NSX-T Data Center REST API
Deprecated Types and Methods
** Deprecated Type Definitions
LBPassiveMonitorProfile:
The passive type of LBMonitorProfile. LBPassiveMonitorProfile is deprecated
as NSX-T Load Balancer is deprecated.
TransportZoneListResult:
Transport zone queries result
LbHttpProfile:
The object is deprecated as NSX-T Load Balancer is deprecated.
TrunkVlanRange:
Trunk VLAN id range
LbIpHeaderCondition:
This condition is used to match IP header fields of HTTP messages. Either
source_address or group_id should be specified.
TransportZoneProfileListParameters:
Transport zone profile list parameters
DVSConfig:
The DVS Configuration
LBServerSslProfileBinding:
Server SSL profile binding. LBServerSslProfileBinding is deprecated as NSX-T
Load Balancer is deprecated.
PolicyDHGroup:
Diffie-Hellman groups represent algorithm used to derive shared keys between
IPSec VPN initiator and responder over an unsecured network. GROUP2 uses
1024-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP
group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group.
GROUP16 uses 4096-bit MODP group.
ResourceAllocation:
Specify limit, shares and reservation for all kinds of traffic. Values for
limit and reservation are expressed in percentage. And for shares, the value
is expressed as a number between 1-100. The overall reservation among all
traffic types should not exceed 75%. Otherwise, the API request will be
rejected.
AddressBindingSource:
Source from which the address binding is obtained
EdgeHighAvailabilityProfile:
Profile for BFD HA cluster setting
ChildCommunicationMap:
Child wrapper object for CommunicationMap, used in hierarchical API This
type is deprecated. Use the type ChildSecurityPolicy instead.
CookiePersistenceModeType:
If the persistence cookie is found in the incoming request, value of the
cookie is used to identify the server that this request should be sent to.
If the cookie is not found, then the server selection algorithm is used to
select a new server to handle that request. Three different modes of cookie
persistence are supported: insert, prefix and rewrite. In cookie insert
mode, a cookie is inserted by load balancer in the HTTP response going from
server to client. In cookie prefix and rewrite modes, server controls the
cookie and load balancer only manipulates the value of the cookie. In prefix
mode, server's cookie value is prepended with the server IP and port and
then sent to the client. In rewrite mode, entire server's cookie value is
replaced with the server IP and port in the response before sending it to
the client.
MetadataProxy:
(missing)
NamedTeamingPolicy:
Uplink Teaming Policy with a name that can be referenced by logical switches
LbRuleMatchType:
LbRuleMatchType is used to determine how a specified string value is used to
match a specified LbRuleCondition field. STARTS_WITH: If the LbRuleCondition
field starts with specified string, the condition matches. The fields with
this match type are specified as strings, not regular expressions.
ENDS_WITH: If the LbRuleCondition field ends with specified string, the
condition matches. The fields with this match type are specified as strings,
not regular expressions. EQUALS: If the LbRuleCondition field is same as the
specified string, the condition matches. The fields with this match type are
specified as strings, not regular expressions. CONTAINS: If the
LbRuleCondition field contains the specified string, the condition matches.
The fields with this match type are specified as strings, not regular
expressions. REGEX: If the LbRuleCondition field matches specified regular
expression, the condition matches. The regular expressions in load balancer
rules use the features common to both Java regular expressions and Perl
Compatible Regular Expressions (PCREs) with some restrictions. Reference
http://www.pcre.org for PCRE and the NSX-T Administrator's Guide for the
restrictions. If named capturing groups are used in the regular expression,
when a match succeeds, the substrings of the subject string that match named
capturing groups are stored (captured) in variables with specific names
which can be used in the fields of LbRuleAction which support variables.
Named capturing group are defined in the format (?<name>subpattern),
such as (?<year>\d{4}). For example, in the regular expression:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)", for
subject string "/news/2017/06/xyz.html", the substring "2017" is captured in
variable year, "06" is captured in variable month, and "xyz.html" is
captured in variable article. These variables can be used in LbRuleAction
fields which support variables in form of $name, such as $year, $month,
$article. Please note, when regular expressions are used in JSON(JavaScript
Object Notation) string, every backslash character (\) needs to be escaped
by one additional backslash character.
LBServerAuthType:
Server authentication could be AUTO_APPLY, REQUIRED or IGNORE, it is used to
specify if the server certificate presented to the load balancer during
handshake should be actually validated or not. Validation is automatic by
default when server_auth_ca_certificate_paths are configured and IGNORED
when they are not configured. If validation is REQUIRED, then to be
accepted, server certificate must be signed by one of the trusted CAs whose
self signed certificates are specified in the same server-side SSL profile
binding.
LBRuleCondition:
Match conditions are used to match application traffic passing through load
balancers. Multiple match conditions can be specified in one load balancer
rule, each match condition defines a criterion for application traffic. If
inverse field is set to true, the match result of the condition is inverted.
If more than one match condition is specified, match strategy determines if
all conditions should match or any one condition should match for the load
balancer rule to be considered a match. Currently only HTTP messages are
supported by load balancer rules. Each load balancer rule is used at a
specific phase of load balancer processing. Currently three phases are
supported, HTTP_REQUEST_REWRITE, HTTP_FORWARDING and HTTP_RESPONSE_REWRITE.
Each phase supports certain types of match conditions, supported match
conditions in HTTP_REQUEST_REWRITE phase are: LBHttpRequestMethodCondition
LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition LBHttpRequestBodyCondition LBTcpHeaderCondition
LBIpHeaderCondition LBVariableCondition LBHttpSslCondition Supported match
conditions in HTTP_FORWARDING phase are: LBHttpRequestMethodCondition
LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition LBHttpRequestBodyCondition LBTcpHeaderCondition
LBIpHeaderCondition LBVariableCondition LBHttpSslCondition LBSslSniCondition
Supported match conditions in HTTP_RESPONSE_REWRITE phase are:
LBHttpResponseHeaderCondition LBHttpRequestMethodCondition
LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition LBTcpHeaderCondition LBIpHeaderCondition
LBVariableCondition LBHttpSslCondition Supported match condition in
HTTP_ACCESS phase is: LBHttpRequestMethodCondition LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition LBHttpRequestCookieCondition
LBHttpRequestBodyCondition LBTcpHeaderCondition LBIpHeaderCondition
LBVariableCondition LBHttpSslCondition Supported match condition in
TRANSPORT phase is: LBSslSniCondition
DhcpStaticBindingListResult:
A paginated list of DHCP static bindings.
LbSslProtocolInfo:
SSL protocol
HostSwitchProfileType:
Supported HostSwitch profiles.
QosSwitchingProfile:
(missing)
DeploymentZoneListResult:
Paged Collection of Deployment Zones. This is a deprecated type.
DeploymentZone has been renamed to Site. Use SiteListResult.
LBCookieTime:
Cookie time.
DhcpV6IpPool:
DHCP IPv6 ip pool to define dynamic ip allocation ranges. The DhcpV6IpPool
would only provide stateless DHCP (domain search list, DNS servers, SNTP
servers) to client if both the ranges and excluded_ranges are not specified.
IPv4DhcpServer:
DHCP server to support IPv4 DHCP service. Properties defined at DHCP server
level can be overridden by ip-pool or static-binding level properties.
CpuCoreConfigForEnhancedNetworkingStackSwitch:
Non Uniform Memory Access (NUMA) nodes and Logical cpu cores (Lcores) per
NUMA node configuration for Enhanced Networking Stack enabled HostSwitch.
XForwardedForType:
x-forwarded-for type
LBJwtKey:
LBJwtKey specifies the symmetric key or asymmetric public key used to
decrypt the data in JWT.
LBHttpRequestVersionCondition:
This condition is used to match the HTTP protocol version of the HTTP
request messages.
NatRuleList:
(missing)
ChildL2Vpn:
Child wrapper object for L2Vpn, used in hierarchical API.
LbSnatTranslation:
(missing)
LbVariableAssignmentAction:
This action is used to create a new variable and assign value to it. One
action can be used to create one variable. To create multiple variables,
multiple actions must be defined. The variables can be used by
LbVariableCondition, etc.
LogicalSwitchListResult:
Logical Switch queries result
MetadataProxyStatus:
(missing)
L2VpnAttachmentContext:
(missing)
StandardHostSwitch:
Standard host switch specification
L2VpnContext:
L2Vpn Context provides meta-data information about the parent Tier-0.
ClientSslProfileBinding:
(missing)
LBSslSniCondition:
This condition is used to match SSL SNI in client hello. This condition is
only supported in TRANSPORT phase and HTTP_FORWARDING.
PortAttacher:
VM or vmknic entity attached to LogicalPort
NsLookupParameters:
The parameters for DNS nslookup.
LBHttpRequestBodyCondition:
This condition is used to match the message body of an HTTP request.
Typically, only HTTP POST, PATCH, or PUT requests have request body. The
match_type field defines how body_value field is used to match the body of
HTTP requests.
MonitorType:
Load balancers monitor the health of backend servers to ensure traffic is
not black holed. There are two types of healthchecks: active and passive.
Passive healthchecks depend on failures in actual client traffic (e.g. RST
from server in response to a client connection) to detect that the server or
the application is down. In case of active healthchecks, load balancer
itself initiates new connections (or sends ICMP ping) to the servers
periodically to check their health, completely independent of any data
traffic. Currently, active health monitors are supported for HTTP, HTTPS,
TCP, UDP and ICMP protocols.
DhcpFilter:
DHCP filtering configuration
SwitchingProfileType:
Supported switching profiles. 'PortMirroringSwitchingProfile' is deprecated,
please turn to "Troubleshooting And Monitoring: Portmirroring" and use
PortMirroringSession API for port mirror function.
BaseHostSwitchProfile:
(missing)
CommunicationMap:
Ordered list of CommunicationEntries. This object is created by default
along with the Domain. This type is deprecated. Use the type SecurityPolicy
instead.
CommunicationEntry:
A communication entry indicates the action to be performed for various types
of traffic flowing between workload groups. This type is deprecated. Use the
type Rule instead.
LbJwtSymmetricKey:
The key is used to specify the symmetric key which is used to verify the
signature of JWT tokens.
LBCookiePersistenceProfile:
Some applications maintain state and require all relevant connections to be
sent to the same server as the application state is not synchronized among
servers. Persistence is enabled on a LBVirtualServer by binding a
persistence profile to it. LBCookiePersistenceProfile is deprecated as NSX-T
Load Balancer is deprecated.
AddressBindingEntry:
An address binding entry is a combination of the IP-MAC-VLAN binding for a
logical port. The address bindings can be obtained via various methods like
ARP snooping, DHCP snooping etc. or by user configuration.
LbSslCipherInfo:
SSL cipher
RateLimits:
Enables traffic limit for incoming/outgoing broadcast and multicast packets.
Use 0 to disable rate limiting for a specific traffic type
NatRuleTypeParameter:
The parameters for getting NAT rules.
LldpHostSwitchProfile:
Host Switch for LLDP
DhcpLeaseRequestParameters:
(missing)
CommunicationMapListResult:
This type is deprecated. Use the type SecurityPolicyListResult instead.
LogicalPortInitState:
Supported initial state of logical port
LogicalPortListParameters:
Logical port list parameters
PacketAddressClassifier:
A packet is classified to have an address binding, if its address
configuration matches with all user specified properties.
LbSslProfile:
Load balancer abstract SSL profile
DhcpRelayProfileListResult:
(missing)
LbSslSessionReusedType:
Type of SSL session reused
LBHttpRequestMethodCondition:
This condition is used to match method of HTTP requests. If the method of an
HTTP request is same as the method specified in this condition, the HTTP
request match this condition. For example, if the method field is set to GET
in this condition, any HTTP request with GET method matches the condition.
LogicalPortListResult:
Logical port queries result
NatRuleListResult:
(missing)
LbHttpRequestMethodCondition:
This condition is used to match method of HTTP requests. If the method of an
HTTP request is same as the method specified in this condition, the HTTP
request match this condition. For example, if the method field is set to GET
in this condition, any HTTP request with GET method matches the condition.
LBSessionCookieTime:
Session cookie time.
VmknicNetwork:
Mapping of all vmk interfaces to destination networks
HostSwitchProfileTypeIdEntry:
(missing)
LBSslModeSelectionAction:
This action is used to select SSL mode. Three types of SSL mode actions can
be specified in Transport phase, ssl passthrough, ssl offloading and ssl
end-to-end.
LbHttpRequestHeader:
(missing)
TransportZoneProfileListResult:
Transport zone profile queries result
LBHttpRequestUriCondition:
This condition is used to match URIs(Uniform Resource Identifier) of HTTP
request messages. The URI field can be specified as a regular expression. If
an HTTP request message is requesting an URI which matches specified regular
expression, it matches the condition. The syntax of whole URI looks like
this: scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
This condition matches only the path part of entire URI. When match_type
field is specified as REGEX, the uri field is used as a regular expression
to match URI path of HTTP requests. For example, to match any URI that has
"/image/" or "/images/", uri field can be specified as: "/image[s]?/". Named
capturing groups can be used in the uri field to capture substrings of
matched URIs and store them in variables for use in LBRuleAction. For
example, specify uri field as:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)" If the
URI path is /articles/news/2017/06/xyz.html, then substring "2017" is
captured in variable year, "06" is captured in variable month, and
"xyz.html" is captured in variable article. These variables can then be used
in an LBRuleAction field which supports variables, such as uri field of
LBHttpRequestUriRewriteAction. For example, set the uri field of
LBHttpRequestUriRewriteAction as: "/articles/news/$year-$month-$article"
Then the URI path /articles/news/2017/06/xyz.html is rewritten to:
"/articles/news/2017-06-xyz.html"
PerUpstreamServerStatistics:
Query statistics counters to an upstream server including successfully
forwarded queries and failed queries.
IntelligenceBrokerEndpointInfo:
This is deprecated. Please use CommonAgentEndpointInfo instead. An endpoint
to connect to NSX-Intelligence broker. Either FQDN or IP address can be used
in the endpoint info.
PolicyIPAddressInfo:
Used to specify the display name and value of the IPv4Address.
Uplink:
Object to identify an uplink based on its type and name
LBRuleActionType:
Types of load balancer rule actions.
IntelligenceClusterNodeVMFormFactor:
Specifies the desired "size" of the VM. Affects number of virtual CPUs
and/or memory size given to the new cluster node VM. Enum value SMALL, LARGE
and EXTRA_LARGE will be deprecated.
LbTcpHeaderCondition:
This condition is used to match TCP header fields of HTTP messages.
Currently, only the TCP source port is supported. Ports can be expressed as
a single port number like 80, or a port range like 1024-1030.
LbNodeUsage:
Node usage for load balancer contains basic information and LB entity usages
and capacity for the given node.
LBHttpSslCondition:
This condition is used to match SSL handshake and SSL connection at all
phases.If multiple properties are configured, the rule is considered a match
when all the configured properties are matched.
L3VpnSessionResourceType:
- A Policy Based L3Vpn is a configuration in which protect rules to match
local and remote subnet needs to be defined. Tunnel is established for each
pair of local and remote subnet defined in protect rules. - A Route Based
L3Vpn is more flexible, more powerful and recommended over policy based. IP
Tunnel subnet is created and all traffic routed through tunnel subnet
(commonly known as VTI) is sent over tunnel. Routes can be learned through
BGP. A route based L3Vpn is required when using redundant L3Vpn.
LBJwtKeyType:
It is used to identify JWT key type.
SslProtocol:
SSL protocol
NatCounters:
(missing)
LBRuleConditionType:
Type of load balancer rule match condition.
LBSelectPoolAction:
This action is used to select a pool for matched HTTP request messages. The
pool is specified by path. The matched HTTP request messages are forwarded
to the specified pool.
LBSslProfile:
Load balancer abstract SSL profile.
StaticIpPoolSpec:
IP assignment specification for Static IP Pool.
IpDiscoverySwitchingProfile:
(missing)
LbMonitorListRequestParameters:
(missing)
LBHttpResponseHeaderCondition:
This condition is used to match HTTP response messages from backend servers
by HTTP header fields. HTTP header fields are components of the header
section of HTTP request and response messages. They define the operating
parameters of an HTTP transaction. For example, Cookie, Authorization, User-
Agent, etc. One condition can be used to match one header field, to match
multiple header fields, multiple conditions must be specified. The
match_type field defines how header_value field is used to match HTTP
responses. The header_name field does not support match types.
LbHttpRequestUriArgumentsCondition:
This condition is used to match URI arguments aka query string of Http
request messages, for example, in URI http://exaple.com?foo=1&bar=2, the
"foo=1&bar=2" is the query string containing URI arguments. In an URI
scheme, query string is indicated by the first question mark ("?") character
and terminated by a number sign ("#") character or by the end of the URI.
The uri_arguments field can be specified as a regular expression(Set
match_type to REGEX). For example, "foo=(?<x>\d+)". It matches HTTP
requests whose URI arguments containing "foo", the value of foo contains
only digits. And the value of foo is captured as $x which can be used in
LbRuleAction fields which support variables.
WhitelistingStatus:
Status for whitelisting operation.
DuplicateAddressBindingEntry:
Duplicate address binding information
LbHttpRequestCookieCondition:
This condition is used to match HTTP request messages by cookie which is a
specific type of HTTP header. The match_type and case_sensitive define how
to compare cookie value.
AttachmentTypeQueryString:
Type of attachment for logical port; for query only.
LBHttpRequestHeaderDeleteAction:
This action is used to delete header fields of HTTP request messages at
HTTP_REQUEST_REWRITE phase. One action can be used to delete all headers
with same header name. To delete headers with different header names,
multiple actions must be defined.
SwitchingProfileStatus:
(missing)
DhcpLeases:
(missing)
LbSnatIpPool:
(missing)
LBHttpRequestHeaderCondition:
This condition is used to match HTTP request messages by HTTP header fields.
HTTP header fields are components of the header section of HTTP request and
response messages. They define the operating parameters of an HTTP
transaction. For example, Cookie, Authorization, User-Agent, etc. One
condition can be used to match one header field, to match multiple header
fields, multiple conditions must be specified. The match_type field defines
how header_value field is used to match HTTP requests. The header_name field
does not support match types.
CommunicationMapInsertParameters:
Parameters to let the admin specify a relative position of a communication
map w.r.t to another one. This type is deprecated. Use the type
SecurityPolicyInsertParameters instead.
LogicalSwitch:
(missing)
LbServerSslProfileListResult:
(missing)
DhcpV6IpPoolListResult:
A paginated list of DHCP IPv6 ip pools.
NatRule:
The configuration entity to define a NAT rule. It defines how an ip packet
is matched via source address or/and destination address or/and service(s),
how the address (and/or) port is translated, and how the related firewall
stage is involved or bypassed.
