NSX-T Data Center Global Manager REST API
Deprecated Types and Methods
** Deprecated Type Definitions
LBPassiveMonitorProfile:
The passive type of LBMonitorProfile. LBPassiveMonitorProfile is deprecated
as NSX-T Load Balancer is deprecated.
LBServerSslProfileBinding:
Server SSL profile binding. LBServerSslProfileBinding is deprecated as NSX-T
Load Balancer is deprecated.
PolicyDHGroup:
Diffie-Hellman groups represent algorithm used to derive shared keys between
IPSec VPN initiator and responder over an unsecured network. GROUP2 uses
1024-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP
group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group.
GROUP16 uses 4096-bit MODP group.
AddressBindingSource:
Source from which the address binding is obtained
LBSessionCookieTime:
Session cookie time.
ChildCommunicationMap:
Child wrapper object for CommunicationMap, used in hierarchical API This
type is deprecated. Use the type ChildSecurityPolicy instead.
CookiePersistenceModeType:
If the persistence cookie is found in the incoming request, value of the
cookie is used to identify the server that this request should be sent to.
If the cookie is not found, then the server selection algorithm is used to
select a new server to handle that request. Three different modes of cookie
persistence are supported: insert, prefix and rewrite. In cookie insert
mode, a cookie is inserted by load balancer in the HTTP response going from
server to client. In cookie prefix and rewrite modes, server controls the
cookie and load balancer only manipulates the value of the cookie. In prefix
mode, server's cookie value is prepended with the server IP and port and
then sent to the client. In rewrite mode, entire server's cookie value is
replaced with the server IP and port in the response before sending it to
the client.
DuplicateAddressBindingEntry:
Duplicate address binding information
LBHttpRequestUriArgumentsCondition:
This condition is used to match URI arguments aka query string of Http
request messages, for example, in URI http://exaple.com?foo=1&bar=2, the
"foo=1&bar=2" is the query string containing URI arguments. In an URI
scheme, query string is indicated by the first question mark ("?") character
and terminated by a number sign ("#") character or by the end of the URI.
The uri_arguments field can be specified as a regular expression(Set
match_type to REGEX). For example, "foo=(?<x>\d+)". It matches HTTP
requests whose URI arguments containing "foo", the value of foo contains
only digits. And the value of foo is captured as $x which can be used in
LBRuleAction fields which support variables.
LbRuleMatchType:
LbRuleMatchType is used to determine how a specified string value is used to
match a specified LbRuleCondition field. STARTS_WITH: If the LbRuleCondition
field starts with specified string, the condition matches. The fields with
this match type are specified as strings, not regular expressions.
ENDS_WITH: If the LbRuleCondition field ends with specified string, the
condition matches. The fields with this match type are specified as strings,
not regular expressions. EQUALS: If the LbRuleCondition field is same as the
specified string, the condition matches. The fields with this match type are
specified as strings, not regular expressions. CONTAINS: If the
LbRuleCondition field contains the specified string, the condition matches.
The fields with this match type are specified as strings, not regular
expressions. REGEX: If the LbRuleCondition field matches specified regular
expression, the condition matches. The regular expressions in load balancer
rules use the features common to both Java regular expressions and Perl
Compatible Regular Expressions (PCREs) with some restrictions. Reference
http://www.pcre.org for PCRE and the NSX-T Administrator's Guide for the
restrictions. If named capturing groups are used in the regular expression,
when a match succeeds, the substrings of the subject string that match named
capturing groups are stored (captured) in variables with specific names
which can be used in the fields of LbRuleAction which support variables.
Named capturing group are defined in the format (?<name>subpattern),
such as (?<year>\d{4}). For example, in the regular expression:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)", for
subject string "/news/2017/06/xyz.html", the substring "2017" is captured in
variable year, "06" is captured in variable month, and "xyz.html" is
captured in variable article. These variables can be used in LbRuleAction
fields which support variables in form of $name, such as $year, $month,
$article. Please note, when regular expressions are used in JSON(JavaScript
Object Notation) string, every backslash character (\) needs to be escaped
by one additional backslash character.
LBServerAuthType:
Server authentication could be AUTO_APPLY, REQUIRED or IGNORE, it is used to
specify if the server certificate presented to the load balancer during
handshake should be actually validated or not. Validation is automatic by
default when server_auth_ca_certificate_paths are configured and IGNORED
when they are not configured. If validation is REQUIRED, then to be
accepted, server certificate must be signed by one of the trusted CAs whose
self signed certificates are specified in the same server-side SSL profile
binding.
LBCookieTime:
Cookie time.
LBHttpRequestVersionCondition:
This condition is used to match the HTTP protocol version of the HTTP
request messages.
ChildL2Vpn:
Child wrapper object for L2Vpn, used in hierarchical API.
DhcpStatistics:
(missing)
L2VpnContext:
L2Vpn Context provides meta-data information about the parent Tier-0.
LBSslSniCondition:
This condition is used to match SSL SNI in client hello. This condition is
only supported in TRANSPORT phase and HTTP_FORWARDING.
L3Vpn:
Contains information necessary to configure IPSec VPN.
PortAttacher:
VM or vmknic entity attached to LogicalPort
LBHttpRequestBodyCondition:
This condition is used to match the message body of an HTTP request.
Typically, only HTTP POST, PATCH, or PUT requests have request body. The
match_type field defines how body_value field is used to match the body of
HTTP requests.
CommunicationMap:
Ordered list of CommunicationEntries. This object is created by default
along with the Domain. This type is deprecated. Use the type SecurityPolicy
instead.
CommunicationEntry:
A communication entry indicates the action to be performed for various types
of traffic flowing between workload groups. This type is deprecated. Use the
type Rule instead.
LBCookiePersistenceProfile:
Some applications maintain state and require all relevant connections to be
sent to the same server as the application state is not synchronized among
servers. Persistence is enabled on a LBVirtualServer by binding a
persistence profile to it. LBCookiePersistenceProfile is deprecated as NSX-T
Load Balancer is deprecated.
AddressBindingEntry:
An address binding entry is a combination of the IP-MAC-VLAN binding for a
logical port. The address bindings can be obtained via various methods like
ARP snooping, DHCP snooping etc. or by user configuration.
PolicyIPAddressInfo:
Used to specify the display name and value of the IPv4Address.
PacketAddressClassifier:
A packet is classified to have an address binding, if its address
configuration matches with all user specified properties.
LbSslSessionReusedType:
Type of SSL session reused
LbHttpRequestHeader:
(missing)
GenericDhcpOption:
Define DHCP options other than option 121.
PolicyIKEDigestAlgorithm:
The IKEDigestAlgorithms are used to verify message integrity during IKE
negotiation. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.
DhcpServerStatus:
(missing)
LBRuleActionType:
Types of load balancer rule actions.
LBHttpSslCondition:
This condition is used to match SSL handshake and SSL connection at all
phases.If multiple properties are configured, the rule is considered a match
when all the configured properties are matched.
L3VpnSessionResourceType:
- A Policy Based L3Vpn is a configuration in which protect rules to match
local and remote subnet needs to be defined. Tunnel is established for each
pair of local and remote subnet defined in protect rules. - A Route Based
L3Vpn is more flexible, more powerful and recommended over policy based. IP
Tunnel subnet is created and all traffic routed through tunnel subnet
(commonly known as VTI) is sent over tunnel. Routes can be learned through
BGP. A route based L3Vpn is required when using redundant L3Vpn.
LBJwtKeyType:
It is used to identify JWT key type.
SslProtocol:
SSL protocol
LBRuleConditionType:
Type of load balancer rule match condition.
LBSelectPoolAction:
This action is used to select a pool for matched HTTP request messages. The
pool is specified by path. The matched HTTP request messages are forwarded
to the specified pool.
LBHttpResponseHeaderCondition:
This condition is used to match HTTP response messages from backend servers
by HTTP header fields. HTTP header fields are components of the header
section of HTTP request and response messages. They define the operating
parameters of an HTTP transaction. For example, Cookie, Authorization, User-
Agent, etc. One condition can be used to match one header field, to match
multiple header fields, multiple conditions must be specified. The
match_type field defines how header_value field is used to match HTTP
responses. The header_name field does not support match types.
LBHttpRequestHeaderDeleteAction:
This action is used to delete header fields of HTTP request messages at
HTTP_REQUEST_REWRITE phase. One action can be used to delete all headers
with same header name. To delete headers with different header names,
multiple actions must be defined.
DhcpLeases:
(missing)
LBHttpRequestHeaderCondition:
This condition is used to match HTTP request messages by HTTP header fields.
HTTP header fields are components of the header section of HTTP request and
response messages. They define the operating parameters of an HTTP
transaction. For example, Cookie, Authorization, User-Agent, etc. One
condition can be used to match one header field, to match multiple header
fields, multiple conditions must be specified. The match_type field defines
how header_value field is used to match HTTP requests. The header_name field
does not support match types.
ChildL3VpnContext:
Child wrapper object for L3VpnContext, used in hierarchical API.
LBSnatAutoMap:
Snat auto map.
LBPersistenceCookieTime:
Persistence cookie time.
LBRuleAction:
Load balancer rule actions are used to manipulate application traffic.
Currently load balancer rules can be used at three load balancer processing
phases. Each phase has its own supported type of actions. Supported actions
in HTTP_REQUST_REWRITE phase are: LBHttpRequestUriRewriteAction
LBHttpRequestHeaderRewriteAction LBHttpRequestHeaderDeleteAction
LBVariableAssignmentAction Supported actions in HTTP_FORWARDING phase are:
LBHttpRejectAction LBHttpRedirectAction LBSelectPoolAction
LBVariablePersistenceOnAction LBConnectionDropAction Supported action in
HTTP_RESPONSE_REWRITE phase is: LBHttpResponseHeaderRewriteAction
LBHttpResponseHeaderDeleteAction LBVariablePersistenceLearnAction
Supported action in HTTP_ACCESS phase is: LBJwtAuthAction
LBConnectionDropAction LBVariableAssignmentAction Supported action in
TRANSPORT phase is: LBSslModeSelectionAction LBSelectPoolAction If the
match type of an LBRuleCondition field is specified as REGEX and named
capturing groups are used in the specified regular expression. The groups
can be used as variables in LBRuleAction fields. For example, define a rule
with LBHttpRequestUriCondition as match condition and
LBHttpRequestUriRewriteAction as action. Set match_type field of
LBHttpRequestUriCondition to REGEX, and set uri field to
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)". Set uri
field of LBHttpRequestUriRewriteAction to: "/news/$year-$month/$article"
In uri field of LBHttpRequestUriCondition, the (?<year>\d+),
(?<month>\d+) and (?<article>.*) are named capturing groups,
they define variables named $year, $month and $article respectively. The
defined variables are used in LBHttpRequestUriRewriteAction. For a matched
HTTP request with URI "/news/2017/06/xyz.html", the substring "2017" is
captured in variable $year, "06" is captured in variable $month, and
"xyz.html" is captured in variable $article. The
LBHttpRequestUriRewriteAction will rewrite the URI to:
"/news/2017-06/xyz.html" A set of built-in variables can be used in
LBRuleAction as well. The name of built-in variables start with underscore,
the name of user defined variables is not allowed to start with underscore.
Following are some of the built-in variables: $_scheme: Reference the
scheme part of matched HTTP messages, could be "http" or "https". $_host:
Host of matched HTTP messages, for example "www.example.com".
$_server_port: Port part of URI, it is also the port of the server which
accepted a request. Default port is 80 for http and 443 for https. $_uri:
The URI path, for example "/products/sample.html". $_request_uri: Full
original request URI with arguments, for example,
"/products/sample.html?a=b&c=d". $_args: URI arguments, for instance
"a=b&c=d" $_is_args: "?" if a request has URI arguments, or an empty
string otherwise. For the full list of built-in variables, please reference
the NSX-T Administrator's Guide.
DhcpIpPoolUsage:
(missing)
L3VpnContext:
L3Vpn Context provides the configuration context that different L3Vpns can
consume.
PolicyTunnelDigestAlgorithm:
The TunnelDigestAlgorithms are used to verify message integrity during
tunnel establishment. SHA1 produces 160 bits hash and SHA2_XXX produces XXX
bit hash.
L3VpnSubnet:
Used to specify subnets in L3Vpn rule.
ChildL2VpnContext:
Child wrapper object for L2VpnContext, used in hierarchical API.
LBServerSslProfile:
Server SSL profile. LBServerSslProfile is deprecated as NSX-T Load Balancer
is deprecated.
