of NS Appliance Chain of a specified chain_id.

The following table describes the attributes that you can specify in the request body:

Name	Description
name	Change the Chain name
nsappliances-imagemap-ids	Change the image maps for the chain

3.5 Delete a NS Appliance Chain

Verb	URI	Description
DELETE	/nsappliances/chain/{chain_id}	Delete a specified Chain of NS Appliances

Normal Response Code(s): 204

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404), itemInUse (409)

This operation deletes a specified Network Service Appliances Chain from the system.

Specify the ID for the NS Appliances Chain as the chain_id

This operation does not require a request body or return a response body.

4.0 NS Rule List Management

4.1 List Network Rules

Verb	URI	Description
GET	/nsappliances/rules	List all network rules

Normal Response Code(s): 200, 203

Error Response Codes(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413)

Example JSON response

{
    "rules": [
        {
            "id": "5241c37f-25b5-4d92-bb3c-a66b2c112789",
            "name": "my custom rule1",
            "prev": "None",
            "next": "8be232a2-e63f-4638-ba83-fb8f129d8d9f",
            "l2": {
                "src-mac": [
                    "9d:72:38:b4:0b:11",
                    "2c:41:38:b4:0b:58"
                ],
                "dst-mac": [
                    "any"
                ],
                "vlan": {
                    "range": {
                        "start": 100,
                        "end": 200
                    },
                    "list": [
                        500,
                        560
                    ]
                }
            },
            "l3": {
                "version": 4,
                "src-addr": {
                    "range": {
                        "start": "192.168.0.6",
                        "end": "192.168.0.0.110"
                    },
                    "list": [
                        "192.168.0.200",
                        "192.168.0.205"
                    ],
                    "net-info": {
                        "network": "10.1.10.0",
                        "netmask": "255.255.255.0"
                    }
                },
                "dst-addr": {
                    "range": {
                        "start": "192.168.1.6",
                        "end": "192.168.0.1.110"
                    },
                    "list": [
                        "192.168.1.200",
                        "192.168.1.205"
                    ],
                    "net-info": {
                        "network": "10.2.10.0",
                        "netmask": "255.255.255.0"
                    }
                },
                "protocol": [
                    "tcp",
                    "udp"
                ]
            },
            "l4": {
                "src-port": {
                    "range": {
                        "start": 2048,
                        "end": 3048
                    },
                    "list": [
                        6000,
                        6600
                    ]
                },
                "dst-port": {
                    "range": {
                        "start": 15,
                        "end": 2048
                    },
                    "list": [
                        8080,
                        5000
                    ]
                }
            },
            "action": {
                "bypass": {
                    "imagemap-ids": [
                        "283f1ddb-5262-4ec5-9fb7-cbf4d0eed79f",
                        "899aedc8-2ce8-436d-977c-94a7268fb0b0"
                    ]
                }
            }
        },
        {
            "id": "77b4b4b2-5d80-41d6-a10f-fa5e0fa75a2d",
            "name": "my custom rule2",
            "prev": "5241c37f-25b5-4d92-bb3c-a66b2c112789",
            "next":"None",
            "l2": {
                "src-mac": [
                    "any"
                ],
                "dst-mac": [
                    "any"
                ],
                "vlan": {
                    "list": [
                        "any"
                    ]
                }
            },
            "l3": {
                "version": 4,
                "src-addr": {
                    "range": {
                        "start": "192.168.0.6",
                        "end": "192.168.0.0.110"
                    },
                    "list": [
                        "192.168.0.200",
                        "192.168.0.205"
                    ],
                    "net-info": {
                        "network": "10.1.10.0",
                        "netmask": "255.255.255.0"
                    }
                },
                "dst-addr": {
                    "list": [
                        "any"
                    ]
                },
                "protocol": [
                    "any"
                ]
            },
            "l4": {
                "src-port": {
                    "list": [
                        "any"
                    ]
                },
                "dst-port": {
                    "range": {
                        "start": 15,
                        "end": 2048
                    },
                    "list": [
                        8080,
                        5000
                    ]
                }
            },
            "action": {
                "bypass": {
                    "imagemap-ids": [
                        "74c0be55-80eb-4fe6-835e-62b710982381"
                    ]
                }
            }
        }
    ]
}

4.2 Create a Network rule

Verb	URI	Description
POST	/nsappliances/rules	Create a network rule

Normal Response Code(s): 202

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404), badMediaType (415), serverCapacityUnavailable (503)

This operation creates a network rule. Each rule is identified by UUID.

Following table lists the description of the fields used in the JSON Request.
Note that rules are prioritized as per the order in the JSON request.