NatStatisticsPerLogicalRouter:
(missing)
DnsForwarderListResult:
(missing)
AttachmentContext:
(missing)
LbSnatAutoMap:
(missing)
LogicalSwitchDeleteParameters:
(missing)
LbHttpRejectAction:
This action is used to reject HTTP request messages. The specified
reply_status value is used as the status code for the corresponding HTTP
response message which is sent back to client (Normally a browser)
indicating the reason it was rejected. Reference official HTTP status code
list for your specific HTTP version to set the reply_status properly.
LbHttpRejectAction does not support variables.
PreconfiguredEndpoint:
Tunnel endpoint configuration of preconfigured host switch
LbJwtKey:
LbJwtKey specifies the symmetric key or asymmetric public key used to
decrypt the data in JWT.
LBSnatAutoMap:
Snat auto map.
TransportZoneStatus:
Transport zone runtime status information
LbCookiePersistenceProfile:
The object is deprecated as NSX-T Load Balancer is deprecated.
LBMonitorProfile:
The object is deprecated as NSX-T Load Balancer is deprecated.
DhcpV6StaticBindingListResult:
A paginated list of DHCP IPv6 static bindings.
SwitchingProfileListParameters:
Switching profile list parameters
LBPersistenceCookieTime:
Persistence cookie time.
LBJwtPublicKey:
The key is used to specify the public key content which is used to verify
the signature of JWT tokens.
ServerSslProfileBinding:
(missing)
LogicalSwitchStateParameters:
(missing)
LBRuleAction:
Load balancer rule actions are used to manipulate application traffic.
Currently load balancer rules can be used at three load balancer processing
phases. Each phase has its own supported type of actions. Supported actions
in HTTP_REQUST_REWRITE phase are: LBHttpRequestUriRewriteAction
LBHttpRequestHeaderRewriteAction LBHttpRequestHeaderDeleteAction
LBVariableAssignmentAction Supported actions in HTTP_FORWARDING phase are:
LBHttpRejectAction LBHttpRedirectAction LBSelectPoolAction
LBVariablePersistenceOnAction LBConnectionDropAction Supported action in
HTTP_RESPONSE_REWRITE phase is: LBHttpResponseHeaderRewriteAction
LBHttpResponseHeaderDeleteAction LBVariablePersistenceLearnAction
Supported action in HTTP_ACCESS phase is: LBJwtAuthAction
LBConnectionDropAction LBVariableAssignmentAction Supported action in
TRANSPORT phase is: LBSslModeSelectionAction LBSelectPoolAction If the
match type of an LBRuleCondition field is specified as REGEX and named
capturing groups are used in the specified regular expression. The groups
can be used as variables in LBRuleAction fields. For example, define a rule
with LBHttpRequestUriCondition as match condition and
LBHttpRequestUriRewriteAction as action. Set match_type field of
LBHttpRequestUriCondition to REGEX, and set uri field to
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)". Set uri
field of LBHttpRequestUriRewriteAction to: "/news/$year-$month/$article"
In uri field of LBHttpRequestUriCondition, the (?<year>\d+),
(?<month>\d+) and (?<article>.*) are named capturing groups,
they define variables named $year, $month and $article respectively. The
defined variables are used in LBHttpRequestUriRewriteAction. For a matched
HTTP request with URI "/news/2017/06/xyz.html", the substring "2017" is
captured in variable $year, "06" is captured in variable $month, and
"xyz.html" is captured in variable $article. The
LBHttpRequestUriRewriteAction will rewrite the URI to:
"/news/2017-06/xyz.html" A set of built-in variables can be used in
LBRuleAction as well. The name of built-in variables start with underscore,
the name of user defined variables is not allowed to start with underscore.
Following are some of the built-in variables: $_scheme: Reference the
scheme part of matched HTTP messages, could be "http" or "https". $_host:
Host of matched HTTP messages, for example "www.example.com".
$_server_port: Port part of URI, it is also the port of the server which
accepted a request. Default port is 80 for http and 443 for https. $_uri:
The URI path, for example "/products/sample.html". $_request_uri: Full
original request URI with arguments, for example,
"/products/sample.html?a=b&c=d". $_args: URI arguments, for instance
"a=b&c=d" $_is_args: "?" if a request has URI arguments, or an empty
string otherwise. For the full list of built-in variables, please reference
the NSX-T Administrator's Guide.
DnsForwarderStatus:
The current runtime status of the DNS forwarder including the hosting
transport nodes and forwarder service status.
UplinkHostSwitchProfile:
Profile for uplink policies
DhcpServerStatus:
(missing)
DnsForwarderStatistics:
The current statistics counters of the DNS forwarder including cache usages
and query numbers per forwarders.
BridgeHighAvailabilityClusterProfile:
Profile for BFD HA cluster setting
GenericDhcpOption:
Define DHCP options other than option 121.
L3VpnContext:
L3Vpn Context provides the configuration context that different L3Vpns can
consume.
StandbyRelocationConfig:
Standby service contexts relocation setting
LbSessionCookieTime:
(missing)
LogicalDhcpServer:
Definition of a logical DHCP server which can be attached a logical switch
via a logical port. Both ipv4_dhcp_server and ipv6_dhcp_server can be
configured at the same time, or only configure either ipv4_dhcp_server or
ipv6_dhcp_server.
PolicyTunnelDigestAlgorithm:
The TunnelDigestAlgorithms are used to verify message integrity during
tunnel establishment. SHA1 produces 160 bits hash and SHA2_XXX produces XXX
bit hash.
L3VpnSubnet:
Used to specify subnets in L3Vpn rule.
MetadataProxyCryptoProtocol:
Metadata proxy supported cryptographic protocol
BaseSwitchingProfile:
(missing)
IpAllocationBase:
Base type of ip-allocation extended by ip pool and static binding.
PerForwarderStatistics:
Query statistics counters of a forwarder identified by domain names.
LbRuleActionType:
LbRuleActionType is used to identify the action types used in load balancer
rules.
LbCookieTime:
(missing)
VdsUplink:
If Virtual Distributed Switch is used as a HostSwitch to configure
TransportNode or TransportNodeProfie, this mapping should be specified. You
can either use vds_uplink_name or vds_lag_name to associate with uplink_name
from UplinkHostSwitch profile.
BpduFilter:
BPDU filter configuration
ChildL2VpnContext:
Child wrapper object for L2VpnContext, used in hierarchical API.
LBServerSslProfile:
Server SSL profile. LBServerSslProfile is deprecated as NSX-T Load Balancer
is deprecated.
LBCookieTimeType:
Both session cookie and persistence cookie are supported, Use
LbSessionCookieTime for session cookie time setting, Use
LbPersistenceCookieTime for persistence cookie time setting
HostInfraTrafficType:
The traffic_name specifies the infrastructure traffic type and it must be
one of the following system-defined types: FAULT_TOLERANCE is traffic for
failover and recovery. HBR is traffic for Host based replication. ISCSI is
traffic for Internet Small Computer System Interface. MANAGEMENT is traffic
for host management. NFS is traffic related to file transfer in network file
system. VDP is traffic for vSphere data protection. VIRTUAL_MACHINE is
traffic generated by virtual machines. VMOTION is traffic for computing
resource migration. VSAN is traffic generated by virtual storage area
network. The dynamic_res_pool_name provides a name for the resource pool. It
can be any arbitrary string. Either traffic_name or dynamic_res_pool_name
must be set. If both are specified or omitted, an error will be returned.
ChildLBClientSslProfile:
Child wrapper for LBClientSslProfile, used in hierarchical API.
TransportZoneEndPoint:
Specify which HostSwitch from this TransportNode is used handle traffic for
given TransportZone
HostSwitchProfileListParameters:
HostSwitchProfile List Parameters
TransportZoneListParameters:
Transport Zone list parameters
LogicalSwitchListParameters:
Logical Switch list parameters
CookieTimeType:
Both session cookie and persistence cookie are supported, Use
LbSessionCookieTime for session cookie time setting, Use
LbPersistenceCookieTime for persistence cookie time setting
DhcpV6StaticBinding:
DHCP IPv6 static binding to define a static ip allocation.
ExtraConfig:
Extra config is intended for supporting vendor specific configuration on the
data path, it can be set as key value string pairs on either logical switch
or logical port. If it was set on logical switch, it will be inherited
automatically by logical ports in it. Also logical port setting will
override logical switch setting if specific key was dual set on both logical
switch and logical port.
LbRuleConditionType:
Type of load balancer rule match condition
TransportNodeMemberInfo:
Information about participating transport nodes
DhcpIpPool:
DHCP ip-pool to define dynamic ip allocation ranges.
ChildCommunicationEntry:
Child wrapper object for CommunicationEntry, used in hierarchical API This
type is deprecated. Use the type ChildRule instead.
LBHttpRequestUriArgumentsCondition:
This condition is used to match URI arguments aka query string of Http
request messages, for example, in URI http://exaple.com?foo=1&bar=2, the
"foo=1&bar=2" is the query string containing URI arguments. In an URI
scheme, query string is indicated by the first question mark ("?") character
and terminated by a number sign ("#") character or by the end of the URI.
The uri_arguments field can be specified as a regular expression(Set
match_type to REGEX). For example, "foo=(?<x>\d+)". It matches HTTP
requests whose URI arguments containing "foo", the value of foo contains
only digits. And the value of foo is captured as $x which can be used in
LBRuleAction fields which support variables.
IpAssignmentSpec:
Abstract base type for specification of IPs to be used with host switch
virtual tunnel endpoints
ChildDeploymentZone:
Child wrapper object for DeploymentZone, used in hierarchical API
TransportZone:
(missing)
SpoofGuardSwitchingProfile:
SpoofGuard configuration
DhcpOptions:
Define DHCP options of the DHCP service.
CommunicationInsertParameters:
Parameters to let the admin specify a relative position of a communication
map or communication entry w.r.t to another one. This type is deprecated.
Use the type RuleInsertParameters instead.
AttachedInterface:
The Attached interface is only effective for the port on Bare metal server.
Lag:
LACP group
LbSnatIpElement:
(missing)
LBServerSslProfileListResult:
(missing)
VlanTrunkSpec:
VlanTrunkspec is used for specifying trunk VLAN id ranges.
TunnelSubnet:
(missing)
LbHttpRequestBodyCondition:
This condition is used to match the message body of an HTTP request.
Typically, only HTTP POST, PATCH, or PUT requests have request body. The
match_type field defines how body_value field is used to match the body of
HTTP requests.
DhcpStatistics:
(missing)
LbMonitor:
The object is deprecated as NSX-T Load Balancer is deprecated.
TeamingPolicy:
Uplink Teaming Policy
LBTcpMonitorProfile:
Active healthchecks are disabled by default and can be enabled for a server
pool by binding a health monitor to the Group through the LBRule object.
This represents active health monitoring over TCP. Active healthchecks are
initiated periodically, at a configurable interval, to each member of the
Group. Only if a healthcheck fails consecutively for a specified number of
times (fall_count) to a member will the member status be marked DOWN. Once a
member is DOWN, a specified number of consecutive successful healthchecks
(rise_count) will bring the member back to UP state. After a healthcheck is
initiated, if it does not complete within a certain period, then also the
healthcheck is considered to be unsuccessful. Completing a healthcheck
within timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the configured
timeout. LBTcpMonitorProfile is deprecated as NSX-T Load Balancer is
deprecated.
LBHttpResponseHeaderRewriteAction:
This action is used to rewrite header fields of HTTP response messages to
specified new values at HTTP_RESPONSE_REWRITE phase. One action can be used
to rewrite one header field. To rewrite multiple header fields, multiple
actions must be defined. Captured variables and built-in variables can be
used in the header_value field, header_name field does not support
variables.
LBHttpResponseHeaderDeleteAction:
This action is used to delete header fields of HTTP response messages at
HTTP_RESPONSE_REWRITE phase. One action can be used to delete allgi headers
with same header name. To delete headers with different header names,
multiple actions must be defined.
LbRuleListResult:
(missing)
LBClientSslProfileListResult:
(missing)
MacManagementSwitchingProfile:
(missing)
DhcpProfile:
DHCP profile to specify edge cluster and members on which the dhcp server
will run. A DhcpProfile can be referenced by different logical DHCP servers.
LbPassiveMonitor:
(missing)
EgressRateShaper:
A shaper that specifies egress rate properties in Mb/s
LbHttpResponseHeaderDeleteAction:
This action is used to delete header fields of HTTP response messages at
HTTP_RESPONSE_REWRITE phase. One action can be used to delete allgi headers
with same header name. To delete headers with different header names,
multiple actions must be defined
AssignedByDhcp:
This type can be specified in ip assignment spec of host switch if DHCP
based IP assignment is desired for host switch virtual tunnel endpoints.
LbGenericPersistenceProfile:
The profile is used to define the persistence entry expiration time,
mirroring enabled flag to synchronize persistence entries, persistence
shared flag for the associated virtual servers. The profile cannot be
attached to virtual server directly, it can be only consumed by LB rule
action. In HTTP forwarding phase, LBVariablePersistenceOnAction can be used
to consume LbGenericPersistenceProfile. In HTTP response rewriting phase,
LBVariablePersistenceLearnAction is used instead. The object is deprecated
as NSX-T Load Balancer is deprecated.
PolicyTunnelEncryptionAlgorithm:
TunnelEncryption algorithms are used to ensure confidentiality of the
messages exchanged during Tunnel negotiations. AES stands for Advanced
Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit
keys for encryption and decryption. AES_128 and AES_256 use CBC mode of
encryption. AES_GCM stands for Advanced Encryption Standard(AES) in
Galois/Counter Mode (GCM) and is used to provide both confidentiality and
data origin authentication.
LogicalSwitchState:
(missing)
LBHttpRequestCookieCondition:
This condition is used to match HTTP request messages by cookie which is a
specific type of HTTP header. The match_type and case_sensitive define how
to compare cookie value.
LBVariableAssignmentAction:
This action is used to create a new variable and assign value to it. One
action can be used to create one variable. To create multiple variables,
multiple actions must be defined. The variables can be used by
LBVariableCondition, etc.
TransportZoneProfileType:
Supported transport zone profiles.
PreconfiguredHostSwitchSpec:
Preconfigured host switch specification is used for manually configured
transport node. It is user's responsibility to ensure correct configuration
is provided to NSX. This type is only valid for supported KVM fabric nodes.
DirectionType:
port mirroring direction
LBUdpMonitorProfile:
Active healthchecks are disabled by default and can be enabled for a server
pool by binding a health monitor to the Group through the LBRule object.
This represents active health monitoring over UDP. Active healthchecks are
initiated periodically, at a configurable interval, to each member of the
Group. Only if a healthcheck fails consecutively for a specified number of
times (fall_count) to a member will the member status be marked DOWN. Once a
member is DOWN, a specified number of consecutive successful healthchecks
(rise_count) will bring the member back to UP state. After a healthcheck is
initiated, if it does not complete within a certain period, then also the
healthcheck is considered to be unsuccessful. Completing a healthcheck
within timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the configured
timeout. LBUdpMonitorProfile is deprecated as NSX-T Load Balancer is
deprecated.
L3VpnSession:
Contains information about L3Vpn session.
L2Vpn:
Contains information necessary to configure L2Vpn.
ClientAuthType:
Client authentication could be REQUIRED or IGNORE. REQUIRED means that
client is required to present its certificate to the server for
authentication. To be accepted, client certificate must be signed by one of
the trusted Certificate Authorities (CAs), also referred to as root CAs,
whose self signed certificates are specified in the same client SSL profile
binding. IGNORE means that client certificate would be ignored.
DhcpRelayService:
(missing)
IngressRateShaper:
A shaper that specifies ingress rate properties in Mb/s
LogicalDhcpServerListResult:
A paginated list of logical DHCP servers.
L3Vpn:
Contains information necessary to configure IPSec VPN.
DhcpIpPoolUsage:
(missing)
LBJwtCertificateKey:
The key is used to specify certificate which is used to verify the signature
of JWT tokens.
LbServerSslProfile:
The object is deprecated as NSX-T Load Balancer is deprecated.
LbSslModeSelectionAction:
This action is used to select SSL mode. Three types of SSL mode actions can
be specified in Transport phase, ssl passthrough, ssl offloading and ssl
end-to-end.
LBJwtSymmetricKey:
The key is used to specify the symmetric key which is used to verify the
signature of JWT tokens.
DhcpProfileListResult:
A paginated list of DHCP profiles.
DscpMode:
Trust settings
DnsForwarder:
(missing)
LbHttpRequestHeaderDeleteAction:
This action is used to delete header fields of HTTP request messages at
HTTP_REQUEST_REWRITE phase. One action can be used to delete all headers
with same header name. To delete headers with different header names,
multiple actions must be defined.
LbVariableCondition:
This condition is used to match variable's name and value at all phases. The
variables could be captured from REGEX or assigned by
LbVariableAssignmentAction or system embedded variable. Varialbe_name and
variable_value should be matched at the same time.
DhcpV6InfoBase:
Base type of IPv6 ip-allocation extended by ip-pool and static-binding.
LBHttpRedirectAction:
This action is used to redirect HTTP request messages to a new URL. The
reply_status value specified in this action is used as the status code of
HTTP response message which is sent back to client (Normally a browser). The
HTTP status code for redirection is 3xx, for example, 301, 302, 303, 307,
etc. The redirect_url is the new URL that the HTTP request message is
redirected to. Normally browser will send another HTTP request to the new
URL after receiving a redirection response message. Captured variables and
built-in variables can be used in redirect_url field. For example, to
redirect all HTTP requests to HTTPS requests for a virtual server. We create
an LBRule without any conditions, add an LBHttpRedirectAction to the rule.
Set the redirect_url field of the LBHttpRedirectAction to:
https://$_host$_request_uri And set redirect_status to "302", which means
found. This rule will redirect all HTTP requests to HTTPS server port on the
same host.
LbRule:
Load balancer rules allow customization of load balancing behavior using
match/action rules. Currently, load balancer rules are supported for only
layer 7 virtual servers with application profile LbHttpProfile. Each
application rule consists of one or more match conditions and one or more
actions. Load balancer rules could be used by different load balancer
services.
DhcpRelayServiceListResult:
(missing)
HostSwitchState:
Host Switch State
LbMonitorListResult:
(missing)
LbActiveMonitor:
(missing)
LbJwtAuthAction:
This action is used to control access to backend server resources using JSON
Web Token(JWT) authentication. The JWT authentication is done before any
HTTP manipulation if the HTTP request matches the given condition in LbRule.
Any verification failed, the HTTP process will be terminated, and HTTP
response with 401 status code and WWW-Authentication header will be returned
to client.
CommunicationMapListRequestParameters:
This type is deprecated. Use the type SecurityPolicyListRequestParameters
instead.
