在傳送 IPSec VPN 工作階段的組態更新要求後,您可以在傳輸節點上的 NSX-T Data Center 本機控制平面中查看要求的狀態是否已成功處理。
建立 IPSec VPN 工作階段時,會建立多個實體:IKE 設定檔、DPD 設定檔、通道設定檔、本機端點、IPSec VPN 服務,以及 IPSec VPN 工作階段。所有這些實體共用相同的 IPSecVPNSession
橫跨範圍,因此您可以使用同一個 GET API 呼叫來取得 IPSec VPN 工作階段之所有實體的實現狀態。您可以僅使用 API 來查看實現狀態。
必要條件
- 自行熟悉 IPSec VPN。請參閱瞭解 IPSec VPN。
- 確認已成功設定 IPSec VPN。請參閱新增 IPSec VPN 服務。
- 您必須具有 NSX Manager API 的存取權。
程序
- 傳送 POST、PUT 或 DELETE 要求 API 呼叫。
例如:
PUT https://<nsx-mgr>/api/v1/vpn/ipsec/sessions/8dd1c386-9b2c-4448-85b8-51ff649fae4f { "resource_type": "PolicyBasedIPSecVPNSession", "id": "8dd1c386-9b2c-4448-85b8-51ff649fae4f", "display_name": "Test RZ_UPDATED", "ipsec_vpn_service_id": "7adfa455-a6fc-4934-a919-f5728957364c", "peer_endpoint_id": "17263ca6-dce4-4c29-bd8a-e7d12bd1a82d", "local_endpoint_id": "91ebfa0a-820f-41ab-bd87-f0fb1f24e7c8", "enabled": true, "policy_rules": [ { "id": "1026", "sources": [ { "subnet": "1.1.1.0/24" } ], "logged": true, "destinations": [ { "subnet": "2.1.4..0/24" } ], "action": "PROTECT", "enabled": true, "_revision": 1 } ] }
- 在傳回的回應標頭中找到並複製
x-nsx-requestid
的值。例如:x-nsx-requestid e550100d-f722-40cc-9de6-cf84d3da3ccb
- 使用下列 GET 呼叫來要求 IPSec VPN 工作階段的實現狀態。
GET https://<nsx-mgr>/api/v1/vpn/ipsec/sessions/<ipsec-vpn-session-id>/state?request_id=<request-id>
下列 API 呼叫使用上述步驟所用範例中的id
和x-nsx-requestid
值。GET https://<nsx-mgr>/api/v1/vpn/ipsec/sessions/8dd1c386-9b2c-4448-85b8-51ff649fae4f/state?request_id=e550100d-f722-40cc-9de6-cf84d3da3ccb
以下是您在實現狀態為in_progress
時收到的回應範例。{ "details": [ { "sub_system_type": "TransportNode", "sub_system_id": "fe651e63-04bd-43a4-a8ec-45381a3b71b9", "state": "in_progress", "failure_message": "CCP Id:ab5958df-d98a-468e-a72b-d89dcdae5346, Message:State realization is in progress at the node." }, { "sub_system_type": "TransportNode", "sub_system_id": "ebe174ac-e4f1-4135-ba72-3dd2eb7099e3", "state": "in_sync" } ], "state": "in_progress", "failure_message": "The state realization is in progress at transport nodes." }
以下是您在實現狀態為in_sync
時收到的回應範例。{ "details": [ { "sub_system_type": "TransportNode", "sub_system_id": "7046e8f4-a680-11e8-9bc3-020020593f59", "state": "in_sync" } ], "state": "in_sync" }
以下是您在實現狀態為unknown
時收到的可能回應範例。{ "state": "unknown", "failure_message": "Unable to get response from any CCP node. Please retry operation after some time." }
{ "details": [ { "sub_system_type": "TransportNode", "sub_system_id": "3e643776-5def-11e8-94ae-020022e7749b", "state": "unknown", "failure_message": "CCP Id:ab5958df-d98a-468e-a72b-d89dcdae5346, Message: Unable to get response from the node. Please retry operation after some time." }, { "sub_system_type": "TransportNode", "sub_system_id": "4784ca0a-5def-11e8-93be-020022f94b73", "state": "in_sync" } ], "state": "unknown", "failure_message": "The state realization is unknown at transport nodes" }
在執行實體DELETE
作業之後,您可能會收到NOT_FOUND
狀態,如下列範例所示。{ "http_status": "NOT_FOUND", "error_code": 600, "module_name": "common-services", "error_message": "The operation failed because object identifier LogicalRouter/61746f54-7ab8-4702-93fe-6ddeb804 is missing: Object identifiers are case sensitive.." }
如果停用與此工作階段相關聯的 IPSec VPN 服務,您會收到 BAD_REQUEST 回應,如下列範例所示。{ "httpStatus": "BAD_REQUEST", "error_code": 110199, "module_name": "VPN", "error_message": "VPN service f9cfe508-05e3-4e1d-b253-fed096bb2b63 associated with the session 8dd1c386-9b2c-4448-85b8-51ff649fae4f is disabled. Can not get the realization status." }