Name	Description	Required
name	Name of the Network rule list	False
prev	UUID of previous rule. This along with next field helps to insert a rule between those rules. If prev is None then this is the first rule	False
next	UUID of the next rule. Next will be None for the last rule	False
name	Name of the Network rule list	False
src-mac	Source MAC address. Specify a list of MACs	False
dst-mac	Destination MAC address. Specify List of MACs	False
vlan	VLAN of the packet. Specify a custom range and/or list of VLANs	False
version	IP version. Can set to to 4 for IPv4 and 6 for IPv6	False
src-addr	Source IP Address. Can be range with start and end specified or list of IP addresses or a subnet with mask or combination of them	False
dst-addr	Destination IP Address. Can be range with start and end specified or list of IP addresses or a subnet with mask or combination of them	False
protocol	IP Protocol.	False
src-port	TCP or UDP port. It can be range or list of ports	False
dst-port	TCP or UDP port. It can be range or list of ports	False
bypass	Action Bypass for the specified NS Appliance imagemap IDs	Yes
imagemap-ids	List of NS Appliance Imagemap IDs	Yes

Example JSON Request

{
    "name": "my custom rule1",
    "prev":"de598b3a-aeef-4fe1-ba32-479be8372a71",
    "next":"759e5dcf-5a8a-4b0a-b25f-373437770065",
    "l2": {
        "src-mac": [
            "9d:72:38:b4:0b:11",
            "2c:41:38:b4:0b:58"
        ],
        "dst-mac": [
            "any"
        ],
        "vlan": {
            "range": {
                "start": 100,
                "end": 200
            },
            "list": [
                500,
                560
            ]
        }
    },
    "l3": {
        "version": 4,
        "src-addr": {
            "range": {
                "start": "192.168.0.6",
                "end": "192.168.0.0.110"
            },
            "list": [
                "192.168.0.200",
                "192.168.0.205"
            ],
            "net-info": {
                "network": "10.1.10.0",
                "netmask": "255.255.255.0"
            }
        },
        "dst-addr": {
            "range": {
                "start": "192.168.1.6",
                "end": "192.168.0.1.110"
            },
            "list": [
                "192.168.1.200",
                "192.168.1.205"
            ],
            "net-info": {
                "network": "10.2.10.0",
                "netmask": "255.255.255.0"
            }
        },
        "protocol": [
            "tcp",
            "udp"
        ]
    },
    "l4": {
        "src-port": {
            "range": {
                "start": 2048,
                "end": 3048
            },
            "list": [
                6000,
                6600
            ]
        },
        "dst-port": {
            "range": {
                "start": 15,
                "end": 2048
            },
            "list": [
                8080,
                5000
            ]
        }
    },
    "action": {
        "bypass": {
            "imagemap-ids": [
                "283f1ddb-5262-4ec5-9fb7-cbf4d0eed79f",
                "899aedc8-2ce8-436d-977c-94a7268fb0b0"
            ]
        }
    }
}

Example JSON Response

{
    "id": "5241c37f-25b5-4d92-bb3c-a66b2c112789",
    "name": "my custom rule1",
    "prev":"de598b3a-aeef-4fe1-ba32-479be8372a71",
    "next":"759e5dcf-5a8a-4b0a-b25f-373437770065",
    "l2": {
        "src-mac": [
            "9d:72:38:b4:0b:11",
            "2c:41:38:b4:0b:58"
        ],
        "dst-mac": [
            "any"
        ],
        "vlan": {
            "range": {
                "start": 100,
                "end": 200
            },
            "list": [
                500,
                560
            ]
        }
    },
    "l3": {
        "version": 4,
        "src-addr": {
            "range": {
                "start": "192.168.0.6",
                "end": "192.168.0.0.110"
            },
            "list": [
                "192.168.0.200",
                "192.168.0.205"
            ],
            "net-info": {
                "network": "10.1.10.0",
                "netmask": "255.255.255.0"
            }
        },
        "dst-addr": {
            "range": {
                "start": "192.168.1.6",
                "end": "192.168.0.1.110"
            },
            "list": [
                "192.168.1.200",
                "192.168.1.205"
            ],
            "net-info": {
                "network": "10.2.10.0",
                "netmask": "255.255.255.0"
            }
        },
        "protocol": [
            "tcp",
            "udp"
        ]
    },
    "l4": {
        "src-port": {
            "range": {
                "start": 2048,
                "end": 3048
            },
            "list": [
                6000,
                6600
            ]
        },
        "dst-port": {
            "range": {
                "start": 15,
                "end": 2048
            },
            "list": [
                8080,
                5000
            ]
        }
    },
    "action": {
        "bypass": {
            "imagemap-ids": [
                "283f1ddb-5262-4ec5-9fb7-cbf4d0eed79f",
                "899aedc8-2ce8-436d-977c-94a7268fb0b0"
            ]
        }
    }
}

4.3 Get details of a Network Rule

Verb	URI	Description
GET	/nsappliances/rules/{rule_id}	List details of a specified Network rule

Normal Response Code(s): 200, 203

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

Specify the Network Rule ID as id in the URI.

This operation does not require a request body.