PolicyIKEEncryptionAlgorithm:
IKEEncryption algorithms are used to ensure confidentiality of the messages
exchanged during IKE negotiations. AES stands for Advanced Encryption
Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for
encryption and decryption. AES_128 and AES_256 use CBC mode of encryption.
AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter
Mode(GCM) and is used to provide both confidentiality and data origin
authentication. AES_GCM composed of two separate functions one for
encryption(AES) and one for authentication(GMAC). AES_GCM algorithms will be
available with IKE_V2 version only. AES_GMAC_128 uses 128-bit keys.
AES_GMAC_192 uses 192-bit keys. AES_GMAC_256 uses 256-bit keys.
LBHttpRequestUriRewriteAction:
This action is used to rewrite URIs in matched HTTP request messages.
Specify the uri and uri_arguments fields in this condition to rewrite the
matched HTTP request message's URI and URI arguments to the new values. Full
URI scheme of HTTP messages have following syntax:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment] The uri
field of this action is used to rewrite the /path part in above scheme. And
the uri_arguments field is used to rewrite the query part. Captured
variables and built-in variables can be used in the uri and uri_arguments
fields. Check the example in LBRuleAction to see how to use variables in
this action.
LBConnectionDropAction:
This action is used to drop the connections. There is no extra propery in
this action. If there is no match condition specified, the connection will
be always dropped. This action can be specified at HTTP_ACCESS or
HTTP_FORWARDING pahse.
LbHttpsMonitor:
(missing)
Dscp:
Dscp value is ignored in case of 'TRUSTED' DscpMode.
LogicalPortState:
Contians realized state of the logical port. For example, transport node on
which the port is located, discovered and realized address bindings of the
logical port.
ChildL3Vpn:
Child wrapper object for L3Vpn, used in hierarchical API.
LBClientSslProfile:
Client SSL profile. LBClientSslProfile is deprecated as NSX-T Load Balancer
is deprecated.
LbNodeUsageSummaryRequestParameters:
Load balancer node usage summary request parameters.
LogicalPort:
(missing)
LBClientCertificateSubjectDnCondition:
Match condition for client certficate subject DN.
ClusterProfileTypeIdEntry:
(missing)
SnatTranslationType:
Load balancers may need to perform SNAT to ensure reverse traffic from the
server can be received and processed by them. There are two modes:
LbSnatAutoMap uses the load balancer interface IP and an ephemeral port as
the source IP and port of the server side connection. LbSnatIpPool allows
user to specify one or more IP addresses along with their subnet masks that
should be used for SNAT while connecting to any of the servers in the pool.
IntelligenceHostConfigurationInfo:
This is deprecated. Please use IntelligenceTransportNodeProfile instead.
NSX-Intelligence configuration that can be applied to host nodes.
PolicyBasedL3VpnSession:
A Policy-based L3Vpn session is a configuration in which a specific vpn
tunnel is referenced in a policy whose action is set as tunnel.
LbTcpMonitor:
(missing)
LBHttpRequestHeaderRewriteAction:
This action is used to rewrite header fields of matched HTTP request
messages to specified new values. One action can be used to rewrite one
header field. To rewrite multiple header fields, multiple actions must be
defined. Captured variables and built-in variables can be used in the
header_value field, header_name field does not support variables.
ExtraConfigHostSwitchProfile:
Profile for extra configs in host switch
TransportNodeDeleteParameters:
Parameters that affect how delete operations are processed
MetadataProxyStatisticsRequestParameters:
(missing)
DeploymentZoneListRequestParameters:
DeploymentZone list request parameters. This is a deprecated type.
DeploymentZone has been renamed to Site. Use SiteListRequestParameters.
NatActions:
NAT action types.
TransportNodeProfile:
Transport Node Profile
DhcpRelayProfile:
(missing)
IntelligenceFlowPrivateIpPrefixInfo:
This is deprecated. Please use CommonAgentPrivateIpRangeInfo instead. An IP
prefix to mark the private network that NSX-Intelligence network flow is
collected from.
PolicyIKEDigestAlgorithm:
The IKEDigestAlgorithms are used to verify message integrity during IKE
negotiation. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.
LbJwtPublicKey:
The key is used to specify the public key content which is used to verify
the signature of JWT tokens.
HostSwitchInfo:
Information of host switch participating in transport zone
ConditionalForwarderZone:
(missing)
BfdHealthMonitoringProfile:
Profile for BFD health monitoring
LbHttpResponseHeaderCondition:
This condition is used to match HTTP response messages from backend servers
by HTTP header fields. HTTP header fields are components of the header
section of HTTP request and response messages. They define the operating
parameters of an HTTP transaction. For example, Cookie, Authorization, User-
Agent, etc. One condition can be used to match one header field, to match
multiple header fields, multiple conditions must be specified. The
match_type field defines how header_value field is used to match HTTP
responses. The header_name field does not support match types.
DeploymentZone:
Logical grouping of enforcement points. This is a deprecated type.
DeploymentZone has been renamed to Site. Use Site.
DhcpOption121:
DHCP option 121 to define classless static route.
DhcpStaticBinding:
DHCP static binding to define a static ip allocation.
LogicalSwitchStateListResult:
Logical Switch state queries result
LBVariablePersistenceLearnAction:
This action is performed in HTTP response rewrite phase. It is used to learn
the value of variable from the HTTP response, and insert an entry into the
persistence table if the entry doesn't exist.
SslCipherGroup:
SSL cipher group
DhcpIpPoolListResult:
A paginated list of DHCP ip pools.
LBIcmpMonitorProfile:
Active healthchecks are disabled by default and can be enabled for a server
pool by binding a health monitor to the Group through the LBRule object.
This represents active health monitoring over ICMP. Active healthchecks are
initiated periodically, at a configurable interval, to each member of the
Group. Only if a healthcheck fails consecutively for a specified number of
times (fall_count) to a member will the member status be marked DOWN. Once a
member is DOWN, a specified number of consecutive successful healt hchecks
(rise_count) will bring the member back to UP state. After a healthcheck is
initiated, if it does not complete within a certain period, then also the
healthcheck is considered to be unsuccessful. Completing a healthcheck
within timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the configured
timeout. LBIcmpMonitorProfile is deprecated as NSX-T Load Balancer is
deprecated.
LBHttpsMonitorProfile:
Active healthchecks are disabled by default and can be enabled for a server
pool by binding a health monitor to the Group through the LBRule object.
This represents active health monitoring over HTTPS. Active healthchecks are
initiated periodically, at a configurable interval, to each member of the
Group. Only if a healthcheck fails consecutively for a specified number of
times (fall_count) to a member will the member status be marked DOWN. Once a
member is DOWN, a specified number of consecutive successful healthchecks
(rise_count) will bring the member back to UP state. After a healthcheck is
initiated, if it does not complete within a certain period, then also the
healthcheck is considered to be unsuccessful. Completing a healthcheck
within timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the configured
timeout. LBHttpsMonitorProfile is deprecated as NSX-T Load Balancer is
deprecated.
MacLearningSpec:
MAC learning configuration
LbJwtCertificateKey:
The key is used to specify certificate which is used to verify the signature
of JWT tokens.
CommunicationEntryListRequestParameters:
This type is deprecated. Use the type RuleListRequestParameters instead.
ChildLBServerSslProfile:
Child wrapper for LBServerSslProfile, used in hierarchical API.
TransportNodeDeploymentProgressState:
Deployment progress state of transport node. Object has current deployment
step title and progress in percentage.
LbHttpRequestHeaderRewriteAction:
This action is used to rewrite header fields of matched HTTP request
messages to specified new values. One action can be used to rewrite one
header field. To rewrite multiple header fields, multiple actions must be
defined. Captured variables and built-in variables can be used in the
header_value field, header_name field does not support variables.
MetadataProxyListResult:
(missing)
LBVariableCondition:
This condition is used to match variable's name and value at all phases. The
variables could be captured from REGEX or assigned by
LBVariableAssignmentAction or system embedded variable. Varialbe_name and
variable_value should be matched at the same time.
SslCipher:
SSL cipher
RouteBasedL3VpnSession:
A Route Based L3Vpn is more flexible, more powerful and recommended over
policy based. IP Tunnel subnet is created and all traffic routed through
tunnel subnet is sent over tunnel. Routes can be learned through BGP. A
route based L3Vpn is required when using redundant L3Vpn.
LbClientSslProfileListResult:
(missing)
HostSwitchProfilesListResult:
HostSwitch Profile queries result
TransportZoneProfile:
(missing)
LbVariablePersistenceOnAction:
This action is performed in HTTP forwarding phase. It is used to inspect the
variable of HTTP request, and look up the persistence entry with its value
and pool uuid as key. If the persistence entry is found, the HTTP request is
forwarded to the recorded backend server according to the persistence entry.
If the persistence entry is not found, a new entry is created in the table
after backend server is selected.
NatStatisticsPerRule:
(missing)
LBMonitorProfileType:
There are two types of healthchecks: active and passive. Passive
healthchecks depend on failures in actual client traffic (e.g. RST from
server in response to a client connection) to detect that the server or the
application is down. In case of active healthchecks, load balancer itself
initiates new connections (or sends ICMP ping) to the servers periodically
to check their health, completely independent of any data traffic.
Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP
and ICMP protocols.
LogicalPortAttachment:
Logical port attachment
LogicalSwitchStatus:
(missing)
LogicalPortDeleteParameters:
(missing)
LbHttpMonitor:
(missing)
TransportZoneProfileTypeIdEntry:
(missing)
StaticIpListSpec:
IP assignment specification for Static IP List.
LbHttpRequestUriRewriteAction:
This action is used to rewrite URIs in matched HTTP request messages.
Specify the uri and uri_arguments fields in this condition to rewrite the
matched HTTP request message's URI and URI arguments to the new values. Full
URI scheme of HTTP messages have following syntax:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment] The uri
field of this action is used to rewrite the /path part in above scheme. And
the uri_arguments field is used to rewrite the query part. Captured
variables and built-in variables can be used in the uri and uri_arguments
fields. Check the example in LbRuleAction to see how to use variables in
this action.
LbUsageSeverity:
Severity is calculated from usage percentage: GREEN means the current usage
percentage is less than 60%. ORANGE means the current usage percentage is
less than 80% and larger than or equal to 60%. RED means the current usage
percentage is larger than or equal to 80%.
LbHttpRequestUriCondition:
This condition is used to match URIs(Uniform Resource Identifier) of HTTP
request messages. The URI field can be specified as a regular expression. If
an HTTP request message is requesting an URI which matches specified regular
expression, it matches the condition. The syntax of whole URI looks like
this: scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
This condition matches only the path part of entire URI. When match_type
field is specified as REGEX, the uri field is used as a regular expression
to match URI path of HTTP requests. For example, to match any URI that has
"/image/" or "/images/", uri field can be specified as: "/image[s]?/". Named
capturing groups can be used in the uri field to capture substrings of
matched URIs and store them in variables for use in LbRuleAction. For
example, specify uri field as:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)" If the
URI path is /articles/news/2017/06/xyz.html, then substring "2017" is
captured in variable year, "06" is captured in variable month, and
"xyz.html" is captured in variable article. These variables can then be used
in an LbRuleAction field which supports variables, such as uri field of
LbHttpRequestUriRewriteAction. For example, set the uri field of
LbHttpRequestUriRewriteAction as: "/articles/news/$year-$month-$article"
Then the URI path /articles/news/2017/06/xyz.html is rewritten to:
"/articles/news/2017-06-xyz.html"
StaticIpMacListSpec:
IP and MAC assignment specification for Static IP List.
HttpRequestMethodType:
http monitor method
MetadataProxyStatisticsPerLogicalSwitch:
(missing)
LbHttpResponseHeaderRewriteAction:
This action is used to rewrite header fields of HTTP response messages to
specified new values at HTTP_RESPONSE_REWRITE phase. One action can be used
to rewrite one header field. To rewrite multiple header fields, multiple
actions must be defined. Captured variables and built-in variables can be
used in the header_value field, header_name field does not support
variables.
DuplicateIPDetection:
Duplicate IP detection and control
LbSelectPoolAction:
This action is used to select a pool for matched HTTP request messages. The
pool is specified by UUID. The matched HTTP request messages are forwarded
to the specified pool.
LBIpHeaderCondition:
This condition is used to match IP header fields of HTTP messages. Either
source_address or group_id should be specified.
LBHttpMonitorProfile:
Active healthchecks are disabled by default and can be enabled for a server
pool by binding a health monitor to the Group through the LBRule object.
This represents active health monitoring over HTTP. Active healthchecks are
initiated periodically, at a configurable interval, to each member of the
Group. Only if a healthcheck fails consecutively for a specified number of
times (fall_count) to a member will the member status be marked DOWN. Once a
member is DOWN, a specified number of consecutive successful healthchecks
(rise_count) will bring the member back to UP state. After a healthcheck is
initiated, if it does not complete within a certain period, then also the
healthcheck is considered to be unsuccessful. Completing a healthcheck
within timeout means establishing a connection (TCP or SSL), if applicable,
sending the request and receiving the response, all within the configured
timeout. LBHttpMonitorProfile is deprecated as NSX-T Load Balancer is
deprecated.
LbPersistenceCookieTime:
(missing)
LBHttpRejectAction:
This action is used to reject HTTP request messages. The specified
reply_status value is used as the status code for the corresponding HTTP
response message which is sent back to client (Normally a browser)
indicating the reason it was rejected. Reference official HTTP status code
list for your specific HTTP version to set the reply_status properly.
LBHttpRejectAction does not support variables.
SwitchingProfileDeleteParameters:
(missing)
NiocProfile:
This profile is created for Network I/O Control(NIOC).
DnsAnswer:
The response for DNS nslookup.
LbClientCertificateSubjectDnCondition:
Match condition for client certficate subject DN
LbRuleCondition:
Match conditions are used to match application traffic passing through load
balancers. Multiple match conditions can be specified in one load balancer
rule, each match condition defines a criterion for application traffic. If
inverse field is set to true, the match result of the condition is inverted.
If more than one match condition is specified, match strategy determines if
all conditions should match or any one condition should match for the load
balancer rule to be considered a match. Currently only HTTP messages are
supported by load balancer rules. Each load balancer rule is used at a
specific phase of load balancer processing. Currently three phases are
supported, HTTP_REQUEST_REWRITE, HTTP_FORWARDING and HTTP_RESPONSE_REWRITE.
Each phase supports certain types of match conditions, supported match
conditions in HTTP_REQUEST_REWRITE phase are: LbHttpRequestMethodCondition
LbHttpRequestUriCondition LbHttpRequestUriArgumentsCondition
LbHttpRequestVersionCondition LbHttpRequestHeaderCondition
LbHttpRequestCookieCondition LbHttpRequestBodyCondition LbTcpHeaderCondition
LbIpHeaderCondition LbVariableCondition LbHttpSslCondition Supported match
conditions in HTTP_FORWARDING phase are: LbHttpRequestMethodCondition
LbHttpRequestUriCondition LbHttpRequestUriArgumentsCondition
LbHttpRequestVersionCondition LbHttpRequestHeaderCondition
LbHttpRequestCookieCondition LbHttpRequestBodyCondition LbTcpHeaderCondition
LbIpHeaderCondition LbVariableCondition LbHttpSslCondition LbSslSniCondition
Supported match condition in HTTP_RESPONSE_REWRITE phase is:
LbHttpResponseHeaderCondition LbHttpRequestMethodCondition
LbHttpRequestUriCondition LbHttpRequestUriArgumentsCondition
LbHttpRequestVersionCondition LbHttpRequestHeaderCondition
LbHttpRequestCookieCondition LbTcpHeaderCondition LbIpHeaderCondition
LbVariableCondition LbHttpSslCondition Supported match condition in
HTTP_ACCESS phase is: LbHttpRequestMethodCondition LbHttpRequestUriCondition
LbHttpRequestUriArgumentsCondition LbHttpRequestVersionCondition
LbHttpRequestHeaderCondition LbHttpRequestCookieCondition
LbHttpRequestBodyCondition LbTcpHeaderCondition LbIpHeaderCondition
LbVariableCondition LbHttpSslCondition Supported match condition in
TRANSPORT phase is: LbSslSniCondition
TransportType:
(missing)
LbConnectionDropAction:
This action is used to drop the connections. There is no extra propery in
this action. If there is no match condition specified, the connection will
be always dropped. This action can be specified at HTTP_ACCESS or
HTTP_FORWARDING pahse.
LBMonitorProfileListResult:
Paged Collection of LBMonitorProfiles
DhcpLeasePerIP:
(missing)
LbEdgeNodeUsage:
The capacity contains basic information and load balancer entity usages and
capacity for the given edge node.
SwitchSecuritySwitchingProfile:
(missing)
PolicyIKEVersion:
IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds
to both IKE-V1 and IKE-V2.
SwitchingProfilesListResult:
Switching Profile queries result
LBVariablePersistenceOnAction:
This action is performed in HTTP forwarding phase. It is used to inspect the
variable of HTTP request, and look up the persistence entry with its value
and pool uuid as key. If the persistence entry is found, the HTTP request is
forwarded to the recorded backend server according to the persistence entry.
If the persistence entry is not found, a new entry is created in the table
after backend server is selected.
ChildL3VpnContext:
Child wrapper object for L3VpnContext, used in hierarchical API.
SwitchingProfileTypeIdEntry:
(missing)
LbUdpMonitor:
(missing)
LogicalPortAttachmentState:
VIF attachment state of a logical port
MetadataProxyStatistics:
(missing)
PreconfiguredHostSwitch:
Preconfigured host switch is used for manually configured transport node.
ChildLBMonitorProfile:
Child wrapper for LBMonitorProfile, used in hierarchical API.
ClasslessStaticRoute:
DHCP classless static route option.
ServerAuthType:
Server authentication could be REQUIRED or IGNORE, it is used to specify if
the server certificate presented to the load balancer during handshake
should be actually validated or not. Validation is disabled by default. If
validation is REQUIRED, then to be accepted, server certificate must be
signed by one of the trusted CAs whose self signed certificates are
specified in the same server-side SSL profile binding.
LBActiveMonitor:
All the active types of LBMonitorProfile extend from this abstract class.
This is present for extensibility.
LbVariablePersistenceLearnAction:
This action is performed in HTTP response rewrite phase. It is used to learn
the value of variable from the HTTP response, and insert an entry into the
persistence table if the entry doesn't exist.
WhiteListProvisionType:
Ways to provide white listed addresses for SpoofGuard
NatFirewallMatch:
The type indicates how the firewall is applied to a traffic packet.
MATCH_EXTERNAL_ADRESS indicates the firewall will be applied to external
address of a NAT rule. For SNAT, the external address is the translated
source address after NAT is done. For DNAT, the external address is the
original destination address before NAT is done. For REFLEXIVE, to egress
traffic, the firewall will be applied to the translated source address after
NAT is done; To ingress traffic, the firewall will be applied to the
original destination address before NAT is done. MATCH_INTERNAL_ADDRESS
indicates the firewall will be applied to internal address of a NAT rule.
For SNAT, the internal address is the original source address before NAT is
done. For DNAT, the internal address is the translated destination address
after NAT is done. For REFLEXIVE, to egress traffic, the firewall will be
applied to the original source address before NAT is done; To ingress
traffic, the firewall will be applied to the translated destination address
after NAT is done. BYPASS indicates the firewall stage will be skipped.
LBClientCertificateIssuerDnCondition:
Match condition for client certficate issuer DN.
LBSnatIpPool:
Snat Ip pool.
ForwarderZone:
(missing)
CommunicationEntryInsertParameters:
Parameters to let the admin specify a relative position of a communication
entry w.r.t to another one in the same communication map. If the
communication entry specified in the anchor_path belongs to another
communication map an error will be thrown This type is deprecated. Use the
type RuleInsertParameters instead.
LbHttpRedirectAction:
This action is used to redirect HTTP request messages to a new URL. The
reply_status value specified in this action is used as the status code of
HTTP response message which is sent back to client (Normally a browser). The
HTTP status code for redirection is 3xx, for example, 301, 302, 303, 307,
etc. The redirect_url is the new URL that the HTTP request message is
redirected to. Normally browser will send another HTTP request to the new
URL after receiving a redirection response message. Captured variables and
built-in variables can be used in redirect_url field. For example, to
redirect all HTTP requests to HTTPS requests for a virtual server. We create
an LbRule without any conditions, add an LbHttpRedirectAction to the rule.
Set the redirect_url field of the LbHttpRedirectAction to:
https://$_host$_request_uri And set redirect_status to "302", which means
found. This rule will redirect all HTTP requests to HTTPS server port on the
same host.
LbNodeUsageSummary:
The load balancer node usage summary for all nodes. Only EdgeNode is
supported. The summary calculation is based on all edge nodes configured in
edge clusters.
MonitorQueryType:
MonitorQueryType is used to query load balancer monitors. LbActiveMonitor
represents active load balancer monitors. While LbActiveMonitor is specified
to query load balancer monitors, it returns all active monitors, including
LbHttpMonitor, LbHttpMonitor, LbIcmpMonitor, LbTcpMonitor, LbUdpMonitor.
LBClientSslProfileBinding:
Client SSL profile binding. LBClientSslProfileBinding is deprecated as NSX-T
Load Balancer is deprecated.
LBSnatIpElement:
Snat Ip element.
LBXForwardedForType:
X-forwarded-for type.
HttpRequestVersionType:
http request version
IpMacPair:
IP and MAC pair.
LBRule:
Binding of a LBPool and Group to a LBVirtualServer used to route application
traffic passing through load balancers. LBRule uses match conditions to
match application traffic passing through a LBVirtualServer using HTTP or
HTTPS. Can bind multiple LBVirtualServers to a Group. Each LBRule consists
of two optional match conditions, each match contidion defines a criterion
for application traffic. If no match conditions are specified, then the
LBRule will always match and it is used typically to define default rules.
If more than one match condition is specified, then matching strategy
determines if all conditions should match or any one condition should match
for the LBRule to be considered a match. A match indicates that the
LBVirtualServer should route the request to the Group (parent of LBRule).
LBRule is deprecated as NSX-T Load Balancer is deprecated.
LBGenericPersistenceProfile:
Some applications maintain state and require all relevant connections to be
sent to the same server as the application state is not synchronized among
servers. Persistence is enabled on a LBVirtualServer by binding a
persistence profile to it. LBGenericPersistenceProfile cannot be attached to
virtual server directly, it can be specified in LB rule actions. In HTTP
forwarding phase, the profile can be specified in
LBVariablePersistenceOnAction. In HTTP response rewriting phase, the profile
can be specified in LBVariablePersistenceLearnAction.
LBGenericPersistenceProfile is deprecated as NSX-T Load Balancer is
deprecated.
TransportNodeUpdateParameters:
Transport node update parameters are mainly used for migrating ESX VMkernel
(vmk) interfaces and VM NICs into or out-of logical switches. The
'esx_mgmt_if_migration_dest' and 'if_id' must be used as a pair to migrate
vmk interfaces; they can not be used to migrate VM NICs. NSX manager will
auto-create logical ports and vif ids for the vmk interfaces when they are
used to migrate vmks into logical switches. The 'vnic' and
'vnic_migration_dest' must also be used as a pair; they can be used to
migrate both vmk interfaces and VM NICs. When they are used to migrate
interfaces into logical switches, logical ports and vif ids must be created
in advance because 'vnic_migration_dest' must contain existing vif ids.
These two paires can not be specified together.
LbSslCipherAndProtocolListResult:
(missing)
LBTcpHeaderCondition:
This condition is used to match TCP header fields of HTTP messages.
Currently, only the TCP source port is supported. Ports can be expressed as
a single port number like 80, or a port range like 1024-1030.
LBHttpProfile:
Http profile. LBHttpProfile is deprecated as NSX-T Load Balancer is
deprecated.
VifAttachmentContext:
(missing)
LbHttpSslCondition:
This condition is used to match SSL handshake and SSL connection at all
phases.If multiple properties are configured, the rule is considered a match
when all the configured properties are matched.
LbClientCertificateIssuerDnCondition:
Match condition for client certficate issuer DN
Pnic:
Physical NIC specification
LbNodeCountPerSeverity:
The node count for specific load balancer usage severity.
DnsQueryAnswer:
Answer of nslookup
LbSslSniCondition:
This condition is used to match SSL SNI in client hello. This condition is
only supported in TRANSPORT phase and HTTP_FORWARDING phase.
LbJwtKeyType:
It is used to identify JWT key type.
IngressBroadcastRateShaper:
A shaper that specifies ingress rate properties in kb/s
L3VpnRule:
For policy-based L3Vpn sessions, a rule specifies as its action the vpn
tunnel to be used for transit traffic that meets the rule's match criteria.
LbHttpRequestVersionCondition:
This condition is used to match the HTTP protocol version of the HTTP
request messages.
TransportNodeProfileListResult:
Transport Node Profile queries result
CommunicationEntryListResult:
This type is deprecated. Use the type RuleListResult instead.
QosBaseRateShaper:
A shaper configuration entry that specifies type and metrics
LbHttpRequestHeaderCondition:
This condition is used to match HTTP request messages by HTTP header fields.
HTTP header fields are components of the header section of HTTP request and
response messages. They define the operating parameters of an HTTP
transaction. For example, Cookie, Authorization, User-Agent, etc. One
condition can be used to match one header field, to match multiple header
fields, multiple conditions must be specified. The match_type field defines
how header_value field is used to match HTTP requests. The header_name field
does not support match types.
LbNodeUsageType:
The node type for load balancer node usage.
PerNodeUsedCacheStatistics:
Query statistics counters of used cache from node
LbRuleAction:
Load balancer rule actions are used to manipulate application traffic.
Currently load balancer rules can be used at three load balancer processing
phases. Each phase has its own supported type of actions. Supported actions
in HTTP_REQUST_REWRITE phase are: LbHttpRequestUriRewriteAction
LbHttpRequestHeaderRewriteAction LbHttpRequestHeaderDeleteAction
LbVariableAssignmentAction Supported actions in HTTP_FORWARDING phase are:
LbHttpRejectAction LbHttpRedirectAction LbSelectPoolAction
LbVariablePersistenceOnAction LbConnectionDropAction Supported action in
HTTP_RESPONSE_REWRITE phase is: LbHttpResponseHeaderRewriteAction
LbHttpResponseHeaderDeleteAction LbVariablePersistenceLearnAction
Supported action in HTTP_ACCESS phase is: LbJwtAuthAction
LbConnectionDropAction LbVariableAssignmentAction Supported action in
TRANSPORT phase is: LbSslModeSelectionAction LbSelectPoolAction If the
match type of an LbRuleCondition field is specified as REGEX and named
capturing groups are used in the specified regular expression. The groups
can be used as variables in LbRuleAction fields. For example, define a rule
with LbHttpRequestUriCondition as match condition and
LbHttpRequestUriRewriteAction as action. Set match_type field of
LbHttpRequestUriCondition to REGEX, and set uri field to
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)". Set uri
field of LbHttpRequestUriRewriteAction to: "/news/$year-$month/$article"
In uri field of LbHttpRequestUriCondition, the (?<year>\d+),
(?<month>\d+) and (?<article>.*) are named capturing groups,
they define variables named $year, $month and $article respectively. The
defined variables are used in LbHttpRequestUriRewriteAction. For a matched
HTTP request with URI "/news/2017/06/xyz.html", the substring "2017" is
captured in variable $year, "06" is captured in variable $month, and
"xyz.html" is captured in variable $article. The
LbHttpRequestUriRewriteAction will rewrite the URI to:
"/news/2017-06/xyz.html" A set of built-in variables can be used in
LbRuleAction as well. The name of built-in variables start with underscore,
the name of user defined variables is not allowed to start with underscore.
Following are some of the built-in variables: $_scheme: Reference the
scheme part of matched HTTP messages, could be "http" or "https". $_host:
Host of matched HTTP messages, for example "www.example.com".
$_server_port: Port part of URI, it is also the port of the server which
accepted a request. Default port is 80 for http and 443 for https. $_uri:
The URI path, for example "/products/sample.html". $_request_uri: Full
original request URI with arguments, for example,
"/products/sample.html?a=b&c=d". $_args: URI arguments, for instance
"a=b&c=d" $_is_args: "?" if a request has URI arguments, or an empty
string otherwise. For the full list of built-in variables, please reference
the NSX-T Administrator's Guide.
AttachmentType:
Type of attachment for logical port.
LBJwtAuthAction:
This action is used to control access to backend server resources using JSON
Web Token(JWT) authentication. The JWT authentication is done before any
HTTP manipulation if the HTTP request matches the given condition in LBRule.
Any verification failed, the HTTP process will be terminated, and HTTP
response with 401 status code and WWW-Authentication header will be returned
to client.
LbIcmpMonitor:
(missing)
IPv6DhcpServer:
DHCP server to support IPv6 DHCP service. Properties defined at DHCP server
level can be overridden by ip-pool or static-binding level properties.
LbClientSslProfile:
The object is deprecated as NSX-T Load Balancer is deprecated.
GroupDeleteRequestParameters:
Group delete request parameters
** Deprecated Property Definitions
LbVirtualServer.server_ssl_profile_binding:
The setting is used when load balancer acts as an SSL client and
establishing a connection to the backend server. The property is deprecated
as NSX-T Load Balancer is deprecated.
LbVirtualServer.default_pool_member_port:
This is a deprecated property, please use 'default_pool_member_ports'
instead. If default_pool_member_port is configured and
default_pool_member_ports are not specified, both default_pool_member_port
and default_pool_member_ports in response payload would return the same port
value. If both are specified, default_pool_member_ports setting would take
effect with higher priority.
LbVirtualServer.port:
This is a deprecated property, please use 'ports' instead. Port setting
could be single port for both L7 mode and L4 mode. For L4 mode, a single
port range is also supported. The port setting could be a single port or
port range such as "80", "1234-1236". If port is configured and ports are
not specified, both port and ports in response payload would return the same
port value. If both port and ports are configured, ports setting would take
effect with higher priority.
LbVirtualServer.max_concurrent_connections:
To ensure one virtual server does not over consume resources, affecting
other applications hosted on the same LBS, connections to a virtual server
can be capped. If it is not specified, it means that connections are
unlimited. The property is deprecated as NSX-T Load Balancer is deprecated.
LbVirtualServer.max_new_connection_rate:
To ensure one virtual server does not over consume resources, connections to
a member can be rate limited. If it is not specified, it means that
connection rate is unlimited. The property is deprecated as NSX-T Load
Balancer is deprecated.
LbVirtualServer.sorry_pool_id:
When load balancer can not select a backend server to serve the request in
default pool or pool in rules, the request would be served by sorry server
pool. The property is deprecated as NSX-T Load Balancer is deprecated.
LbVirtualServer.client_ssl_profile_binding:
The setting is used when load balancer acts as an SSL server and terminating
the client SSL connection The property is deprecated as NSX-T Load Balancer
is deprecated.
LbVirtualServer.rule_ids:
Load balancer rules allow customization of load balancing behavior using
match/action rules. Currently, load balancer rules are supported for only
layer 7 virtual servers with LbHttpProfile. The property is deprecated as
NSX-T Load Balancer is deprecated.
LbHttpProfile.ntlm:
NTLM is an authentication protocol that can be used over HTTP. If the flag
is set to true, LB will use NTLM challenge/response methodology. This
property is deprecated. Please use the property server_keep_alive in order
to keep the backend server connection alive for the client connection. When
create a new profile, if both ntlm and server_keep_alive are set as
different values, ERROR will be reported. When update an existing profile,
if either ntlm or server_keep_alive value is changed, both of them are
updated with the changed value.
LBPool.passive_monitor_path:
Passive healthchecks are disabled by default and can be enabled by attaching
a passive health monitor to a server pool. Each time a client connection to
a pool member fails, its failed count is incremented. For pools bound to L7
virtual servers, a connection is considered to be failed and failed count is
incremented if any TCP connection errors (e.g. TCP RST or failure to send
data) or SSL handshake failures occur. For pools bound to L4 virtual
servers, if no response is received to a TCP SYN sent to the pool member or
if a TCP RST is received in response to a TCP SYN, then the pool member is
considered to have failed and the failed count is incremented. The property
is deprecated as NSX-T Load Balancer is deprecated.
LBPool.active_monitor_paths:
In case of active healthchecks, load balancer itself initiates new
connections (or sends ICMP ping) to the servers periodically to check their
health, completely independent of any data traffic. Active healthchecks are
disabled by default and can be enabled for a server pool by binding a health
monitor to the pool. If multiple active monitors are configured, the pool
member status is UP only when the health check status for all the monitors
are UP. The property is deprecated as NSX-T Load Balancer is deprecated.
LBPool.tcp_multiplexing_enabled:
TCP multiplexing allows the same TCP connection between load balancer and
the backend server to be used for sending multiple client requests from
different client TCP connections. The property is deprecated as NSX-T Load
Balancer is deprecated.
LBPool.tcp_multiplexing_number:
The maximum number of TCP connections per pool that are idly kept alive for
sending future client requests. The property is deprecated as NSX-T Load
Balancer is deprecated.
DropdownFilterWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
DropdownFilterWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
DropdownFilterWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
LbVirtualServerWithRule.rules:
It is used to add rules, update rules and bind rules to the virtual server.
To add new rules, make sure that the rules have no identifier specified, the
new rules are automatically generated and associated to the virtual server.
If the virtual server need to consume some existed rules without change,
those rules should not be specified in the list, otherwise, the rules are
updated. For update_with_rules action, it supports rules delete and update.
To delete old rules, the rules should not be configured in new action, the
UUID of deleted rules should be removed from rule_ids. To update rules, the
rules should be specified with new change and configured with identifier. If
there are some rules which are not modified, those rule should not be
specified in the rules list, the UUID list of rules should be specified in
rule_ids of LbVirtualServer. The property is deprecated as NSX-T Load
Balancer is deprecated.
RealizedNSService.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
Segment.address_bindings:
Static address binding used for the Segment. This field is deprecated and
will be removed in a future release. Please use address_bindings in
SegmentPort to configure static bindings.
Segment.ls_id:
This property is deprecated. The property will continue to work as expected
for existing segments. The segments that are newly created with ls_id will
be ignored. Sepcify pre-creted logical switch id for Segment.
UpgradeChecksExecutionStatus.node_with_issues_count:
Number of nodes which generated failures or warnings in last execution of
pre/post-upgrade checks. This field has been deprecated. Please use
failure_count instead.
RealizedVirtualMachine.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
PortConnectionHypervisor.pnics:
(missing)
WidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
WidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
WidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
VmConfigStatus.whitelist:
WhitelistingStatus is deprecated and is replaced with UserManagedStatus
LbSnatTranslation.port_overload:
Both SNAT automap and SNAT IP list modes support port overloading which
allows the same SNAT IP and port to be used for multiple backend connections
as long as the tuple (source IP, source port, destination IP, destination
port, IP protocol) after SNAT is performed is unique. The valid number is 1,
2, 4, 8, 16, 32. This is a deprecated property. The port overload factor is
fixed to 32 in load balancer engine. If it is upgraded from an old version,
the value would be changed to 32 automatically.
TraceflowConfig.segment_port_path:
Policy path or UUID of segment port to start traceflow from. Auto-plumbed
ports don't have corresponding policy path. Ports auto-created by policy as
part of connecting segment to Tier-0 or Tier-1 or DHCP server cannot be
used. UUID is validated for syntax only. This configuration will be cleaned
up by the system after two hours of inactivity.
RealizedLogicalPort.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
StandardHostSwitch.host_switch_name:
This field is writable only in case of NVDS type HostSwitch and system
generated for VDS type. For NVDS type host switch, If this name is unset or
empty then the default host switch name will be used. The name must be
unique among all host switches specified in a given transport node; unset
name, empty name and the default host switch name are considered the same in
terms of uniqueness. For VDS type host switch, Manager fetches VDS name from
corresponding Compute Manager and populates this field. If VDS name is given
(correct or incorrect) it is ignored and overwritten with correct one.
RealizedGroup.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
LBService.relax_scale_validation:
If relax_scale_validation is true, the scale validations for virtual
servers/pools/pool members/rules are relaxed for load balancer service. When
load balancer service is deployed on edge nodes, the scale of virtual
servers/pools/pool members for the load balancer service should not exceed
the scale number of the largest load balancer size which could be configured
on a certain edge form factor. For example, the largest load balancer size
supported on a MEDIUM edge node is MEDIUM. So one SMALL load balancer
deployed on MEDIUM edge nodes can support the scale number of MEDIUM load
balancer. It is not recommended to enable active monitors if
relax_scale_validation is true due to performance consideration. If
relax_scale_validation is false, scale numbers should be validated for load
balancer service. The property is deprecated as NSX-T Load Balancer is
deprecated.
LBService.access_log_enabled:
Flag to enable access log
BgpConfig.as_number:
This is a deprecated property, Please use 'as_num' instead. For VRF logical
router, the as_number from parent logical router will be effective.
BgpConfig.graceful_restart:
Flag to enable graceful restart. This field is deprecated, kindly use
graceful_restart_config parameter for graceful restart configuration. If
both parameters are set and consistent with each other [i.e.
graceful_restart=false and graceful_restart_mode=HELPER_ONLY OR
graceful_restart=true and graceful_restart_mode=GR_AND_HELPER] then this is
allowed, but if inconsistent with each other then this is not allowed and
validation error will be thrown. For VRF logical router, the settings from
parent logical router will be effective.
SecurityPolicy.connectivity_strategy:
This field indicates the default connectivity policy for the security
policy. Based on the connectivity strategy, a default rule for this security
policy will be created. An appropriate action will be set on the rule based
on the value of the connectivity strategy. If NONE is selected or no
connectivity strategy is specified, then no default rule for the security
policy gets created. The default rule that gets created will be a any-any
rule and applied to entities specified in the scope of the security policy.
Specifying the connectivity_strategy without specifying the scope is not
allowed. The scope has to be a Group and one cannot specify IPAddress
directly in the group that is used as scope. This default rule is only
applicable for the Layer3 security policies. This property is deprecated.
Use the type connectivity_preference instead. WHITELIST - Adds a default
drop rule. Administrator can then use "allow" rules (aka whitelist) to allow
traffic between groups BLACKLIST - Adds a default allow rule. Admin can then
use "drop" rules (aka blacklist) to block traffic between groups
WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled
BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No
default rule is created.
SecurityPolicy.logging_enabled:
This property is deprecated. Flag to enable logging for all the rules in the
security policy. If the value is true then logging will be enabled for all
the rules in the security policy. If the value is false, then the rule level
logging value will be honored.
PolicyUrlCategorizationConfig.context_profiles:
The ids of the context profiles that provides the list of categories to be
detected. This field is deprecated. URL Categorization will not be supported
in association with context profiles.
ContainerConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
ContainerConfiguration.layout:
Layout of widgets can be either vertical or horizontal. If layout is not
specified a default horizontal layout is applied. This property is
deprecated. Now the layout inside the container can be taken care with the
help of 'rowspan' and 'colspan' property.
ContainerConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
ContainerConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
RealizedSecurityGroupMemberEvaluation.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
L2VpnService.enable_full_mesh:
Full mesh topology auto disables traffic replication between connected
peers. However, this property is deprecated. Please refer enable_hub
property instead to control client to client forwarding via the server. The
value of enable_full_mesh will not be used anymore. If enable_hub is not
provided explicitly, the default value of it will be used.
L2Extension.l2vpn_path:
This property has been deprecated. Please use the property l2vpn_paths for
setting the paths of associated L2 VPN session. This property will continue
to work as expected to provide backwards compatibility. However, when both
l2vpn_path and l2vpn_paths properties are specified, only l2vpn_paths is
used.
RealizedEnforcementPoint.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
UpgradeCheck.failure_messages:
List of failure messages. This field is deprecated now. Please use failures
instead.
GridConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
GridConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
GridConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
BgpNeighborStatus.graceful_restart:
Current state of graceful restart where graceful_restart = true indicates
graceful restart is enabled and graceful_restart = false indicates graceful
restart is disabled. This is deprecated field, use graceful_restart_mode
instead.
RealizedFirewall.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
MultiWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
MultiWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
MultiWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
RealizedNSGroupMemberEvaluation.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
BgpNeighborRoutes.egde_node_routes:
Array of BGP neighbor route details per edge node.
LegendWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
LegendWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
LegendWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
GenericPolicyRealizedResource.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
Header.sub_headers:
An array of label-value properties. This field is deprecated instead used
'sub_header_widgets' property to define header widgets.
HostNode.display_name:
This field is deprecated. TransportNode field 'display_name' must be used
instead. For HostNode, this field defaults to ID if not set. For EdgeNode
and PublicCloudGatewayNode, this field is ignored if specified in request
payload.
HostNode.description:
This field is deprecated. TransportNode field 'description' must be used
instead. For EdgeNode and PublicCloudGatewayNode, this field is ignored if
specified in request payload.
HostNode.tags:
This field is deprecated. TransportNode field 'tags' must be used instead.
For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified
in request payload.
LabelValueConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
LabelValueConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
LabelValueConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
Node.display_name:
This field is deprecated. TransportNode field 'display_name' must be used
instead. For HostNode, this field defaults to ID if not set. For EdgeNode
and PublicCloudGatewayNode, this field is ignored if specified in request
payload.
Node.description:
This field is deprecated. TransportNode field 'description' must be used
instead. For EdgeNode and PublicCloudGatewayNode, this field is ignored if
specified in request payload.
Node.tags:
This field is deprecated. TransportNode field 'tags' must be used instead.
For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified
in request payload.
RealizedGroups.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
RealizedNSGroup.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
AwsAccountsListResult.all_accounts_instance_stats:
This field is DEPRECATED. To obtain statistics about instances, use the GET
/csm/accounts/statistics API.
AwsAccountsListResult.all_accounts_vpc_stats:
This field is DEPRECATED. To obtain statistics about VPCs, use the GET
/csm/accounts/statistics API.
LbSnatIpPool.port_overload:
Both SNAT automap and SNAT IP list modes support port overloading which
allows the same SNAT IP and port to be used for multiple backend connections
as long as the tuple (source IP, source port, destination IP, destination
port, IP protocol) after SNAT is performed is unique. The valid number is 1,
2, 4, 8, 16, 32. This is a deprecated property. The port overload factor is
fixed to 32 in load balancer engine. If it is upgraded from an old version,
the value would be changed to 32 automatically.
LogicalSwitch.address_bindings:
Address bindings for the Logical switch
NatRule.nat_pass:
Default is true. If the nat_pass is set to true, the following firewall
stage will be skipped. Please note, if action is NO_SNAT or NO_DNAT, then
nat_pass must be set to true or omitted. Nat_pass was deprecated with an
alternative firewall_match. Please stop using nat_pass to specify whether
firewall stage is skipped. if you want to skip, please set firewall_match to
BYPASS. If you do not want to skip, please set the firewall_match to
MATCH_EXTERNAL_ADDRESS or MATCH_INTERNAL_ADDRESS. Please note, the
firewall_match will take priority over the nat_pass. If both are provided,
the nat_pass is ignored. If firewall_match is not provided while the
nat_pass is specified, the nat_pass will still be picked up. In this case,
if nat_pass is set to false, firewall rule will be applied on internall
address of a packet, i.e. MATCH_INTERNAL_ADDRESS.
CloudVirtualMachine.nsx_security_rule_errors:
DEPRECATED. Array of NSX security rule realization errors. To get this
information call /csm/virtual-machines//firewall-rules
CloudVirtualMachine.nsx_security_rule_errors_count:
DEPRECATED. Count of the NSX security rule realization errors. To get this
information call /csm/virtual-machines//firewall-rules
LbSnatAutoMap.port_overload:
Both SNAT automap and SNAT IP list modes support port overloading which
allows the same SNAT IP and port to be used for multiple backend connections
as long as the tuple (source IP, source port, destination IP, destination
port, IP protocol) after SNAT is performed is unique. The valid number is 1,
2, 4, 8, 16, 32. This is a deprecated property. The port overload factor is
fixed to 32 in load balancer engine. If it is upgraded from an old version,
the value would be changed to 32 automatically.
PublicCloudGatewayNode.display_name:
This field is deprecated. TransportNode field 'display_name' must be used
instead. For HostNode, this field defaults to ID if not set. For EdgeNode
and PublicCloudGatewayNode, this field is ignored if specified in request
payload.
PublicCloudGatewayNode.description:
This field is deprecated. TransportNode field 'description' must be used
instead. For EdgeNode and PublicCloudGatewayNode, this field is ignored if
specified in request payload.
PublicCloudGatewayNode.tags:
This field is deprecated. TransportNode field 'tags' must be used instead.
For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified
in request payload.
BgpRoutingConfig.graceful_restart:
Flag to enable graceful restart. This field is deprecated, please use
graceful_restart_config parameter for graceful restart configuration. If
both parameters are set and consistent with each other (i.e.
graceful_restart=false and graceful_restart_mode=HELPER_ONLY OR
graceful_restart=true and graceful_restart_mode=GR_AND_HELPER) then this is
allowed, but if inconsistent with each other then this is not allowed and
validation error will be thrown.
DhcpServerConfig.server_address:
DHCP server address in CIDR format. Prefix length should be less than or
equal to 30. DHCP server is deployed as DHCP relay service. This property is
deprecated, use server_addresses instead. Both properties cannot be
specified together with different new values.
FirewallGlobalConfig.global_fastpath_mode_enabled:
This property is deprecated. The fast path mode is always enabled in
Distributed Firewall.
EdgeNode.display_name:
This field is deprecated. TransportNode field 'display_name' must be used
instead. For HostNode, this field defaults to ID if not set. For EdgeNode
and PublicCloudGatewayNode, this field is ignored if specified in request
payload.
EdgeNode.description:
This field is deprecated. TransportNode field 'description' must be used
instead. For EdgeNode and PublicCloudGatewayNode, this field is ignored if
specified in request payload.
EdgeNode.tags:
This field is deprecated. TransportNode field 'tags' must be used instead.
For EdgeNode and PublicCloudGatewayNode, this field is ignored if specified
in request payload.
SpoofGuardProfile.address_binding_whitelist:
If true, enable the SpoofGuard, which only allows VM sending traffic with
the IPs in the whitelist. This field is deprecated because it has offensive
terminology. Please use address_binding_allowlist. This value cannot
conflict with allow list.
AwsTransitVpcConfig.account_id:
AWS account ID of the transit VPC. This field is deprecated. Field
account_id can be learnt using vpc_id. GET /csm/aws/vpcs/ API
returns associated_account_ids. Hence, this field is optional.
VmConfigProperties.whitelisted:
Setting this flag to true means NSX will not consider this instance while
performing quarantine operation. [DEPRECATED - replace with usermanaged]
AbstractSpace.connectivity_strategy:
The connectivity strategy is deprecated. Use default layer3 rule,
/infra/domains/default/security-policies/default-layer3-security-
policy/rules/default-layer3-rule. This field indicates the default
connectivity policy for the infra or tenant space WHITELIST - Adds a default
drop rule. Administrator can then use "allow" rules (aka whitelist) to allow
traffic between groups BLACKLIST - Adds a default allow rule. Admin can then
use "drop" rules (aka blacklist) to block traffic between groups
WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled
BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No
default rules are added.
LBSourceIpPersistenceProfile.ha_persistence_mirroring_enabled:
Persistence entries are not synchronized to the HA peer by default. The
property is deprecated as NSX-T Load Balancer is deprecated.
AzureComputeVNetConfig.account_id:
Azure account ID related to the compute VNet. This field is deprecated.
Field account_id can be learnt using vnet_id. GET /csm/azure/vnets/
API returns associated_account_ids. Hence, this field is optional.
DonutConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
DonutConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
DonutConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
FullSyncState.last_upate_time:
Deprecated, refer to last_update_time for the last update time stamp.
RealizedService.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
GatewayConfig.dns_settings:
Settings related to Cloud gateway DNS configuration. This determines DNS
configuration based on dns_mode.
ClusterStatus.mgmt_cluster_status:
The current status of the management cluster
ClusterStatus.control_cluster_status:
The current status of the control cluster
LbService.relax_scale_validation:
If relax_scale_validation is true, the scale validations for virtual
servers/pools/pool members/rules are relaxed for load balancer service. When
load balancer service is deployed on edge nodes, the scale of virtual
servers/pools/pool members for the load balancer service should not exceed
the scale number of the largest load balancer size which could be configured
on a certain edge form factor. For example, the largest load balancer size
supported on a MEDIUM edge node is MEDIUM. So one SMALL load balancer
deployed on MEDIUM edge nodes can support the scale number of MEDIUM load
balancer. It is not recommended to enable active monitors if
relax_scale_validation is true due to performance consideration. If
relax_scale_validation is false, scale numbers should be validated for load
balancer service. The property is deprecated as NSX-T Load Balancer is
deprecated.
LbService.access_log_enabled:
Whether access log is enabled
RealizedSecurityGroup.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
AzureGatewayConfig.dns_settings:
Settings related to Cloud gateway DNS configuration. This determines DNS
configuration based on dns_mode.
RouteBasedIPSecVpnSession.force_whitelisting:
If true the default firewall rule Action is set to DROP, otherwise set to
ALLOW. This field is deprecated and recommended to change Rule action field.
Note that this field is not synchornied with default rule field.
RealizedServices.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
GraphConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
GraphConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
GraphConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
AwsVpc.cidr:
This field is DEPRECATED as AWS started supporting multiple CIDR blocks per
VPC. This field will return only the first CIDR block from the response
received from AWS. Please use cidr_blocks to see the multiple CIDR blocks
associated with the VPC.
IntelligenceVsphereClusterNodeVMDeploymentConfig.ovf_url:
The NSX-Intelligence cluster node VM OVF URL to download and install the OVF
file. This field is deprecated now. Please upload OVA file using
"/repository/bundles" API and then try deployment without providing this
field.
TimeRangeDropdownFilterWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
TimeRangeDropdownFilterWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
TimeRangeDropdownFilterWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
AwsComputeVpcConfig.account_id:
AWS account ID related to the compute VPC. This field is deprecated. Field
account_id can be learnt using vpc_id. GET /csm/aws/vpcs/ API
returns associated_account_ids. Hence, this field is optional.
FilterWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
FilterWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
FilterWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
RealizedFirewallRule.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
AddControllerNodeSpec.control_plane_server_certificate:
Deprecated. Do not supply a value for this property.
RealizationStateQueryParameters.barrier_id:
The system checks to ensure that the logical entity is realized or not at
least at the given barrier number. This parameter has been deprecated.
Please use request_id instead.
AwsGatewayConfig.dns_settings:
Settings related to Cloud gateway DNS configuration. This determines DNS
configuration based on dns_mode.
RealizedFirewallSection.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
StatsConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
StatsConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
StatsConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
LogicalRouterLinkPortOnTIER1.edge_cluster_member_index:
Please use logical router API to pass edge cluster members indexes manually.
TransportNode.node_id:
Unique Id of the fabric node
SpacerWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
SpacerWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
SpacerWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
VsphereDeploymentConfig.advanced_configuration:
This field is deprecated. EdgeNodeSettings field 'advanced_configuration'
must be used instead. Array of additional specific properties for advanced
or cloud-specific deployments in key-value format.
LBVirtualServer.server_ssl_profile_binding:
The setting is used when load balancer acts as an SSL client and
establishing a connection to the backend server. The property is deprecated
as NSX-T Load Balancer is deprecated.
LBVirtualServer.max_concurrent_connections:
To ensure one virtual server does not over consume resources, affecting
other applications hosted on the same LBS, connections to a virtual server
can be capped. If it is not specified, it means that connections are
unlimited. The property is deprecated as NSX-T Load Balancer is deprecated.
LBVirtualServer.sorry_pool_path:
When load balancer can not select a backend server to serve the request in
default pool or pool in rules, the request would be served by sorry server
pool. The property is deprecated as NSX-T Load Balancer is deprecated.
LBVirtualServer.rules:
Load balancer rules allow customization of load balancing behavior using
match/action rules. Currently, load balancer rules are supported for only
layer 7 virtual servers with LBHttpProfile. The property is deprecated as
NSX-T Load Balancer is deprecated.
LBVirtualServer.max_new_connection_rate:
To ensure one virtual server does not over consume resources, connections to
a member can be rate limited. If it is not specified, it means that
connection rate is unlimited. The property is deprecated as NSX-T Load
Balancer is deprecated.
LBVirtualServer.client_ssl_profile_binding:
The setting is used when load balancer acts as an SSL server and terminating
the client SSL connection. The property is deprecated as NSX-T Load Balancer
is deprecated.
RealizedLogicalSwitch.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
AwsSubnetListRequestParameters.region_name:
This field is DEPRECATED. region_name will be learnt from vpc_id
information.
IntelligenceHostConfigurationInfo.enable_data_collection:
Enable NSX-Intelligence data collection in host nodes. This property has
been deprecated. To enable flow data collection, use property
enable_flow_data_collection instead. To enable context data collection, use
property enable_context_data_collection instead. When this property is set
to false, no data collection is performed even if
enable_flow_data_collection or enable_context_data_collection is set to
true. When this property is set to true, property
enable_flow_data_collection and enable_context_data_collection control
whether to collect flow data and context data separately.
LbPool.passive_monitor_id:
Passive healthchecks are disabled by default and can be enabled by attaching
a passive health monitor to a server pool. Each time a client connection to
a pool member fails, its failed count is incremented. For pools bound to L7
virtual servers, a connection is considered to be failed and failed count is
incremented if any TCP connection errors (e.g. TCP RST or failure to send
data) or SSL handshake failures occur. For pools bound to L4 virtual
servers, if no response is received to a TCP SYN sent to the pool member or
if a TCP RST is received in response to a TCP SYN, then the pool member is
considered to have failed and the failed count is incremented. The property
is deprecated as NSX-T Load Balancer is deprecated.
LbPool.snat_translation:
Depending on the topology, Source NAT (SNAT) may be required to ensure
traffic from the server destined to the client is received by the load
balancer. SNAT can be enabled per pool. If SNAT is not enabled for a pool,
then load balancer uses the client IP and port (spoofing) while establishing
connections to the servers. This is referred to as no-SNAT or TRANSPARENT
mode. The property is deprecated as NSX-T Load Balancer is deprecated.
LbPool.tcp_multiplexing_number:
The maximum number of TCP connections per pool that are idly kept alive for
sending future client requests. The property is deprecated as NSX-T Load
Balancer is deprecated.
LbPool.active_monitor_ids:
In case of active healthchecks, load balancer itself initiates new
connections (or sends ICMP ping) to the servers periodically to check their
health, completely independent of any data traffic. Active healthchecks are
disabled by default and can be enabled for a server pool by binding a health
monitor to the pool. If multiple active monitors are configured, the pool
member status is UP only when the health check status for all the monitors
are UP. The property is deprecated as NSX-T Load Balancer is deprecated.
LbPool.tcp_multiplexing_enabled:
TCP multiplexing allows the same TCP connection between load balancer and
the backend server to be used for sending multiple client requests from
different client TCP connections. The property is deprecated as NSX-T Load
Balancer is deprecated.
Infra.connectivity_strategy:
The connectivity strategy is deprecated. Use default layer3 rule,
/infra/domains/default/security-policies/default-layer3-security-
policy/rules/default-layer3-rule. This field indicates the default
connectivity policy for the infra or tenant space WHITELIST - Adds a default
drop rule. Administrator can then use "allow" rules (aka whitelist) to allow
traffic between groups BLACKLIST - Adds a default allow rule. Admin can then
use "drop" rules (aka blacklist) to block traffic between groups
WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled
BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No
default rules are added.
NSXTConnectionInfo.edge_cluster_ids:
Edge Cluster UUIDs on enforcement point. Edge cluster information is
required for creating logical L2, L3 constructs on enforcement point. Max 1
edge cluster ID. This is a deprecated property. The edge cluster id is now
auto populated from enforcement point and its value can be read using APIs
GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/edge-
clusters and GET /infra/sites/site-id/enforcement-points/enforcementpoint-1
/edge-clusters/edge-cluster-id. The value passed through this property will
be ignored.
