Supporting Policy Based VPN Tunnels (Access Lists + Crypto Maps) #17599
Labels
status: needs triage
This issue is awaiting triage by a maintainer
type: feature
Introduction of new functionality to the application
NetBox version
v4.0.11
Feature type
Data model extension
Proposed functionality
Brought up for discussion in #17385
Route based VPN tunnels are supported in Netbox as of 3.7.0 (see #9816). That proposal was scoped to only include Route based tunnels specifically, as Policy based tunnels requires the addition of what Cisco calls Crypto Maps to enable differentiation of multiple tunnels on the same interface (see #14666).
I propose that support for modeling policy based VPN tunnels is added to Netbox. This necessitates the creation of several new objects and relations in Netbox, including Access Lists and Crypto Maps. I based the rough outline of the Access List objects on cruse1977's netbox-acls plugin.
We use mostly Cisco equipment, so this model is going to be skewed in that direction, please let me know if the model can be made more general, either through changing the names of objects or their metadata/relations to eachother.
Note that I am not a developer, so I don't know the way in which objects and relations are connected in the backend, so my "Database changes" section may be a bit naive. I'm hoping that someone with more development chops can translate it to the proper format if or where it is necessary.
I've included a copy of my draw.io diagram that I've used to map out the different objects and relations during the process. It's a little messy and inconsistent with regards to colors etc., but should still give a decent overview.
Netbox Policy Based VPN PoC-V2.pdf
I believe this is everything one needs to properly model a Policy based VPN tunnel.
Are the contents of this FR sufficient with the database changes section + the drawing? Or should i type up a detailed description of each part of the feature? (it would likely be several pages)
Another question is with regards to splitting the FR into several constituent parts, this could also be done if necessary (one for ACL, one for Crypto maps, etc).
Use case
This feature would allow users to properly model Policy based VPN tunnels in Netbox.
Also, with the addition of Access Lists natively in Netbox, then need for a separate plugin for ACLs would be removed.
Database changes
The following new types of objects would be created in Netbox:
Lines with ** are things I am unsure about, and I welcome more input.
Changes to existing objects in Netbox:
External dependencies
Not sure about this one.
The text was updated successfully, but these errors were encountered: