Getting Started with Gateway Appliances (Vyatta)

In the context of the SoftLayer API, SoftLayer Gateway Appliances are represented by:

The SoftLayer_Network_Gateway and SoftLayer_Network_Gateway_Vlan services allow for interaction with a specific gateway and VLAN. You can interact with all gateways and VLANs on your account through the SoftLayer_Account service.

The services necessary to order any item, like a gateway appliance, can be found using these links:

http://sldn.softlayer.com/reference/services/SoftLayer_Product_Package
http://sldn.softlayer.com/reference/services/SoftLayer_Product_Order

The template needed to place the order should look like this:

 $product_order= {
    "complexType" => 'SoftLayer_Container_Product_Order_Hardware_Server',  
# a constant that will tell the server what type of thing we're sending it.
    "quantity" => X,      # Number of items of this type.
    "hardware"=>[{
                "hostname"=>"Name_of_the_host", 
                "domain"=>"Name_of_the_domain"
                }], 
    "location"=>Location_id, 
    "packageId"=>Package_id 
    "prices"=>[
                 {"id"=>Item_id}, ]
    }

The package ID for the gateway appliance is 174 and the location IDs that you can use are:

3 -- Dallas 1
18171 -- Seattle
37473 -- Washington, D.C. 1
138124 -- Dallas 5
154820 -- Dallas 6
168642 -- San Jose 1
224092 -- Singapore 1
265592 -- Amsterdam 1

 #!/usr/bin/ruby
    require 'rubygems'
    require 'softlayer_api'
    require 'pp'
 
    $SL_API_USERNAME = "xxxx"         # enter your username here
    $SL_API_KEY = "xxxx"   # enter your apiKey here
 
    Gateway_Package_ID= 174
    softlayer_product_package = SoftLayer::Service.new("SoftLayer_Product_Package");$gateway_package = softlayer_product_package.object_with_id(Gateway_Package_ID)
    pp $locations = $gateway_package.getLocations

Different item IDs that you can add to the package are:

Category: Server
13738 -- Single Processor Quad Core Xeon 1270 - 3.40GHz (Sandy Bridge) - 1 x 8MB cache w/HT
13739 -- Single Processor Quad Core Xeon 1230 - 3.20GHz (Sandy Bridge) - 1 x 8MB cache w/HT

Category: Ram
13743 -- 12 GB DDR3 1333
13744 -- 16 GB DDR3 1333
13742 -- 8 GB DDR3 1333
21010 -- 4 GB DDR3 1333
13748 -- 32 GB DDR3 1333

Category: Operating System
36044 -- Vyatta 6.x Subscription Edition (64 bit)

Category: Disk Controller
879 -- RAID 5
878 -- RAID 1
880 -- RAID 10
876 -- Non-RAID
22482 -- RAID
877 -- RAID 0

Category: First Hard Drive
13757 -- 100GB SSD
13756 -- 50GB SSD
1518 -- 64GB SSD
1276 -- 750GB SATA II
1258 -- 147GB SA-SCSI 15K RPM
1257 -- 147GB SA-SCSI 10K RPM
13758 -- 200GB SSD
815 -- 1.00TB SATA II
1263 -- 300GB SA-SCSI 10K RPM
17463 -- 400GB SSD
1272 -- 73GB SA-SCSI 10K RPM
1265 -- 400GB SA-SCSI 10K RPM
1267 -- 500GB SATA II
1517 -- 32GB SSD
1278 -- 73GB SA-SCSI 15K RPM
1274 -- 74GB SATA Raptor 10k
1402 -- 300GB SATA Raptor 10k
1260 -- 150GB SATA Raptor 10k
2054 -- 600GB SA-SCSI 15K RPM
2046 -- 2.00TB SATA II
15316 -- 3.00TB SATA III
2053 -- 450GB SA-SCSI 15K RPM
19 -- 250GB SATA II
1280 -- 300GB SA-SCSI 15K RPM
21211 -- 4.00TB SATA III

Category: Public Bandwidth
125 -- Unlimited Bandwidth (100 Mbps Uplink)
342 -- 20000 GB Bandwidth
22505 -- 0 GB Bandwidth

Category: Uplink Port Speeds
2311 -- 10 Gbps Public & Private Networks
2314 -- 1 Gbps Dual Public & Private Networks (up to 2 Gbps)
898 -- 100 Mbps Private Network
14023 -- 1 Gbps Dual Private Network (up to 2 Gbps)
274 -- 1 Gbps Public & Private Networks
22339 -- 10 Gbps Private Network
21513 -- 100 Mbps Dual Public & Private Networks (up to 200 Mbps)
273 -- 100 Mbps Public & Private Networks
21512 -- 100 Mbps Dual Private Network (up to 200 Mbps)
899 -- 1 Gbps Private Network

Category: Remote Management
906 -- Reboot / KVM over IP

Category: Primary IP Addresses
21 -- 1 IP Address

Category: Primary IPv6 Addresses
17129 -- 1 IPv6 Address

Category: Monitoring
55 -- Host Ping and TCP Service Monitoring
56 -- Host Ping

Category: Notification
57 -- Email and Ticket

Category: Response
59 -- Automated Reboot from Monitoring
60 -- NOC Monitoring
58 -- Automated Notification