This operation returns the details of a specific Network Rule by its ID

Example JSON response

{
    "id": "5241c37f-25b5-4d92-bb3c-a66b2c112789",
    "name": "my custom rule1",
    "prev":"de598b3a-aeef-4fe1-ba32-479be8372a71",
    "next":"759e5dcf-5a8a-4b0a-b25f-373437770065",
    "l2": {
        "src-mac": [
            "9d:72:38:b4:0b:11",
            "2c:41:38:b4:0b:58"
        ],
        "dst-mac": [
            "any"
        ],
        "vlan": {
            "range": {
                "start": 100,
                "end": 200
            },
            "list": [
                500,
                560
            ]
        }
    },
    "l3": {
        "version": 4,
        "src-addr": {
            "range": {
                "start": "192.168.0.6",
                "end": "192.168.0.0.110"
            },
            "list": [
                "192.168.0.200",
                "192.168.0.205"
            ],
            "net-info": {
                "network": "10.1.10.0",
                "netmask": "255.255.255.0"
            }
        },
        "dst-addr": {
            "range": {
                "start": "192.168.1.6",
                "end": "192.168.0.1.110"
            },
            "list": [
                "192.168.1.200",
                "192.168.1.205"
            ],
            "net-info": {
                "network": "10.2.10.0",
                "netmask": "255.255.255.0"
            }
        },
        "protocol": [
            "tcp",
            "udp"
        ]
    },
    "l4": {
        "src-port": {
            "range": {
                "start": 2048,
                "end": 3048
            },
            "list": [
                6000,
                6600
            ]
        },
        "dst-port": {
            "range": {
                "start": 15,
                "end": 2048
            },
            "list": [
                8080,
                5000
            ]
        }
    },
    "action": {
        "bypass": {
            "imagemap-ids": [
                "283f1ddb-5262-4ec5-9fb7-cbf4d0eed79f",
                "899aedc8-2ce8-436d-977c-94a7268fb0b0"
            ]
        }
    }
}

4.4 Update a network rule

Verb	URI	Description
PUT	/nsapplainces/rules/{rule_id}	Update a specified Network rule

Normal Response Code(s): 200

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

This operation updates the attributes of NS Appliance Rule of a specified rule_id

The following table describes the attributes that you can specify in the request body:

Name	Description	Required
name	Name of the Network rule list	False
prev	UUID of previous rule. This along with next field helps to insert a rule between those rules. If prev is None then this is the first rule	False
next	UUID of the next rule. Next will be None for the last rule	False
src-mac	Source MAC address. Specify a list of MACs	False
dst-mac	Destination MAC address. Specify List of MACs	False
vlan	VLAN of the packet. Specify a custom range and/or list of VLANs	False
version	IP version. Can set to to 4 for IPv4 and 6 for IPv6. Default must be IPv4	False
src-addr	Source IP Address. Can be range with start and end specified or list of IP addresses or a subnet with mask or combination of them	False
dst-addr	Destination IP Address. Can be range with start and end specified or list of IP addresses or a subnet with mask or combination of them	False
protocol	IP Protocol.	False
src-port	TCP or UDP port. It can be range or list of ports	False
dst-port	TCP or UDP port. It can be range or list of ports	False
bypass	Action Bypass for the specified NS Appliance imagemap IDs	Yes
imagemap-ids	List of NS Appliance Imagemap IDs	Yes

Example JSON Request

{
    "id": "5241c37f-25b5-4d92-bb3c-a66b2c112789",
    "name": "my custom rule1",
    "prev":"None",
    "next":"759e5dcf-5a8a-4b0a-b25f-373437770065",
}

Example JSON Response

{
    "id": "5241c37f-25b5-4d92-bb3c-a66b2c112789",
    "name": "my custom rule1",
    "prev":"None",
    "next":"759e5dcf-5a8a-4b0a-b25f-373437770065",
    "l2": {
        "src-mac": [
            "9d:72:38:b4:0b:11",
            "2c:41:38:b4:0b:58"
        ],
        "dst-mac": [
            "any"
        ],
        "vlan": {
            "range": {
                "start": 100,
                "end": 200
            },
            "list": [
                500,
                560
            ]
        }
    },
    "l3": {
        "version": 4,
        "src-addr": {
            "range": {
                "start": "192.168.0.6",
                "end": "192.168.0.0.110"
            },
            "list": [
                "192.168.0.200",
                "192.168.0.205"
            ],
            "net-info": {
                "network": "10.1.10.0",
                "netmask": "255.255.255.0"
            }
        },
        "dst-addr": {
            "range": {
                "start": "192.168.1.6",
                "end": "192.168.0.1.110"
            },
            "list": [
                "192.168.1.200",
                "192.168.1.205"
            ],
            "net-info": {
                "network": "10.2.10.0",
                "netmask": "255.255.255.0"
            }
        },
        "protocol": [
            "tcp",
            "udp"
        ]
    },
    "l4": {
        "src-port": {
            "range": {
                "start": 2048,
                "end": 3048
            },
            "list": [
                6000,
                6600
            ]
        },
        "dst-port": {
            "range": {
                "start": 15,
                "end": 2048
            },
            "list": [
                8080,
                5000
            ]
        }
    },
    "action": {
        "bypass": {
            "imagemap-ids": [
                "283f1ddb-5262-4ec5-9fb7-cbf4d0eed79f",
                "899aedc8-2ce8-436d-977c-94a7268fb0b0"
            ]
        }
    }
}

4.5 Delete a Network Rule

Verb	URI	Description
DELETE	/nsappliances/rules/{rule_id}	Delete a specified Rule

Normal Response Code(s): 204

Error Response Code(s): computeFault (400, 500) serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404), itemInUse (409)

This operation deletes a specified Rule from the system.

Specify the ID for rule as rule_id

This operation does not require a request body or return a response body.