ChildLBClientSslProfile:
Child wrapper for LBClientSslProfile, used in hierarchical API.
ChildCommunicationEntry:
Child wrapper object for CommunicationEntry, used in hierarchical API This
type is deprecated. Use the type ChildRule instead.
ChildDeploymentZone:
Child wrapper object for DeploymentZone, used in hierarchical API
TunnelSubnet:
(missing)
LBTcpMonitorProfile:
Active healthchecks are disabled by default and can be enabled for a server
pool by binding a health monitor to the Group through the LBRule object.
This represents active health monitoring over TCP. Active healthchecks are
initiated periodically, at a configurable interval, to each member of the
Group. Only if a healthcheck fails consecutively for a specified number of
times (fall_count) to a member will the member status be marked DOWN. Once a
member is DOWN, a specified number of consecutive successful healthchecks
(rise_count) will bring the member back to UP state. After a healthcheck is
initiated, if it does not complete within a certain period, then also the
healthcheck is considered to be unsuccessful. Completing a healthcheck
within timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the configured
timeout. LBTcpMonitorProfile is deprecated as NSX-T Load Balancer is
deprecated.
LBHttpResponseHeaderRewriteAction:
This action is used to rewrite header fields of HTTP response messages to
specified new values at HTTP_RESPONSE_REWRITE phase. One action can be used
to rewrite one header field. To rewrite multiple header fields, multiple
actions must be defined. Captured variables and built-in variables can be
used in the header_value field, header_name field does not support
variables.
LBHttpResponseHeaderDeleteAction:
This action is used to delete header fields of HTTP response messages at
HTTP_RESPONSE_REWRITE phase. One action can be used to delete allgi headers
with same header name. To delete headers with different header names,
multiple actions must be defined.
LBHttpRequestMethodCondition:
This condition is used to match method of HTTP requests. If the method of an
HTTP request is same as the method specified in this condition, the HTTP
request match this condition. For example, if the method field is set to GET
in this condition, any HTTP request with GET method matches the condition.
LBSslProfile:
Load balancer abstract SSL profile.
PolicyTunnelEncryptionAlgorithm:
TunnelEncryption algorithms are used to ensure confidentiality of the
messages exchanged during Tunnel negotiations. AES stands for Advanced
Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit
keys for encryption and decryption. AES_128 and AES_256 use CBC mode of
encryption. AES_GCM stands for Advanced Encryption Standard(AES) in
Galois/Counter Mode (GCM) and is used to provide both confidentiality and
data origin authentication.
LBHttpRequestCookieCondition:
This condition is used to match HTTP request messages by cookie which is a
specific type of HTTP header. The match_type and case_sensitive define how
to compare cookie value.
LBVariableAssignmentAction:
This action is used to create a new variable and assign value to it. One
action can be used to create one variable. To create multiple variables,
multiple actions must be defined. The variables can be used by
LBVariableCondition, etc.
LBUdpMonitorProfile:
Active healthchecks are disabled by default and can be enabled for a server
pool by binding a health monitor to the Group through the LBRule object.
This represents active health monitoring over UDP. Active healthchecks are
initiated periodically, at a configurable interval, to each member of the
Group. Only if a healthcheck fails consecutively for a specified number of
times (fall_count) to a member will the member status be marked DOWN. Once a
member is DOWN, a specified number of consecutive successful healthchecks
(rise_count) will bring the member back to UP state. After a healthcheck is
initiated, if it does not complete within a certain period, then also the
healthcheck is considered to be unsuccessful. Completing a healthcheck
within timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the configured
timeout. LBUdpMonitorProfile is deprecated as NSX-T Load Balancer is
deprecated.
LBRuleCondition:
Match conditions are used to match application traffic passing through load
balancers. Multiple match conditions can be specified in one load balancer
rule, each match condition defines a criterion for application traffic. If
inverse field is set to true, the match result of the condition is inverted.
If more than one match condition is specified, match strategy determines if
all conditions should match or any one condition should match for the load
balancer rule to be considered a match. Currently only HTTP messages are
supported by load balancer rules. Each load balancer rule is used at a
specific phase of load balancer processing. Currently three phases are
supported, HTTP_REQUEST_REWRITE, HTTP_FORWARDING and HTTP_RESPONSE_REWRITE.
Each phase supports certain types of match conditions, supported match
conditions in HTTP_REQUEST_REWRITE phase are: LBHttpRequestMethodCondition
LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition LBHttpRequestBodyCondition LBTcpHeaderCondition
LBIpHeaderCondition LBVariableCondition LBHttpSslCondition Supported match
conditions in HTTP_FORWARDING phase are: LBHttpRequestMethodCondition
LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition LBHttpRequestBodyCondition LBTcpHeaderCondition
LBIpHeaderCondition LBVariableCondition LBHttpSslCondition LBSslSniCondition
Supported match conditions in HTTP_RESPONSE_REWRITE phase are:
LBHttpResponseHeaderCondition LBHttpRequestMethodCondition
LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition LBTcpHeaderCondition LBIpHeaderCondition
LBVariableCondition LBHttpSslCondition Supported match condition in
HTTP_ACCESS phase is: LBHttpRequestMethodCondition LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition LBHttpRequestCookieCondition
LBHttpRequestBodyCondition LBTcpHeaderCondition LBIpHeaderCondition
LBVariableCondition LBHttpSslCondition Supported match condition in
TRANSPORT phase is: LBSslSniCondition
L2Vpn:
Contains information necessary to configure L2Vpn.
ClientAuthType:
Client authentication could be REQUIRED or IGNORE. REQUIRED means that
client is required to present its certificate to the server for
authentication. To be accepted, client certificate must be signed by one of
the trusted Certificate Authorities (CAs), also referred to as root CAs,
whose self signed certificates are specified in the same client SSL profile
binding. IGNORE means that client certificate would be ignored.
LBJwtKey:
LBJwtKey specifies the symmetric key or asymmetric public key used to
decrypt the data in JWT.
LBJwtCertificateKey:
The key is used to specify certificate which is used to verify the signature
of JWT tokens.