Category: VPN Management - Private Network
420 -- Unlimited SSL VPN Users & 1 PPTP VPN User per account

Category: Vulnerability Assessments & Management
418 -- Nessus Vulnerability Assessment & Reporting

To get the list of items available for this package, use:

 puts "Required Categories:"
    gateway_configuration = $gateway_package.object_mask("isRequired","itemCategory").getConfiguration()
    required_categories = gateway_configuration.select { |configuration_entry| 1 == configuration_entry['isRequired'] }
    required_categories.each do |configuration_entry|
      puts "\t#{configuration_entry['itemCategory']['id']} -- #{configuration_entry['itemCategory']['name']}"
    end
    item_prices = $gateway_package.object_mask("id", "item.description", "categories.id").getItemPrices()
 
    required_categories.each do |configuration_entry|
      puts "Category \"#{configuration_entry['itemCategory']['name']}\":"
      category_prices = item_prices.select do |item_price| 
          if item_price['categories']
            item_price['categories'].any? {|category| category['id'] == configuration_entry['itemCategory']['id']} 
          end
 
        end
      category_prices.each do |category_price|
        puts "\t #{category_price['id']} -- #{category_price['item']['description']}"
 
      end
    end

So, the script to provision a Vyatta gateway appliance would look like this:

 #!/usr/bin/ruby
    require 'rubygems'
    require 'softlayer_api'
 
    $SL_API_USERNAME = "xxxx"         # enter your username here
    $SL_API_KEY = "xxxx"   # enter your apiKey here
 
    softlayer_product_package = SoftLayer::Service.new("SoftLayer_Product_Package");
    softLayer_product_order = SoftLayer::Service.new( "SoftLayer_Product_Order");
 
    $product_order= {
        "complexType" => 'SoftLayer_Container_Product_Order_Hardware_Server',  
# a constant that will tell the server what type of thing we're sending it.
        "quantity" => 1,      # We only want 1 virtual guest.
        "hardware"=>[{
                    "hostname"=>"vyattagw", 
                    "domain"=>"test.com"
                    }], 
        "location"=>265592, 
        "packageId"=>174, 
        "prices"=>[
                 {"id"=>13738},  # Single Processor Quad Core Xeon 1270
                 {"id"=>36044},  # Vyatta 6.x Subscription Edition (64 bit)
                 {"id"=>13742},  # 8 GB DDR3 1333 
                 {"id"=>876},  # Non-RAID 
                 {"id"=>19},  # 250GB SATA II 
                 {"id"=>125},  # Unlimited Bandwidth (100 Mbps Uplink)
                 {"id"=>273},  # 100 Mbps Public & Private Networks 
                 {"id"=>906},  # Reboot / KVM over IP 
                 {"id"=>21},  # 1 IP Address 
                 {"id"=>17129},  # 1 IPv6 Address 
                 {"id"=>56},  #  Host Ping 
                 {"id"=>57},  #  Email and Ticket 
                 {"id"=>59},  #  Automated Notification
                 {"id"=>420},  # Unlimited SSL VPN Users & 1 PPTP VPN ...
                 {"id"=>418}]  # Nessus Vulnerability Assessment & Reporting
 
    }
    begin
     result = softLayer_product_order.verifyOrder($product_order) 
# this will verify the order
     puts "The order was verified successfully"
      #  softLayer_product_order.placeOrder($product_order) 
# If you really want to order, uncomment this line
    rescue => error_reason
      puts "The order could not be verified by the server #{error_reason}"
    end

Gateways

Listing Gateways

You can get a list of all gateway appliances from the SoftLayer_Account service with the SoftLayer_Account::getNetworkGateways method. This method returns an array of SoftLayer_Network_Gateway data-type objects.

 softlayer_account= SoftLayer::Service.new("SoftLayer_Account");
    pp softlayer_account.getNetworkGateways

Gateway Details

To get information about a specific gateway, use SoftLayer_Network_Gateway::getObject, which returns a SoftLayer_Network_Gateway object. Use an object mask to include data outside of SoftLayer_Network_Gateway local properties. Here is an example using getObject on the SoftLayer_Network_Gateway, specifying the gateway id (object to retrieve):

 softlayer_network_gateway= SoftLayer::Service.new("SoftLayer_Network_Gateway");
    pp softlayer_network_gateway.object_with_id(server_id).getObject

Canceling Gateways

You can cancel gateways by pulling the Hardware ID from the SoftLayer_Hardware service. In this example, use the server ID from the previous examples to find out the Hardware ID. Once you have the Hardware ID, you can cancel the billing item associated to that Hardware ID using the method cancelItem on the SoftLayer_Billing_Item service.