NSXTConnectionInfo.transport_zone_ids:
Transport Zone UUIDs on enforcement point. Transport zone information is
required for creating logical L2, L3 constructs on enforcement point. Max 1
transport zone ID. This is a deprecated property. The transport zone id is
now auto populated from enforcement point and its value can be read using
APIs GET /infra/sites/site-id/enforcement-points/enforcementpoint-id
/transport-zones and GET /infra/sites/site-id/enforcement-points
/enforcementpoint-id/transport-zones/transport-zone-id. The value passed
through this property will be ignored.
PolicyRealizedResource.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
GlobalConfig.operation_collectors:
This property is a part of OpsGlobalConfig object. Use /infra/ops-global-
config instead. The VRNI and WAVE_FRONT collector type can be defined to
collect the metric data. The WAVE_FRONT collector type can only be used in
VMC mode.
ChildServiceEntry.Service:
This is a deprecated property, Please use 'ServiceEntry' instead.
AzureVirtualMachine.nsx_security_rule_errors:
DEPRECATED. Array of NSX security rule realization errors. To get this
information call /csm/virtual-machines//firewall-rules
AzureVirtualMachine.nsx_security_rule_errors_count:
DEPRECATED. Count of the NSX security rule realization errors. To get this
information call /csm/virtual-machines//firewall-rules
AviConnectionInfo.version:
Avi supports API versioning for backward compatibility with automation
scripts written for an object model older than the current one. Such scripts
need not be updated to keep up with object model changes This is a
deprecated property. The version is now auto populated from property file
and its value can be read using APIs
AviConnectionInfo.cloud:
Clouds are containers for the environment that Avi Vantage is installed or
operating within. During initial setup of Vantage, a default cloud, named
Default-Cloud, is created. This is where the first Controller is deployed,
into Default-Cloud. Additional clouds may be added, containing SEs and
virtual services. This is a deprecated property. Cloud has been renamed to
cloud_name and it will added from specific ALB entity.
BgpNeighbor.filter_in_routemap_id:
This is a deprecated property, Please use 'address_family' instead.
BgpNeighbor.filter_out_ipprefixlist_id:
This is a deprecated property, Please use 'address_family' instead.
BgpNeighbor.filter_out_routemap_id:
This is a deprecated property, Please use 'address_family' instead.
BgpNeighbor.source_address:
Deprecated - do not provide a value for this field. Use source_addresses
instead.
BgpNeighbor.remote_as:
This is a deprecated property, Please use 'remote_as_num' instead.
BgpNeighbor.filter_in_ipprefixlist_id:
This is a deprecated property, Please use 'address_family' instead.
Tier1.default_rule_logging:
Indicates if logging should be enabled for the default whitelisting rule.
This field is deprecated and recommended to change Rule logging field. Note
that this field is not synchronized with default logging field.
Tier1.force_whitelisting:
This field is deprecated and recommended to change Rule action field. Note
that this field is not synchornied with default rule field.
Tier0.default_rule_logging:
Indicates if logging should be enabled for the default whitelisting rule.
This field is deprecated and recommended to change Rule logging field. Note
that this field is not synchronized with default logging field.
Tier0.force_whitelisting:
This field is deprecated and recommended to change Rule action field. Note
that this field is not synchronized with default rule field.
RouteBasedL3VpnSession.routing_config_path:
This is a deprecated field. Any specified value is not saved and will be
ignored.
LbServiceDebugInfo.client_ssl_profiles:
The client SSL profiles are associated to virtual servers. The property is
deprecated as NSX-T Load Balancer is deprecated.
LbServiceDebugInfo.rules:
The load balancer rules are associated to virtual servers. The property is
deprecated as NSX-T Load Balancer is deprecated.
LbServiceDebugInfo.server_ssl_profiles:
The server SSL profiles are associated to virtual servers. The property is
deprecated as NSX-T Load Balancer is deprecated.
LbServiceDebugInfo.monitors:
The load balancer monitors are associated to pools. The property is
deprecated as NSX-T Load Balancer is deprecated.
LbSourceIpPersistenceProfile.ha_persistence_mirroring_enabled:
Persistence entries are not synchronized to the HA peer by default. The
property is deprecated as NSX-T Load Balancer is deprecated.
CustomFilterWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
CustomFilterWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
CustomFilterWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
AzureTransitVnetConfig.account_id:
Azure account ID of the transit VNet. This field is deprecated. Field
account_id can be learnt using vnet_id. GET /csm/azure/vnets/ API
returns associated_account_ids. Hence, this field is optional.
DnsAnswer.authoritative_answers:
Authotitative answers of the query. This is a deprecated property, please
use 'answers' instead.
DnsAnswer.non_authoritative_answers:
Non-authotitative answers of the query. This is a deprecated property,
please use 'answers' instead.
ValueConstraintExpression.values:
List of values.
CustomWidgetConfiguration.weight:
Specify relavite weight in WidgetItem for placement in a view. Please see
WidgetItem for details.
CustomWidgetConfiguration.shared:
Please use the property 'shared' of View instead of this. The widgets of a
shared view are visible to other users.
CustomWidgetConfiguration.filter:
Id of filter widget for subscription, if any. Id should be a valid id of an
existing filter widget. Filter widget should be from the same view.
Datasource URLs should have placeholder values equal to filter alias to
accept the filter value on filter change. This field is deprecated instead
use 'filters' property.
IdsProfile.severities:
Represents the severities of signatures which are part of this profile.
BgpNeighborConfig.in_route_filters:
Specify path of prefix-list or route map to filter routes for IN direction.
This property is deprecated, use route_filtering instead. Specifying
different values for both properties will result in error.
BgpNeighborConfig.out_route_filters:
Specify path of prefix-list or route map to filter routes for OUT direction.
When not specified, a built-in prefix-list named 'prefixlist-out-default' is
automatically applied. This property is deprecated, use route_filtering
instead. Specifying different values for both properties will result in
error.
AddClusterNodeVMInfo.clustering_config:
This property is deprecated since ClusteringConfig is no longer needed for
auto-installation and will be ignored if provided.
NsxRole.permissions:
Please use the /user-info/permissions api to get the permission that the
user has on each feature.
LBHttpProfile.ntlm:
NTLM is an authentication protocol that can be used over HTTP. If the flag
is set to true, LB will use NTLM challenge/response methodology. This
property is deprecated. Please use the property server_keep_alive in order
to keep the backend server connection alive for the client connection. When
create a new profile, if both ntlm and server_keep_alive are set as
different values, ERROR will be reported. When update an existing profile,
if either ntlm or server_keep_alive value is changed, both of them are
updated with the changed value.
AzureSubnetListRequestParameters.region_id:
This field is DEPRECATED. region_id will be learnt from vnet_id information.
RealizedFirewalls.runtime_status:
Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not
exhaustive.
LocaleServices.route_redistribution_types:
Enable redistribution of different types of routes on Tier-0. This property
is only valid for locale-service under Tier-0. This property is deprecated,
please use "route_redistribution_config" property to configure
redistribution rules.
Tier0Interface.edge_cluster_member_index:
Specify association of interface with edge cluster member. This property is
deprecated, use edge_path instead. When both properties are specifed, only
edge_path property is used.
Tier0Interface.ls_id:
Specify logical switch to which tier-0 interface is connected for external
access. This property is deprecated, use segment_path instead. Both
properties cannot be used together.
AwsVirtualMachine.nsx_security_rule_errors:
DEPRECATED. Array of NSX security rule realization errors. To get this
information call /csm/virtual-machines//firewall-rules
AwsVirtualMachine.nsx_security_rule_errors_count:
DEPRECATED. Count of the NSX security rule realization errors. To get this
information call /csm/virtual-machines//firewall-rules
GatewayQosProfile.committed_bandwitdth:
Committed bandwidth in both directions specified in Mbps. Bandwidth is
limited to line rate when the value configured is greater than line rate.
This property is deprecated, use committed_bandwidth instead.
** Deprecated APIs
UpdatePortMirroringSession (PUT /mirror-sessions/):
Update the mirror session
UpdateIPSecVPNSession (PUT /vpn/ipsec/sessions/):
Please use below Policy APIs.
PUT /policy/api/v1/infra/tier-
0s/<tier-0-id>/ipsec-vpn-services/<service-id>/sessions/<
;session-id>
PUT /policy/api/v1/infra/tier-1s/<tier-1-id>
;/ipsec-vpn-services/<service-id>/sessions/<session-id>
ListTier0IPSecVpnServices (GET /infra/tier-0s//locale-services//ipsec-vpn-services):
Get paginated list of all IPSec VPN services for given locale service under
Tier-0. This API is deprecated. Please use GET /infra/tier-
0s/<tier-0-id>/ipsec-vpn-services instead. Note: Please note that
request is validated and any error messages returned from validation may
include the new VPN path instead of the deprecated path. Both new path and
old path refer to same resource.
ListStaticRoutes (GET /logical-routers//routing/static-routes):
Please use below Policy APIs.
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/static-routes
GET /policy/api/v1/infra/tier-
1s/<tier-1-id>/static-routes
DeleteMetadataProxy (DELETE /md-proxies/):
Delete a metadata proxy
UpdateServiceInsertionStatus (PUT /serviceinsertion/status/):
Update global ServiceInsertion status for a context
ListDhcpProfiles (GET /dhcp/server-profiles):
Get a paginated list of DHCP server profiles.
UpdateLogicalRouter (PUT /logical-routers/):
Please use below policy apis instead of this API.
PUT /infra/tier-
0s/<id>
PUT /infra/tier-0s/<id>/locale-services/<id>
PUT /infra/tier-1s/<id>
PUT /infra/tier-1s/<id>
;/locale-services/<id>
AddClusterNode (POST /cluster/nodes):
Add a new controller to the NSX cluster. Deprecated. Use POST
/cluster?action=join_cluster to join a node to cluster. The controller comes
with the new node.
CreateDirectoryLdapServer (POST /directory/domains//ldap-servers):
Use the following Policy API -
POST /policy/api/v1/infra/firewall-
identity-stores/<firewall-identity-store-id>/ldap-servers/<ldap-
server-id>
CreateOrUpdateTier0IPSecVpnLocalEndpoint (PUT /infra/tier-0s//locale-services//ipsec-vpn-services//local-endpoints/):
Create or fully replace IPSec VPN local endpoint for a given locale service
under Tier-0. Revision is optional for creation and required for update.
This API is deprecated. Please use PUT /infra/tier-0s/<tier-0-id>
;/ipsec-vpn-services/<service-id>/local-endpoints/<local-endpoint-
id> instead. Note: Please note that request is validated and any error
messages returned from validation may include the new VPN path instead of
the deprecated path. Both new path and old path refer to same resource.
Also VPN path returned in the Alarm, GPRR payload may include the new VPN
path
GetBgpNeighborsStatus (GET /logical-routers//routing/bgp/neighbors/status):
Please use below Policy API.
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/locale-services/<locale-service-
id>/bgp/neighbors/status?enforcement_point_path=/infra/sites/default
/enforcement-points/default
GET /policy/api/v1/infra/tier-
1s/<tier-1-id>/locale-services/<locale-service-
id>/bgp/neighbors/status?enforcement_point_path=/infra/sites/default
/enforcement-points/default
GetTier1L2VpnSessionStatus (GET /infra/tier-1s//locale-services//l2vpn-services//sessions//detailed-status):
- no enforcement point path specified: detailed tatus is evaluated on each
enforcement point. - an enforcement point path is specified: detailed status
is evaluated only on the given enforcement point. - source=realtime:
detailed tatus is fetched realtime from the enforcement point. -
source=cached: cached detailed status is returned. This API is deprecated.
Please use GET /infra/tier-1s/<tier-1-id>/l2vpn-services/<service-
id>/ sessions/<session-id>/detailed-status instead.
CreateOrPatchL2VPNSessionFromPeerCodes (POST /infra/tier-0s//locale-services//l2vpn-services//sessions/?action=create_with_peer_code):
Create or patch an L2VPN session under Tier-0 from Peer Codes. In addition
to the L2VPN Session, the IPSec VPN Session, along with the IKE, Tunnel, and
DPD Profiles are created and owned by the system. IPSec VPN Service and
Local Endpoint are created only when required, i.e., an IPSec VPN Service
does not already exist, or an IPSec VPN Local Endpoint with same local
address does not already exist. Updating the L2VPN Session can be performed
only through this API by specifying new peer codes. Use of specific APIs to
update the L2VPN Session and the different resources associated with it is
not allowed, except for IPSec VPN Service and Local Endpoint, resources that
are not system owned. API supported only when L2VPN Service is in Client
Mode. This API is deprecated. Please use POST /infra/tier-
0s/<tier-0-id>/l2vpn-services/<service-id>/ sessions/<
;session-id>?action=create_with_peer_code instead. Note: Please note
that request is validated and any error messages returned from validation
may include the new VPN path instead of the deprecated path. Both new path
and old path refer to same resource. Also VPN path returned in the Alarm,
GPRR payload may include the new VPN path.
DeleteNatRule (DELETE /logical-routers//nat/rules/):
Delete a specific NAT rule from a logical router
UpdateNDRAProfile (PUT /ipv6/nd-ra-profiles/):
Please use below Policy APIs.
PUT /policy/api/v1//infra/ipv6-ndra-
profiles/<ndra-profile-id>
DeleteDnsForwarder (DELETE /dns/forwarders/):
Delete a specific DNS forwarder.
UpdateDhcpV6StaticBinding (PUT /dhcp/servers//ipv6-static-bindings/):
Update a specific static binding of a given local DHCP IPv6 server.
GetLogicalRouterStatus (GET /logical-routers//status):
Please use below Policy API.
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/state
GET /policy/api/v1/infra/tier-
1s/<tier-1-id>/state
RestoreParentClusterConfiguration (POST /transport-nodes/?action=restore_cluster_config):
A host can be overridden to have different configuration than Transport Node
Profile(TNP) on cluster. This action will restore such overridden host back
to cluster level TNP. This API can be used in other case. When TNP is
applied to a cluster, if any validation fails (e.g. VMs running on host)
then existing transport node (TN) is not updated. In that case after the
issue is resolved manually (e.g. VMs powered off), you can call this API to
update TN as per cluster level TNP. This api is now deprecated. Please use
new api - /infra/sites/<site-id>/enforcement-points/<
;enforcementpoint-id>/host-transport-nodes/<host-transport-node-
id>?action=restore_cluster_config
UnlockSection (POST /firewall/sections/?action=unlock):
Use the following Policy API -
PUT|PATCH
/policy/api/v1/infra/domains/<domain-id>/security-policies/<
;security-policy-id>
ListLoadBalancerApplicationProfiles (GET /loadbalancer/application-profiles):
Use the following Policy API -
GET /policy/api/v1/infra/lb-app-
profiles
GetTier1IPSecVpnSessionStatus (GET /infra/tier-1s//locale-services//ipsec-vpn-services//sessions//detailed-status):
- no enforcement point path specified: detailed status is evaluated on each
enforcement point. - an enforcement point path is specified: detailed status
is evaluated only on the given enforcement point. - source=realtime:
detailed status is fetched realtime from the enforcement point. -
source=cached: cached detailed status from enforcement point is returned.
This API is deprecated. Please use GET /infra/tier-1s/<tier-1-id>
;/ipsec-vpn-services/<service-id>/ sessions/<session-id>
;/detailed-status instead.
CreateLogicalPort (POST /logical-ports):
Creates a new logical switch port. The required parameters are the
associated logical_switch_id and admin_state (UP or DOWN). Optional
parameters are the attachment and switching_profile_ids. If you don't
specify switching_profile_ids, default switching profiles are assigned to
the port. If you don't specify an attachment, the switch port remains empty.
To configure an attachment, you must specify an id, and optionally you can
specify an attachment_type (VIF or LOGICALROUTER). The attachment_type is
VIF by default. This api is now deprecated. Please use new api - PUT
/infra/segments/<segment-id>/ports/<port-id>
UpdateAdvertiseRuleList (PUT /logical-routers//routing/advertisement/rules):
Please use below Policy APIs.
PUT /policy/api/v1/infra/tier-
1s/<tier-1-id>
ReadLoadBalancerVirtualServer (GET /loadbalancer/virtual-servers/):
Use the following Policy API -
GET /policy/api/v1/infra/lb-
virtual-servers/
GetServiceAttachment (GET /serviceinsertion/service-attachments/):
This API has been deprecated, please use below Policy API
For North-
South service insertion
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/locale-services/<locale-service-id>/service-
interfaces/<interface-id> GET /policy/api/v1/infra/tier-
1s/<tier-1-id>/locale-services/<locale-service-id>/service-
interfaces/<interface-id> For East-West service insertion
GET
/policy/api/v1/infra/segments/service-segments/<service-segment-id>
UpdateServiceInsertionSectionWithRules (POST /serviceinsertion/sections/?action=update_with_rules):
Modifies existing serviceinsertion section along with its association with
rules. When invoked on a large number of rules, this API is supported only
at low rates of invocation (not more than 2 times per minute). The typical
latency of this API with about 1024 rules is about 15 seconds in a cluster
setup. This API should not be invoked with large payloads at automation
speeds. Instead, to update rule content, use: PUT
/api/v1/serviceinsertion/sections/<section-id>/rules/<rule-id>
Note- POST service insertion section with rules API is deprecated. Please
use policy redirection-policy API.
GetDhcpServerState (GET /dhcp/servers//state):
Return realized state information of a dhcp server. After a dhcp server is
created or updated, you can invoke this API to get the realization
information of the server.
DeleteBgpNeighbor (DELETE /logical-routers//routing/bgp/neighbors/):
Please use below Policy APIs.
DELETE /policy/api/v1/infra/tier-
0s/<tier-0-id>/locale-services/<locale-service-
id>/bgp/neighbors/<neighbor-id>
ListEnabledComputeCollections (GET /idfw/idfw-compute-collections):
Use the following Policy API -
GET
/policy/api/v1/infra/settings/firewall/idfw/cluster
GetL2VPNSessionRemoteMacsForLS (GET /vpn/l2vpn/sessions//remote-mac):
Please use below Policy APIs.
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/l2vpn-services/<service-id>/sessions/<session-
id>/remote-mac
GET /policy/api/v1/infra/tier-1s/<tier-1-id>
;/l2vpn-services/<service-id>/sessions/<session-id>/remote-mac
GetIPSecVPNDPDProfile (GET /vpn/ipsec/dpd-profiles/):
Please use below Policy API.
GET /policy/api/v1/infra/ipsec-vpn-
dpd-profiles/<dpd-profile-id>
CreateDhcpServer (POST /dhcp/servers):
Create a logical DHCP server with v4 and/or v6 servers.