LBHttpRedirectAction:
This action is used to redirect HTTP request messages to a new URL. The
reply_status value specified in this action is used as the status code of
HTTP response message which is sent back to client (Normally a browser). The
HTTP status code for redirection is 3xx, for example, 301, 302, 303, 307,
etc. The redirect_url is the new URL that the HTTP request message is
redirected to. Normally browser will send another HTTP request to the new
URL after receiving a redirection response message. Captured variables and
built-in variables can be used in redirect_url field. For example, to
redirect all HTTP requests to HTTPS requests for a virtual server. We create
an LBRule without any conditions, add an LBHttpRedirectAction to the rule.
Set the redirect_url field of the LBHttpRedirectAction to:
https://$_host$_request_uri And set redirect_status to "302", which means
found. This rule will redirect all HTTP requests to HTTPS server port on the
same host.
PolicyIKEEncryptionAlgorithm:
IKEEncryption algorithms are used to ensure confidentiality of the messages
exchanged during IKE negotiations. AES stands for Advanced Encryption
Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for
encryption and decryption. AES_128 and AES_256 use CBC mode of encryption.
AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter
Mode(GCM) and is used to provide both confidentiality and data origin
authentication. AES_GCM composed of two separate functions one for
encryption(AES) and one for authentication(GMAC). AES_GCM algorithms will be
available with IKE_V2 version only. AES_GMAC_128 uses 128-bit keys.
AES_GMAC_192 uses 192-bit keys. AES_GMAC_256 uses 256-bit keys.
LBHttpRequestUriRewriteAction:
This action is used to rewrite URIs in matched HTTP request messages.
Specify the uri and uri_arguments fields in this condition to rewrite the
matched HTTP request message's URI and URI arguments to the new values. Full
URI scheme of HTTP messages have following syntax:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment] The uri
field of this action is used to rewrite the /path part in above scheme. And
the uri_arguments field is used to rewrite the query part. Captured
variables and built-in variables can be used in the uri and uri_arguments
fields. Check the example in LBRuleAction to see how to use variables in
this action.
LBConnectionDropAction:
This action is used to drop the connections. There is no extra propery in
this action. If there is no match condition specified, the connection will
be always dropped. This action can be specified at HTTP_ACCESS or
HTTP_FORWARDING pahse.
ChildL3Vpn:
Child wrapper object for L3Vpn, used in hierarchical API.
LBClientSslProfile:
Client SSL profile. LBClientSslProfile is deprecated as NSX-T Load Balancer
is deprecated.
LBJwtSymmetricKey:
The key is used to specify the symmetric key which is used to verify the
signature of JWT tokens.
LBClientCertificateSubjectDnCondition:
Match condition for client certficate subject DN.
PolicyBasedL3VpnSession:
A Policy-based L3Vpn session is a configuration in which a specific vpn
tunnel is referenced in a policy whose action is set as tunnel.
LBHttpRequestHeaderRewriteAction:
This action is used to rewrite header fields of matched HTTP request
messages to specified new values. One action can be used to rewrite one
header field. To rewrite multiple header fields, multiple actions must be
defined. Captured variables and built-in variables can be used in the
header_value field, header_name field does not support variables.
DeploymentZone:
Logical grouping of enforcement points. This is a deprecated type.
DeploymentZone has been renamed to Site. Use Site.
DhcpOption121:
DHCP option 121 to define classless static route.
LBVariablePersistenceLearnAction:
This action is performed in HTTP response rewrite phase. It is used to learn
the value of variable from the HTTP response, and insert an entry into the
persistence table if the entry doesn't exist.
SslCipherGroup:
SSL cipher group
LBIcmpMonitorProfile:
Active healthchecks are disabled by default and can be enabled for a server
pool by binding a health monitor to the Group through the LBRule object.
This represents active health monitoring over ICMP. Active healthchecks are
initiated periodically, at a configurable interval, to each member of the
Group. Only if a healthcheck fails consecutively for a specified number of
times (fall_count) to a member will the member status be marked DOWN. Once a
member is DOWN, a specified number of consecutive successful healt hchecks
(rise_count) will bring the member back to UP state. After a healthcheck is
initiated, if it does not complete within a certain period, then also the
healthcheck is considered to be unsuccessful. Completing a healthcheck
within timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the configured
timeout. LBIcmpMonitorProfile is deprecated as NSX-T Load Balancer is
deprecated.
LBHttpsMonitorProfile:
Active healthchecks are disabled by default and can be enabled for a server
pool by binding a health monitor to the Group through the LBRule object.
This represents active health monitoring over HTTPS. Active healthchecks are
initiated periodically, at a configurable interval, to each member of the
Group. Only if a healthcheck fails consecutively for a specified number of
times (fall_count) to a member will the member status be marked DOWN. Once a
member is DOWN, a specified number of consecutive successful healthchecks
(rise_count) will bring the member back to UP state. After a healthcheck is
initiated, if it does not complete within a certain period, then also the
healthcheck is considered to be unsuccessful. Completing a healthcheck
within timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the configured
timeout. LBHttpsMonitorProfile is deprecated as NSX-T Load Balancer is
deprecated.
ChildLBServerSslProfile:
Child wrapper for LBServerSslProfile, used in hierarchical API.
LBVariableCondition:
This condition is used to match variable's name and value at all phases. The
variables could be captured from REGEX or assigned by
LBVariableAssignmentAction or system embedded variable. Varialbe_name and
variable_value should be matched at the same time.
SslCipher:
SSL cipher
RouteBasedL3VpnSession:
A Route Based L3Vpn is more flexible, more powerful and recommended over
policy based. IP Tunnel subnet is created and all traffic routed through
tunnel subnet is sent over tunnel. Routes can be learned through BGP. A
route based L3Vpn is required when using redundant L3Vpn.