4.6 List network rule lists

Verb	URI	Description
GET	/nsappliances/rulelist	List all network rule lists

Normal Response Code(s): 200, 203

Error Response Codes(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413)

Example JSON response

{
    "rulelist": [
        {
            "id": "5241c37f-25b5-4d92-bb3c-a66b2c112789",
            "name": "my custom rule list",
            "rules": [
                "fe33b4d6-e62a-47dd-a083-addf6f3708a3",
                "3443c5bb-891c-4c10-a065-347f5a4b021c",
                "9426cc53-88c9-49dd-a17f-95ed1272d0f0",
                "f2f596ef-426b-4157-800c-062078ee24c8"
            ]
        },
        {
            "id": "ac8fd42a-a4d8-4f6a-96bd-eebeb8425a13",
            "name": "my simple rule list",
            "rules": [
                "fe33b4d6-e62a-47dd-a083-addf6f3708a3",
                "3443c5bb-891c-4c10-a065-347f5a4b021c"
            ]
        }
    ]
}

4.7 Create a Network rule list

Verb	URI	Description
POST	/nsappliances/rulelist	Create a network rule lists

Normal Response Code(s): 202

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404), badMediaType (415), serverCapacityUnavailable (503)

This operation creates a network rule list. Each rule list is identified by UUID.

Following table lists the description of the fields used in the JSON Request.
Note that rules are prioritized as per the order in the JSON request.

Name	Description	Required
name	Name of the Network rule list	No
rules	List of network rules in the order of priority	Yes

Example JSON Request

{
    "name": "my custom rule list",
    "rules": [
        "fe33b4d6-e62a-47dd-a083-addf6f3708a3",
        "3443c5bb-891c-4c10-a065-347f5a4b021c",
        "9426cc53-88c9-49dd-a17f-95ed1272d0f0",
        "f2f596ef-426b-4157-800c-062078ee24c8"
    ]
}

Example JSON Response

{
    "id": "5241c37f-25b5-4d92-bb3c-a66b2c112789",
    "name": "my custom rule list",
    "rules": [
        "fe33b4d6-e62a-47dd-a083-addf6f3708a3",
        "3443c5bb-891c-4c10-a065-347f5a4b021c",
        "9426cc53-88c9-49dd-a17f-95ed1272d0f0",
        "f2f596ef-426b-4157-800c-062078ee24c8"
    ]
}

4.8 Get details of a Network Rule list

Verb	URI	Description
GET	/nsappliances/rulelist/{rulelist_id}	List details of a specified Network rule list

Normal Response Code(s): 200, 203

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

Specify the Network Rule list ID as id in the URI.

This operation does not require a request body.

This operation returns the details of a specific Network Rule list by its ID

Example JSON response

{
    "id": "5241c37f-25b5-4d92-bb3c-a66b2c112789",
    "name": "my custom rule list",
    "rules": [
        "fe33b4d6-e62a-47dd-a083-addf6f3708a3",
        "3443c5bb-891c-4c10-a065-347f5a4b021c",
        "9426cc53-88c9-49dd-a17f-95ed1272d0f0",
        "f2f596ef-426b-4157-800c-062078ee24c8"
    ]
}

4.9 Update a network rule list

Verb	URI	Description
PUT	/nsapplainces/rulelist/{rulelist_id}	Update a specified Network rule list

Normal Response Code(s): 200

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

This operation updates the attributes of NS Appliance Rule list of a specified rulelist_id

The following table describes the attributes that you can specify in the request body:

An important use of PUT on this object is to change the rule priorities. User can shuffle the rules and update them as per the needs.

Name	Description	Required
name	Name of the Network rule list	False
rules	List of network rules in the order of priority	Yes

Example JSON Request

{
    "name": "my modified custom rule list",
    "rules": [
        "3443c5bb-891c-4c10-a065-347f5a4b021c",
        "fe33b4d6-e62a-47dd-a083-addf6f3708a3",
        "f2f596ef-426b-4157-800c-062078ee24c8"
    ]
}

Example JSON Response

{
    "id": "5241c37f-25b5-4d92-bb3c-a66b2c112789",
    "name": "my modified custom rule list",
    "rules": [
        "3443c5bb-891c-4c10-a065-347f5a4b021c",
        "fe33b4d6-e62a-47dd-a083-addf6f3708a3",
        "f2f596ef-426b-4157-800c-062078ee24c8"
    ]
}

4.10 Delete a Network Rule list

Verb	URI	Description
DELETE	/nsappliances/rulelist/{rulelist_id}	Delete a specified Rule list

Normal Response Code(s): 204

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404), itemInUse (409)

This operation deletes a specified Rule list ID from the system.

Specify the ID for rule list as rulelist_id

This operation does not require a request body or return a response body.

5.0 NS Transparent Chain Management

5.1 List a transparent NS Appliance Chain

Verb	URI	Description
GET	/nsapplainces/transparentchains	List all NS Appliance Transparent Chains

Normal Response Code(s): 200, 203

Error Response Codes(s): computeFault (400, 500), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413)

Example JSON response

{
“transparent-chains”: [
{
“id”: “ac9da911-6f83-4a14-afef-46a5ea308ab1”,
“name”: “first transparent chain”,
“chain-id”: “36b63baa-8010-4873-b040-1d886e39fd8b”,
“net-info”: {
“networks”: [
“3f8692d1-61aa-42ca-8967-fde1a5d0f084”,
“cb302dcb-3375-410d-8ca2-8b7e07d2b6dd”
]
},
“rulelist-id”: “66f9746e-ad49-4a6f-a3fe-625b63e159f0”,
“nsappliances”: [
{
“imagemap-id”: “36b63baa-8010-4873-b040-1d886e39fd8b”,
“max-instances”:1,
“configs”: [
{
“networkfunction-id”: “7bc20e80-9af0-11e2-9e96-0800200c9a66”,
“config-id”: “9eba8119-2d0a-4210-bc26-9d3bad77e10f”
}
]

},
{
“imagemap-id”: “36b63baa-8010-4873-b040-1d886e39fd8b”,
“max-instances”:1,
“configs”: [
{
“networkfunction-id”: “519a2b28-6a10-4833-abbe-51f0f149fb6f”,
“config-id”: “f62d5aed-7014-49d8-8fab-8a427c9592b5”
}
]
},
{
“imagemap-id”: “36b63baa-8010-4873-b040-1d886e39fd8b”,
“max-instances”:1,
“configs”: [
{
“networkfunction-id”: “3773d164-0b96-4c68-8c22-9642d55cc7b3”,
“config-id”: “7ef1fa64-9376-472b-99d9-31b2a4591acd”
}
]

}
]
},
{
“id”: “b85560ff-926a-425b-8a30-b617ec3eb1ee”,
“name”: “a second transparent chain”,
“chain-id”: “e84eb701-ccbf-42f3-82ff-80d83e38e1bb”,
“net-info”: {
“networks”: [
“f83eefb3-0c76-4083-978b-268db09f7a61”,
“cb302dcb-3375-410d-8ca2-8b7e07d2b6dd”
]
},
“rulelist-id”: “c8037921-d421-4c55-944f-88181af1f50d”,
“nsappliances”: [
{
“imagemap-id”: “36b63baa-8010-4873-b040-1d886e39fd8b”,
“max-instances”:1,
“configs”: [
{
“networkfunction-id”: “c9431d2e-4032-44ca-9fe6-f293a0cd8813”,
“config-id”: “6b31bd8f-4f2d-46bf-8303-76f341ced23c”
}
]

}
]
}
]
}






#####5.2 Create a transparent NS Appliance Chain

Verb	URI	Description
POST	/nsappliances/transparentchains	Create a NS Appliance Transparent Chain

Normal Response Code(s): 202

Error Response Code(s): computeFault (400, 500), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404), badMediaType (415), serverCapacityUnavailable (503)

This operation creates a NS Appliance Transparent Chain. Each Transparent Chain is identified by UUID.

The following table describes the required and optional attributes that you can specify in the request body.

Name	Description	Required
name	Name of the transparent NS Appliance Chain	Yes
chain-id	Create a NS Appliance Chain as specified by this chain model	Yes
networks	Create a NS Appliance Chain between the networks specified. Must supply only two network-ids	Yes
rulelist-id	A list of network rule list. Specify the rule list ID	Yes
imagemap-id	NS Appliance image map id to use for the Appliance	Yes
configs	NS Appliance Configuration list for each network function of the appliance	Yes
max-instances	number of instances to run per appliance cluster. If not specified, default value is 1	No
flavorref	Flavor to use for the NS Appliance. If not specified the default values specified in image map are taken	No
metadata	Metadata to supply to the NS Appliance instance. Default content overwritten if provided	No
personality	Personality files to inject to NS Appliance instance. Default content overwritten if provided	No

Transparent service chain should have two network entities.

Create a Transparent NS Appliance Chain JSON Request

        {
            "name": "first transparent chain",
            "chain-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
            "net-info": {
                "networks": [
                    "3f8692d1-61aa-42ca-8967-fde1a5d0f084",
                    "cb302dcb-3375-410d-8ca2-8b7e07d2b6dd"
                ]
            },
            "rulelist-id": "66f9746e-ad49-4a6f-a3fe-625b63e159f0",
            "nsappliances": [
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "7bc20e80-9af0-11e2-9e96-0800200c9a66",
                            "config-id": "9eba8119-2d0a-4210-bc26-9d3bad77e10f"
                        }
                    ]
                },
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "519a2b28-6a10-4833-abbe-51f0f149fb6f",
                            "config-id": "f62d5aed-7014-49d8-8fab-8a427c9592b5"
                        }
                    ]
                },
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "3773d164-0b96-4c68-8c22-9642d55cc7b3",
                            "config-id": "7ef1fa64-9376-472b-99d9-31b2a4591acd"
                        }
                    ]
                }
            ]
        }

Create a Transparent NS Appliance Chain JSON Response

        {
            "id": "ac9da911-6f83-4a14-afef-46a5ea308ab1",
            "name": "first transparent chain",
            "chain-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
            "net-info": {
                "networks": [
                    "3f8692d1-61aa-42ca-8967-fde1a5d0f084",
                    "cb302dcb-3375-410d-8ca2-8b7e07d2b6dd"
                ]
            },
            "rulelist-id": "66f9746e-ad49-4a6f-a3fe-625b63e159f0",
            "nsappliances": [
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "7bc20e80-9af0-11e2-9e96-0800200c9a66",
                            "config-id": "9eba8119-2d0a-4210-bc26-9d3bad77e10f"
                        }
                    ]
                },
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "519a2b28-6a10-4833-abbe-51f0f149fb6f",
                            "config-id": "f62d5aed-7014-49d8-8fab-8a427c9592b5"
                        }
                    ]
                },
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "3773d164-0b96-4c68-8c22-9642d55cc7b3",
                            "config-id": "7ef1fa64-9376-472b-99d9-31b2a4591acd"
                        }
                    ]
                }
            ]
        }

5.3 Get details of a transparent NS Appliance Chain

Verb	URI	Description
GET	/nsappliances/transparentchains/{chain_id}	List details of a specified Transparent NS Appliance Chain

Normal Response Code(s): 200, 203

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

Specify the Network Service Appliance Transparent Chain ID as id in the URI.