UpdateDhcpRelayProfile (PUT /dhcp/relay-profiles/):
Modifies the specified dhcp relay profile.
GetNatStatisticsPerLogicalRouter (GET /logical-routers//nat/rules/statistics):
Returns the summation of statistics for all rules from all nodes for the
Specified Logical Router. Also gives the per transport node statistics for
provided logical router. The query parameter "source=realtime" is not
supported.
DeleteDADProfile (DELETE /ipv6/dad-profiles/):
Please use below Policy APIs.
DELETE /policy/api/v1/infra/ipv6
-dad-profiles/<dad-profile-id>
DeleteDhcpServer (DELETE /dhcp/servers/):
Delete a logical DHCP server specified by server id.
ConfigureRestoreConfig (PUT /cluster/restore/config):
Deprecated. Please use API /cluster/backups/config, to configure remote file
server(where backed-up files are stored) details during restore. In older
versions - Configure file server where the backed-up files used for the
Restore operation are available.
ListIPSecVPNSessions (GET /vpn/ipsec/sessions):
Please use below Policy APIs.
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/ipsec-vpn-services/<service-id>/sessions
GET
/policy/api/v1/infra/tier-1s/<tier-1-id>/ipsec-vpn-services/<
;service-id>/sessions
UpdateIPPrefixList (PUT /logical-routers//routing/ip-prefix-lists/):
Please use below Policy APIs.
PUT /policy/api/v1/infra/tier-
0s/<tier-0-id>/prefix-lists/<prefix-list-id>
DeleteSystemHealthPlugin (DELETE /systemhealth/plugins/):
Delete an existing system health plugin by ID.
ListLoadBalancerVirtualServersStatistics (GET /loadbalancer/services//virtual-servers/statistics):
Returns the statistics list of virtual servers in given load balancer
service. Currently, only realtime mode is supported.
DeleteSwitchingProfile (DELETE /switching-profiles/):
Deletes the specified switching profile. This api is now deprecated. Use new
api - for QOS profile, please use - DELETE /infra/qos-profiles/<qos-
profile-id>
GetMetadataProxyStatus (GET /md-proxies///status):
Returns the status of the given metadata proxy and attached logical switch.
ListSecurityGroupRealizedStates (GET /infra/realized-state/enforcement-points//groups/securitygroups):
Paginated list of all Security Groups. Returns populated Security Groups.
ListLBServerSslProfiles (GET /infra/lb-server-ssl-profiles):
NSX-T Load Balancer is deprecated.
Please take advantage of NSX
Advanced Load Balancer.
Refer to Policy > Networking > Network
Services > Advanced Load Balancing section of the API guide.
ListLoadBalancerSslCiphersAndProtocols (GET /loadbalancer/ssl/ciphers-and-protocols):
NSX-T Load Balancer is deprecated.
Please take advantage of NSX
Advanced Load Balancer.
Refer to Policy > Networking > Network
Services > Advanced Load Balancing section of the API guide.
CreateIPSecVPNService (POST /vpn/ipsec/services):
Please use below Policy APIs.
PATCH /policy/api/v1/infra/tier-
0s/<tier-0-id>/ipsec-vpn-services/<service-id>
PATCH
/policy/api/v1/infra/tier-1s/<tier-1-id>/ipsec-vpn-services/<
;service-id>
UpdateLoadBalancerMonitor (PUT /loadbalancer/monitors/):
NSX-T Load Balancer is deprecated.
Please take advantage of NSX
Advanced Load Balancer.
Refer to Policy > Networking > Network
Services > Advanced Load Balancing section of the API guide.
ListLoadBalancerPools (GET /loadbalancer/pools):
Use the following Policy API -
GET /policy/api/v1/infra/lb-pools
DeleteLoadBalancerClientSslProfile (DELETE /loadbalancer/client-ssl-profiles/):
NSX-T Load Balancer is deprecated.
Please take advantage of NSX
Advanced Load Balancer.
Refer to Policy > Networking > Network
Services > Advanced Load Balancing section of the API guide.
GetSwitchingProfile (GET /switching-profiles/):
Returns information about a specified switching profile. This api is now
deprecated. Please use new api - for QOS profile, please use - /infra/qos-
profiles/<qos-profile-id>
GetL2VPNSessionSummary (GET /vpn/l2vpn/sessions/summary):
The information is already displayed on UI.
DeleteIPSecVPNService (DELETE /vpn/ipsec/services/):
Please use below Policy APIs.
DELETE /policy/api/v1/infra/tier-
0s/<tier-0-id>/ipsec-vpn-services/<service-id>
DELETE
/policy/api/v1/infra/tier-1s/<tier-1-id>/ipsec-vpn-services/<
;service-id>
UpdateHostSwitchProfile (PUT /host-switch-profiles/):
Modifies a specified hostswitch profile. The body of the PUT request must
include the resource_type. For uplink profiles, the put request must also
include teaming parameters. Modifiable attributes include display_name, mtu,
and transport_vlan. For uplink teaming policies, uplink_name and policy are
also modifiable. This api is now deprecated. Please use new api - PATCH
policy/api/v1/infra/host-switch-profiles/uplinkProfile1
GetTier0IPSecVpnPeerConfig (GET /infra/tier-0s//locale-services//ipsec-vpn-services//sessions//peer-config):
Download IPSec VPN configuration for the peer site. Peer config also
contains PSK; be careful when sharing or storing it. This API is deprecated.
Please use GET /infra/tier-0s/<tier-0-id>/ipsec-vpn-services/<
;service-id>/sessions/<session-id>/peer-config instead. Note:
Please note that request is validated and any error messages returned from
validation may include the new VPN path instead of the deprecated path.
Both new path and old path refer to same resource.
GetTier1L2VPNService (GET /infra/tier-1s//locale-services//l2vpn-services/):
Get L2VPN service for given Tier-1 locale service. This API is deprecated.
Please use GET /infra/tier-1s/<tier-1-id>/l2vpn-services/<service-
id> instead. Note: Please note that request is validated and any error
messages returned from validation may include the new VPN path instead of
the deprecated path. Both new path and old path refer to same resource.
DeleteTransportZoneProfile (DELETE /transportzone-profiles/):
Deletes a specified transport zone profile. This api is now deprecated.
Please use new api - DELETE /policy/api/v1/infra/transport-zone-profiles/<
;tz-profile>
UpdateBgpNeighbor (PUT /logical-routers//routing/bgp/neighbors/):
Please use below Policy APIs.
PUT /policy/api/v1/infra/tier-
0s/<tier-0-id>/locale-services/<locale-service-
id>/bgp/neighbors/<neighbor-id>
UpdateLBClientSslProfile (PUT /infra/lb-client-ssl-profiles/):
NSX-T Load Balancer is deprecated.
Please take advantage of NSX
Advanced Load Balancer.
Refer to Policy > Networking > Network
Services > Advanced Load Balancing section of the API guide.
GetNatStatisticsPerRule (GET /logical-routers//nat/rules//statistics):
Returns the summation of statistics from all nodes for the Specified Logical
Router NAT Rule. Query parameter "source=realtime" is the only supported
source.
ListSections (GET /firewall/sections):
Use the following Policy API -
GET /policy/api/v1/infra/domains
//security-policies
UpdateTransportZoneProfile (PUT /transportzone-profiles/):
Modifies a specified transport zone profile. The body of the PUT request
must include the resource_type. This api is now deprecated. Please use new
api - PATCH /policy/api/v1/infra/transport-zone-profiles/<tz-profile>
CreateIpfixUpmProfile (POST /ipfix-profiles):
Create a new IPFIX profile with essential properties.
CreateOrUpdateL2VPNService (PUT /infra/tier-0s//locale-services//l2vpn-services/):
Create or fully replace L2VPN service for given Tier-0 locale service.
Revision is optional for creation and required for update. This API is
deprecated. Please use PUT /infra/tier-0s/<tier-0-id>/l2vpn-
services/<service-id> instead. Note: Please note that request is
validated and any error messages returned from validation may include the
new VPN path instead of the deprecated path. Both new path and old path
refer to same resource. Also VPN path returned in the Alarm, GPRR payload
may include the new VPN path.
ReadClusterNodeConfig (GET /cluster/nodes/):
Returns information about the specified NSX cluster node. Deprecated. Use
GET /cluster/<node-id> to get cluster node configuration.
ClearClusterCertificate (POST /cluster/api-certificate?action=clear_cluster_certificate):
Clears the certificate used for the MP cluster. This does not affect the
certificate itself. This API is deprecated. Instead use the /api/v1/cluster
/api-certificate?action=set_cluster_certificate API to set the cluster
certificate to a different one. It just means that from now on, individual
certificates will be used on each MP node. This affects all nodes in the
cluster.
ListLogicalSwitchesByState (GET /logical-switches/state):
Returns a list of logical switches states that have realized state as
provided as query parameter. This api is now deprecated. Please use new api
- policy/api/v1/infra/realized-state/realized-entities?intent_path={{intent-
path}}
GetSectionWithRules (POST /firewall/sections/?action=list_with_rules):
Use the following Policy API -
GET
/policy/api/v1/infra/domains/<domain-id>/security-policies/<
;security-policy-id>
ReadLBMonitorProfile (GET /infra/lb-monitor-profiles/):
NSX-T Load Balancer is deprecated.
Please take advantage of NSX
Advanced Load Balancer.
Refer to Policy > Networking > Network
Services > Advanced Load Balancing section of the API guide.
DeletePortMirroringSession (DELETE /mirror-sessions/):
Delete the mirror session
ListLiveTrace (GET /livetraces):
List all livetrace sessions
UpdateServiceInsertionSection (PUT /serviceinsertion/sections/):
Modifies the specified section, but does not modify the section's associated
rules. Note- PUT service insertion section API is deprecated. Please use
policy redirection-policy API.
DeleteTier0IPSecVpnService (DELETE /infra/tier-0s//locale-services//ipsec-vpn-services/):
Delete IPSec VPN service for given locale service under Tier-0. This API is
deprecated. Please use DELETE /infra/tier-0s/<tier-0-id>/ipsec-vpn-
services/<service-id> instead. Note: Please note that request is
validated and any error messages returned from validation may include the
new VPN path instead of the deprecated path. Both new path and old path
refer to same resource. Also VPN path returned in the Alarm, GPRR payload
may include the new VPN path.
UpdateIPSecVPNTunnelProfile (PUT /vpn/ipsec/tunnel-profiles/):
Please use below Policy API.
PUT /policy/api/v1/infra/ipsec-vpn-
tunnel-profiles/<tunnel-profile-id>
ListLoadBalancerServices (GET /loadbalancer/services):
Use the following Policy API -
GET /policy/api/v1/infra/lb-
services
CreateL2VpnService (POST /vpn/l2vpn/services):
Please use below Policy APIs.
PATCH /policy/api/v1/infra/tier-
0s/<tier-0-id>/l2vpn-services/<service-id>
PATCH
/policy/api/v1/infra/tier-1s/<tier-1-id>/l2vpn-services/<service-id>
CreateOrPatchTier1IPSecVpnSession (PATCH /infra/tier-1s//locale-services//ipsec-vpn-services//sessions/):
Create or patch an IPSec VPN session for a given locale service under
Tier-1. This API is deprecated. Please use PATCH /infra/tier-
1s/<tier-1-id>/ipsec-vpn-services/<service-id>/sessions/<
;session-id> instead. Note: Please note that request is validated
and any error messages returned from validation may include the new VPN path
instead of the deprecated path. Both new path and old path refer to same
resource. Also VPN path returned in the Alarm, GPRR payload may include
the new VPN path
UpdateBGPCommunityListOld (PUT /logical-routers//routing/bgp/communty-lists/):
Update a specific BGP community list from a Logical Router
CreateTransportZoneProfile (POST /transportzone-profiles):
Creates a transport zone profile. The resource_type is required. This api is
now deprecated. Please use new api - PUT /policy/api/v1/infra/transport-
zone-profiles/<tz-profile>
GetTier1IPSecVpnSessionWithSensitiveData (GET /infra/tier-1s//locale-services//ipsec-vpn-services//sessions/?action=show_sensitive_data):
Get IPSec VPN session with senstive data for a given locale service under
Tier-1. This API is deprecated. Please use GET /infra/tier-
1s/<tier-1-id>/ipsec-vpn-services/<service-id>/sessions/<
;session-id>?action=show_sensitive_data instead. Note: Please note
that request is validated and any error messages returned from validation
may include the new VPN path instead of the deprecated path. Both new
path and old path refer to same resource.
GetLogicalRouterForwardingTable (GET /logical-routers//routing/forwarding-table):
Please use below Policy API.
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/forwarding-table
GET /policy/api/v1/infra/tier-
1s/<tier-1-id>/forwarding-table
GetPortMirroringSession (GET /mirror-sessions/):
Get the mirror session
ListVirtualMachinesOnEnforcementPoint (GET /infra/realized-state/enforcement-points//virtual-machines):
This API filters objects of type virtual machines from the specified NSX
Manager. This API has been deprecated. Please use the new API GET /infra
/realized-state/virtual-machines
GetLogicalRouterPortState (GET /logical-router-ports//state):
To get all realized entities for the intent use below Policy API.
GET /policy/api/v1/infra/realized-state/realized-entities?intent_path=<
;intent-path>
For realized status of the intent use below Policy
API.
GET /policy/api/v1/infra/realized-state/status?intent_path=<
;intent-path>
<intent-path> can be one of the following.
/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-
id>/interfaces/<interface-id>
/infra/tier-1s/<tier-1-id>
;/locale-services/<locale-service-id>/interfaces/<interface-id>
/infra/tier-1s/<tier-1-id>/segments/<segment-id> for
DOWNLINK
/infra/segments/<segment-id> for DOWNLINK
There are
specific Policy APIs to get Segment state.
GET
/policy/api/v1/infra/segments/<segment-id>/state
GET
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-
id>/state
For DAD status use below Policy APIs.
GET
/policy/api/v1/infra/segments/<segment-id>/gateway-interface-dad-state
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<
;segment-id>/gateway-interface-dad-state
For DAD status of all
interfaces created on Gateway use below Policy APIs.
GET
/policy/api/v1/infra/tier-0s/<tier-0-id>/state
GET
/policy/api/v1/infra/tier-1s/<tier-1-id>/state
GetLicense (GET /license):
Deprecated. Use the GET /licenses API instead.
UpdateDhcpStaticBinding (PUT /dhcp/servers//static-bindings/):
Update a specific static binding of a given local DHCP server.
DeleteLoadBalancerServerSslProfile (DELETE /loadbalancer/server-ssl-profiles/):
NSX-T Load Balancer is deprecated.
Please take advantage of NSX
Advanced Load Balancer.
Refer to Policy > Networking > Network
Services > Advanced Load Balancing section of the API guide.
CreateMetadataProxy (POST /md-proxies):
Create a metadata proxy
GetDirectoryDomainSyncStats (GET /directory/domains//sync-stats):
Use the following Policy API -
GET /policy/api/v1/infra/firewall-
identity-stores/<firewall-identity-store-id>/sync-stats
PatchGlobalConfig (PATCH /infra/global-config):
This rest routine is deprecated. Use /infra/connectivity-global-config for
Connectivity global config and /infra/ops-global-config for Operations
global config. Update the global configuration.
ReadStaticHopBfdPeer (GET /logical-routers//routing/static-routes/bfd-peers/):
Please use below Policy APIs.
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/static-routes/bfd-peers/<bfd-peer-id>
AddSIServiceProfile (POST /serviceinsertion/services//service-profiles):
This API has been deprecated, please use below Policy API
PUT
/policy/api/v1/infra/service-references/<service-reference-id>
;/service-profiles/<service-profile-id> PATCH /policy/api/v1/infra
/service-references/<service-reference-id>/service-profiles/<
;service-profile-id>
CreateOrPatchTier0IPSecVpnSession (PATCH /infra/tier-0s//locale-services//ipsec-vpn-services//sessions/):
Create or patch an IPSec VPN session for a given locale service under
Tier-0. This API is deprecated. Please use PATCH /infra/tier-
0s/<tier-0-id>/ipsec-vpn-services/<service-id>/sessions/<
;session-id> instead. Note: Please note that request is validated and
any error messages returned from validation may include the new VPN path
instead of the deprecated path. Both new path and old path refer to same
resource. Also VPN path returned in the Alarm, GPRR payload may include
the new VPN path
ResetTier0IPSecVpnSessionStatistics (POST /infra/tier-0s//locale-services//ipsec-vpn-services//sessions//statistics):
Resets the statistics of the given VPN session. Since source of data is
enforcement point, data is reset there. This API is deprecated. Please use
GET /infra/tier-0s/<tier-0-id>/ipsec-vpn-services/<service-id>/
sessions/<session-id>/statistics instead.
GetTier0IPSecVpnSessionStatistics (GET /infra/tier-0s//locale-services//ipsec-vpn-services//sessions//statistics):
- no enforcement point path specified: statistics are evaluated on each
enforcement point. - an enforcement point path is specified: statistics are
evaluated only on the given enforcement point. - source=realtime: statistics
are fetched realtime from the enforcement point. - source=cached: cached
statistics from enforcement point are returned. This API is deprecated.
Please use GET /infra/tier-0s/<tier-0-id>/ipsec-vpn-services/<
;service-id>/ sessions/<session-id>/statisticsinstead.
ListDirectoryLdapServers (GET /directory/domains//ldap-servers):
Use the following Policy API -
GET /policy/api/v1/infra/firewall-
identity-stores/<firewall-identity-store-id>/ldap-servers
GetBgpNeighborAdvertisedRoutes (GET /logical-routers//routing/bgp/neighbors//advertised-routes):
Please use below Policy API.
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/locale-services/<locale-service-id>/bgp/neighbors
/to-onprem/advertised-routes
GET /policy/api/v1/infra/tier-
1s/<tier-1-id>/locale-services/<locale-service-id>/bgp/neighbors
/to-onprem/advertised-routes
UpdateIpfixCollectorUpmProfile (PUT /ipfix-collector-profiles/):
Update an existing IPFIX collector profile with profile ID and modified
properties.
CreateTransportZone (POST /transport-zones):
This api is now deprecated. Please use new api - PUT /policy/api/v1/
infra/sites/<site-id>/enforcement-points/<enforcementpoint- id>
;/transport-zones/<zone-id>
ListL2VpnSessions (GET /vpn/l2vpn/sessions):
Please use below Policy APIs.
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/l2vpn-services/<service-id>/sessions
GET
/policy/api/v1/infra/tier-1s/<tier-1-id>/l2vpn-services/<service-
id>/sessions
CreateIPSecVPNDPDProfile (POST /vpn/ipsec/dpd-profiles):
Please use below Policy API.
PATCH /policy/api/v1/infra/ipsec-vpn-
dpd-profiles/<dpd-profile-id>.