LBHttpRequestUriCondition:
This condition is used to match URIs(Uniform Resource Identifier) of HTTP
request messages. The URI field can be specified as a regular expression. If
an HTTP request message is requesting an URI which matches specified regular
expression, it matches the condition. The syntax of whole URI looks like
this: scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
This condition matches only the path part of entire URI. When match_type
field is specified as REGEX, the uri field is used as a regular expression
to match URI path of HTTP requests. For example, to match any URI that has
"/image/" or "/images/", uri field can be specified as: "/image[s]?/". Named
capturing groups can be used in the uri field to capture substrings of
matched URIs and store them in variables for use in LBRuleAction. For
example, specify uri field as:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)" If the
URI path is /articles/news/2017/06/xyz.html, then substring "2017" is
captured in variable year, "06" is captured in variable month, and
"xyz.html" is captured in variable article. These variables can then be used
in an LBRuleAction field which supports variables, such as uri field of
LBHttpRequestUriRewriteAction. For example, set the uri field of
LBHttpRequestUriRewriteAction as: "/articles/news/$year-$month-$article"
Then the URI path /articles/news/2017/06/xyz.html is rewritten to:
"/articles/news/2017-06-xyz.html"
LBMonitorProfileType:
There are two types of healthchecks: active and passive. Passive
healthchecks depend on failures in actual client traffic (e.g. RST from
server in response to a client connection) to detect that the server or the
application is down. In case of active healthchecks, load balancer itself
initiates new connections (or sends ICMP ping) to the servers periodically
to check their health, completely independent of any data traffic.
Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP
and ICMP protocols.
LBHttpMonitorProfile:
Active healthchecks are disabled by default and can be enabled for a server
pool by binding a health monitor to the Group through the LBRule object.
This represents active health monitoring over HTTP. Active healthchecks are
initiated periodically, at a configurable interval, to each member of the
Group. Only if a healthcheck fails consecutively for a specified number of
times (fall_count) to a member will the member status be marked DOWN. Once a
member is DOWN, a specified number of consecutive successful healthchecks
(rise_count) will bring the member back to UP state. After a healthcheck is
initiated, if it does not complete within a certain period, then also the
healthcheck is considered to be unsuccessful. Completing a healthcheck
within timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the configured
timeout. LBHttpMonitorProfile is deprecated as NSX-T Load Balancer is
deprecated.
LBHttpRejectAction:
This action is used to reject HTTP request messages. The specified
reply_status value is used as the status code for the corresponding HTTP
response message which is sent back to client (Normally a browser)
indicating the reason it was rejected. Reference official HTTP status code
list for your specific HTTP version to set the reply_status properly.
LBHttpRejectAction does not support variables.
HttpRequestMethodType:
http monitor method
L3VpnSession:
Contains information about L3Vpn session.
DhcpLeasePerIP:
(missing)
PolicyIKEVersion:
IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds
to both IKE-V1 and IKE-V2.
LBVariablePersistenceOnAction:
This action is performed in HTTP forwarding phase. It is used to inspect the
variable of HTTP request, and look up the persistence entry with its value
and pool uuid as key. If the persistence entry is found, the HTTP request is
forwarded to the recorded backend server according to the persistence entry.
If the persistence entry is not found, a new entry is created in the table
after backend server is selected.
LBJwtPublicKey:
The key is used to specify the public key content which is used to verify
the signature of JWT tokens.
ChildLBMonitorProfile:
Child wrapper for LBMonitorProfile, used in hierarchical API.
ClasslessStaticRoute:
DHCP classless static route option.
LBActiveMonitor:
All the active types of LBMonitorProfile extend from this abstract class.
This is present for extensibility.
LBClientCertificateIssuerDnCondition:
Match condition for client certficate issuer DN.
LBSnatIpPool:
Snat Ip pool.
LBCookieTimeType:
Both session cookie and persistence cookie are supported, Use
LbSessionCookieTime for session cookie time setting, Use
LbPersistenceCookieTime for persistence cookie time setting
LBClientSslProfileBinding:
Client SSL profile binding. LBClientSslProfileBinding is deprecated as NSX-T
Load Balancer is deprecated.
LBSnatIpElement:
Snat Ip element.
LBXForwardedForType:
X-forwarded-for type.
HttpRequestVersionType:
http request version
LBRule:
Binding of a LBPool and Group to a LBVirtualServer used to route application
traffic passing through load balancers. LBRule uses match conditions to
match application traffic passing through a LBVirtualServer using HTTP or
HTTPS. Can bind multiple LBVirtualServers to a Group. Each LBRule consists
of two optional match conditions, each match contidion defines a criterion
for application traffic. If no match conditions are specified, then the
LBRule will always match and it is used typically to define default rules.
If more than one match condition is specified, then matching strategy
determines if all conditions should match or any one condition should match
for the LBRule to be considered a match. A match indicates that the
LBVirtualServer should route the request to the Group (parent of LBRule).
LBRule is deprecated as NSX-T Load Balancer is deprecated.
LBGenericPersistenceProfile:
Some applications maintain state and require all relevant connections to be
sent to the same server as the application state is not synchronized among
servers. Persistence is enabled on a LBVirtualServer by binding a
persistence profile to it. LBGenericPersistenceProfile cannot be attached to
virtual server directly, it can be specified in LB rule actions. In HTTP
forwarding phase, the profile can be specified in
LBVariablePersistenceOnAction. In HTTP response rewriting phase, the profile
can be specified in LBVariablePersistenceLearnAction.
LBGenericPersistenceProfile is deprecated as NSX-T Load Balancer is
deprecated.
GroupDeleteRequestParameters:
Group delete request parameters
LBTcpHeaderCondition:
This condition is used to match TCP header fields of HTTP messages.
Currently, only the TCP source port is supported. Ports can be expressed as
a single port number like 80, or a port range like 1024-1030.
LBHttpProfile:
Http profile. LBHttpProfile is deprecated as NSX-T Load Balancer is
deprecated.
LBMonitorProfile:
The object is deprecated as NSX-T Load Balancer is deprecated.
LBSslModeSelectionAction:
This action is used to select SSL mode. Three types of SSL mode actions can
be specified in Transport phase, ssl passthrough, ssl offloading and ssl
end-to-end.
L3VpnRule:
For policy-based L3Vpn sessions, a rule specifies as its action the vpn
tunnel to be used for transit traffic that meets the rule's match criteria.
LBJwtAuthAction:
This action is used to control access to backend server resources using JSON
Web Token(JWT) authentication. The JWT authentication is done before any
HTTP manipulation if the HTTP request matches the given condition in LBRule.
Any verification failed, the HTTP process will be terminated, and HTTP
response with 401 status code and WWW-Authentication header will be returned
to client.
LBIpHeaderCondition:
This condition is used to match IP header fields of HTTP messages. Either
source_address or group_id should be specified.
** Deprecated Property Definitions
LBPool.passive_monitor_path:
Passive healthchecks are disabled by default and can be enabled by attaching
a passive health monitor to a server pool. Each time a client connection to
a pool member fails, its failed count is incremented. For pools bound to L7
virtual servers, a connection is considered to be failed and failed count is
incremented if any TCP connection errors (e.g. TCP RST or failure to send
data) or SSL handshake failures occur. For pools bound to L4 virtual
servers, if no response is received to a TCP SYN sent to the pool member or
if a TCP RST is received in response to a TCP SYN, then the pool member is
considered to have failed and the failed count is incremented. The property
is deprecated as NSX-T Load Balancer is deprecated.
LBPool.active_monitor_paths:
In case of active healthchecks, load balancer itself initiates new
connections (or sends ICMP ping) to the servers periodically to check their
health, completely independent of any data traffic. Active healthchecks are
disabled by default and can be enabled for a server pool by binding a health
monitor to the pool. If multiple active monitors are configured, the pool
member status is UP only when the health check status for all the monitors
are UP. The property is deprecated as NSX-T Load Balancer is deprecated.
LBPool.tcp_multiplexing_enabled:
TCP multiplexing allows the same TCP connection between load balancer and
the backend server to be used for sending multiple client requests from
different client TCP connections. The property is deprecated as NSX-T Load
Balancer is deprecated.
LBPool.tcp_multiplexing_number:
The maximum number of TCP connections per pool that are idly kept alive for
sending future client requests. The property is deprecated as NSX-T Load
Balancer is deprecated.
DropdownFilterWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
DropdownFilterWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
DropdownFilterWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
Header.sub_headers:
An array of label-value properties. This field is deprecated instead used
'sub_header_widgets' property to define header widgets.
Segment.address_bindings:
Static address binding used for the Segment. This field is deprecated and
will be removed in a future release. Please use address_bindings in
SegmentPort to configure static bindings.
Segment.ls_id:
This property is deprecated. The property will continue to work as expected
for existing segments. The segments that are newly created with ls_id will
be ignored. Sepcify pre-creted logical switch id for Segment.
UpgradeChecksExecutionStatus.node_with_issues_count:
Number of nodes which generated failures or warnings in last execution of
pre/post-upgrade checks. This field has been deprecated. Please use
failure_count instead.
WidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
WidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
WidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
LBService.access_log_enabled:
Flag to enable access log
LBService.relax_scale_validation:
If relax_scale_validation is true, the scale validations for virtual
servers/pools/pool members/rules are relaxed for load balancer service. When
load balancer service is deployed on edge nodes, the scale of virtual
servers/pools/pool members for the load balancer service should not exceed
the scale number of the largest load balancer size which could be configured
on a certain edge form factor. For example, the largest load balancer size
supported on a MEDIUM edge node is MEDIUM. So one SMALL load balancer
deployed on MEDIUM edge nodes can support the scale number of MEDIUM load
balancer. It is not recommended to enable active monitors if
relax_scale_validation is true due to performance consideration. If
relax_scale_validation is false, scale numbers should be validated for load
balancer service. The property is deprecated as NSX-T Load Balancer is
deprecated.
SecurityPolicy.connectivity_strategy:
This field indicates the default connectivity policy for the security
policy. Based on the connectivity strategy, a default rule for this security
policy will be created. An appropriate action will be set on the rule based
on the value of the connectivity strategy. If NONE is selected or no
connectivity strategy is specified, then no default rule for the security
policy gets created. The default rule that gets created will be a any-any
rule and applied to entities specified in the scope of the security policy.
Specifying the connectivity_strategy without specifying the scope is not
allowed. The scope has to be a Group and one cannot specify IPAddress
directly in the group that is used as scope. This default rule is only
applicable for the Layer3 security policies. This property is deprecated.
Use the type connectivity_preference instead. WHITELIST - Adds a default
drop rule. Administrator can then use "allow" rules (aka whitelist) to allow
traffic between groups BLACKLIST - Adds a default allow rule. Admin can then
use "drop" rules (aka blacklist) to block traffic between groups
WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled
BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No
default rule is created.
SecurityPolicy.logging_enabled:
This property is deprecated. Flag to enable logging for all the rules in the
security policy. If the value is true then logging will be enabled for all
the rules in the security policy. If the value is false, then the rule level
logging value will be honored.
ContainerConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
ContainerConfiguration.layout:
Layout of widgets can be either vertical or horizontal. If layout is not
specified a default horizontal layout is applied. This property is
deprecated. Now the layout inside the container can be taken care with the
help of 'rowspan' and 'colspan' property.
ContainerConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
ContainerConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
UpgradeCheck.failure_messages:
List of failure messages. This field is deprecated now. Please use failures
instead.
L2Extension.l2vpn_path:
This property has been deprecated. Please use the property l2vpn_paths for
setting the paths of associated L2 VPN session. This property will continue
to work as expected to provide backwards compatibility. However, when both
l2vpn_path and l2vpn_paths properties are specified, only l2vpn_paths is
used.
BgpRoutingConfig.graceful_restart:
Flag to enable graceful restart. This field is deprecated, please use
graceful_restart_config parameter for graceful restart configuration. If
both parameters are set and consistent with each other (i.e.
graceful_restart=false and graceful_restart_mode=HELPER_ONLY OR
graceful_restart=true and graceful_restart_mode=GR_AND_HELPER) then this is
allowed, but if inconsistent with each other then this is not allowed and
validation error will be thrown.
GridConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
GridConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
GridConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
MultiWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
MultiWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
MultiWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
BgpNeighborRoutes.egde_node_routes:
Array of BGP neighbor route details per edge node.
LegendWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
LegendWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
LegendWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
GenericPolicyRealizedResource.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
PolicyUrlCategorizationConfig.context_profiles:
The ids of the context profiles that provides the list of categories to be
detected. This field is deprecated. URL Categorization will not be supported
in association with context profiles.
NSXTConnectionInfo.edge_cluster_ids:
Edge Cluster UUIDs on enforcement point. Edge cluster information is
required for creating logical L2, L3 constructs on enforcement point. Max 1
edge cluster ID. This is a deprecated property. The edge cluster id is now
auto populated from enforcement point and its value can be read using APIs
GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/edge-
clusters and GET /infra/sites/site-id/enforcement-points/enforcementpoint-1
/edge-clusters/edge-cluster-id. The value passed through this property will
be ignored.