 object_mask='mask[
                members[
                    hardwareId
 
                    ]
    ]'
    object_mask_2='mask[
                billingItem[
                        id
                    ]
    ]'
    ## get the hardware id
    softlayer_Network_Gateway = SoftLayer::Service.new("SoftLayer_Network_Gateway");
    gateway =softlayer_Network_Gateway.object_mask(object_mask).object_with_id(server_id).getObject 
    ## get the billing item
    softlayer_Hardware = SoftLayer::Service.new("SoftLayer_Hardware");
    item = softlayer_Hardware.object_mask(object_mask_2).object_with_id(gateway['members'][0]['hardwareId']).getObject
    ## cancel the billing item
    softlayer_Billing_Item = SoftLayer::Service.new("SoftLayer_Billing_Item");
    pp softlayer_Billing_Item.object_with_id(item['billingItem']['id']).cancelItem(false,true,'because I want')

VLANs

Attaching

In order to attach a VLAN to the gateway, use the method SoftLayer_Network_Gateway::getPossibleInsideVlans to retrieve the IDs of the VLANs in the account that you can connect to your gateway. Once you have the ids of the possible VLANs, take the ID of the VLAN that will be attached and include it in an object with the following template:

 object = {  :bypassFlag=> false, ## false for routing, true for bypassing
            :id=> nil, 
            :networkGatewayId=>server_id, 
            :networkVlanId=>inside_vlans[0]['id']    ## in this case element 0, because I select the first                               ## VLAN from the array
        }

Finally, the code for attaching a VLAN is as follows:

 softlayer_Network_Gateway = SoftLayer::Service.new("SoftLayer_Network_Gateway");
    pp inside_vlans=softlayer_Network_Gateway.object_with_id(server_id).getPossibleInsideVlans
    object = {  :bypassFlag=> false,  ## false for routing, true for bypassing
            :id=> nil, 
            :networkGatewayId=>server_id, 
            :networkVlanId=>inside_vlans[0]['id']
        }
    vlans= []
    vlans[0]= object
    softlayer_network_gateway_vlan = SoftLayer::Service.new("SoftLayer_Network_Gateway_Vlan");
    pp softlayer_network_gateway_vlan.createObjects(vlans)

If everything goes well, the output should be an object with the template of SoftLayer_Network_Gateway_Vlan data type.

Detaching

In order to detach a VLAN from the gateway, use the method SoftLayer_Network_Gateway::getInsideVlans to get the ID of the link that you want to remove. Use the method SoftLayer_Network_Gateway_Vlan::deleteObject to detach the VLAN from the gateway using:

 softlayer_network_gateway = SoftLayer::Service.new("SoftLayer_Network_Gateway"); 
    pp inside_vlans=softlayer_network_gateway .object_with_id(server_id).getInsideVlans
    softlayer_network_gateway_vlan = SoftLayer::Service.new("SoftLayer_Network_Gateway_Vlan");
    vlans= []
 
    object = {  :bypassFlag=> false, 
            :id=> inside_vlans[0]['id'], 
            :networkGatewayId=>server_id, 
            :networkVlanId=>inside_vlans[0]['networkVlanId']}
    vlans[0]= object
    pp softlayer_network_gateway_vlan.deleteObjects(vlans)

If everything goes well, the output of this request should be nil.

Routing

Routing a VLAN through a gateway will send all packets traveling to or from the public network and to or from the private network through the gateway. This lets the gateway operate over them in allowing, dropping, and more.

To set the routing mode for a VLAN in the gateway, get the ID of the VLAN attached to the gateway with the method SoftLayer_Network_Gateway::getInsideVlans. Once you have the ID, use the method SoftLayer_Network_Gateway_Vlan::unbypass to route the VLAN with this:

 softlayer_Network_Gateway = SoftLayer::Service.new("SoftLayer_Network_Gateway");
    inside_vlans=softlayer_Network_Gateway.object_with_id(server_id).getInsideVlans
    softlayer_network_gateway_vlan = SoftLayer::Service.new("SoftLayer_Network_Gateway_Vlan");
    pp softlayer_network_gateway_vlan.object_with_id(inside_vlans[0]['id']).unbypass() 
                            # We use the first VLAN in the array of the possible VLANs

Bypassing

Last but not least, bypassing a VLAN will send all packets from or to the public network, to or from the private network, and avoid passing them through the gateway. This way the gateway will not operate over them. It acts as if there is no gateway.

To set the bypassing mode for a VLAN in the gateway, get the ID of the VLAN attached to the gateway with the method SoftLayer_Network_Gateway::getInsideVlans. Once you have the ID, use the method SoftLayer_Network_Gateway_Vlan::unbypass to route the VLAN with this:

 softlayer_Network_Gateway = SoftLayer::Service.new("SoftLayer_Network_Gateway");
    inside_vlans=softlayer_Network_Gateway.object_with_id(server_id).getInsideVlans
    softlayer_network_gateway_vlan = SoftLayer::Service.new("SoftLayer_Network_Gateway_Vlan");
    pp softlayer_network_gateway_vlan.object_with_id(inside_vlans[0]['id']).bypass() 
                            # We use the first VLAN in the array of the possible VLANs

-Chechu (Jesus Arteche)