ClearDnsForwarderCache (POST /dns/forwarders/?action=clear_cache):
Clear the current cache of the DNS forwarder.
CreateNDRAProfile (POST /ipv6/nd-ra-profiles):
Please use below Policy APIs.
POST /policy/api/v1//infra/ipv6
-ndra-profiles/
ReadNSServiceRealizedState (GET /infra/realized-state/enforcement-points//services/nsservices/):
Read a NSService.
UpdateRouteMap (PUT /logical-routers//routing/route-maps/):
Please use below Policy APIs.
PUT /policy/api/v1/infra/tier-
0s/<tier-0-id>/route-maps/<route-maps-id>
DeleteTier1IPSecVpnService (DELETE /infra/tier-1s//locale-services//ipsec-vpn-services/):
Delete IPSec VPN service for a given locale service under Tier-1. This API
is deprecated. Please use DELETE /infra/tier-1s/<tier-1-id>/psec-vpn-
services/<service-id> instead. Note: Please note that request is
validated and any error messages returned from validation may include the
new VPN path instead of the deprecated path. Both new path and old path
refer to same resource. Also VPN path returned in the Alarm, GPRR
payload may include the new VPN path
AddInstanceEndpoint (POST /serviceinsertion/services//service-instances//instance-endpoints):
This API has been deprecated, please use below Policy API
PUT
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-
service-id>/byod-service-instances/<service-instance-id>/service-
instance-endpoints/<service-instance-endpoint-id> PATCH
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-
service-id>/byod-service-instances/<service-instance-id>/service-
instance-endpoints/<service-instance-endpoint-id> PUT
/policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-
service-id>/byod-service-instances/<service-instance-id>/service-
instance-endpoints/<service-instance-endpoint-id> PATCH
/policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-
service-id>/byod-service-instances/<service-instance-id>/service-
instance-endpoints/<service-instance-endpoint-id>
GetBgpNeighborAdvertisedRoutesInCsvFormat (GET /logical-routers//routing/bgp/neighbors//advertised-routes?format=csv):
Please use below Policy API.
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/locale-services/<locale-service-id>/bgp/neighbors
/to-onprem/advertised-
routes?format=csv&enforcement_point_path=/infra/sites/default/enforcement-
points/default
GET /policy/api/v1/infra/tier-1s/<tier-1-id>
;/locale-services/<locale-service-id>/bgp/neighbors/to-onprem
/advertised-routes?format=csv&enforcement_point_path=/infra/sites/default
/enforcement-points/default
CreateDhcpRelay (POST /dhcp/relays):
Creates a dhcp relay service.
ListFabricNodeInterfaces (GET /fabric/nodes//network/interfaces):
Returns the number of interfaces on the node and detailed information about
each interface. Interface information includes MTU, broadcast and host IP
addresses, link and admin status, MAC address, network mask, and the IP
configuration method (static or DHCP). This api is deprecated. Please use
Transport Node API GET /transport-nodes/<transport-node-
id>/network/interfaces to list node network interfaces for the
corresponding TN.
UpdateDhcpRelay (PUT /dhcp/relays/):
Modifies the specified dhcp relay service.
UpdateLoadBalancerPersistenceProfile (PUT /loadbalancer/persistence-profiles/):
Use the following Policy API -
PATCH/PUT /policy/api/v1/infra/lb-
persistence-profiles/
DeleteLogicalRouterPort (DELETE /logical-router-ports/):
Please use below Policy APIs.
DELETE /policy/api/v1/infra/tier-
0s/<tier-0-id>/locale-services/<locale-service-
id>/interfaces/<interface-id>
DELETE /policy/api/v1/infra
/tier-1s/<tier-1-id>/locale-services/<locale-service-
id>/interfaces/<interface-id>
DELETE /policy/api/v1/infra
/tier-1s/<tier-1-id>/segments/<segment-id> for DOWNLINK
DELETE /policy/api/v1/infra/segments/<segment-id> for DOWNLINK
AddServiceChain (POST /serviceinsertion/service-chains):
This API has been deprecated, please use below Policy API
PUT
/policy/api/v1/infra/service-chains/<service-chain-id> PATCH
/policy/api/v1/infra/service-chains/<ervice-chain-id>
GetIpfixConfig (GET /ipfix/configs/):
Get an existing IPFIX configuration
GetLogicalRouterPortArpTable (GET /logical-router-ports//arp-table):
Please use below Policy API.
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/locale-services/<locale-service-
id>/interfaces/<interface-id>/arp-table
GET
/policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-
service-id>/interfaces/<interface-id>/arp-table
ListTier0IPSecVpnLocalEndpoints (GET /infra/tier-0s//locale-services//ipsec-vpn-services//local-endpoints):
Get paginated list of all IPSec VPN local endpoints for a given locale
service under Tier-0. This API is deprecated. Please use GET /infra/tier-
0s/<tier-0-id>/ipsec-vpn-services/<service-id>/local-endpoints
instead. Note: Please note that request is validated and any error
messages returned from validation may include the new VPN path instead of
the deprecated path. Both new path and old path refer to same resource.
PatchLBMonitorProfile (PATCH /infra/lb-monitor-profiles/):
NSX-T Load Balancer is deprecated.
Please take advantage of NSX
Advanced Load Balancer.
Refer to Policy > Networking > Network
Services > Advanced Load Balancing section of the API guide.
ReadNSGroupRealizedState (GET /infra/realized-state/enforcement-points//groups/nsgroups/):
Read a NSGroup and the complete tree underneath. Returns the populated
NSgroup object.
GetTransportZoneProfile (GET /transportzone-profiles/):
Returns information about a specified transport zone profile. This api is
now deprecated. Please use new api - /policy/api/v1/infra/transport-zone-
profiles/<tz-profile>
ReadDnsForwader (GET /dns/forwarders/):
Retrieve a DNS forwarder.
DeleteClusterNodeConfig (DELETE /cluster/nodes/):
Removes the specified controller from the NSX cluster. Before you can remove
a controller from the cluster, you must shut down the controller service
with the "stop service controller" command. Deprecated. Use POST
/cluster/<node-id>?action=remove_node to detach a node from cluster.
The controller is removed with the node.
GetIPSecVPNPeerEndpoint (GET /vpn/ipsec/peer-endpoints/):
Please use below Policy APIs.
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/ipsec-vpn-services/<service-id>/sessions/<
;session-id>
GET /policy/api/v1/infra/tier-1s/<tier-1-id>
;/ipsec-vpn-services/<service-id>/sessions/<session-id>
ReadDADProfile (GET /ipv6/dad-profiles/):
Please use below Policy APIs.
GET /policy/api/v1/infra/ipv6-dad-
profiles/<dad-profile-id>
PatchCommunicationMapForDomain (PATCH /infra/domains//communication-maps/):
Patch the communication map for a domain. If a communication map for the
given communication-map-id is not present, the object will get created and
if it is present it will be updated. This is a full replace This API is
deprecated. Please use the following API instead. PATCH /infra/domains
/domain-id/security-policies/security-policy-id
ReadSecurityGroupRealizedState (GET /infra/realized-state/enforcement-points//groups/securitygroups/):
Read a Security Group and the complete tree underneath. Returns the
populated Security Group object.
PatchCommunicationEntry (PATCH /infra/domains//communication-maps//communication-entries/):
Patch the CommunicationEntry. If a communication entry for the given
communication-entry-id is not present, the object will get created and if it
is present it will be updated. This is a full replace This API is
deprecated. Please use the following API instead. PATCH /infra/domains
/domain-id/security-policies/security-policy-id/rules/rule-id
GetTier0IPSecVpnSessionWithSensitiveData (GET /infra/tier-0s//locale-services//ipsec-vpn-services//sessions/?action=show_sensitive_data):
Get IPSec VPN session with senstive data for a given locale service under
Tier-0. This API is deprecated. Please use GET /infra/tier-
0s/<tier-0-id>/ipsec-vpn-services/<service-id>/sessions/<
;session-id>?action=show_sensitive_data instead. Note: Please note that
request is validated and any error messages returned from validation may
include the new VPN path instead of the deprecated path. Both new path and
old path refer to same resource.
DeleteServiceInstance (DELETE /serviceinsertion/services//service-instances/):
This API has been deprecated, please use below Policy API
DELETE
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-
service-id>/service-instances/<service-instance-id> DELETE
/policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-
service-id>/service-instances/<service-instance-id>
GetIPSecVPNIKESessionStatus (GET /vpn/ipsec/sessions//status):
Please use below Policy APIs.
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/ipsec-vpn-services/<service-id>/sessions/<
;session-id>/detailed-status
GET /policy/api/v1/infra/tier-
1s/<tier-1-id>/ipsec-vpn-services/<service-id>/sessions/<
;session-id>/detailed-status
GetLogicalPort (GET /logical-ports/):
Returns information about a specified logical port. in impactor-ufo branch.
Please use corresponding policy API /infra/segments/<segment-
id>/ports/<lport-id>
GetSwitchingProfileStatus (GET /switching-profiles//summary):
This api is now deprecated. Please use new api - GET policy/api/v1/infra
/realized-state/status?intent_path={{intent-path}}
CreateLatencyStatProfile (POST /latency-profiles):
Create a new latency profile
CreateBridgeEndpoint (POST /bridge-endpoints):
Creates a Bridge Endpoint. It describes the physical attributes of the
bridge like vlan. A logical port can be attached to a vif providing bridging
functionality from the logical overlay network to the physical vlan network
GetIdsDashboardSummary (POST /intrusion-services/ids-summary):
Use the following Policy API -
POST
/policy/api/v1/infra/settings/firewall/security/intrusion-services/ids-
summary
ReadDhcpV6StaticBinding (GET /dhcp/servers//ipv6-static-bindings/):
Return a specific static binding of a given logical DHCP IPv6 server.
GetIPSecVPNTunnelProfile (GET /vpn/ipsec/tunnel-profiles/):
Please use below Policy API.
GET /policy/api/v1/infra/ipsec-vpn-
tunnel-profiles/<tunnel-profile-id>
UpdateLogicalPort (PUT /logical-ports/):
Modifies an existing logical switch port. Parameters that can be modified
include attachment_type (LOGICALROUTER, VIF), admin_state (UP or DOWN),
attachment id and switching_profile_ids. You cannot modify the
logical_switch_id. In other words, you cannot move an existing port from one
switch to another switch. This api is now deprecated. Please use new api -
/infra/segments/<segment-id>/ports/<port-id>
ListLoadBalancerRules (GET /loadbalancer/rules):
NSX-T Load Balancer is deprecated.
Please take advantage of NSX
Advanced Load Balancer.
Refer to Policy > Networking > Network
Services > Advanced Load Balancing section of the API guide.
GetTransportZone (GET /transport-zones/):
This api is now deprecated. Please use new api -
/policy/api/v1/infra/sites/<site-id>/enforcement-points/<
enforcementpoint-id>/transport-zones/<zone-id>
TestDirectoryLdapServer (POST /directory/domains//ldap-servers/):
Use the following Policy API -
POST /policy/api/v1/infra/firewall-
identity-stores/<firewall-identity-store-id>/ldap-servers/<ldap-
server-id>
DeleteTransportNodeProfile (DELETE /transport-node-profiles/):
Deletes the specified transport node profile. A transport node profile can
be deleted only when it is not attached to any compute collection. This api
is now deprecated. Please use new api - /policy/api/v1/infra/host-transport-
node-profiles/<host-transport-node-profile-id>
ShowSystemHealthAgentProfile (GET /systemhealth/profiles/):
Show the details of a system health profile.
ListDADProfiles (GET /ipv6/dad-profiles):
Please use below Policy APIs.
GET /policy/api/v1/infra/ipv6-dad-
profiles/
GetDnsForwarderStatus (GET /dns/forwarders//status):
Returns the current status of the given DNS forwarder.
GetTier1L2VpnSessionStatistics (GET /infra/tier-1s//locale-services//l2vpn-services//sessions//statistics):
- no enforcement point path specified: statistics are evaluated on each
enforcement point. - an enforcement point path is specified: statistics are
evaluated only on the given enforcement point. - source=realtime: statistics
are fetched realtime from the enforcement point. - source=cached: cached
statistics from the enforcement point are returned. This API is deprecated.
Please use GET //infra/tier-1s/<tier-1-id>/l2vpn-services/<service-
id>/ sessions/<session-id>/statistics instead.
GetTier1L2VpnSessionRemoteMacsForLS (GET /infra/tier-1s//locale-services//l2vpn-services//sessions//remote-mac):
Returns L2Vpn session remote macs for a logical switch. Data is fetched from
enforcement point. This API is deprecated. Please use GET /infra/tier-
1s/<tier-1-id>/l2vpn-services/<service-id>/sessions/<session-
id>/remote-mac instead.
ReadIPPrefixList (GET /logical-routers//routing/ip-prefix-lists/):
Please use below Policy APIs.
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/prefix-lists/<prefix-list-id>
CreateLogicalSwitch (POST /logical-switches):
Creates a new logical switch. The request must include the
transport_zone_id, display_name, and admin_state (UP or DOWN). The
replication_mode (MTEP or SOURCE) is required for overlay logical switches,
but not for VLAN-based logical switches. A vlan needs to be provided for
VLAN-based logical switches. This api is now deprecated. Please use new api
-/infra/segments/<segment-id>
DeleteSection (DELETE /firewall/sections/):
Use the following Policy API -
DELETE
/policy/api/v1/infra/domains/<domain-id>/security-policies/<
;security-policy-id>
ReadLoadBalancerPersistenceProfile (GET /loadbalancer/persistence-profiles/):
Use the following Policy API -
GET /policy/api/v1/infra/lb-
persistence-profiles/
UpdateLoadBalancerVirtualServerWithRules (PUT /loadbalancer/virtual-servers/?action=update_with_rules):
Use the following Policy API -
PUT/PATCH /policy/api/v1/infra/lb-
virtual-servers/
GetLogicalPortState (GET /logical-ports//state):
Returns transport node id for a specified logical port. Also returns
information about all address bindings of the specified logical port. This
includes address bindings discovered via various snooping methods like ARP
snooping, DHCP snooping etc. and addressing bindings that are realized based
on user configuration. This api is now deprecated. Please use new api - GET
policy/api/v1/infra/realized-state/realized-entities?intent_path={{intent-
path}} GET policy/api/v1/infra/realized-state/status?intent_path={{intent-
path}}
EnableFirewallOnTargetResource (POST /firewall/status//?action=enable_firewall):
Use the following Policy APIs -
PUT|PATCH /policy/api/v1/infra
/tier-0s/<tier-0-id>
PUT|PATCH /policy/api/v1/infra/tier-
1s/<tier-1-id>
The disable_firewall property must be set to
false.
DeleteCommunicationMapForDomain (DELETE /infra/domains//communication-maps/):
Deletes the communication map along with all the communication entries This
API is deprecated. Please use the following API instead. DELETE
/infra/domains/domain-id/security-policies/security-policy-id
ReadLoadBalancerNodeUsageSummary (GET /loadbalancer/node-usage-summary):
NSX-T Load Balancer is deprecated.
Please take advantage of NSX
Advanced Load Balancer.
Refer to Policy > Networking > Network
Services > Advanced Load Balancing section of the API guide.
CreateOrPatchTier1L2VPNService (PATCH /infra/tier-1s//locale-services//l2vpn-services/):
Create or patch L2VPN service for given Tier-1 locale service. This API is
deprecated. Please use PATCH /infra/tier-1s/<tier-1-id>/l2vpn-
services/<service-id> instead. Note: Please note that request is
validated and any error messages returned from validation may include the
new VPN path instead of the deprecated path. Both new path and old path
refer to same resource. Also VPN path returned in the Alarm, GPRR payload
may include the new VPN path.
GetLogicalRouterRouteTableInCsvFormat (GET /logical-routers//routing/route-table?format=csv):
Please use below Policy API.
GET /policy/api/v1/infra/tier-
0s/<tier-0-id>/routing-table?format=csv
GET /policy/api/v1/infra
/tier-1s/<tier-1-id>/routing-table?format=csv
CreateLoadBalancerRule (POST /loadbalancer/rules):
NSX-T Load Balancer is deprecated.
Please take advantage of NSX
Advanced Load Balancer.
Refer to Policy > Networking > Network
Services > Advanced Load Balancing section of the API guide.
DeleteIpfixConfig (DELETE /ipfix/configs/):
Delete an existing IPFIX configuration
DeleteDhcpRelayProfile (DELETE /dhcp/relay-profiles/):
Deletes the specified dhcp relay profile.
ReadPmtuLearningSettingDepreciated (GET /node/services/dataplane/l3vpn-pmtu):
Depreciated. Please use /node/services/dataplane/pmtu-learning
CreateOrPatchTier1IPSecVpnService (PATCH /infra/tier-1s//locale-services//ipsec-vpn-services/):
Create or patch IPSec VPN service for a given locale service under Tier-1.
This API is deprecated. Please use PATCH /infra/tier-1s/<tier-1-id>
;/ipsec-vpn-services/<service-id> instead. Note: Please note that
request is validated and any error messages returned from validation may
include the new VPN path instead of the deprecated path. Both new path
and old path refer to same resource. Also VPN path returned in the Alarm,
GPRR payload may include the new VPN path.
AddRulesInSection (POST /firewall/sections//rules?action=create_multiple):
Use the following Policy API -
PUT|PATCH
/policy/api/v1/infra/domains/<domain-id>/security-policies/<
;security-policy-id>
ScanDirectoryDomainSize (POST /directory/domain-size):
Use the following Policy API -
POST /policy/api/v1/infra/firewall-
identity-store-size
ListIPSecVPNIKEProfiles (GET /vpn/ipsec/ike-profiles):
Please use below Policy API.
GET /policy/api/v1/infra/ipsec-vpn-
ike-profiles
ReadDhcpStaticBinding (GET /dhcp/servers//static-bindings/):
Return a specific static binding of a given logical DHCP server.
DeleteL2VPNSession (DELETE /infra/tier-0s//locale-services//l2vpn-services//sessions/):
Delete L2VPN session under Tier-0. When L2VPN Service is in CLIENT Mode, the
L2VPN Session is deleted along with its transpot tunnels and related
resources. This API is deprecated. Please use DELETE /infra/tier-
0s/<tier-0-id>/ l2vpn-services/<service-id>/sessions/<
;session-id> instead. Note: Please note that request is validated and
any error messages returned from validation may include the new VPN path
instead of the deprecated path. Both new path and old path refer to same
resource. Also VPN path returned in the Alarm, GPRR payload may include
the new VPN path.
GetIpfixUpmProfile (GET /ipfix-profiles/):
Get an existing IPFIX profile by profile ID.
GetTier1IPSecVpnLocalEndpoint (GET /infra/tier-1s//locale-services//ipsec-vpn-services//local-endpoints/