NSXTConnectionInfo.transport_zone_ids:
Transport Zone UUIDs on enforcement point. Transport zone information is
required for creating logical L2, L3 constructs on enforcement point. Max 1
transport zone ID. This is a deprecated property. The transport zone id is
now auto populated from enforcement point and its value can be read using
APIs GET /infra/sites/site-id/enforcement-points/enforcementpoint-id
/transport-zones and GET /infra/sites/site-id/enforcement-points
/enforcementpoint-id/transport-zones/transport-zone-id. The value passed
through this property will be ignored.
DhcpServerConfig.server_address:
DHCP server address in CIDR format. Prefix length should be less than or
equal to 30. DHCP server is deployed as DHCP relay service. This property is
deprecated, use server_addresses instead. Both properties cannot be
specified together with different new values.
SpoofGuardProfile.address_binding_whitelist:
If true, enable the SpoofGuard, which only allows VM sending traffic with
the IPs in the whitelist. This field is deprecated because it has offensive
terminology. Please use address_binding_allowlist. This value cannot
conflict with allow list.
AbstractSpace.connectivity_strategy:
The connectivity strategy is deprecated. Use default layer3 rule,
/infra/domains/default/security-policies/default-layer3-security-
policy/rules/default-layer3-rule. This field indicates the default
connectivity policy for the infra or tenant space WHITELIST - Adds a default
drop rule. Administrator can then use "allow" rules (aka whitelist) to allow
traffic between groups BLACKLIST - Adds a default allow rule. Admin can then
use "drop" rules (aka blacklist) to block traffic between groups
WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled
BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No
default rules are added.
LBSourceIpPersistenceProfile.ha_persistence_mirroring_enabled:
Persistence entries are not synchronized to the HA peer by default. The
property is deprecated as NSX-T Load Balancer is deprecated.
DonutConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
DonutConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
DonutConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
FullSyncState.last_upate_time:
Deprecated, refer to last_update_time for the last update time stamp.
RealizedVirtualMachine.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
GraphConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
GraphConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
GraphConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
TimeRangeDropdownFilterWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
TimeRangeDropdownFilterWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
TimeRangeDropdownFilterWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
FilterWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
FilterWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
FilterWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
StatsConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
StatsConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
StatsConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
SpacerWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
SpacerWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
SpacerWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
LBVirtualServer.server_ssl_profile_binding:
The setting is used when load balancer acts as an SSL client and
establishing a connection to the backend server. The property is deprecated
as NSX-T Load Balancer is deprecated.
LBVirtualServer.max_concurrent_connections:
To ensure one virtual server does not over consume resources, affecting
other applications hosted on the same LBS, connections to a virtual server
can be capped. If it is not specified, it means that connections are
unlimited. The property is deprecated as NSX-T Load Balancer is deprecated.
LBVirtualServer.sorry_pool_path:
When load balancer can not select a backend server to serve the request in
default pool or pool in rules, the request would be served by sorry server
pool. The property is deprecated as NSX-T Load Balancer is deprecated.
LBVirtualServer.rules:
Load balancer rules allow customization of load balancing behavior using
match/action rules. Currently, load balancer rules are supported for only
layer 7 virtual servers with LBHttpProfile. The property is deprecated as
NSX-T Load Balancer is deprecated.
LBVirtualServer.max_new_connection_rate:
To ensure one virtual server does not over consume resources, connections to
a member can be rate limited. If it is not specified, it means that
connection rate is unlimited. The property is deprecated as NSX-T Load
Balancer is deprecated.
LBVirtualServer.client_ssl_profile_binding:
The setting is used when load balancer acts as an SSL server and terminating
the client SSL connection. The property is deprecated as NSX-T Load Balancer
is deprecated.
LabelValueConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
LabelValueConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
LabelValueConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
TraceflowConfig.segment_port_path:
Policy path or UUID of segment port to start traceflow from. Auto-plumbed
ports don't have corresponding policy path. Ports auto-created by policy as
part of connecting segment to Tier-0 or Tier-1 or DHCP server cannot be
used. UUID is validated for syntax only. This configuration will be cleaned
up by the system after two hours of inactivity.
Infra.connectivity_strategy:
The connectivity strategy is deprecated. Use default layer3 rule,
/infra/domains/default/security-policies/default-layer3-security-
policy/rules/default-layer3-rule. This field indicates the default
connectivity policy for the infra or tenant space WHITELIST - Adds a default
drop rule. Administrator can then use "allow" rules (aka whitelist) to allow
traffic between groups BLACKLIST - Adds a default allow rule. Admin can then
use "drop" rules (aka blacklist) to block traffic between groups
WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled
BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No
default rules are added.
PolicyRealizedResource.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
GlobalConfig.operation_collectors:
This property is a part of OpsGlobalConfig object. Use /infra/ops-global-
config instead. The VRNI and WAVE_FRONT collector type can be defined to
collect the metric data. The WAVE_FRONT collector type can only be used in
VMC mode.
ChildServiceEntry.Service:
This is a deprecated property, Please use 'ServiceEntry' instead.
AviConnectionInfo.version:
Avi supports API versioning for backward compatibility with automation
scripts written for an object model older than the current one. Such scripts
need not be updated to keep up with object model changes This is a
deprecated property. The version is now auto populated from property file
and its value can be read using APIs
AviConnectionInfo.cloud:
Clouds are containers for the environment that Avi Vantage is installed or
operating within. During initial setup of Vantage, a default cloud, named
Default-Cloud, is created. This is where the first Controller is deployed,
into Default-Cloud. Additional clouds may be added, containing SEs and
virtual services. This is a deprecated property. Cloud has been renamed to
cloud_name and it will added from specific ALB entity.
Tier1.default_rule_logging:
Indicates if logging should be enabled for the default whitelisting rule.
This field is deprecated and recommended to change Rule logging field. Note
that this field is not synchronized with default logging field.
Tier1.force_whitelisting:
This field is deprecated and recommended to change Rule action field. Note
that this field is not synchornied with default rule field.
Tier0.default_rule_logging:
Indicates if logging should be enabled for the default whitelisting rule.
This field is deprecated and recommended to change Rule logging field. Note
that this field is not synchronized with default logging field.
Tier0.force_whitelisting:
This field is deprecated and recommended to change Rule action field. Note
that this field is not synchronized with default rule field.