This operation does not require a request body.

This operation returns the details of a specific Network Service Appliance Transparent Chain by its ID.

Example JSON response

        {
            "id": "ac9da911-6f83-4a14-afef-46a5ea308ab1",
            "name": "first transparent chain",
            "chain-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
            "net-info": {
                "networks": [
                    "3f8692d1-61aa-42ca-8967-fde1a5d0f084",
                    "cb302dcb-3375-410d-8ca2-8b7e07d2b6dd"
                ]
            },
            "rulelist-id": "66f9746e-ad49-4a6f-a3fe-625b63e159f0",
            "nsappliances": [
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "7bc20e80-9af0-11e2-9e96-0800200c9a66",
                            "config-id": "9eba8119-2d0a-4210-bc26-9d3bad77e10f"
                        }
                    ]
                },
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "519a2b28-6a10-4833-abbe-51f0f149fb6f",
                            "config-id": "f62d5aed-7014-49d8-8fab-8a427c9592b5"
                        }
                    ]
                },
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "3773d164-0b96-4c68-8c22-9642d55cc7b3",
                            "config-id": "7ef1fa64-9376-472b-99d9-31b2a4591acd"
                        }
                    ]
                }
            ]
        }

5.4 Update a transparent NS Appliance Chain

Verb	URI	Description
PUT	/nsappliances/transparentchains/{id}	Update a specified NS Appliance Transparent Chain

Normal Response Code(s): 200

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

This operation enables you to update the editable attributes of a specified NS Appliance Transparent Chain

Specify the Network Service Appliance Transparent Chain ID as id in the URI.

The following table describes the attributes that you can specify in the request body:

Flavor to use for the NS Appliance. If not specified the default values specified in image map are taken

Name	Description
name	You can change the NS Appliances Chain name	False
networks	Change the network-ids that should have this chain	False
rulelist-id	Change the Network rule list ID for this chain	False
imagemap-id	NS Appliance image map id to use for the Appliance	False
configs	NS Appliance Configuration list for each network function of the appliance	Yes
max-instances	number of instances to run per appliance cluster. If not specified, default value is 1	No
flavorref		No
metadata	Metadata to supply to the NS Appliance instance. Default content overwritten if provided	No
personality	Personality files to inject to NS Appliance instance. Default content overwritten if provided	No

When network-ids gets changed, the implementation must terminate the NS Appliances for the old networks and create the NS Appliance chain between
the new networks.

If the nsappliances details gets changed, the instance has to terminated and re-created with the specified information.

Update NS Transparent Chain JSON Request

         {
            "name": "my first transparent chain",
            "chain-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
            "net-info": {
                "networks": [
                    "3f8692d1-61aa-42ca-8967-fde1a5d0f084",
                    "7241ea6d-1e35-4f21-83cc-e942a70e9dfd"
                ]
            }
         }

Update NS Transparent Chain JSON Response

        {
            "id": "ac9da911-6f83-4a14-afef-46a5ea308ab1",
            "name": "first transparent chain",
            "chain-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
            "net-info": {
                "networks": [                        
                    "3f8692d1-61aa-42ca-8967-fde1a5d0f084",
                    "7241ea6d-1e35-4f21-83cc-e942a70e9dfd""
                ]
            },
            "rulelist-id": "66f9746e-ad49-4a6f-a3fe-625b63e159f0",
            "nsappliances": [
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "7bc20e80-9af0-11e2-9e96-0800200c9a66",
                            "config-id": "9eba8119-2d0a-4210-bc26-9d3bad77e10f"
                        }
                    ]
                },
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "519a2b28-6a10-4833-abbe-51f0f149fb6f",
                            "config-id": "f62d5aed-7014-49d8-8fab-8a427c9592b5"
                        }
                    ]
                },
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "3773d164-0b96-4c68-8c22-9642d55cc7b3",
                            "config-id": "7ef1fa64-9376-472b-99d9-31b2a4591acd"
                        }
                    ]
                }
            ]
        }

5.5 Delete a transparent NS Appliance Chain

Verb	URI	Description
DELETE	/nsappliances/transparentchains/id	Delete a specified Network Service Appliance Transparent Chain

Normal Response Code(s): 204

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404), itemInUse (409)

This operation deletes a specified Network Service Transparent Chain from the system.

Specify the ID for the Network Service Appliance Transparent Chain as id in the URI.

This operation does not require a request body or return a response body

Implementation must terminate the NS Appliances created as part of this Chain, delete the OVS data flow entries and the ports created for this purpose.

