Secure Overlay APIs

Table 1. Secure Overlay APIs
Action	Method	Payload Required	API
To create secure overlay configuration	POST	Yes	/api/config/secure-overlays
To get secure overlay configuration	GET	No	/api/config/secure-overlays?deep
To delete secure overlay configuration	DELETE	No	/api/config/secure-overlays
To get secure overlay state data	GET	No	/api/operational/secure-overlays

Example for secure overlay payload


<secure-overlay>
	<name>mgmthub</name>
	<local-bridge>wan-br</local-bridge>
	<local-system-ip-addr>34.34.34.4</local-system-ip-addr>
	<remote-interface-ip-addr>10.85.189.36</remote-interface-ip-addr>
	<remote-system-ip-addr>10.19.18.251</remote-system-ip-addr>
	<remote-id>mgmt-hub.cloudvpn.com</remote-id>
	<psk>
		<local-psk>Cisco1234Admin</local-psk>
		<remote-psk>Cisco1234Admin</remote-psk>
	</psk>
</secure-overlay>

Table 2. Description for Secure Overlay Payloads
Property	Type	Description	Mandatory
name	String	Name of secure overlay connection.	Yes
description	String	Description of secure overlay connection	No
local-bridge	String	Local bridge name for overlay (default wan-br)	No
local-system-ip-addr	String	Local overlay system IPv4 address.	No
local-system-ip-subnet	String	Local overlay subnet. H.H.H.H/N Default is /32	No
remote-interface-ip-addr	String	Remote interface IPv4 address; FQDN	Yes
remote-system-ip-addr	List of strings max element 2	Remote system IPv4 address	No
remote-system-ip-subnet	List of strings max element 2	List of remote system IPv4 subnets Default is /24 for each remote system IP address.	No
remote-id	List of strings max element 2	Remote id for overlay - IP, FQDN, Distinguished Name, or email domain (default remote-interface-ip-addr)	No
ike-cipher	String	IKE algorithms. Possible values: aes128-sha1-modp1536, aes256-sha512-modp2048, aes256-sha512-modp4096 Default: aes128-sha1-modp1536	No
esp-cipher	String	ESP algorithms. Possible values: aes128-sha1, aes256-sha512, aes256-sha512-modp2048, aes256-sha512-modp4096, es128-sha1-modp1536, aes256-sha1-modp2048, and aes256-sha256-modp2048 Default: aes128-sha1	No
psk	String	Pre-shared-key for authentication	No
psk local-psk	String	Local pre-shared-key	Yes if PSK
psk remote-psk	String	Remote pre-shared-key	Yes if PSK
local-id	String	Local id for overlay - IP, FQDN, or email domain (default local-bridge IP address)	No
dual-local-bridge	String	Secondary local bridge name for overlay in case of dual WAN interface	No
local-system-ip-bridge	String	Internal management network bridge used for private tunnel endpoint. If configured, must be int-mgmt-net.	No
eap	String	Extensible Authentication Protocol for authentication	No
cacert	String	EAP CA Server certificate location	Yes if EAP
method	String	EAP hash method Possible values: eap-md5 Default: eap-md5	No
username	String	EAP local identity	Yes if EAP
password	String	EAP local identity password	Yes if EAP
bgp-neighbor-name	String	Name tag corresponding to BGP neighbor used over secure overlay.	No

Note

When you configure a list of two remote system IP addresses, subnets, and remote IDs, each list must have consistent order for the remote system configurations provided.

Example: POST Secure Overlay APIs


curl -k -v -u "admin:123#Admin" -H Accept:application/vnd.yang.data+xml -H Content-Type:application/vnd.yang.data+xml -X POST https://209.165.201.1/api/config/secure-overlays -d '
<secure-overlay>
	<name>mgmthub</name>
	<local-bridge>wan-br</local-bridge>
	<local-system-ip-addr>10.0.0.1</local-system-ip-addr>
	<remote-interface-ip-addr>10.0.0.1</remote-interface-ip-addr>
	<remote-system-ip-addr>10.0.0.2</remote-system-ip-addr>
	<remote-id>mgmt-hub.cloudvpn.com</remote-id>
	<psk>
		<local-psk>1234Admin</local-psk>
		<remote-psk>1234Admin</remote-psk>
	</psk>
</secure-overlay>'

Example: POST create secure overlaywith int-mgmt-net ip as local system ip address


curl -k -v -u "admin:admin" -H Accept:application/vnd.yang.data+xml -H Content-Type:application/vnd.yang.data+xml -X POST https://209.165.201.1/api/config/secure-overlays -d '
<secure-overlay> 
<name>mgmthub</name> 
	<local-bridge>wan-br</local-bridge> 
	<local-system-ip-addr>10.0.0.4</local-system-ip-addr>
	<local-system-ip-bridge>int-mgmt-net</local-system-ip-bridge>
	<remote-interface-ip-addr>10.0.0.1</remote-interface-ip-addr> 
	<remote-system-ip-addr>10.0.0.2</remote-system-ip-addr> 
	<remote-id>mgmt-hub.cloudvpn.com</remote-id> 
	<psk> 
		<local-psk>Cisco1234Admin</local-psk> 
		<remote-psk>Cisco1234Admin</remote-psk> 
	</psk> 
</secure-overlay>'

Example: GET Secure Overlay APIs


curl -k -v -u "admin:123#Admin" -X GET "https://209.165.201.1/api/config/secure-overlays?deep"

Example: GET Secure Overlay APIs


curl -k -v -u "admin:123#Admin" -X GET "https://209.165.201.1/api/operational/secure-overlays?deep"

Example: DELETE Secure Overlay APIs


curl -k -v -u "admin:123#Admin" -X DELETE "https://209.165.201.1/api/config/secure-overlays"

Single IP Configuration APIs

Table 3. Secure Overlay APIs
Action	Method	Payload Required	API
To create single IP configuration	POST	Yes	/api/config/single-ip-mode
To get single IP configuration	GET	No	/api/config/single-ip-mode
To delete single IP configuration	DELETE	No	/api/config/single-ip-mode
To get single IP configuration state information	GET	No	/api/operational/single-ip-mode

Example for single IP configuration payload


<single-ip-mode>
	<vm-name>ROUTER.ROUTER</vm-name>
</single-ip-mode>"

Table 4. Description for Single IP Payload
Property	Type	Description	Mandatory
vm-name	String	Name of VM taking the public IP.	Yes

Example: POST Single IP configuration APIs


curl -k -v -u "admin:123#Admin" -H Accept:application/vnd.yang.data+xml -H Content-Type:application/vnd.yang.data+xml -X PUT https://209.165.201.1/api/config/single-ip-mode -d "
<single-ip-mode>
	<vm-name>ROUTER.ROUTER</vm-name>
</single-ip-mode>"

Example: GET Single IP configuration APIs


curl -k -v -u "admin:123#Admin" -X GET "https://209.165.201.1/api/config/single-ip-mode"

Example: GET Single IP configuration APIs


curl -k -v -u "admin:123#Admin" -X GET "https://209.165.201.1/api/operational/single-ip-mode"

Example: DELETE Single IP configuration APIs


curl -k -v -u "admin:123#Admin" -X DELETE "https://209.165.201.1/api/config/single-ip-mode"

API Reference for Cisco Enterprise Network Function Virtualization Infrastructure Software

Bias-Free Language

Book Title

API Reference for Cisco Enterprise Network Function Virtualization Infrastructure Software

Chapter Title