RouteBasedL3VpnSession.routing_config_path:
This is a deprecated field. Any specified value is not saved and will be
ignored.
ValueConstraintExpression.values:
List of values.
CustomWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
CustomWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
CustomWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
IdsProfile.severities:
Represents the severities of signatures which are part of this profile.
BgpNeighborConfig.in_route_filters:
Specify path of prefix-list or route map to filter routes for IN direction.
This property is deprecated, use route_filtering instead. Specifying
different values for both properties will result in error.
BgpNeighborConfig.out_route_filters:
Specify path of prefix-list or route map to filter routes for OUT direction.
When not specified, a built-in prefix-list named 'prefixlist-out-default' is
automatically applied. This property is deprecated, use route_filtering
instead. Specifying different values for both properties will result in
error.
AddClusterNodeVMInfo.clustering_config:
This property is deprecated since ClusteringConfig is no longer needed for
auto-installation and will be ignored if provided.
NsxRole.permissions:
Please use the /user-info/permissions api to get the permission that the
user has on each feature.
LBHttpProfile.ntlm:
NTLM is an authentication protocol that can be used over HTTP. If the flag
is set to true, LB will use NTLM challenge/response methodology. This
property is deprecated. Please use the property server_keep_alive in order
to keep the backend server connection alive for the client connection. When
create a new profile, if both ntlm and server_keep_alive are set as
different values, ERROR will be reported. When update an existing profile,
if either ntlm or server_keep_alive value is changed, both of them are
updated with the changed value.
LocaleServices.route_redistribution_types:
Enable redistribution of different types of routes on Tier-0. This property
is only valid for locale-service under Tier-0. This property is deprecated,
please use "route_redistribution_config" property to configure
redistribution rules.
CustomFilterWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
CustomFilterWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
CustomFilterWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
Tier0Interface.edge_cluster_member_index:
Specify association of interface with edge cluster member. This property is
deprecated, use edge_path instead. When both properties are specifed, only
edge_path property is used.
Tier0Interface.ls_id:
Specify logical switch to which tier-0 interface is connected for external
access. This property is deprecated, use segment_path instead. Both
properties cannot be used together.
GatewayQosProfile.committed_bandwitdth:
Committed bandwidth in both directions specified in Mbps. Bandwidth is
limited to line rate when the value configured is greater than line rate.
This property is deprecated, use committed_bandwidth instead.
RouteBasedIPSecVpnSession.force_whitelisting:
If true the default firewall rule Action is set to DROP, otherwise set to
ALLOW. This field is deprecated and recommended to change Rule action field.
Note that this field is not synchornied with default rule field.
** Deprecated APIs
GetTier0ArpProxies (GET /infra/tier-0s//locale-services//arp-proxies):
This API is deprecated. Please use /infra/tier-0s/<tier-0-id>/arp-
proxies Returns ARP proxy table for a tier-0
UploadUpgradeBundle (POST /upgrade/bundle?action=upload):
Upload the upgrade bundle. The call returns after upload is initiated. User
needs to check upload status periodically by retrieving upgrade bundle
upload status to find out if the upload is completed. This API is
deprecated, please use /upgrade/bundles?action=upload API to upload the
upgrade bundle.
ClearClusterCertificate (POST /cluster/api-certificate?action=clear_cluster_certificate):
Clears the certificate used for the MP cluster. This does not affect the
certificate itself. This API is deprecated. Instead use the /api/v1/cluster
/api-certificate?action=set_cluster_certificate API to set the cluster
certificate to a different one. It just means that from now on, individual
certificates will be used on each MP node. This affects all nodes in the
cluster.
GetDownlinkPortArpTableForTier1Segment (GET /infra/tier-1s//segments//gateway-interface-arp-table):
This API is deprecated because it is duplicate. Please use /infra/tier-
1s/<tier-1-id>/segments/<segment-id>/arp-table Segment ID is the ID of
the segment that is connected to the the tier-1
ReadProxyService (GET /node/services/http):
This API is deprecated. Read the configuration of the http service by
calling the GET /api/v1/cluster/api-service API.
ListFabricNodeInterfaces (GET /fabric/nodes//network/interfaces):
Returns the number of interfaces on the node and detailed information about
each interface. Interface information includes MTU, broadcast and host IP
addresses, link and admin status, MAC address, network mask, and the IP
configuration method (static or DHCP). This api is deprecated. Please use
Transport Node API GET /transport-nodes/<transport-node-
id>/network/interfaces to list node network interfaces for the
corresponding TN.
RegisterPrincipalIdentity (POST /trust-management/principal-identities):
Associates a principal's name with a certificate that is used to
authenticate. The combination name and node_id needs to be unique across
token-based and certificate-based principal identities. Deprecated, use POST
/trust-management/principal-identities/with-certificate instead.
GetDownlinkPortArpTableForInfraSegmentInCsv (GET /infra/segments//gateway-interface-arp-table?format=csv):
This API is deprecated because it is duplicate. Please use
/infra/segments/<segment-id>/arp-table?format=csv Segment ID is the ID
of the segment that is connected to the the tier-0
GetTier1ArpProxies (GET /infra/tier-1s//locale-services//arp-proxies):
This API is deprecated. Please use /infra/tier-1s/<tier-1-id>/arp-
proxies Returns ARP proxy table for a tier-1
GetDownlinkPortArpTableForInfraSegment (GET /infra/segments//gateway-interface-arp-table):
This API is deprecated because it is duplicate. Please use
/infra/segments/<segment-id>/arp-table Segment ID is the ID of the
segment that is connected to the the tier-0
UpdateProxyService (PUT /node/services/http):
This API is deprecated. Make changes to the http service configuration by
calling the PUT /api/v1/cluster/api-service API.
GetDownlinkPortArpTableForTier1SegmentInCsv (GET /infra/tier-1s//segments//gateway-interface-arp-table?format=csv):
This API is deprecated because it is duplicate. Please use /infra/tier-
1s/<tier-1-id>/segments/<segment-id>/arp-table?format=csv
Segment ID is the ID of the segment that is connected to the the tier-1
GetUpgradeTaskStatus (GET /node/upgrade):
Get upgrade task status for the given task of the given bundle. Both
bundle_name and task_id must be provided, otherwise you will receive a 404
NOT FOUND response. This api is deprecated. Please use API GET /node/upgrade
/status-summary to get upgrade status when upgrade is in progress.