6.0 NS Routed Chain Management

6.1 List all routed NS Appliance Chain

Verb	URI	Description
GET	/nsapplainces/routedchains	List all NS Appliance Routed Chains

Normal Response Code(s): 200, 203

Error Response Codes(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413)

Example JSON response

{
    "routedchains": [
        {
            "id": "36b63baa-8010-4873-b040-1d886e39fd8b",
            "name": "a routed chain",
            "net-info": {
                "networks": [
                    {
                        "network-id": "3f8692d1-61aa-42ca-8967-fde1a5d0f084",
                        "subnet-id": "c4e52762-f445-4591-9d9e-97e10003847a"
                    },
                    {
                        "network-id": "cb302dcb-3375-410d-8ca2-8b7e07d2b6dd",
                        "subnet-id": "0161d804-1054-4dd1-8711-b85775ac5812"
                    }
                ],
                "internal-subnetid": "cb302dcb-3375-410d-8ca2-8b7e07d2b6dd"
            },
            "rulelist-id" : "5241c37f-25b5-4d92-bb3c-a66b2c112789",
            "nsappliances": [
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "940e2cdf-5173-475c-90b1-795590235119",
                            "config-id": "84182baf-a342-4951-821c-aba23d6d73d9"
                        }
                    ]
                },
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "1eaa45eb-43e3-467a-a10b-14a8bcdea1b7",
                            "config-id": "024d863b-6deb-4f76-8351-c61c0b1cd99d"
                        }
                    ]
                }
            ]
        },
        {
            "id": "e84eb701-ccbf-42f3-82ff-80d83e38e1bb",
            "name": "a second routed chain",
            "net-info": {
                "networks": [
                    {
                        "network-id": "f83eefb3-0c76-4083-978b-268db09f7a61",
                        "subnet-id": "f37510be-0ad0-4589-a3cb-1a8894d0938d"
                    },
                    {
                        "network-id": "cb302dcb-3375-410d-8ca2-8b7e07d2b6dd",
                        "subnet-id": "0161d804-1054-4dd1-8711-b85775ac5812"
                    }
                ],
                "internal-subnetid": "cb302dcb-3375-410d-8ca2-8b7e07d2b6dd"
            },
            "rulelist-id" : "5241c37f-25b5-4d92-bb3c-a66b2c112789",
            "nsappliances": [
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "f8d79ffd-510c-4d53-aec5-9cec78f3623c",
                            "config-id": "42fb05ff-a626-4078-a393-ef4eceb6d33f"
                        }
                    ]
                }
            ]
        }
    ]
}

6.2 create a routed NS Appliance Chain

Verb	URI	Description
POST	/nsapplainces/routedchains	Create a NS Appliance Routed Chains

The following table describes the required and optional attributes that you can specify in the request body.

Name	Description	Required
name	Name of the routed chain	False
networks	Provide a set of networks for which the network services are required	Yes
ruelist-id	List of network rules for setting up action bypass	Yes
internal-subnetid	Subnet id to be used for creating internal networks	Yes
imagemap-id	Image to be used for the appliance	Yes
configs	NS Appliance Configuration list for each network function of the appliance	Yes
max-instances	number of appliances in the cluster	Yes
flavorref	Flavor to use for the appliance. Overwrites the default flavor set in the image map	Yes
metadata	metadata to pass to the appliance	Yes
personality	personality files to inject to the appliance	Yes

Implementation creates a chain of Network appliances between the networks configured. It uses the internal subnet-id to create intermediate subnets needed for L3 routing of the packets.

Example JSON Request

        {
            "name": "a second routed chain",
            "net-info": {
                "networks": [
                    {
                        "network-id": "f83eefb3-0c76-4083-978b-268db09f7a61",
                        "subnet-id": "f37510be-0ad0-4589-a3cb-1a8894d0938d"
                    },
                    {
                        "network-id": "cb302dcb-3375-410d-8ca2-8b7e07d2b6dd",
                        "subnet-id": "0161d804-1054-4dd1-8711-b85775ac5812"
                    }
                ],
                "internal-subnetid": "cb302dcb-3375-410d-8ca2-8b7e07d2b6dd"
            },
            "rulelist-id" : "5241c37f-25b5-4d92-bb3c-a66b2c112789",
            "nsappliances": [
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "f8d79ffd-510c-4d53-aec5-9cec78f3623c",
                            "config-id": "42fb05ff-a626-4078-a393-ef4eceb6d33f"
                        }
                    ]
                }
            ]
        }

Example JSON Response

        {
            "id": "e84eb701-ccbf-42f3-82ff-80d83e38e1bb",
            "name": "a second routed chain",
            "net-info": {
                "networks": [
                    {
                        "network-id": "f83eefb3-0c76-4083-978b-268db09f7a61",
                        "subnet-id": "f37510be-0ad0-4589-a3cb-1a8894d0938d"
                    },
                    {
                        "network-id": "cb302dcb-3375-410d-8ca2-8b7e07d2b6dd",
                        "subnet-id": "0161d804-1054-4dd1-8711-b85775ac5812"
                    }
                ],
                "internal-subnetid": "cb302dcb-3375-410d-8ca2-8b7e07d2b6dd"
            },
            "rulelist-id" : "5241c37f-25b5-4d92-bb3c-a66b2c112789",
            "nsappliances": [
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "f8d79ffd-510c-4d53-aec5-9cec78f3623c",
                            "config-id": "42fb05ff-a626-4078-a393-ef4eceb6d33f"
                        }
                    ]
                }
            ]
        }

3.7.3 Get details of routed NS Appliance Chain

Verb	URI	Description
GET	/nsappliances/routedchains/{chain_id}	List details of a specified Routed NS Appliance Chain

Normal Response Code(s): 200, 203

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

Specify the Network Service Appliance Routed Chain ID as id in the URI.

This operation does not require a request body.

This operation returns the details of a specific Network Service Appliance Routed Chain by its ID.

Example JSON response

        {
            "id": "e84eb701-ccbf-42f3-82ff-80d83e38e1bb",
            "name": "a second routed chain",
            "net-info": {
                "networks": [
                    {
                        "network-id": "f83eefb3-0c76-4083-978b-268db09f7a61",
                        "subnet-id": "f37510be-0ad0-4589-a3cb-1a8894d0938d"
                    },
                    {
                        "network-id": "cb302dcb-3375-410d-8ca2-8b7e07d2b6dd",
                        "subnet-id": "0161d804-1054-4dd1-8711-b85775ac5812"
                    }
                ],
                "internal-subnetid": "cb302dcb-3375-410d-8ca2-8b7e07d2b6dd"
            },
            "rulelist-id" : "5241c37f-25b5-4d92-bb3c-a66b2c112789",
            "nsappliances": [
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "f8d79ffd-510c-4d53-aec5-9cec78f3623c",
                            "config-id": "42fb05ff-a626-4078-a393-ef4eceb6d33f"
                        }
                    ]
                }
            ]
        }

6.4 Update a routed NS Appliance Chain

Verb	URI	Description
PUT	/nsappliances/routedchains/{id}	Update a specified NS Appliance Routed Chain

Normal Response Code(s): 200

Error Response Code(s): computeFault (400, 500, …), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404)

This operation enables you to update the editable attributes of a specified NS Appliance Routed Chain

Specify the Network Service Appliance Routed Chain ID as id in the URI.

The following table describes the attributes that you can specify in the request body:

Flavor to use for the NS Appliance. If not specified the default values specified in image map are taken

Name	Description
name	You can change the NS Appliances Chain name	False
networks	Change the network-ids that should have this chain	False
rulelist-id	Change the rule list	False
subnets	Change the subnet-ids that should have this chain	False
internal-subnet	Change the internalsubnet-id that this chain use	False
imagemap-id	NS Appliance image map id to use for the Appliance	False
configs	NS Appliance Configuration list for each network function of the appliance	Yes
max-instaces	number of instances to run per appliance cluster. If not specified, default value is 1	No
flavorref		No
metadata	Metadata to supply to the NS Appliance instance. Default content overwritten if provided	No
personality	Personality files to inject to NS Appliance instance. Default content overwritten if provided	No

When network-ids gets changed, the implementation must terminate the NS Appliances for the old networks and create the NS Appliance chain between
the new networks.

Update NS Routed Chain JSON Request

       {
            "id": "e84eb701-ccbf-42f3-82ff-80d83e38e1bb",
            "name": "a custom routed chain",
            "rulelist-id" : "9241c37f-25b5-4d92-bb3c-a66b2c112789"
        }

Update NS Routed Chain JSON Response

        {
            "id": "e84eb701-ccbf-42f3-82ff-80d83e38e1bb",
            "name": "a second routed chain",
            "net-info": {
                "networks": [
                    {
                        "network-id": "f83eefb3-0c76-4083-978b-268db09f7a61",
                        "subnet-id": "f37510be-0ad0-4589-a3cb-1a8894d0938d"
                    },
                    {
                        "network-id": "cb302dcb-3375-410d-8ca2-8b7e07d2b6dd",
                        "subnet-id": "0161d804-1054-4dd1-8711-b85775ac5812"
                    }
                ],
                "internal-subnetid": "cb302dcb-3375-410d-8ca2-8b7e07d2b6dd"
            },
            "rulelist-id" : "9241c37f-25b5-4d92-bb3c-a66b2c112789",
            "nsappliances": [
                {
                    "imagemap-id": "36b63baa-8010-4873-b040-1d886e39fd8b",
                    "max-instances":1,
                    "configs": [
                        {
                            "networkfunction-id": "f8d79ffd-510c-4d53-aec5-9cec78f3623c",
                            "config-id": "42fb05ff-a626-4078-a393-ef4eceb6d33f"
                        }
                    ]
                }
            ]
        }

6.5 Delete a routed NS Appliance Chain

Verb	URI	Description
DELETE	/nsappliances/routedchains/id	Delete a specified Network Service Appliance Routed Chain

Normal Response Code(s): 204

Error Response Code(s): computeFault (400, 500), serviceUnavailable (503), unauthorized (401), forbidden (403), badRequest (400), badMethod (405), overLimit (413), itemNotFound (404), itemInUse (409)

This operation deletes a specified Network Service Routed Chain from the system.

Specify the ID for the Network Service Appliance Routed Chain as id in the URI.

This operation does not require a request body or return a response body

Implementation must terminate the NS Appliances created as part of this Chain, delete the OVS data flow entries and the ports created for this purpose and then terminate the networks.